Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE redirected to wrong site


  • Please log in to reply
16 replies to this topic

#1 CDoris

CDoris

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 16 June 2012 - 04:32 AM

Hi,

I am on Win XP, IE 8.

When I search in Google and click on a link to a site it is redirected to another site that's not related at all to my search.

May you assist me in finding out how to rectify this?

Much appreciated,
CD <_<

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:28 PM

Posted 16 June 2012 - 04:47 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 CDoris

CDoris
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 16 June 2012 - 06:52 AM

Results from TDSSKiller >

12:23:17.0543 3428 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
12:23:17.0699 3428 ============================================================
12:23:17.0699 3428 Current date / time: 2012/06/16 12:23:17.0699
12:23:17.0699 3428 SystemInfo:
12:23:17.0699 3428
12:23:17.0699 3428 OS Version: 5.1.2600 ServicePack: 3.0
12:23:17.0699 3428 Product type: Workstation
12:23:17.0699 3428 ComputerName: UKGT60MORRISKA
12:23:17.0699 3428 UserName: morrisk
12:23:17.0699 3428 Windows directory: C:\WINDOWS
12:23:17.0699 3428 System windows directory: C:\WINDOWS
12:23:17.0699 3428 Processor architecture: Intel x86
12:23:17.0699 3428 Number of processors: 2
12:23:17.0699 3428 Page size: 0x1000
12:23:17.0699 3428 Boot type: Normal boot
12:23:17.0699 3428 ============================================================
12:23:19.0887 3428 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
12:23:19.0887 3428 ============================================================
12:23:19.0887 3428 \Device\Harddisk0\DR0:
12:23:19.0887 3428 MBR partitions:
12:23:19.0887 3428 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x30D3161
12:23:19.0887 3428 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30D31A0, BlocksNum 0x643AF70
12:23:19.0887 3428 ============================================================
12:23:19.0918 3428 Initialize success
12:23:19.0918 3428 ============================================================
12:23:25.0465 4516 ============================================================
12:23:25.0465 4516 Scan started
12:23:25.0465 4516 Mode: Manual;
12:23:25.0465 4516 ============================================================
12:23:25.0481 4516 Abiosdsk - ok
12:23:25.0481 4516 abp480n5 - ok
12:23:25.0481 4516 ACPI - ok
12:23:25.0496 4516 ACPIEC - ok
12:23:25.0496 4516 ADIHdAudAddService - ok
12:23:25.0496 4516 adpu160m - ok
12:23:25.0512 4516 AEAudio - ok
12:23:25.0512 4516 aec - ok
12:23:25.0512 4516 AegisP - ok
12:23:25.0512 4516 AeXNSClient - ok
12:23:25.0527 4516 AFD - ok
12:23:25.0527 4516 Aha154x - ok
12:23:25.0527 4516 aic78u2 - ok
12:23:25.0543 4516 aic78xx - ok
12:23:25.0543 4516 Alerter - ok
12:23:25.0543 4516 ALG - ok
12:23:25.0543 4516 AliIde - ok
12:23:25.0559 4516 amsint - ok
12:23:25.0559 4516 AppMgmt - ok
12:23:25.0559 4516 Arp1394 - ok
12:23:25.0574 4516 asc - ok
12:23:25.0574 4516 asc3350p - ok
12:23:25.0574 4516 asc3550 - ok
12:23:25.0590 4516 aspnet_state - ok
12:23:25.0590 4516 AsyncMac - ok
12:23:25.0590 4516 atapi - ok
12:23:25.0606 4516 Atdisk - ok
12:23:25.0606 4516 Atmarpc - ok
12:23:25.0606 4516 atmeltpm - ok
12:23:25.0621 4516 AudioSrv - ok
12:23:25.0621 4516 audstub - ok
12:23:25.0621 4516 Backup Exec System Recovery - ok
12:23:25.0637 4516 Beep - ok
12:23:25.0637 4516 BITS - ok
12:23:25.0637 4516 Browser - ok
12:23:25.0637 4516 cbidf2k - ok
12:23:25.0652 4516 CCDECODE - ok
12:23:25.0652 4516 ccEvtMgr - ok
12:23:25.0652 4516 CcmExec - ok
12:23:25.0668 4516 ccSetMgr - ok
12:23:25.0668 4516 cd20xrnt - ok
12:23:25.0668 4516 Cdaudio - ok
12:23:25.0684 4516 Cdfs - ok
12:23:25.0684 4516 Cdrom - ok
12:23:25.0684 4516 Changer - ok
12:23:25.0684 4516 CiSvc - ok
12:23:25.0699 4516 ClipSrv - ok
12:23:25.0699 4516 clr_optimization_v2.0.50727_32 - ok
12:23:25.0699 4516 CmBatt - ok
12:23:25.0699 4516 CmdIde - ok
12:23:25.0715 4516 COH_Mon - ok
12:23:25.0715 4516 Compbatt - ok
12:23:25.0715 4516 COMSysApp - ok
12:23:25.0731 4516 Cpqarray - ok
12:23:25.0731 4516 CryptSvc - ok
12:23:25.0746 4516 dac2w2k - ok
12:23:25.0746 4516 dac960nt - ok
12:23:25.0746 4516 DcomLaunch - ok
12:23:25.0762 4516 Dhcp - ok
12:23:25.0762 4516 Disk - ok
12:23:25.0762 4516 dmadmin - ok
12:23:25.0777 4516 dmboot - ok
12:23:25.0777 4516 dmio - ok
12:23:25.0777 4516 dmload - ok
12:23:25.0777 4516 dmserver - ok
12:23:25.0793 4516 DMusic - ok
12:23:25.0793 4516 Dnscache - ok
12:23:25.0793 4516 Dot3svc - ok
12:23:25.0809 4516 dpti2o - ok
12:23:25.0809 4516 drmkaud - ok
12:23:25.0809 4516 DwMirror - ok
12:23:25.0809 4516 DWMRCS - ok
12:23:25.0824 4516 dwvkbd - ok
12:23:25.0824 4516 e1express - ok
12:23:25.0824 4516 EAFRCliManager - ok
12:23:25.0840 4516 EAFSPROT - ok
12:23:25.0840 4516 EapHost - ok
12:23:25.0840 4516 eeCtrl - ok
12:23:25.0856 4516 ephdlink - ok
12:23:25.0856 4516 EPHDXLAT - ok
12:23:25.0856 4516 EraserUtilDrv11110 - ok
12:23:25.0856 4516 EraserUtilRebootDrv - ok
12:23:25.0871 4516 ERSvc - ok
12:23:25.0871 4516 Eventlog - ok
12:23:25.0871 4516 EventSystem - ok
12:23:25.0887 4516 EvtEng - ok
12:23:25.0887 4516 Fastfat - ok
12:23:25.0887 4516 FastUserSwitchingCompatibility - ok
12:23:25.0902 4516 Fdc - ok
12:23:25.0902 4516 FilterService - ok
12:23:25.0902 4516 Fips - ok
12:23:25.0918 4516 Flpydisk - ok
12:23:25.0918 4516 FltMgr - ok
12:23:25.0918 4516 FontCache3.0.0.0 - ok
12:23:25.0918 4516 Fs_Rec - ok
12:23:25.0934 4516 Ftdisk - ok
12:23:25.0934 4516 GEARAspiWDM - ok
12:23:25.0934 4516 Gpc - ok
12:23:25.0934 4516 HDAudBus - ok
12:23:25.0949 4516 helpsvc - ok
12:23:25.0949 4516 HidServ - ok
12:23:25.0949 4516 HidUsb - ok
12:23:25.0965 4516 hkmsvc - ok
12:23:25.0965 4516 hpn - ok
12:23:25.0965 4516 HSFHWAZL - ok
12:23:25.0981 4516 HSF_DPV - ok
12:23:25.0981 4516 HTTP - ok
12:23:25.0981 4516 HTTPFilter - ok
12:23:25.0981 4516 i2omgmt - ok
12:23:25.0996 4516 i2omp - ok
12:23:25.0996 4516 i8042prt - ok
12:23:25.0996 4516 IAANTMON - ok
12:23:26.0012 4516 ialm - ok
12:23:26.0012 4516 iaStor - ok
12:23:26.0012 4516 IBMPMDRV - ok
12:23:26.0012 4516 IBMPMSVC - ok
12:23:26.0027 4516 IDriverT - ok
12:23:26.0027 4516 idsvc - ok
12:23:26.0027 4516 Imapi - ok
12:23:26.0027 4516 ImapiService - ok
12:23:26.0043 4516 ini910u - ok
12:23:26.0043 4516 IntelIde - ok
12:23:26.0059 4516 intelppm - ok
12:23:26.0059 4516 Ip6Fw - ok
12:23:26.0059 4516 IpFilterDriver - ok
12:23:26.0074 4516 IpInIp - ok
12:23:26.0074 4516 IpNat - ok
12:23:26.0074 4516 IPSec - ok
12:23:26.0074 4516 irda - ok
12:23:26.0090 4516 IRENUM - ok
12:23:26.0090 4516 Irmon - ok
12:23:26.0090 4516 isapnp - ok
12:23:26.0106 4516 JavaQuickStarterService - ok
12:23:26.0106 4516 Kbdclass - ok
12:23:26.0106 4516 kbdhid - ok
12:23:26.0121 4516 kmixer - ok
12:23:26.0121 4516 KSecDD - ok
12:23:26.0121 4516 lanmanserver - ok
12:23:26.0121 4516 lanmanworkstation - ok
12:23:26.0137 4516 lbrtfdc - ok
12:23:26.0137 4516 LENOVO.MICMUTE - ok
12:23:26.0137 4516 lenovo.smi - ok
12:23:26.0152 4516 LiveUpdate - ok
12:23:26.0152 4516 LmHosts - ok
12:23:26.0152 4516 LMIInfo - ok
12:23:26.0168 4516 lmimirr - ok
12:23:26.0168 4516 LMIRfsClientNP - ok
12:23:26.0168 4516 LMIRfsDriver - ok
12:23:26.0184 4516 lvpopflt - ok
12:23:26.0184 4516 LVPr2Mon - ok
12:23:26.0184 4516 LVPrcSrv - ok
12:23:26.0184 4516 LVRS - ok
12:23:26.0199 4516 LVUSBSta - ok
12:23:26.0199 4516 LVUVC - ok
12:23:26.0199 4516 mdmxsdk - ok
12:23:26.0215 4516 Messenger - ok
12:23:26.0215 4516 Microsoft Office Groove Audit Service - ok
12:23:26.0215 4516 mnmdd - ok
12:23:26.0231 4516 mnmsrvc - ok
12:23:26.0231 4516 Modem - ok
12:23:26.0231 4516 Mouclass - ok
12:23:26.0231 4516 mouhid - ok
12:23:26.0246 4516 MountMgr - ok
12:23:26.0246 4516 mraid35x - ok
12:23:26.0246 4516 MRxDAV - ok
12:23:26.0262 4516 MRxSmb - ok
12:23:26.0262 4516 MSDTC - ok
12:23:26.0277 4516 Msfs - ok
12:23:26.0277 4516 MSIServer - ok
12:23:26.0277 4516 MSKSSRV - ok
12:23:26.0293 4516 MSPCLOCK - ok
12:23:26.0293 4516 MSPQM - ok
12:23:26.0293 4516 mssmbios - ok
12:23:26.0309 4516 MSTEE - ok
12:23:26.0309 4516 Mup - ok
12:23:26.0324 4516 NABTSFEC - ok
12:23:26.0324 4516 napagent - ok
12:23:26.0340 4516 NAVENG - ok
12:23:26.0340 4516 NAVEX15 - ok
12:23:26.0340 4516 NDIS - ok
12:23:26.0356 4516 NdisIP - ok
12:23:26.0356 4516 NdisTapi - ok
12:23:26.0356 4516 Ndisuio - ok
12:23:26.0371 4516 NdisWan - ok
12:23:26.0371 4516 NDProxy - ok
12:23:26.0387 4516 Net Driver HPZ12 - ok
12:23:26.0387 4516 NetBIOS - ok
12:23:26.0387 4516 NetBT - ok
12:23:26.0402 4516 NetDDE - ok
12:23:26.0402 4516 NetDDEdsdm - ok
12:23:26.0418 4516 Netlogon - ok
12:23:26.0418 4516 Netman - ok
12:23:26.0418 4516 NetTcpPortSharing - ok
12:23:26.0434 4516 NETw4x32 - ok
12:23:26.0434 4516 NIC1394 - ok
12:23:26.0434 4516 Nla - ok
12:23:26.0449 4516 Npfs - ok
12:23:26.0449 4516 NSCIRDA - ok
12:23:26.0465 4516 Ntfs - ok
12:23:26.0465 4516 NtLmSsp - ok
12:23:26.0465 4516 NtmsSvc - ok
12:23:26.0481 4516 Null - ok
12:23:26.0481 4516 nv - ok
12:23:26.0481 4516 NVSvc - ok
12:23:26.0496 4516 NwlnkFlt - ok
12:23:26.0496 4516 NwlnkFwd - ok
12:23:26.0496 4516 odserv - ok
12:23:26.0512 4516 ohci1394 - ok
12:23:26.0512 4516 ose - ok
12:23:26.0512 4516 osppsvc - ok
12:23:26.0527 4516 Parport - ok
12:23:26.0527 4516 PartMgr - ok
12:23:26.0543 4516 ParVdm - ok
12:23:26.0543 4516 PCI - ok
12:23:26.0543 4516 PCIDump - ok
12:23:26.0559 4516 PCIIde - ok
12:23:26.0559 4516 Pcmcia - ok
12:23:26.0559 4516 PDCOMP - ok
12:23:26.0574 4516 PDFRAME - ok
12:23:26.0574 4516 PDRELI - ok
12:23:26.0574 4516 PDRFRAME - ok
12:23:26.0574 4516 perc2 - ok
12:23:26.0590 4516 perc2hib - ok
12:23:26.0606 4516 PlugPlay - ok
12:23:26.0606 4516 Pml Driver HPZ12 - ok
12:23:26.0606 4516 PolicyAgent - ok
12:23:26.0621 4516 PptpMiniport - ok
12:23:26.0621 4516 prepdrvr - ok
12:23:26.0621 4516 ProtectedStorage - ok
12:23:26.0621 4516 psadd - ok
12:23:26.0637 4516 PSched - ok
12:23:26.0637 4516 Ptilink - ok
12:23:26.0637 4516 ql1080 - ok
12:23:26.0637 4516 Ql10wnt - ok
12:23:26.0652 4516 ql12160 - ok
12:23:26.0652 4516 ql1240 - ok
12:23:26.0652 4516 ql1280 - ok
12:23:26.0668 4516 RasAcd - ok
12:23:26.0668 4516 RasAuto - ok
12:23:26.0668 4516 Rasirda - ok
12:23:26.0668 4516 Rasl2tp - ok
12:23:26.0684 4516 RasMan - ok
12:23:26.0684 4516 RasPppoe - ok
12:23:26.0684 4516 Raspti - ok
12:23:26.0699 4516 Rdbss - ok
12:23:26.0699 4516 RDPCDD - ok
12:23:26.0699 4516 rdpdr - ok
12:23:26.0715 4516 RDPWD - ok
12:23:26.0715 4516 RDSessMgr - ok
12:23:26.0715 4516 redbook - ok
12:23:26.0715 4516 RegSrvc - ok
12:23:26.0731 4516 RemoteAccess - ok
12:23:26.0731 4516 RemoteRegistry - ok
12:23:26.0731 4516 RimVSerPort - ok
12:23:26.0746 4516 ROOTMODEM - ok
12:23:26.0746 4516 RpcLocator - ok
12:23:26.0746 4516 RpcSs - ok
12:23:26.0746 4516 RSVP - ok
12:23:26.0762 4516 S24EventMonitor - ok
12:23:26.0762 4516 s24trans - ok
12:23:26.0762 4516 SamSs - ok
12:23:26.0777 4516 SCardSvr - ok
12:23:26.0777 4516 Schedule - ok
12:23:26.0777 4516 Secdrv - ok
12:23:26.0793 4516 seclogon - ok
12:23:26.0793 4516 SENS - ok
12:23:26.0793 4516 Serenum - ok
12:23:26.0809 4516 Serial - ok
12:23:26.0809 4516 Sfloppy - ok
12:23:26.0824 4516 Sftfs - ok
12:23:26.0824 4516 sftlist - ok
12:23:26.0824 4516 Sftplay - ok
12:23:26.0824 4516 Sftredir - ok
12:23:26.0840 4516 Sftvol - ok
12:23:26.0840 4516 sftvsa - ok
12:23:26.0840 4516 SharedAccess - ok
12:23:26.0856 4516 ShellHWDetection - ok
12:23:26.0856 4516 Simbad - ok
12:23:26.0856 4516 SkypeUpdate - ok
12:23:26.0856 4516 SLIP - ok
12:23:26.0871 4516 SmcService - ok
12:23:26.0871 4516 smihlp - ok
12:23:26.0871 4516 smsmdd - ok
12:23:26.0871 4516 smstsmgr - ok
12:23:26.0887 4516 SNAC - ok
12:23:26.0887 4516 Sparrow - ok
12:23:26.0902 4516 SPBBCDrv - ok
12:23:26.0902 4516 splitter - ok
12:23:26.0902 4516 Spooler - ok
12:23:26.0902 4516 sr - ok
12:23:26.0918 4516 srservice - ok
12:23:26.0918 4516 SRTSP - ok
12:23:26.0918 4516 SRTSPL - ok
12:23:26.0934 4516 SRTSPX - ok
12:23:26.0934 4516 Srv - ok
12:23:26.0934 4516 SSDPSRV - ok
12:23:26.0934 4516 stisvc - ok
12:23:26.0949 4516 streamip - ok
12:23:26.0949 4516 SUService - ok
12:23:26.0949 4516 swenum - ok
12:23:26.0965 4516 swmidi - ok
12:23:26.0965 4516 SwPrv - ok
12:23:26.0965 4516 Symantec AntiVirus - ok
12:23:26.0981 4516 Symantec SymSnap VSS Provider - ok
12:23:26.0981 4516 symc810 - ok
12:23:26.0981 4516 symc8xx - ok
12:23:26.0981 4516 SymEvent - ok
12:23:26.0996 4516 SYMREDRV - ok
12:23:26.0996 4516 symsnap - ok
12:23:26.0996 4516 SymSnapService - ok
12:23:27.0012 4516 SYMTDI - ok
12:23:27.0012 4516 sym_hi - ok
12:23:27.0012 4516 sym_u3 - ok
12:23:27.0012 4516 SynTP - ok
12:23:27.0027 4516 sysaudio - ok
12:23:27.0027 4516 SysmonLog - ok
12:23:27.0027 4516 SysPlant - ok
12:23:27.0043 4516 TapiSrv - ok
12:23:27.0043 4516 Tcpip - ok
12:23:27.0043 4516 TcUsb - ok
12:23:27.0043 4516 TDPIPE - ok
12:23:27.0059 4516 TDTCP - ok
12:23:27.0059 4516 Teefer2 - ok
12:23:27.0059 4516 TermDD - ok
12:23:27.0059 4516 TermService - ok
12:23:27.0074 4516 Themes - ok
12:23:27.0074 4516 ThinkVantage Registry Monitor Service - ok
12:23:27.0074 4516 TlntSvr - ok
12:23:27.0090 4516 TosIde - ok
12:23:27.0090 4516 TPHKDRV - ok
12:23:27.0090 4516 TPHKLOAD - ok
12:23:27.0090 4516 TPHKSVC - ok
12:23:27.0106 4516 TPPWRIF - ok
12:23:27.0106 4516 TrkWks - ok
12:23:27.0106 4516 TVT Scheduler - ok
12:23:27.0121 4516 Udfs - ok
12:23:27.0121 4516 ultra - ok
12:23:27.0121 4516 Update - ok
12:23:27.0137 4516 upnphost - ok
12:23:27.0137 4516 UPS - ok
12:23:27.0137 4516 usbaudio - ok
12:23:27.0137 4516 usbccgp - ok
12:23:27.0152 4516 usbehci - ok
12:23:27.0152 4516 usbhub - ok
12:23:27.0152 4516 usbprint - ok
12:23:27.0152 4516 usbscan - ok
12:23:27.0168 4516 usbstor - ok
12:23:27.0168 4516 usbuhci - ok
12:23:27.0168 4516 v2imount - ok
12:23:27.0184 4516 VgaSave - ok
12:23:27.0184 4516 ViaIde - ok
12:23:27.0184 4516 VolSnap - ok
12:23:27.0184 4516 VProEventMonitor - ok
12:23:27.0199 4516 VSS - ok
12:23:27.0199 4516 W32Time - ok
12:23:27.0199 4516 Wanarp - ok
12:23:27.0215 4516 WDICA - ok
12:23:27.0215 4516 wdmaud - ok
12:23:27.0215 4516 WebClient - ok
12:23:27.0231 4516 WimFltr - ok
12:23:27.0231 4516 winachsf - ok
12:23:27.0231 4516 winmgmt - ok
12:23:27.0246 4516 WmdmPmSN - ok
12:23:27.0246 4516 Wmi - ok
12:23:27.0262 4516 WmiAcpi - ok
12:23:27.0262 4516 WmiApSrv - ok
12:23:27.0262 4516 WMPNetworkSvc - ok
12:23:27.0277 4516 WPS - ok
12:23:27.0277 4516 WpsHelper - ok
12:23:27.0277 4516 WS2IFSL - ok
12:23:27.0277 4516 wscsvc - ok
12:23:27.0293 4516 WSTCODEC - ok
12:23:27.0293 4516 wuauserv - ok
12:23:27.0293 4516 WudfPf - ok
12:23:27.0309 4516 WudfRd - ok
12:23:27.0309 4516 WudfSvc - ok
12:23:27.0309 4516 WZCSVC - ok
12:23:27.0309 4516 xmlprov - ok
12:23:27.0371 4516 MBR (0x1B8) (428e2f2a33bc2b807c429d3c1a8db7f3) \Device\Harddisk0\DR0
12:23:27.0824 4516 \Device\Harddisk0\DR0 - ok
12:23:27.0840 4516 Boot (0x1200) (dd01e4f79d10e3a3b41209754c9058cb) \Device\Harddisk0\DR0\Partition0
12:23:27.0840 4516 \Device\Harddisk0\DR0\Partition0 - ok
12:23:27.0856 4516 Boot (0x1200) (e3b4eec8c3ed517218a1f82c2edb81fd) \Device\Harddisk0\DR0\Partition1
12:23:27.0856 4516 \Device\Harddisk0\DR0\Partition1 - ok
12:23:27.0856 4516 ============================================================
12:23:27.0856 4516 Scan finished
12:23:27.0856 4516 ============================================================
12:23:27.0871 5100 Detected object count: 0
12:23:27.0871 5100 Actual detected object count: 0


Results from gmer.log >

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-16 12:34:09
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HTS54108 rev.MB4I
Running: cp8m263i[1].exe; Driver: D:\temp\kwdyyuog.sys


---- System - GMER 1.0.15 ----

SSDT 89B1C6F0 ZwAlertResumeThread
SSDT 89B1C5E8 ZwAlertThread
SSDT 89AC5C48 ZwAllocateVirtualMemory
SSDT 89AB9290 ZwConnectPort
SSDT 89B78C80 ZwCreateMutant
SSDT 89ABA560 ZwCreateThread
SSDT 89AC5930 ZwFreeVirtualMemory
SSDT 8A6B9F80 ZwImpersonateAnonymousToken
SSDT 89B1C8E0 ZwImpersonateThread
SSDT 89AC4C48 ZwMapViewOfSection
SSDT 89A2B5C0 ZwOpenEvent
SSDT 89B12508 ZwOpenProcessToken
SSDT 89AC4918 ZwOpenThreadToken
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xBA1AD880]
SSDT 89B3E9A0 ZwResumeThread
SSDT 89B12BB8 ZwSetContextThread
SSDT 89AC4B50 ZwSetInformationProcess
SSDT 89AAFCA8 ZwSetInformationThread
SSDT 8A63CD38 ZwSuspendProcess
SSDT 89B1C510 ZwSuspendThread
SSDT 89B11DF0 ZwTerminateProcess
SSDT 89B176A8 ZwTerminateThread
SSDT 89B12AE0 ZwUnmapViewOfSection
SSDT 89AC5A40 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2F1C 805047B8 4 Bytes JMP DC1CD170
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? system32\drivers\83695819.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 00C89315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00D5DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 00D5DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00D64832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00CC1CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 00E7E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 00E7DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 00E7DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 00E7DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 00E7DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 00E7E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 00E7DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3020] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00D6488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 00C89315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00D64832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 00E7E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 00E7DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 00E7DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 00E7DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 00E7DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 00E7E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4632] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 00E7DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5460] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 00C89315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5460] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00D5DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5460] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 00D5DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5460] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00D64832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5460] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00CC1CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5460] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 00E7E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5460] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 00E7DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5460] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 00E7DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5460] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 00E7DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5460] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 00E7DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5460] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 00E7E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5460] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 00E7DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5460] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00D6488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 00C89315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00D5DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 00D5DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00D64832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00CC1CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 00E7E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 00E7DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 00E7DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 00E7DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 00E7DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 00E7E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5860] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 00E7DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5860] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00D6488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[2740] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C42F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2740] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C42C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2740] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C42CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2740] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C42CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3020] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [009C18FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Skype\Phone\Skype.exe[4360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00362F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[4360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00362C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[4360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00362CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[4360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00362CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [009C18FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5860] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [009C18FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F12F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F12C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F12CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[5960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F12CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj04.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice eafsprot.sys (EPFS Volume File Protector/GuardianEdge Technologies, Inc.)

Device Sftfsxp.sys (Microsoft Application Virtualization File System/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
Device ftdisk.sys (FT Disk Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

Results from aswMBR >

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-16 12:35:11
-----------------------------
12:35:11.231 OS Version: Windows 5.1.2600 Service Pack 3
12:35:11.231 Number of processors: 2 586 0xE0C
12:35:11.231 ComputerName: UKGT60MORRISKA UserName: morrisk
12:35:11.777 Initialize success
12:50:18.511 AVAST engine defs: 12061600
12:50:35.964 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:50:35.964 Disk 0 Vendor: HTS54108 MB4I Size: 76319MB BusType: 3
12:50:35.996 Disk 0 MBR read successfully
12:50:35.996 Disk 0 MBR scan
12:50:36.074 Disk 0 unknown MBR code
12:50:36.074 Disk 0 MBR hidden
12:50:36.074 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS 24998 MB offset 63
12:50:36.089 Disk 0 Partition 2 00 07 HPFS/NTFS 51317 MB offset 51196320
12:50:36.105 Disk 0 scanning sectors +156295440
12:50:36.152 Disk 0 scanning C:\WINDOWS\system32\drivers
12:50:36.152 Service scanning
12:51:16.246 Service SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
12:51:16.730 Service Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys **LOCKED** 32
12:51:21.605 Service WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys **LOCKED** 32
12:51:21.714 Service WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys **LOCKED** 32
12:51:22.918 Modules scanning
12:51:23.152 Disk 0 trace - called modules:
12:51:23.152
12:51:23.464 AVAST engine scan C:\WINDOWS
12:51:23.511 AVAST engine scan C:\WINDOWS\system32
12:51:23.605 AVAST engine scan C:\WINDOWS\system32\drivers
12:51:23.652 AVAST engine scan C:\Documents and Settings\MORRISK
12:51:23.699 AVAST engine scan C:\Documents and Settings\All Users
12:51:23.699 Scan finished successfully
12:51:33.402 Disk 0 MBR has been saved successfully to "D:\Files\MBR.dat"
12:51:33.402 The log file has been saved successfully to "D:\Files\aswMBR.txt"


Thanks

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:28 PM

Posted 16 June 2012 - 06:55 AM

Download

FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot let me know what it finds

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 CDoris

CDoris
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 16 June 2012 - 09:25 AM

Hi narenxp,

FIXTDSS came up saying "Backdoor.Tidserv has not been found on your computer"

When send other results soon
Thanks for helping!

#6 CDoris

CDoris
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 16 June 2012 - 11:16 AM

Hi narenxp,

Results from ESET >

D:\Temp\jar_cache2256992567737604986.tmp Java/Exploit.CVE-2012-0507.Z trojan cleaned by deleting - quarantined
D:\Temp\~!#712.tmp a variant of Win32/Kryptik.AETJ trojan cleaned by deleting - quarantined


Results from mini toolbox >

MiniToolBox by Farbar Version: 09-06-2012
Ran by morrisk (administrator) on 16-06-2012 at 17:09:50
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


10.10.10.54 projects.enstargroup.com
10.10.10.54 projectstest.enstargroup.com
10.10.10.54 itportal.enstargroup.com
10.10.10.54 intranet.enstargroup.com

10.10.10.54 projects.enstargroup.com
10.10.10.54 projectstest.enstargroup.com
10.10.10.54 itportal.enstargroup.com
10.10.10.54 intranet.enstargroup.com

10.10.10.54 projects.enstargroup.com
10.10.10.54 projectstest.enstargroup.com
10.10.10.54 itportal.enstargroup.com
10.10.10.54 intranet.enstargroup.com

10.10.10.54 projects.enstargroup.com
10.10.10.54 projectstest.enstargroup.com
10.10.10.54 itportal.enstargroup.com
10.10.10.54 intranet.enstargroup.com

10.10.10.54 projects.enstargroup.com
10.10.10.54 projectstest.enstargroup.com
10.10.10.54 itportal.enstargroup.com
10.10.10.54 intranet.enstargroup.com

10.10.10.54 projects.enstargroup.com
10.10.10.54 projectstest.enstargroup.com
10.10.10.54 itportal.enstargroup.com
10.10.10.54 intranet.enstargroup.com

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection 3 (Connected)
Intel® PRO/1000 PL Network Connection = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection 3"

set address name="Wireless Network Connection 3" source=dhcp
set dns name="Wireless Network Connection 3" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 3" source=dhcp

# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : UKGT60MORRISKA

Primary Dns Suffix . . . . . . . : cwglobal.local

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : cwglobal.local

lan



Ethernet adapter Wireless Network Connection 3:



Connection-specific DNS Suffix . : lan

Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection #3

Physical Address. . . . . . . . . : 00-1B-77-11-27-89

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.64

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : 16 June 2012 15:28:51

Lease Expires . . . . . . . . . . : 17 June 2012 15:28:51



Ethernet adapter Local Area Connection 2:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/1000 PL Network Connection #2

Physical Address. . . . . . . . . : 00-15-58-86-58-D4

Server: dsldevice.lan
Address: 192.168.1.254

Name: google.com
Addresses: 173.194.41.98, 173.194.41.99, 173.194.41.100, 173.194.41.101
173.194.41.102, 173.194.41.103, 173.194.41.104, 173.194.41.105, 173.194.41.110
173.194.41.96, 173.194.41.97



Pinging google.com [173.194.41.97] with 32 bytes of data:



Reply from 173.194.41.97: bytes=32 time=61ms TTL=58

Reply from 173.194.41.97: bytes=32 time=36ms TTL=58



Ping statistics for 173.194.41.97:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 36ms, Maximum = 61ms, Average = 48ms

Server: dsldevice.lan
Address: 192.168.1.254

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 209.191.122.70



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=787ms TTL=51

Reply from 98.139.183.24: bytes=32 time=703ms TTL=51



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 703ms, Maximum = 787ms, Average = 745ms

Server: dsldevice.lan
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1b 77 11 27 89 ...... Intel® PRO/Wireless 3945ABG Network Connection #3 - Teefer2 Miniport
0x3 ...00 15 58 86 58 d4 ...... Intel® PRO/1000 PL Network Connection #2 - Teefer2 Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.64 192.168.1.64 25
192.168.1.64 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.64 192.168.1.64 25
224.0.0.0 240.0.0.0 192.168.1.64 192.168.1.64 25
255.255.255.255 255.255.255.255 192.168.1.64 3 1
255.255.255.255 255.255.255.255 192.168.1.64 192.168.1.64 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be %SystemRoot%\System32\mswsock.dll

Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()
Catalog9 27 mswsock.dll [File Not found] ()
Catalog9 28 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/16/2012 03:30:35 PM) (Source: UserInit) (User: )
Description: Could not execute the following script IETEMPFIX.cmd. The system cannot find the file specified.
.

Error: (06/16/2012 03:30:21 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (06/16/2012 03:30:21 PM) (Source: UserInit) (User: )
Description: Could not execute the following script USBWRITEPROTECTED.BAT. The system cannot find the file specified.
.

Error: (06/16/2012 03:30:21 PM) (Source: UserInit) (User: )
Description: Could not execute the following script MaxTokenSize_Increase.cmd. The system cannot find the file specified.
.

Error: (06/16/2012 03:30:19 PM) (Source: UserInit) (User: )
Description: Could not execute the following script \\cwglobal.local\NETLOGON\Scripts\Add Desktop Admin.bat. The network path was not found.
.

Error: (06/16/2012 03:28:52 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (06/16/2012 03:28:52 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (06/16/2012 01:34:46 PM) (Source: UserInit) (User: )
Description: Could not execute the following script IETEMPFIX.cmd. The system cannot find the file specified.
.

Error: (06/16/2012 01:34:33 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (06/16/2012 01:34:33 PM) (Source: UserInit) (User: )
Description: Could not execute the following script USBWRITEPROTECTED.BAT. The system cannot find the file specified.
.


System errors:
=============
Error: (06/16/2012 03:29:43 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (06/16/2012 03:29:43 PM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (06/16/2012 03:28:52 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (06/16/2012 03:28:52 PM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain CWGLOBAL due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (06/16/2012 01:33:51 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (06/16/2012 01:33:51 PM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (06/16/2012 01:32:58 PM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain CWGLOBAL due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (06/16/2012 11:51:20 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain CWGLOBAL due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (06/16/2012 09:00:16 AM) (Source: Service Control Manager) (User: )
Description: The Process Monitor service terminated unexpectedly. It has done this 1 time(s).

Error: (06/16/2012 07:51:40 AM) (Source: PlugPlayManager) (User: )
Description: The device 'Intel® PRO/1000 PL Network Connection #2' (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0) disappeared from the system without first being prepared for removal.


Microsoft Office Sessions:
=========================
Error: (11/08/2011 04:20:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 239 seconds with 120 seconds of active time. This session ended with a crash.

Error: (09/22/2011 09:18:20 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/31/2011 09:44:29 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 248401 seconds with 3060 seconds of active time. This session ended with a crash.

Error: (07/18/2011 01:56:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 16663 seconds with 3300 seconds of active time. This session ended with a crash.

Error: (07/15/2011 02:08:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 39 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/15/2011 02:07:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 347 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/15/2011 01:59:19 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 16564 seconds with 1920 seconds of active time. This session ended with a crash.

Error: (07/15/2011 11:22:23 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 62523 seconds with 1020 seconds of active time. This session ended with a crash.

Error: (07/11/2011 09:23:49 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 179716 seconds with 840 seconds of active time. This session ended with a crash.

Error: (07/01/2011 02:34:55 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 19429 seconds with 1620 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 8.1.2)
Adobe Flash Player 10 ActiveX (Version: 10.2.152.32)
Adobe Reader 8.3.1 (Version: 8.3.1)
Altiris Power Management Agent (Version: 6.0.1404)
Altiris Power Scheme Task Agent (Version: 6.0.1015)
Altiris Script Task Agent (Version: 6.0.1404)
Altiris Service Control Task Agent (Version: 6.0.1404)
Altiris Software Delivery Agent For Task Server (Version: 6.1.1030.0)
Altiris Task Synchronization Agent (Version: 6.1.1030.0)
AXIS Media Control Embedded
BlackBerry Desktop Software 4.2 (Version: 4.2.0.10)
CODA-Budgets
CODA - Customiser (Version: 11.0)
CODA - Financials - Client (Version: 11.0)
CODA Applications for Microsoft Office (Version: 3.100)
CODA Office-Framework v11 Patch (Version: 3.10.0000)
Configuration Manager Client (Version: 4.00.6487.2000)
Coupon Printer (Version: 2.0)
Domino Unified Communications Client 1.2.3 for Avaya
DVD Decoder Pak for Windows XP (Version: 1.0.0)
ESET Online Scanner v3
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4785)
Intel® Matrix Storage Manager
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software (Version: 11.5.0.API)
J2SE Runtime Environment 5.0 Update 5 (Version: 1.5.0.50)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
Java™ 6 Update 6 (Version: 1.6.0.60)
Lenovo Auto Scroll Utility (Version: 1.11)
Lenovo Patch Utility (Version: 1.0.1.1)
Lenovo System Interface Driver (Version: 1.05)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.92)
Logitech Desktop Messenger (Version: 2.54.11)
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
mCore (Version: 11.04.0000)
mDriver (Version: 11.04.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Virtualization Desktop Client (Version: 4.6.0.20200)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Download Manager (Version: 1.2.1)
Microsoft Office 2010 Deployment Kit for App-V (Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 4.0.60129.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.4518.1014)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
mMHouse (Version: 11.04.0000)
mPfMgr (Version: 11.04.0000)
mProSafe (Version: 9.00.0000)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB927977) (Version: 6.00.3890.0)
mWlsSafe (Version: 9.00.0000)
NVIDIA Drivers
OCRA 3.400 Client (Version: 3.04.0000)
On Screen Display (Version: 6.60.03)
Productivity Center Supplement for ThinkPad (Version: 3.00b)
RDC
Skype™ 5.9 (Version: 5.9.123)
Smart Fortress 2012
SoundMAX (Version: 5.10.01.5410)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
Symantec Backup Exec System Recovery (Version: 8.0.2.26324)
Symantec Endpoint Encryption Framework Client (Version: 7.0.5)
Symantec Endpoint Encryption Full Disk Edition Client (Version: 7.0.5)
Symantec Endpoint Protection (Version: 11.0.5002.333)
System Update (Version: 3.15.0017)
ThinkPad FullScreen Magnifier (Version: 2.40)
ThinkPad Modem (Version: 7.80.7.0)
ThinkPad Power Management Driver (Version: 1.65.05.20)
ThinkPad Power Manager (Version: 1.22)
ThinkPad UltraNav Driver (Version: 7.5.17.25)
ThinkPad UltraNav Utility (Version: 2.13.0)
ThinkVantage Active Protection System (Version: 1.54)
ThinkVantage Fingerprint Software 5.6 (Version: 5.6.2.3650)
ThinkVantage Productivity Center (Version: 3.11)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB942763) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VLC media player 1.1.11 (Version: 1.1.11)
WebEx
WebFldrs XP (Version: 9.50.7523)
WIMGAPI (Version: 1.0.0.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 50%
Total physical RAM: 2038.32 MB
Available physical RAM: 1013.7 MB
Total Pagefile: 3417.25 MB
Available Pagefile: 2610.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.62 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:24.41 GB) (Free:8.79 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:50.12 GB) (Free:42.16 GB) NTFS

========================= Users: ========================================

User accounts for \\UKGT60MORRISKA

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0 t60test


**** End of log ****


Thank you!

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:28 PM

Posted 16 June 2012 - 12:18 PM

MBAM log?

ALso re run aswmbr again and post the new log

#8 CDoris

CDoris
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 16 June 2012 - 12:41 PM

1st MBAM result >

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.16.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
morrisk :: UKGT60MORRISKA [administrator]

16/06/2012 13:54:46
mbam-log-2012-06-16 (13-54-46).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 322228
Time elapsed: 1 hour(s), 27 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 2
D:\Temp\prile.dll (Trojan.Agent.LTGen) -> Delete on reboot.
D:\Temp\ksanet.dll (Trojan.Agent.LTGen) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun|2 (Security.Hijack) -> Data: msnmsgr.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|prile (Trojan.Agent.LTGen) -> Data: rundll32.exe "D:\temp\prile.dll",SaveBitmapMemory -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|silint (Trojan.Agent.LTGen) -> Data: rundll32.exe "D:\temp\silint.dll",GetImageFormatAttribute -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ksanet (Trojan.Agent.LTGen) -> Data: rundll32.exe "D:\temp\ksanet.dll",mpegInGetNextFrameTS -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop|NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\System Volume Information\_restore{0E55BB48-E64C-4656-83AB-821C7E2ADB36}\RP9\A0000282.exe (Trojan.LameShield) -> Quarantined and deleted successfully.
D:\Temp\ms0cfg32.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
D:\Temp\Java\6.0\25\1caa0f19-5e478f13 (Trojan.FakeMS) -> Quarantined and deleted successfully.
D:\Temp\prile.dll (Trojan.Agent.LTGen) -> Delete on reboot.
D:\Temp\silint.dll (Trojan.Agent.LTGen) -> Quarantined and deleted successfully.
D:\Temp\ksanet.dll (Trojan.Agent.LTGen) -> Delete on reboot.

(end)





2nd MBAM result >

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.16.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
morrisk :: UKGT60MORRISKA [administrator]

16/06/2012 15:33:33
mbam-log-2012-06-16 (15-33-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250884
Time elapsed: 13 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Result from aswmbr >

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-16 18:39:57
-----------------------------
18:39:57.203 OS Version: Windows 5.1.2600 Service Pack 3
18:39:57.203 Number of processors: 2 586 0xE0C
18:39:57.203 ComputerName: UKGT60MORRISKA UserName: morrisk
18:39:57.750 Initialize success
18:40:18.937 AVAST engine defs: 12061600
18:40:25.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:40:25.453 Disk 0 Vendor: HTS54108 MB4I Size: 76319MB BusType: 3
18:40:25.468 Disk 0 MBR read successfully
18:40:25.468 Disk 0 MBR scan
18:40:25.546 Disk 0 unknown MBR code
18:40:25.546 Disk 0 MBR hidden
18:40:25.546 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS 24998 MB offset 63
18:40:25.578 Disk 0 Partition 2 00 07 HPFS/NTFS 51317 MB offset 51196320
18:40:25.578 Disk 0 scanning sectors +156295440
18:40:25.640 Disk 0 scanning C:\WINDOWS\system32\drivers
18:40:25.640 Service scanning
18:41:07.078 Service SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
18:41:07.562 Service Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys **LOCKED** 32
18:41:12.421 Service WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys **LOCKED** 32
18:41:12.515 Service WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys **LOCKED** 32
18:41:13.828 Modules scanning
18:41:14.171 Disk 0 trace - called modules:
18:41:14.171 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iastor.sys
18:41:14.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6b6ab8]
18:41:14.187 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\0000009f[0x8a6cfb28]
18:41:14.187 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a6a5030]
18:41:14.625 AVAST engine scan C:\WINDOWS
18:41:14.687 AVAST engine scan C:\WINDOWS\system32
18:41:14.781 AVAST engine scan C:\WINDOWS\system32\drivers
18:41:14.828 AVAST engine scan C:\Documents and Settings\MORRISK
18:41:14.890 AVAST engine scan C:\Documents and Settings\All Users
18:41:14.890 Scan finished successfully
18:41:26.375 Disk 0 MBR has been saved successfully to "D:\Files\MBR.dat"
18:41:26.390 The log file has been saved successfully to "D:\Files\aswMBRv2.txt"

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:28 PM

Posted 16 June 2012 - 12:45 PM

Are you still getting redirected?

#10 CDoris

CDoris
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 16 June 2012 - 12:54 PM

Hi narenxp,

No it seems to be OK now - Thank you!!

There were 2 trojan viruses that were quarantined in one of the tools I ran (can't remember which) do I need to get rid of them?

Thanks again for the help!

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:28 PM

Posted 16 June 2012 - 01:04 PM

yes,delete them

Download

Winsock fix

Press Windows+R key and type

cmd and click ok and run this command ,press ENTER

net pause winmgmt && move %windir%\system32\wbem\Repository %windir%\system32\wbem\Repository.old && net stop winmgmt /y && net start winmgmt && net start wscsvc

Restart the PC

Launch mini toolbox and check mark

List winsock entries
List Installed Programs

Click on GO and post the log

#12 CDoris

CDoris
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 16 June 2012 - 01:14 PM

Hi tried to run the cmd net pause .... it came back with 'The service name is invalid'

Thanks

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:28 PM

Posted 16 June 2012 - 01:20 PM

Press windows+R key and type

cmd and click ok and run these commands

cd c:\windows\system32\wbem
net stop winmgmt
ren repository repository.old
net start winmgmt


#14 CDoris

CDoris
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 16 June 2012 - 01:37 PM

Here are the results from mini toolbox >

MiniToolBox by Farbar Version: 09-06-2012
Ran by morrisk (administrator) on 16-06-2012 at 19:36:30
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be %SystemRoot%\System32\mswsock.dll

Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 8.1.2)
Adobe Flash Player 10 ActiveX (Version: 10.2.152.32)
Adobe Reader 8.3.1 (Version: 8.3.1)
Altiris Power Management Agent (Version: 6.0.1404)
Altiris Power Scheme Task Agent (Version: 6.0.1015)
Altiris Script Task Agent (Version: 6.0.1404)
Altiris Service Control Task Agent (Version: 6.0.1404)
Altiris Software Delivery Agent For Task Server (Version: 6.1.1030.0)
Altiris Task Synchronization Agent (Version: 6.1.1030.0)
AXIS Media Control Embedded
BlackBerry Desktop Software 4.2 (Version: 4.2.0.10)
CODA-Budgets
CODA - Customiser (Version: 11.0)
CODA - Financials - Client (Version: 11.0)
CODA Applications for Microsoft Office (Version: 3.100)
CODA Office-Framework v11 Patch (Version: 3.10.0000)
Configuration Manager Client (Version: 4.00.6487.2000)
Coupon Printer (Version: 2.0)
Domino Unified Communications Client 1.2.3 for Avaya
DVD Decoder Pak for Windows XP (Version: 1.0.0)
ESET Online Scanner v3
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4785)
Intel® Matrix Storage Manager
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software (Version: 11.5.0.API)
J2SE Runtime Environment 5.0 Update 5 (Version: 1.5.0.50)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
Java™ 6 Update 6 (Version: 1.6.0.60)
Lenovo Auto Scroll Utility (Version: 1.11)
Lenovo Patch Utility (Version: 1.0.1.1)
Lenovo System Interface Driver (Version: 1.05)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.92)
Logitech Desktop Messenger (Version: 2.54.11)
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
mCore (Version: 11.04.0000)
mDriver (Version: 11.04.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Virtualization Desktop Client (Version: 4.6.0.20200)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Download Manager (Version: 1.2.1)
Microsoft Office 2010 Deployment Kit for App-V (Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 4.0.60129.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.4518.1014)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
mMHouse (Version: 11.04.0000)
mPfMgr (Version: 11.04.0000)
mProSafe (Version: 9.00.0000)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB927977) (Version: 6.00.3890.0)
mWlsSafe (Version: 9.00.0000)
NVIDIA Drivers
OCRA 3.400 Client (Version: 3.04.0000)
On Screen Display (Version: 6.60.03)
Productivity Center Supplement for ThinkPad (Version: 3.00b)
RDC
Skype™ 5.9 (Version: 5.9.123)
Smart Fortress 2012
SoundMAX (Version: 5.10.01.5410)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
Symantec Backup Exec System Recovery (Version: 8.0.2.26324)
Symantec Endpoint Encryption Framework Client (Version: 7.0.5)
Symantec Endpoint Encryption Full Disk Edition Client (Version: 7.0.5)
Symantec Endpoint Protection (Version: 11.0.5002.333)
System Update (Version: 3.15.0017)
ThinkPad FullScreen Magnifier (Version: 2.40)
ThinkPad Modem (Version: 7.80.7.0)
ThinkPad Power Management Driver (Version: 1.65.05.20)
ThinkPad Power Manager (Version: 1.22)
ThinkPad UltraNav Driver (Version: 7.5.17.25)
ThinkPad UltraNav Utility (Version: 2.13.0)
ThinkVantage Active Protection System (Version: 1.54)
ThinkVantage Fingerprint Software 5.6 (Version: 5.6.2.3650)
ThinkVantage Productivity Center (Version: 3.11)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB942763) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VLC media player 1.1.11 (Version: 1.1.11)
WebEx
WebFldrs XP (Version: 9.50.7523)
WIMGAPI (Version: 1.0.0.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
XML Paper Specification Shared Components Pack 1.0

**** End of log ****

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:28 PM

Posted 16 June 2012 - 01:51 PM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users