Jump to content


Photo

new browser window opens automatically


  • This topic is locked This topic is locked
13 replies to this topic

#1 mkk

mkk

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 14 September 2010 - 12:13 AM

Hi,

I have issue with my web browser which opens automatically. some times if i am browsing some thing it will redirect to www.google.com, not sure what may be the issue. Please help me to fix this issue. Please see the below log from Hijack this

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:42:49 AM, on 9/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Reliance Netconnect - Broadband+\Reliance Netconnect.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.reliancenetconnect.co.in/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: (no name) - {AB4BC161-26D3-479B-804C-AE7D5F9EDBE0} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\vinayaka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1282991538953
O17 - HKLM\System\CCS\Services\Tcpip\..\{227797BF-A152-4FB4-926D-9E381C1AE612}: NameServer = 202.138.103.190 202.138.117.60
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 6841 bytes

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,482 posts

Posted 16 September 2010 - 12:17 PM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,080 posts

Posted 17 September 2010 - 08:37 AM

Hi,
I'm nasdaq and will be helping you.

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Please run this security check for my review.

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Let me know if the problem remains.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 mkk

mkk

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 17 September 2010 - 02:02 PM

Thank you very much for responding. Here is the log which you requested. Pl do do the need ful ASAP

Log for Security Check:
======================

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Symantec Endpoint Protection Small Business Edition
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Microsoft VM for Java
Adobe Flash Player 10.1.82.76
Adobe Reader 9.3.4
Mozilla Firefox (3.6.9)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
````````````````````````````````
DNS Vulnerability Check:

POOR! (Vulnerable to DNS cache poisoning!!-- Consider OPENDNS)

``````````End of Log````````````


Log for ComboFix:
=================

ComboFix 10-09-16.07 - vinayaka 09/18/2010 0:19.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1240 [GMT 5.5:30]
Running from: c:\documents and settings\vinayaka\My Documents\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\VI30AUT.DLL

.
((((((((((((((((((((((((( Files Created from 2010-08-17 to 2010-09-17 )))))))))))))))))))))))))))))))
.

2010-09-15 08:05 . 2010-09-15 08:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-09-15 07:35 . 2010-09-15 08:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-15 07:35 . 2010-09-15 07:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-15 07:16 . 2010-09-15 08:36 -------- d-----w- c:\program files\Panda Security
2010-09-14 05:12 . 2010-09-14 05:12 388096 ----a-r- c:\documents and settings\vinayaka\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-14 05:12 . 2010-09-14 05:12 -------- d-----w- c:\program files\Trend Micro
2010-09-14 05:03 . 2010-09-14 05:03 -------- d-----w- c:\documents and settings\vinayaka\Application Data\Malwarebytes
2010-09-14 05:03 . 2010-09-14 05:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-14 05:03 . 2010-04-29 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-14 05:03 . 2010-09-14 05:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-14 05:03 . 2010-04-29 10:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-14 03:48 . 2010-09-14 03:48 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-09-14 03:48 . 2010-09-14 03:48 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-14 03:48 . 2007-03-21 15:03 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2010-09-14 03:48 . 2007-03-21 15:03 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2010-09-12 08:15 . 2010-09-12 08:15 -------- d-----w- c:\documents and settings\vinayaka\Local Settings\Application Data\ESET
2010-09-12 05:55 . 2010-09-12 05:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-09-12 05:47 . 2010-09-12 05:50 -------- d-----w- c:\windows\SxsCaPendDel
2010-09-10 17:00 . 2010-09-10 17:00 -------- d-----w- C:\EbuDllTmpDir
2010-09-10 16:38 . 2007-12-31 19:32 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-09-10 12:35 . 2010-09-10 12:35 -------- d-----w- c:\program files\Flash Movie Player
2010-09-01 13:27 . 2007-03-21 15:09 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2010-08-31 06:41 . 2010-08-31 06:41 3401880 ----a-w- c:\documents and settings\vinayaka\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-08-31 06:25 . 2010-08-31 06:25 275096 ----a-w- c:\documents and settings\vinayaka\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-08-31 06:09 . 2010-08-31 06:09 3734536 ----a-w- c:\documents and settings\vinayaka\Application Data\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll
2010-08-30 12:18 . 2010-08-30 12:25 -------- d-----w- c:\documents and settings\vinayaka\Application Data\Nitro PDF
2010-08-30 12:18 . 2010-06-11 05:44 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-08-30 12:18 . 2010-06-11 05:44 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-08-30 12:18 . 2010-08-30 12:18 -------- d-----w- c:\program files\Common Files\Nitro PDF
2010-08-30 12:18 . 2010-08-30 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Nitro PDF
2010-08-30 12:18 . 2010-08-30 12:18 -------- d-----w- c:\program files\Nitro PDF
2010-08-30 12:17 . 2010-08-30 12:17 -------- d-----w- c:\documents and settings\vinayaka\Application Data\Downloaded Installations
2010-08-29 04:38 . 2010-09-04 15:19 -------- d-----w- c:\program files\The KMPlayer
2010-08-29 02:24 . 2010-08-29 02:24 -------- d-----w- c:\program files\Google
2010-08-28 18:44 . 2010-08-11 20:22 85464 ----a-w- c:\documents and settings\vinayaka\Application Data\Mozilla\Firefox\Profiles\oymgr5mn.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
2010-08-28 18:44 . 2010-08-11 20:22 38872 ----a-w- c:\documents and settings\vinayaka\Application Data\Mozilla\Firefox\Profiles\oymgr5mn.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINCE\components\WeaveCrypto.dll
2010-08-28 18:21 . 2010-09-15 07:38 -------- d-----w- c:\documents and settings\vinayaka\Local Settings\Application Data\Temp
2010-08-28 18:13 . 2010-08-28 18:13 53632 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-28 18:13 . 2010-08-28 18:13 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-28 17:50 . 2010-08-28 18:13 -------- d-----w- c:\documents and settings\vinayaka\Local Settings\Application Data\Adobe
2010-08-28 17:20 . 2010-08-04 01:59 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-08-28 17:20 . 2010-08-04 01:59 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-08-28 17:20 . 2010-08-04 01:57 4358144 ----a-w- c:\windows\system32\aticaldd.dll
2010-08-28 17:20 . 2010-08-04 01:27 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-08-28 17:20 . 2010-08-04 01:15 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-08-28 17:20 . 2009-05-11 21:35 118784 ----a-w- c:\windows\system32\atibtmon.exe
2010-08-28 17:20 . 2010-08-28 17:21 -------- d-----w- c:\program files\ATI
2010-08-28 17:19 . 2010-08-28 17:19 -------- d-----w- C:\ATI
2010-08-28 17:06 . 2010-08-28 17:06 -------- d-----w- c:\program files\Web Publish
2010-08-28 16:33 . 2009-08-06 13:53 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-08-28 16:33 . 2009-08-06 13:53 215920 ----a-w- c:\windows\system32\muweb.dll
2010-08-28 16:30 . 2010-08-28 16:30 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-08-28 16:29 . 2010-08-28 16:29 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-08-28 16:29 . 2010-08-28 16:29 -------- d-----w- c:\documents and settings\All Users\Microsoft
2010-08-28 16:29 . 2010-08-28 16:29 -------- d-----w- c:\program files\Microsoft.NET
2010-08-28 16:29 . 2010-08-28 16:29 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-08-28 16:28 . 2010-08-28 16:28 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-08-28 16:28 . 2010-08-28 16:28 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-08-28 16:28 . 2010-08-28 16:30 -------- d-----w- c:\windows\SHELLNEW
2010-08-28 16:28 . 2010-08-28 16:28 -------- d-----w- c:\documents and settings\vinayaka\Local Settings\Application Data\Microsoft Help
2010-08-28 16:28 . 2010-09-15 07:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-28 16:27 . 2010-08-28 16:27 -------- d-----r- C:\MSOCache
2010-08-28 16:20 . 2010-08-28 16:20 -------- d-----w- c:\program files\My Company Name
2010-08-28 16:07 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-08-28 16:07 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-08-28 16:07 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-08-28 16:07 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-08-28 16:07 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-08-28 16:07 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-08-28 16:07 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-08-28 16:07 . 2010-08-28 16:07 -------- d-----w- C:\11aa5772dbd69659a783
2010-08-28 16:07 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-08-28 16:07 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-14 05:42 . 2010-08-28 11:18 70752 ----a-w- c:\documents and settings\vinayaka\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-14 03:49 . 2010-08-28 12:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-14 03:49 . 2010-08-28 12:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-09-14 03:48 . 2010-09-14 03:48 10671 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-09-14 03:48 . 2010-08-28 12:43 -------- d-----w- c:\program files\Symantec
2010-09-14 03:48 . 2010-09-14 03:48 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-09-10 17:00 . 2010-08-28 10:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-10 16:13 . 2010-08-28 15:31 -------- d-----w- c:\program files\CCleaner
2010-08-29 02:18 . 2010-08-28 10:15 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-28 17:20 . 2010-08-28 10:20 -------- d-----w- c:\program files\ATI Technologies
2010-08-28 16:36 . 2010-08-28 16:36 2678 ----a-w- c:\windows\java\Packages\Data\3NBV1BZD.DAT
2010-08-28 16:36 . 2010-08-28 16:36 2678 ----a-w- c:\windows\java\Packages\Data\QBNVZP7F.DAT
2010-08-28 16:36 . 2010-08-28 16:36 2678 ----a-w- c:\windows\java\Packages\Data\CWJ3J1FJ.DAT
2010-08-28 16:36 . 2010-08-28 16:36 2678 ----a-w- c:\windows\java\Packages\Data\1JHNPZJP.DAT
2010-08-28 16:30 . 2010-08-28 13:58 -------- d-----w- c:\program files\MSBuild
2010-08-28 15:22 . 2010-08-28 13:31 -------- d-----w- c:\program files\Mozilla Firefox(2)
2010-08-28 13:57 . 2010-08-28 13:57 -------- d-----w- c:\program files\Reference Assemblies
2010-08-28 13:34 . 2010-08-28 13:34 0 ----a-w- c:\windows\nsreg.dat
2010-08-28 12:57 . 2010-08-28 10:01 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-28 11:17 . 2010-08-28 11:17 -------- d-----w- c:\documents and settings\vinayaka\Application Data\ATI
2010-08-28 11:17 . 2010-08-28 11:17 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-08-28 11:17 . 2010-08-28 11:17 0 ----a-w- c:\windows\ativpsrm.bin
2010-08-28 10:31 . 2010-08-28 10:29 -------- d-----w- c:\program files\Reliance Netconnect - Broadband+
2010-08-28 10:25 . 2010-08-28 10:25 9158 ----a-r- c:\documents and settings\vinayaka\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2010-08-28 10:25 . 2010-08-28 10:25 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-08-28 10:20 . 2010-08-28 10:10 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-28 10:10 . 2010-08-28 10:10 -------- d-----w- c:\program files\Realtek
2010-08-28 10:08 . 2010-08-28 10:08 -------- d-----w- c:\program files\Intel
2010-08-28 10:07 . 2010-08-28 10:07 -------- d-----w- c:\program files\MSXML 4.0
2010-08-28 10:01 . 2010-08-28 10:01 -------- d-----w- c:\program files\microsoft frontpage
2010-08-28 09:59 . 2010-08-28 09:59 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-04 02:20 . 2009-02-03 19:38 5243392 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-08-04 01:53 . 2009-02-03 14:36 15900672 ----a-w- c:\windows\system32\atioglxx.dll
2010-08-04 01:47 . 2010-08-28 10:23 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-08-04 01:47 . 2010-08-28 10:23 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-08-04 01:46 . 2009-02-03 14:39 300544 ----a-w- c:\windows\system32\ati2dvag.dll
2010-08-04 01:41 . 2009-02-03 14:15 3901280 ----a-w- c:\windows\system32\ati3duag.dll
2010-08-04 01:31 . 2009-02-03 14:28 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-08-04 01:31 . 2009-02-03 14:28 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-08-04 01:30 . 2009-02-03 14:28 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-08-04 01:30 . 2009-02-03 14:28 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-08-04 01:30 . 2009-02-03 14:27 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-08-04 01:29 . 2009-02-03 14:26 606208 ----a-w- c:\windows\system32\ati2evxx.exe
2010-08-04 01:28 . 2009-02-03 14:25 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-08-04 01:28 . 2009-02-03 13:59 2537728 ----a-w- c:\windows\system32\ativvaxx.dll
2010-08-04 01:27 . 2010-08-28 10:23 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-08-04 01:27 . 2010-08-28 10:23 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-08-04 01:24 . 2009-02-03 13:41 610304 ----a-w- c:\windows\system32\atikvmag.dll
2010-08-04 01:23 . 2009-02-03 13:39 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-08-04 01:22 . 2009-02-03 13:40 188416 ----a-w- c:\windows\system32\atiadlxx.dll
2010-08-04 01:22 . 2009-02-03 13:40 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-08-04 01:16 . 2009-02-03 13:33 700416 ----a-w- c:\windows\system32\ati2cqag.dll
2010-08-04 01:15 . 2009-02-03 13:45 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-08-04 01:14 . 2009-02-03 13:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-07-22 15:49 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2010-08-28 10:41 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-23 18077696]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-02-12 115560]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2010-03-04 09:01 311296 ----a-w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 09:24 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-28 18:21 136176 ----atw- c:\documents and settings\vinayaka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 10:09 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-29 11:41 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\Documents and Settings\\vinayaka\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/14/2010 10:33 AM 304464]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [6/11/2010 11:16 AM 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [6/11/2010 11:16 AM 65856]
R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [11/18/2008 6:17 PM 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/14/2010 9:23 AM 102448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/14/2010 10:33 AM 20952]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 10:25 AM 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
.
Contents of the 'Scheduled Tasks' folder

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1220945662-839522115-1003Core.job
- c:\documents and settings\vinayaka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-28 18:21]

2010-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1220945662-839522115-1003UA.job
- c:\documents and settings\vinayaka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-28 18:21]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.reliancenetconnect.co.in/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\vinayaka\Application Data\Mozilla\Firefox\Profiles\oymgr5mn.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\vinayaka\Application Data\Mozilla\Firefox\Profiles\oymgr5mn.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\documents and settings\vinayaka\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\vinayaka\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\vinayaka\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{AB4BC161-26D3-479B-804C-AE7D5F9EDBE0} - (no file)
Notify-NavLogon - (no file)
SafeBoot-Symantec Antvirus



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-18 00:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2010-09-18 00:22:44
ComboFix-quarantined-files.txt 2010-09-17 18:52

Pre-Run: 104,487,784,448 bytes free
Post-Run: 104,453,447,680 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 47E7DE5253A27E01A7F7DDC207E0C342

#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,080 posts

Posted 18 September 2010 - 07:51 AM

Other than this item in your ComboFix log it's clean.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"

Did you previously have ZoneAlarm on your system?
===

What issues remains?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 mkk

mkk

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 18 September 2010 - 08:00 AM

Previously I had no zone alarm. still I have Internet explorer opens automatically and other one is if i am trying to browse in Firefox it will redirect me to google.com. Again i have to go previous page and need to work. Not sure what was the issue still. Please help me out. Previously i had same issue, than i had formatted C drive and reinstall windows xp. but again i am seeing same issue.

#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,080 posts

Posted 18 September 2010 - 09:31 AM

Since ComboFix did not find you type of infection execute this.

Please download GooredFix and save it to your Desktop.

Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: Do not run Option #2 yet.

Let me see the results.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#8 mkk

mkk

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 18 September 2010 - 10:17 AM

Here is the Goored log

GooredFix by jpshortstuff (03.07.10.1)
Log created at 20:45 on 18/09/2010 (vinayaka)
Firefox version 3.6.10 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [17:43 28/08/2010]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [14:04 18/09/2010]

C:\Documents and Settings\vinayaka\Application Data\Mozilla\Firefox\Profiles\oymgr5mn.default\extensions\
{340c2bbc-ce74-4362-90b5-7c26312808ef} [18:44 28/08/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [13:58 28/08/2010]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [14:04 18/09/2010]

---------- Old Logs ----------
GooredFix[15.14.36_18-09-2010].txt

-=E.O.F=-

#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,080 posts

Posted 18 September 2010 - 10:44 AM

Nothing suspicious found.


Please download MBRCheck .exe and save it to your desktop - not a folder on the desktop - save it directly to the desktop.


* Be sure to disable your security programs.
* Double-Click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
* A window will open on your desktop.
* if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
* If nothing unusual is found just press Enter
* A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
* In your next reply, please include the log from MBRChecker.
====

Run this also.

Launch Notepad, and copy/paste all the blue instructions below to it.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]


Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.
Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#10 mkk

mkk

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 18 September 2010 - 12:16 PM

here is the log

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000037c

Kernel Drivers (total 128):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF7358000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7347000 pci.sys
0xF7487000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7497000 MountMgr.sys
0xF7328000 ftdisk.sys
0xF798B000 dmload.sys
0xF7302000 dmio.sys
0xF770F000 PartMgr.sys
0xF74A7000 VolSnap.sys
0xF72EA000 atapi.sys
0xF74B7000 disk.sys
0xF74C7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72CA000 fltmgr.sys
0xF72B8000 sr.sys
0xF72A1000 KSecDD.sys
0xF7214000 Ntfs.sys
0xF71E7000 NDIS.sys
0xF71CD000 Mup.sys
0xF6C32000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6C1E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6BF6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6BBF000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF775F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6B9B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7767000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7587000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF776F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7777000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF777F000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7597000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7943000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF6B87000 \SystemRoot\system32\DRIVERS\parport.sys
0xF75A7000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF75B7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF75C7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6B64000 \SystemRoot\system32\DRIVERS\ks.sys
0xF75D7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7B9E000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF75E7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF794B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6B4D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF75F7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7607000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7787000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6B3C000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7617000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF778F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7797000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6B0C000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7627000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF6AAE000 \SystemRoot\system32\DRIVERS\teefer2.sys
0xF799D000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6A50000 \SystemRoot\system32\DRIVERS\update.sys
0xF796F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7657000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAE7A1000 \SystemRoot\system32\drivers\AtiHdmi.sys
0xAE77D000 \SystemRoot\system32\drivers\portcls.sys
0xF7687000 \SystemRoot\system32\drivers\drmk.sys
0xAE1CE000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79A3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xAE0B4000 \SystemRoot\System32\Drivers\SRTSP.SYS
0xADF85000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys
0xADE39000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100917.067\NAVEX15.SYS
0xADE14000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xADE00000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100917.067\NAVENG.SYS
0xF77C7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF77DF000 \SystemRoot\System32\Drivers\Modem.SYS
0xF77E7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF7517000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0xF79C1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B5A000 \SystemRoot\System32\Drivers\Null.SYS
0xF79C3000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77F7000 \SystemRoot\System32\drivers\vga.sys
0xF79C5000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79C7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77FF000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7807000 \SystemRoot\System32\Drivers\Npfs.SYS
0xAE769000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF7527000 \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
0xADDCD000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xADD74000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xADD26000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xADCF8000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xF7547000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xADCD0000 \SystemRoot\system32\DRIVERS\netbt.sys
0xADCAE000 \SystemRoot\System32\drivers\afd.sys
0xF7567000 \SystemRoot\system32\DRIVERS\netbios.sys
0xADC44000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xADC19000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xADBA9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7577000 \SystemRoot\System32\Drivers\Fips.SYS
0xADB4B000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xADB2E000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xAE715000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xADB16000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79CB000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAE122000 \SystemRoot\System32\drivers\Dxapi.sys
0xF781F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7A77000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF060000 \SystemRoot\System32\ati2cqag.dll
0xBF10B000 \SystemRoot\System32\atikvmag.dll
0xBF1B1000 \SystemRoot\System32\atiok3x2.dll
0xBF216000 \SystemRoot\System32\ati3duag.dll
0xBF9C5000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAB039000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xAAFDD000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAAB10000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7A31000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xAA952000 \SystemRoot\system32\DRIVERS\srv.sys
0xAA84D000 \SystemRoot\system32\drivers\wdmaud.sys
0xAAA88000 \SystemRoot\system32\drivers\sysaudio.sys
0xF786F000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xAA244000 \SystemRoot\System32\Drivers\HTTP.sys
0xA9F5E000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA9D47000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 38):
0 System Idle Process
4 System
928 C:\WINDOWS\system32\smss.exe
976 csrss.exe
1008 C:\WINDOWS\system32\winlogon.exe
1052 C:\WINDOWS\system32\services.exe
1064 C:\WINDOWS\system32\lsass.exe
1228 C:\WINDOWS\system32\ati2evxx.exe
1248 C:\WINDOWS\system32\svchost.exe
1344 svchost.exe
1384 C:\WINDOWS\system32\svchost.exe
1432 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
1548 C:\WINDOWS\system32\ati2evxx.exe
1608 svchost.exe
1684 svchost.exe
1812 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
2036 C:\WINDOWS\system32\spoolsv.exe
120 C:\WINDOWS\explorer.exe
424 svchost.exe
620 C:\Program Files\Java\jre6\bin\jqs.exe
640 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
704 C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
728 C:\WINDOWS\system32\NLSSRV32.EXE
800 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
1280 C:\WINDOWS\RTHDCPL.EXE
1404 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
1428 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1560 C:\WINDOWS\system32\ctfmon.exe
1572 C:\Program Files\Free Download Manager\fdm.exe
2640 C:\WINDOWS\system32\MDM.EXE
2804 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
2976 alg.exe
340 C:\Program Files\Reliance Netconnect - Broadband+\Reliance Netconnect.exe
3724 C:\WINDOWS\system32\notepad.exe
2952 C:\Program Files\Mozilla Firefox\firefox.exe
3256 C:\Program Files\Mozilla Firefox\plugin-container.exe
296 C:\WINDOWS\system32\wscntfy.exe
3356 C:\Downloads\Software\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`18064200 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000037`20c46200 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000050`20af5e00 (NTFS)

PhysicalDrive0 Model Number: ST3500418AS, Rev: CC37

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#11 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,080 posts

Posted 19 September 2010 - 07:50 AM

Your Master Boot record is good.

Is the problem persisting even after cleaning your ZoneMap?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#12 mkk

mkk

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 20 September 2010 - 01:42 PM

Still i am getting same issue. I had taken backup and deleted partition & repartition and freshly installed Windows XP. Once the installation completed i got logged in freshly i just waiting to see if any issue will come before starting drivers install, with in 5 mins the issue got started again. I had not even installed drivers. Not sure what may be the issue. Pl help me to fix this one.

#13 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,080 posts

Posted 21 September 2010 - 07:31 AM

You need to check for the latest drivers for all of your applications.

Only then will you have a complete picture.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#14 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,080 posts

Posted 05 October 2010 - 08:19 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button