Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win XP searches redirected and won't update again


  • Please log in to reply
27 replies to this topic

#1 Lyle Jr

Lyle Jr

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 30 March 2012 - 01:37 PM

I have a Sony Vaio running windows xp that I had an issue on a couple weeks back at this post. At that time a virus/scareware was disabling the system for the most part then it was cleaned enough to work with but would not do the windows update. Now when I go to search from yahoo (home page) it redirects me to either HUGE font or to a "buy our program and fix your problem now" link. And it is also back to the not updating although that could be lingering from last time. The update is for framework 3.5 if that helps. I am pulling what little hair I have left out so any help is greatly appreciated. Thanks

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:27 PM

Posted 30 March 2012 - 02:03 PM

Hello,lets first check for malware that is causing both issues.
Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

>>>>
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.


Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on [color=blue]Malwarebytes Chameleon
and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Lyle Jr

Lyle Jr
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 30 March 2012 - 02:19 PM

Yes using a router and 1 laptop also on but it is not redirecting. Right now I am using internet explorer because I can't get firefox to install. Below is the file from minitoolbox. moving onto tdsskiller.zip next. Thanks

MiniToolBox by Farbar Version: 18-01-2012
Ran by Owner (administrator) on 30-03-2012 at 15:12:35
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
*************************************************************

**************

========================= Flush DNS:

===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver

Cache.
========================= IE Proxy Settings:

==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content:

=================================


127.0.0.1 localhost

========================= IP Configuration:

================================

Intel® PRO/100 VE Network Connection = Local Area

Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp

register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . .

. . : EA5E71A6DE4A4D9 Primary Dns Suffix . . . . . .

. : Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No WINS Proxy

Enabled. . . . . . . . : No DNS Suffix Search List. .

. . . . : BelkinEthernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Belkin

Description . . . . . . . . . . . : Intel® PRO/100 VE

Network Connection Physical Address. . . . . . . . . :

00-13-20-31-7E-C0 Dhcp Enabled. . . . . . . . . . . :

Yes Autoconfiguration Enabled . . . . : Yes IP

Address. . . . . . . . . . . . : 192.168.2.12 Subnet

Mask . . . . . . . . . . . : 255.255.255.0 Default

Gateway . . . . . . . . . : 192.168.2.1 DHCP Server .

. . . . . . . . . . : 192.168.2.1 DNS Servers . . . .

. . . . . . . : 192.168.2.1 Lease Obtained. . . . . .

. . . . : Friday, March 30, 2012 2:43:12 PM Lease

Expires . . . . . . . . . . : Monday, January 18, 2038

11:14:07 PMServer: router.belkin
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.225.73, 74.125.225.71, 74.125.225.66,

74.125.225.69
74.125.225.72, 74.125.225.70, 74.125.225.68,

74.125.225.78, 74.125.225.67
74.125.225.65, 74.125.225.64

Pinging google.com [74.125.225.73] with 32 bytes of

data:Reply from 74.125.225.73: bytes=32 time=15ms TTL=55Reply

from 74.125.225.73: bytes=32 time=16ms TTL=55Ping statistics

for 74.125.225.73: Packets: Sent = 2, Received = 2, Lost =

0 (0% loss),Approximate round trip times in milli-seconds:

Minimum = 15ms, Maximum = 16ms, Average = 15msServer:

router.belkin
Address: 192.168.2.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24

Pinging yahoo.com [209.191.122.70] with 32 bytes of

data:Reply from 209.191.122.70: bytes=32 time=46ms

TTL=49Reply from 209.191.122.70: bytes=32 time=48ms

TTL=49Ping statistics for 209.191.122.70: Packets: Sent =

2, Received = 2, Lost = 0 (0% loss),Approximate round trip

times in milli-seconds: Minimum = 46ms, Maximum = 48ms,

Average = 47msServer: router.belkin
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of

data:Reply from 208.43.87.2: Destination host

unreachable.Reply from 208.43.87.2: Destination host

unreachable.Ping statistics for 208.43.87.2: Packets: Sent

= 2, Received = 2, Lost = 0 (0% loss),Approximate round trip

times in milli-seconds: Minimum = 0ms, Maximum = 0ms,

Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply

from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from

127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for

127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0%

loss),Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average =

0ms==========================================================

=================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2

...00 13 20 31 7e c0 ...... Intel® PRO/100 VE Network

Connection - Packet Scheduler Miniport
=============================================================

==============
=============================================================

==============
Active Routes:
Network Destination Netmask Gateway

Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1

192.168.2.12 20
127.0.0.0 255.0.0.0 127.0.0.1

127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.12

192.168.2.12 20
192.168.2.12 255.255.255.255 127.0.0.1

127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.12

192.168.2.12 20
224.0.0.0 240.0.0.0 192.168.2.12

192.168.2.12 20
255.255.255.255 255.255.255.255 192.168.2.12

192.168.2.12 1
Default Gateway: 192.168.2.1
=============================================================

==============
Persistent Routes:
None
========================= Winsock entries

=====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft

Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()

========================= Event log errors:

===============================

Application errors:
==================
Error: (03/30/2012 10:01:19 AM) (Source: .NET Runtime

Optimization Service) (User: )
Description: .NET Runtime Optimization Service

(clr_optimization_v2.0.50727_32) - Tried to start a service

that wasn't the latest version of CLR Optimization service.

Will shutdown

Error: (03/30/2012 09:54:55 AM) (Source: .NET Runtime

Optimization Service) (User: )
Description: .NET Runtime Optimization Service

(clr_optimization_v4.0.30319_32) - Failed to compile:

System.ServiceModel.Web, Version=3.5.0.0, Culture=neutral,

PublicKeyToken=31bf3856ad364e35 . Error code = 0x8013101b

Error: (03/30/2012 09:54:18 AM) (Source: .NET Runtime

Optimization Service) (User: )
Description: .NET Runtime Optimization Service

(clr_optimization_v4.0.30319_32) - Failed to compile:

System.Data.Services, Version=3.5.0.0, Culture=neutral,

PublicKeyToken=b77a5c561934e089 . Error code = 0x8013101b

Error: (03/30/2012 09:11:43 AM) (Source: MsiInstaller) (User:

Owner)Owner
Description: Product: Microsoft .NET Framework 3.5 SP1 --

Error 1704.An installation for Microsoft .NET Framework 3.0

Service Pack 2 is currently suspended. You must undo the

changes made by that installation to continue. Do you want

to undo those changes?

Error: (03/30/2012 08:56:00 AM) (Source: Windows Search

Service) (User: )
Description: The update cannot be started because the content

sources cannot be accessed. Fix the errors and try the update

again.

Context: Windows Application, SystemIndex Catalog

Error: (03/29/2012 09:09:58 PM) (Source: Automatic LiveUpdate

Scheduler) (User: Owner)Owner
Description: errorFailed unregistering service.

Error: (03/29/2012 09:01:34 PM) (Source: SecurityCenter)

(User: )
Description: The Windows Security Center Service was unable

to establish event queries with WMI to monitor third party

AntiVirus and Firewall.

Error: (03/29/2012 05:10:54 PM) (Source: SescLU) (User: )
Description: LiveUpdate returned a non-critical error.

Available content updates may have failed to install.

Error: (03/29/2012 03:33:41 PM) (Source: MsiInstaller) (User:

Owner)Owner
Description: Product: Symantec Endpoint Protection -- Error

1321.The Installer has insufficient privileges to modify the

file C:\Program Files\Symantec\Symantec Endpoint

Protection\Rtvscan.exe.

Error: (03/29/2012 03:33:40 PM) (Source: MsiInstaller) (User:

Owner)Owner
Description: Product: Symantec Endpoint Protection -- Error

1321.The Installer has insufficient privileges to modify the

file C:\Program Files\Symantec\Symantec Endpoint

Protection\Rtvscan.exe.


System errors:
=============
Error: (03/30/2012 03:08:31 PM) (Source: Service Control

Manager) (User: )
Description: The Application Management service terminated

with the following error:
%%126

Error: (03/30/2012 03:08:31 PM) (Source: Service Control

Manager) (User: )
Description: The Application Management service terminated

with the following error:
%%126

Error: (03/30/2012 03:08:31 PM) (Source: Service Control

Manager) (User: )
Description: The Application Management service terminated

with the following error:
%%126

Error: (03/30/2012 03:08:31 PM) (Source: Service Control

Manager) (User: )
Description: The Application Management service terminated

with the following error:
%%126

Error: (03/30/2012 03:08:31 PM) (Source: Service Control

Manager) (User: )
Description: The Application Management service terminated

with the following error:
%%126

Error: (03/30/2012 03:08:31 PM) (Source: Service Control

Manager) (User: )
Description: The Application Management service terminated

with the following error:
%%126

Error: (03/30/2012 03:08:31 PM) (Source: Service Control

Manager) (User: )
Description: The Application Management service terminated

with the following error:
%%126

Error: (03/30/2012 03:08:31 PM) (Source: Service Control

Manager) (User: )
Description: The Application Management service terminated

with the following error:
%%126

Error: (03/30/2012 03:08:31 PM) (Source: Service Control

Manager) (User: )
Description: The Application Management service terminated

with the following error:
%%126

Error: (03/30/2012 03:08:31 PM) (Source: Service Control

Manager) (User: )
Description: The Application Management service terminated

with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (11/28/2011 09:15:28 PM) (Source: Microsoft Office 12

Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office

Outlook, Application Version: 12.0.6562.5003, Microsoft

Office Version: 12.0.6425.1000. This session lasted 5 seconds

with 0 seconds of active time. This session ended with a

crash.

Error: (11/28/2011 09:13:25 PM) (Source: Microsoft Office 12

Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office

Outlook, Application Version: 12.0.6562.5003, Microsoft

Office Version: 12.0.6425.1000. This session lasted 6 seconds

with 0 seconds of active time. This session ended with a

crash.

Error: (11/28/2011 09:12:49 PM) (Source: Microsoft Office 12

Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office

Outlook, Application Version: 12.0.6562.5003, Microsoft

Office Version: 12.0.6425.1000. This session lasted 60

seconds with 0 seconds of active time. This session ended

with a crash.


=========================== Installed Programs

============================

1600 (Version: 47.0.1.000)
1600_Help (Version: 47.1.14.000)
1600Trb (Version: 47.1.14.000)
Adobe Flash Player 10 ActiveX (Version: 10.1.85.3)
Adobe Reader 9.5.0 (Version: 9.5.0)
Agere Systems PCI Soft Modem
AiO_Scan (Version: 47.0.1.000)
AiOSoftware (Version: 47.0.1.000)
ATI - Software Uninstall Utility (Version: 6.14.10.1010)
ATI Control Panel (Version: 6.14.10.5125)
ATI Display Driver (Version: 8.06-040909a-018341C-Sony)
Big Fish Games: Game Manager (Version: 1.5.0.3)
BufferChm (Version: 45.4.157.000)
Cherry Fever Slots
Click to DVD 2.0.03 Menu Data (Version: 2.0.03)
Click to DVD 2.4 (Version: 2.4)
Comcast High-Speed Internet Install Wizard
Copy (Version: 45.4.157.000)
CP_AtenaShokunin1Config (Version: 45.4.131.000)
cp_dwShrek2Albums1 (Version: 45.4.157.000)
cp_dwShrek2Cards1 (Version: 45.4.157.000)
CreativeProjects (Version: 45.4.157.000)
CreativeProjectsTemplates (Version: 45.4.157.000)
CueTour (Version: 45.4.157.000)
Destinations (Version: 45.4.157.000)
Director (Version: 45.4.157.000)
DocProc (Version: 4.5.0.0)
DocumentViewer (Version: 45.4.157.000)
DVgate Plus
ESET Online Scanner v3
Fax (Version: 47.0.1.000)
HP Extended Capabilities 4.7 (Version: 4.7)
HP Image Zone 4.7 (Version: 4.7)
HP Product Assistant (Version: 2.0.0.0)
HP PSC & OfficeJet 4.7
HP Software Update (Version: 3.0.5.001)
HPSystemDiagnostics (Version: 1.6.0.0)
Image Converter 2
InstantShare (Version: 45.4.157.000)
Intel® Graphics Media Accelerator Driver
Intel® Network Connections Drivers
InterVideo WinDVD for VAIO (Version: 5.0-B11.727)
InterVideo WinDVDX
ISScript (Version: 3.00.185)
J2SE Runtime Environment 5.0 (Version: 1.5.0)
Joker's Wild Poker
Junk Mail filter update (Version: 14.0.8117.416)
LSI PCI Soft Modem (Version: 2.2.98)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version:

1.60.1.1000)
MarketResearch (Version: 45.4.158.000)
Memory Stick Formatter
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2 (Version:

2.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version:

4.0.30319)
Microsoft Application Error Reporting (Version:

12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider

Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP

(Version: 1)
Microsoft Data Access Components KB870669
Microsoft Download Manager (Version: 1.2.1)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version:

12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007

(Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version:

12.0.6612.1000)
Microsoft Office File Validation Add-In (Version:

14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version:

12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007

(Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version:

12.0.6612.1000)
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office OneNote MUI (English) 2007 (Version:

12.0.6612.1000)
Microsoft Office Outlook Connector (Version: 12.0.6423.1000)
Microsoft Office Outlook MUI (English) 2007 (Version:

12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version:

12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version:

12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version:

12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version:

12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version:

12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version:

12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version:

12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007

(Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version:

12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Software Update for Web Folders (English) 12

(Version: 12.0.6612.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version:

3.1.0000)
Microsoft SQL Server Desktop Engine (VAIO_VEDB) (Version:

8.00.761)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version:

1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version:

1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86

9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86

9.0.30729.6161 (Version: 9.0.30729.6161)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Netscape Internet Service Setup
Norton Security Scan (Version: 3.7.1.4)
OpenMG Limited Patch 4.1-05-13-31-01
OpenMG Secure Module 4.1.00 (Version: 4.1.00.13261)
PanoStandAlone (Version: 45.4.157.000)
PhotoGallery (Version: 45.4.157.000)
PictureGear Studio 2.0
ProductContext (Version: 47.1.14.000)
QFolder (Version: 1.00.0000)
Quicken 2005 (Version: 14.00.0000)
Readme (Version: 47.0.1.000)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version:

9.0)
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1 (Version: 1.1.0)
Scan (Version: 4.5.0.0)
ScannerCopy (Version: 4.5.0.0)
Segoe UI (Version: 14.0.4327.805)
SkinsHP1 (Version: 45.4.157.000)
Sonic RecordNow! (Version: 7.30)
SonicStage 3.0 (Version: 3.0)
SonicStage Mastering Studio Audio Filter Custom Preset
Sony Certificate PCH
Sony MP4 Shared Library (Version: 1.1)
Sony Video Shared Library (Version: 2.0.01)
TrayApp (Version: 45.4.157.000)
Unload (Version: 4.5.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

(Version: 1)
Update for Microsoft Office 2007 Help for Common Features

(KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit

Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit

Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit

Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit

Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Windows Internet Explorer 8 (KB2598845) (Version:

1)
Update for Windows Internet Explorer 8 (KB2632503) (Version:

1)
Update for Windows Internet Explorer 8 (KB975364) (Version:

1)
Update for Windows Internet Explorer 8 (KB976662) (Version:

1)
Update for Windows Internet Explorer 8 (KB980182) (Version:

1)
VAIO Control Center
VAIO Entertainment Platform (Version: 1.3.00.14090)
VAIO Launcher
VAIO Media 4.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 4.1
VAIO Media Redistribution 4.0
VAIO Media Registration Tool 4.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Motion SD Wide Contents
VAIO Registration (Version: 13.0.3)
VAIO Structure Wallpaper
VAIO Survey Standalone (Version: 3.02)
VAIO Update 2
VAIO Zone Remote Commander
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 45.4.157.000)
Windows Backup Utility (Version: 5.1)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Toolbar (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WordPerfect Office 12 (Version: 12.0.0.238)
Xixit

========================= Memory info:

===================================

Percentage of memory in use: 82%
Total physical RAM: 502.73 MB
Available physical RAM: 86.91 MB
Total Pagefile: 1227.19 MB
Available Pagefile: 731.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.75 MB

========================= Partitions:

=====================================

1 Drive c: () (Fixed) (Total:180.3 GB) (Free:130.48 GB) NTFS
2 Drive d: (GRTMPCCP_EN) (CDROM) (Total:0.58 GB) (Free:0 GB)

CDFS
8 Drive j: (SWMSL) (Removable) (Total:3.72 GB) (Free:3.69 GB)

FAT32
9 Drive k: (My Book) (Fixed) (Total:931.51 GB) (Free:556.11

GB) NTFS

========================= Users:

========================================

User accounts for \\EA5E71A6DE4A4D9

Administrator ASPNET Guest


HelpAssistant Owner

SUPPORT_388945a0


**** End of log ****

#4 Lyle Jr

Lyle Jr
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 30 March 2012 - 02:25 PM

Attempting to run tdss and having trouble with it so going threw like you said but I had a window pop up saying "Congratulations User, You are the winner for Friday, March 30,2012, Please select a prize and enter your email on the next page to claim." I didn't click ok, instead clicking the X and it went away. But not sure if this will help in fixing this thing. Thanks

#5 Lyle Jr

Lyle Jr
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 30 March 2012 - 02:36 PM

I am messing something up as I can't get tdsskiller to run correctly. Have tried to rename it but it doesn't seem to be working anyway I try. Any suggestions

#6 Lyle Jr

Lyle Jr
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 30 March 2012 - 02:43 PM

Just a quick update I have moved onto maleware bytes. I already had it installed and ran it before. Running quick scan though and will update the results asap

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:27 PM

Posted 30 March 2012 - 02:47 PM

Ok, then use this one

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Lyle Jr

Lyle Jr
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 30 March 2012 - 03:01 PM

It says ***Infected MBR detected

dumb question but does that stand for maleware bytes?

#9 Lyle Jr

Lyle Jr
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 30 March 2012 - 03:03 PM

And just so I dont do something I am not suppose to the window has 2 buttons 1 says "repair" and the other says "close". Click repair?

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:27 PM

Posted 30 March 2012 - 03:06 PM

Infected Master Boot Record... click repair ..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Lyle Jr

Lyle Jr
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 30 March 2012 - 03:10 PM

awesome. should I run maleware bytes? I killed it before it finished last time.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:27 PM

Posted 30 March 2012 - 03:22 PM

Yes, run MBAm and then this and tell me how it running now.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Lyle Jr

Lyle Jr
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 30 March 2012 - 03:25 PM

Maleware bytes results are as follows. Going to run eset now

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.30.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: EA5E71A6DE4A4D9 [administrator]

3/30/2012 4:15:56 PM
mbam-log-2012-03-30 (16-15-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206989
Time elapsed: 7 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:27 PM

Posted 30 March 2012 - 03:34 PM

Good .. I'll look back in a couple hours.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 Lyle Jr

Lyle Jr
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 30 March 2012 - 04:45 PM

Had 1 threat in the eset test. text from file follows

K:\My Pictures\Nature Photos\CouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application deleted - quarantined




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users