Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AdServing popup Ads refuse to leave

Started by Calando , May 19 2012 12:18 AM

  • Please log in to reply
14 replies to this topic

#1 Calando

Calando

    New Member

  • Members
  • Pip
  • 8 posts

Posted 19 May 2012 - 12:18 AM

Hi, all,

I'm using a PC with windows XP and Firefox as my browser. Yesterday I started seeing a pop-up ad on any site I visited where the firefox add-on AdBlockPlus was disabled that linked to adserving(dot)cpxinteractive(dot)com/[String of Characters]. It usually said, "you are missing a plugin to play videos" and had an update button. Two or three times when I tried to open a normal link to a new tab, I was taken to an incorrect page that web of trust marked as dangerous and I left without getting a look at it (this hasn't happened before and one of those instances was on this site). When AdBlock is activated, the pop-up is present on most sites but invisible and inactive (the cursor recognizes it's there and if it happens to be sitting on a proper link I'm trying to click, nothing happens until I scroll it out of the way). Here's a screencap of the ad with it's scrollover link displayed and one of its silhouette on a darkened page with adblock enabled:

http://i.imgur.com/btRMr.jpg
http://i.imgur.com/Iiltp.jpg

I haven't noticed anything unusual offline and so far it hasn't been obviously dangerous just worrying and annoying.

I've run multiple quick and full scans with malware bytes and each time it finds one problem file that I have it remove (C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent)), then I restart the pc, but the pop-ups persist and the file is found in the next scan. Running rkill then malwarebytes didn't change the results. A scan with Avira found nothing.

I saw this topic but I wasn't sure if that solution would be the same for XP:
http://www.bleepingcomputer.com/forums/topic454045.html

 

  • BC Ads
  • BleepingComputer.com

#2 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 19 May 2012 - 08:15 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Edited by narenxp, 19 May 2012 - 08:15 AM.

#3 Calando

Calando

    New Member

  • Members
  • Pip
  • 8 posts

Posted 19 May 2012 - 03:12 PM

Hi, narenxp, thanks!
TDSSKiller:

12:14:46.0671 3156 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
12:14:47.0062 3156 ============================================================
12:14:47.0062 3156 Current date / time: 2012/05/19 12:14:47.0062
12:14:47.0062 3156 SystemInfo:
12:14:47.0062 3156
12:14:47.0062 3156 OS Version: 5.1.2600 ServicePack: 3.0
12:14:47.0062 3156 Product type: Workstation
12:14:47.0062 3156 ComputerName: YOUR-O0KWKW9JWC
12:14:47.0062 3156 UserName: Use This Account!
12:14:47.0062 3156 Windows directory: C:\WINDOWS
12:14:47.0062 3156 System windows directory: C:\WINDOWS
12:14:47.0062 3156 Processor architecture: Intel x86
12:14:47.0062 3156 Number of processors: 1
12:14:47.0062 3156 Page size: 0x1000
12:14:47.0062 3156 Boot type: Normal boot
12:14:47.0062 3156 ============================================================
12:14:50.0031 3156 Drive \Device\Harddisk0\DR0 - Size: 0x1BF4290000 (111.82 Gb), SectorSize: 0x200, Cylinders: 0x3C94, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
12:14:50.0125 3156 ============================================================
12:14:50.0125 3156 \Device\Harddisk0\DR0:
12:14:50.0125 3156 MBR partitions:
12:14:50.0125 3156 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x911E11
12:14:50.0125 3156 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x911E50, BlocksNum 0xD688BE0
12:14:50.0125 3156 ============================================================
12:14:50.0171 3156 C: <-> \Device\Harddisk0\DR0\Partition1
12:14:50.0171 3156 D: <-> \Device\Harddisk0\DR0\Partition0
12:14:50.0171 3156 ============================================================
12:14:50.0171 3156 Initialize success
12:14:50.0171 3156 ============================================================
12:15:24.0265 4088 ============================================================
12:15:24.0265 4088 Scan started
12:15:24.0265 4088 Mode: Manual; TDLFS;
12:15:24.0265 4088 ============================================================
12:15:24.0484 4088 Abiosdsk - ok
12:15:24.0500 4088 abp480n5 - ok
12:15:24.0562 4088 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:15:24.0609 4088 ACPI - ok
12:15:24.0656 4088 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:15:24.0656 4088 ACPIEC - ok
12:15:24.0671 4088 adpu160m - ok
12:15:24.0718 4088 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:15:24.0781 4088 aec - ok
12:15:24.0828 4088 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:15:24.0859 4088 AFD - ok
12:15:24.0906 4088 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
12:15:24.0937 4088 AFS2K - ok
12:15:25.0000 4088 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
12:15:25.0046 4088 agp440 - ok
12:15:25.0062 4088 Aha154x - ok
12:15:25.0078 4088 aic78u2 - ok
12:15:25.0093 4088 aic78xx - ok
12:15:25.0296 4088 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
12:15:25.0484 4088 ALCXWDM - ok
12:15:25.0640 4088 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
12:15:25.0687 4088 Alerter - ok
12:15:25.0718 4088 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
12:15:25.0750 4088 ALG - ok
12:15:25.0796 4088 AliIde - ok
12:15:25.0843 4088 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
12:15:25.0875 4088 AmdK7 - ok
12:15:25.0890 4088 amsint - ok
12:15:25.0984 4088 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:15:26.0031 4088 AntiVirSchedulerService - ok
12:15:26.0062 4088 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:15:26.0078 4088 AntiVirService - ok
12:15:26.0093 4088 AppMgmt - ok
12:15:26.0140 4088 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:15:26.0187 4088 Arp1394 - ok
12:15:26.0203 4088 asc - ok
12:15:26.0218 4088 asc3350p - ok
12:15:26.0234 4088 asc3550 - ok
12:15:26.0343 4088 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:15:26.0468 4088 aspnet_state - ok
12:15:26.0500 4088 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:15:26.0531 4088 AsyncMac - ok
12:15:26.0578 4088 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:15:26.0578 4088 atapi - ok
12:15:26.0593 4088 Atdisk - ok
12:15:26.0640 4088 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:15:26.0687 4088 Atmarpc - ok
12:15:26.0718 4088 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
12:15:26.0765 4088 AudioSrv - ok
12:15:26.0812 4088 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:15:26.0843 4088 audstub - ok
12:15:26.0859 4088 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
12:15:26.0890 4088 avgio - ok
12:15:26.0921 4088 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
12:15:26.0968 4088 avgntflt - ok
12:15:27.0015 4088 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
12:15:27.0046 4088 avipbb - ok
12:15:27.0109 4088 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:15:27.0140 4088 Beep - ok
12:15:27.0234 4088 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
12:15:27.0359 4088 BITS - ok
12:15:27.0406 4088 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
12:15:27.0437 4088 Browser - ok
12:15:27.0484 4088 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:15:27.0515 4088 cbidf2k - ok
12:15:27.0578 4088 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:15:27.0609 4088 CCDECODE - ok
12:15:27.0625 4088 cd20xrnt - ok
12:15:27.0656 4088 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:15:27.0671 4088 Cdaudio - ok
12:15:27.0703 4088 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:15:27.0781 4088 Cdfs - ok
12:15:27.0828 4088 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:15:27.0859 4088 Cdrom - ok
12:15:27.0875 4088 Changer - ok
12:15:27.0921 4088 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
12:15:27.0937 4088 CiSvc - ok
12:15:27.0953 4088 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
12:15:27.0984 4088 ClipSrv - ok
12:15:28.0078 4088 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:15:28.0265 4088 clr_optimization_v2.0.50727_32 - ok
12:15:28.0281 4088 CmdIde - ok
12:15:28.0296 4088 COMSysApp - ok
12:15:28.0328 4088 Cpqarray - ok
12:15:28.0375 4088 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
12:15:28.0406 4088 CryptSvc - ok
12:15:28.0562 4088 cxtzxryb (bb606e37d39d87d478fe7a1375dbbb5d) C:\DOCUME~1\USETHI~1\LOCALS~1\Temp\DAT4F.tmp.exe
12:15:28.0593 4088 Suspicious file (NoAccess): C:\DOCUME~1\USETHI~1\LOCALS~1\Temp\DAT4F.tmp.exe. md5: bb606e37d39d87d478fe7a1375dbbb5d
12:15:28.0593 4088 cxtzxryb ( LockedFile.Multi.Generic ) - warning
12:15:28.0593 4088 cxtzxryb - detected LockedFile.Multi.Generic (1)
12:15:28.0593 4088 dac2w2k - ok
12:15:28.0640 4088 dac960nt - ok
12:15:28.0718 4088 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:15:28.0734 4088 DcomLaunch - ok
12:15:28.0781 4088 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
12:15:28.0828 4088 Dhcp - ok
12:15:28.0859 4088 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:15:28.0906 4088 Disk - ok
12:15:28.0921 4088 dmadmin - ok
12:15:29.0000 4088 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:15:29.0109 4088 dmboot - ok
12:15:29.0140 4088 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:15:29.0187 4088 dmio - ok
12:15:29.0218 4088 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:15:29.0250 4088 dmload - ok
12:15:29.0296 4088 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
12:15:29.0328 4088 dmserver - ok
12:15:29.0359 4088 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:15:29.0390 4088 DMusic - ok
12:15:29.0437 4088 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
12:15:29.0484 4088 Dnscache - ok
12:15:29.0531 4088 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
12:15:29.0578 4088 Dot3svc - ok
12:15:29.0593 4088 dpti2o - ok
12:15:29.0640 4088 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:15:29.0656 4088 drmkaud - ok
12:15:29.0703 4088 drvmcdb (b4cba593c540ff2a1ab7c0761c9ede16) C:\WINDOWS\system32\DRIVERS\drvmcdb.sys
12:15:29.0750 4088 drvmcdb - ok
12:15:29.0781 4088 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
12:15:29.0812 4088 EapHost - ok
12:15:29.0859 4088 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
12:15:29.0875 4088 ERSvc - ok
12:15:29.0921 4088 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:15:30.0015 4088 Eventlog - ok
12:15:30.0078 4088 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
12:15:30.0140 4088 EventSystem - ok
12:15:30.0171 4088 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:15:30.0203 4088 Fastfat - ok
12:15:30.0234 4088 fasttx2k (c3901c5b9e491daa8c96d4219f691ef5) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
12:15:30.0281 4088 fasttx2k - ok
12:15:30.0328 4088 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:15:30.0390 4088 FastUserSwitchingCompatibility - ok
12:15:30.0437 4088 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
12:15:30.0500 4088 Fax - ok
12:15:30.0546 4088 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:15:30.0578 4088 Fdc - ok
12:15:30.0609 4088 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:15:30.0640 4088 Fips - ok
12:15:30.0671 4088 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:15:30.0687 4088 Flpydisk - ok
12:15:30.0750 4088 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:15:30.0765 4088 FltMgr - ok
12:15:30.0875 4088 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:15:30.0921 4088 FontCache3.0.0.0 - ok
12:15:30.0968 4088 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
12:15:31.0000 4088 FsVga - ok
12:15:31.0046 4088 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:15:31.0078 4088 Fs_Rec - ok
12:15:31.0109 4088 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:15:31.0156 4088 Ftdisk - ok
12:15:31.0203 4088 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:15:31.0250 4088 Gpc - ok
12:15:31.0328 4088 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
12:15:31.0359 4088 gupdate - ok
12:15:31.0390 4088 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
12:15:31.0390 4088 gupdatem - ok
12:15:31.0421 4088 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:15:31.0484 4088 gusvc - ok
12:15:31.0578 4088 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:15:31.0609 4088 helpsvc - ok
12:15:31.0609 4088 HidServ - ok
12:15:31.0671 4088 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:15:31.0687 4088 HidUsb - ok
12:15:31.0734 4088 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
12:15:31.0781 4088 hkmsvc - ok
12:15:31.0796 4088 hpn - ok
12:15:31.0843 4088 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:15:31.0937 4088 HTTP - ok
12:15:31.0968 4088 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
12:15:32.0000 4088 HTTPFilter - ok
12:15:32.0015 4088 i2omgmt - ok
12:15:32.0031 4088 i2omp - ok
12:15:32.0078 4088 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:15:32.0109 4088 i8042prt - ok
12:15:32.0140 4088 ialm (a79029861cb69cd3cf4eab9ebfee32dd) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
12:15:32.0171 4088 ialm - ok
12:15:32.0312 4088 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:15:32.0593 4088 idsvc - ok
12:15:32.0640 4088 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:15:32.0656 4088 Imapi - ok
12:15:32.0703 4088 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
12:15:32.0750 4088 ImapiService - ok
12:15:32.0781 4088 ini910u - ok
12:15:32.0843 4088 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
12:15:32.0859 4088 IntelIde - ok
12:15:32.0921 4088 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:15:32.0968 4088 ip6fw - ok
12:15:33.0015 4088 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:15:33.0078 4088 IpFilterDriver - ok
12:15:33.0125 4088 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:15:33.0140 4088 IpInIp - ok
12:15:33.0171 4088 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:15:33.0203 4088 IpNat - ok
12:15:33.0234 4088 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:15:33.0265 4088 IPSec - ok
12:15:33.0296 4088 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:15:33.0312 4088 IRENUM - ok
12:15:33.0359 4088 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:15:33.0406 4088 isapnp - ok
12:15:33.0437 4088 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:15:33.0468 4088 Kbdclass - ok
12:15:33.0500 4088 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:15:33.0546 4088 kmixer - ok
12:15:33.0593 4088 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:15:33.0625 4088 KSecDD - ok
12:15:33.0656 4088 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
12:15:33.0703 4088 lanmanserver - ok
12:15:33.0750 4088 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
12:15:33.0812 4088 lanmanworkstation - ok
12:15:33.0828 4088 lbrtfdc - ok
12:15:33.0890 4088 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
12:15:33.0921 4088 LmHosts - ok
12:15:33.0984 4088 ltmodem5 (897d2fa0102c0cd5255f6fe94bbfa7b3) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
12:15:34.0093 4088 ltmodem5 - ok
12:15:34.0234 4088 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
12:15:34.0296 4088 McComponentHostService - ok
12:15:34.0343 4088 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
12:15:34.0375 4088 Messenger - ok
12:15:34.0406 4088 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:15:34.0421 4088 mnmdd - ok
12:15:34.0453 4088 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
12:15:34.0515 4088 mnmsrvc - ok
12:15:34.0562 4088 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:15:34.0593 4088 Modem - ok
12:15:34.0625 4088 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:15:34.0656 4088 Mouclass - ok
12:15:34.0687 4088 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:15:34.0703 4088 mouhid - ok
12:15:34.0765 4088 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:15:34.0796 4088 MountMgr - ok
12:15:34.0843 4088 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:15:34.0890 4088 MozillaMaintenance - ok
12:15:34.0937 4088 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
12:15:34.0953 4088 MPE - ok
12:15:34.0968 4088 mraid35x - ok
12:15:34.0984 4088 mrtRate - ok
12:15:35.0015 4088 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:15:35.0078 4088 MRxDAV - ok
12:15:35.0156 4088 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:15:35.0281 4088 MRxSmb - ok
12:15:35.0328 4088 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
12:15:35.0343 4088 MSDTC - ok
12:15:35.0406 4088 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:15:35.0437 4088 Msfs - ok
12:15:35.0453 4088 MSIServer - ok
12:15:35.0484 4088 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:15:35.0500 4088 MSKSSRV - ok
12:15:35.0546 4088 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:15:35.0562 4088 MSPCLOCK - ok
12:15:35.0609 4088 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:15:35.0640 4088 MSPQM - ok
12:15:35.0671 4088 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:15:35.0703 4088 mssmbios - ok
12:15:35.0734 4088 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:15:35.0750 4088 MSTEE - ok
12:15:35.0796 4088 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:15:35.0843 4088 Mup - ok
12:15:35.0890 4088 MxlW2k (63d074073d5fda93163517c2a8f2ba5a) C:\WINDOWS\system32\drivers\MxlW2k.sys
12:15:35.0937 4088 MxlW2k - ok
12:15:35.0984 4088 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:15:36.0031 4088 NABTSFEC - ok
12:15:36.0078 4088 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
12:15:36.0140 4088 napagent - ok
12:15:36.0156 4088 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:15:36.0218 4088 NDIS - ok
12:15:36.0265 4088 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:15:36.0281 4088 NdisIP - ok
12:15:36.0359 4088 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:15:36.0390 4088 NdisTapi - ok
12:15:36.0437 4088 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:15:36.0468 4088 Ndisuio - ok
12:15:36.0484 4088 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:15:36.0515 4088 NdisWan - ok
12:15:36.0562 4088 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:15:36.0593 4088 NDProxy - ok
12:15:36.0625 4088 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:15:36.0656 4088 NetBIOS - ok
12:15:36.0703 4088 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:15:36.0750 4088 NetBT - ok
12:15:36.0796 4088 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:15:36.0843 4088 NetDDE - ok
12:15:36.0859 4088 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:15:36.0859 4088 NetDDEdsdm - ok
12:15:36.0890 4088 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
12:15:36.0921 4088 Netlogon - ok
12:15:36.0968 4088 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
12:15:37.0015 4088 Netman - ok
12:15:37.0171 4088 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:15:37.0234 4088 NetTcpPortSharing - ok
12:15:37.0281 4088 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:15:37.0328 4088 NIC1394 - ok
12:15:37.0375 4088 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
12:15:37.0390 4088 Nla - ok
12:15:37.0421 4088 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:15:37.0453 4088 Npfs - ok
12:15:37.0515 4088 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:15:37.0609 4088 Ntfs - ok
12:15:37.0656 4088 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
12:15:37.0656 4088 NtLmSsp - ok
12:15:37.0718 4088 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
12:15:37.0812 4088 NtmsSvc - ok
12:15:37.0843 4088 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:15:37.0859 4088 Null - ok
12:15:37.0968 4088 nv (dcab0a5017772e75eb63a790aa224573) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:15:38.0093 4088 nv - ok
12:15:38.0125 4088 NVENET (fbe448efa5484a256528e1d02b959bbc) C:\WINDOWS\system32\DRIVERS\NVENET.sys
12:15:38.0171 4088 NVENET - ok
12:15:38.0203 4088 NVSvc (88a4a3ff59821e7becdc786f355fb56e) C:\WINDOWS\System32\nvsvc32.exe
12:15:38.0250 4088 NVSvc - ok
12:15:38.0296 4088 nv_agp (db36442c20793c53b4128eb85f9a3d32) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
12:15:38.0312 4088 nv_agp - ok
12:15:38.0375 4088 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:15:38.0406 4088 NwlnkFlt - ok
12:15:38.0453 4088 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:15:38.0468 4088 NwlnkFwd - ok
12:15:38.0671 4088 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:15:38.0750 4088 odserv - ok
12:15:38.0812 4088 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:15:38.0843 4088 ohci1394 - ok
12:15:38.0921 4088 omniserv (7fa2a1a45435dc851790c0fd5f54612b) C:\Program Files\Softex\OmniPass\Omniserv.exe
12:15:38.0953 4088 omniserv - ok
12:15:39.0031 4088 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:15:39.0093 4088 ose - ok
12:15:39.0125 4088 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:15:39.0156 4088 Parport - ok
12:15:39.0187 4088 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:15:39.0203 4088 PartMgr - ok
12:15:39.0250 4088 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:15:39.0265 4088 ParVdm - ok
12:15:39.0312 4088 PCDRDRV - ok
12:15:39.0343 4088 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:15:39.0375 4088 PCI - ok
12:15:39.0390 4088 PCIDump - ok
12:15:39.0437 4088 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:15:39.0468 4088 PCIIde - ok
12:15:39.0500 4088 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:15:39.0531 4088 Pcmcia - ok
12:15:39.0546 4088 PDCOMP - ok
12:15:39.0562 4088 PDFRAME - ok
12:15:39.0578 4088 PDRELI - ok
12:15:39.0593 4088 PDRFRAME - ok
12:15:39.0609 4088 perc2 - ok
12:15:39.0625 4088 perc2hib - ok
12:15:39.0703 4088 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
12:15:39.0750 4088 pfc - ok
12:15:39.0812 4088 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:15:39.0812 4088 PlugPlay - ok
12:15:39.0843 4088 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
12:15:39.0843 4088 PolicyAgent - ok
12:15:39.0890 4088 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:15:39.0921 4088 PptpMiniport - ok
12:15:39.0968 4088 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
12:15:40.0000 4088 Processor - ok
12:15:40.0031 4088 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:15:40.0031 4088 ProtectedStorage - ok
12:15:40.0093 4088 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
12:15:40.0125 4088 Ps2 - ok
12:15:40.0156 4088 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:15:40.0187 4088 PSched - ok
12:15:40.0234 4088 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:15:40.0265 4088 Ptilink - ok
12:15:40.0328 4088 PxHelp20 (cdd1ff48a4e21e0c40d62c15d9c87785) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
12:15:40.0343 4088 PxHelp20 - ok
12:15:40.0343 4088 ql1080 - ok
12:15:40.0390 4088 Ql10wnt - ok
12:15:40.0406 4088 ql12160 - ok
12:15:40.0421 4088 ql1240 - ok
12:15:40.0453 4088 ql1280 - ok
12:15:40.0468 4088 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:15:40.0484 4088 RasAcd - ok
12:15:40.0531 4088 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
12:15:40.0578 4088 RasAuto - ok
12:15:40.0593 4088 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:15:40.0609 4088 Rasl2tp - ok
12:15:40.0656 4088 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
12:15:40.0718 4088 RasMan - ok
12:15:40.0734 4088 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:15:40.0765 4088 RasPppoe - ok
12:15:40.0812 4088 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:15:40.0828 4088 Raspti - ok
12:15:40.0875 4088 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:15:40.0906 4088 Rdbss - ok
12:15:40.0953 4088 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:15:40.0984 4088 RDPCDD - ok
12:15:41.0062 4088 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:15:41.0093 4088 RDPWD - ok
12:15:41.0156 4088 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:15:41.0218 4088 RDSessMgr - ok
12:15:41.0250 4088 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:15:41.0296 4088 redbook - ok
12:15:41.0343 4088 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
12:15:41.0390 4088 RemoteAccess - ok
12:15:41.0437 4088 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
12:15:41.0468 4088 RpcLocator - ok
12:15:41.0531 4088 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:15:41.0531 4088 RpcSs - ok
12:15:41.0593 4088 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
12:15:41.0656 4088 RSVP - ok
12:15:41.0718 4088 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
12:15:41.0734 4088 rtl8139 - ok
12:15:41.0796 4088 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
12:15:41.0843 4088 S3Psddr - ok
12:15:41.0890 4088 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:15:41.0890 4088 SamSs - ok
12:15:41.0921 4088 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
12:15:41.0953 4088 SCardSvr - ok
12:15:42.0000 4088 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
12:15:42.0046 4088 Schedule - ok
12:15:42.0078 4088 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:15:42.0109 4088 Secdrv - ok
12:15:42.0156 4088 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
12:15:42.0187 4088 seclogon - ok
12:15:42.0203 4088 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
12:15:42.0234 4088 SENS - ok
12:15:42.0250 4088 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:15:42.0281 4088 Serenum - ok
12:15:42.0312 4088 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:15:42.0343 4088 Serial - ok
12:15:42.0390 4088 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:15:42.0406 4088 Sfloppy - ok
12:15:42.0468 4088 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
12:15:42.0531 4088 SharedAccess - ok
12:15:42.0562 4088 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:15:42.0578 4088 ShellHWDetection - ok
12:15:42.0593 4088 Simbad - ok
12:15:42.0640 4088 SiS315 (3b37b6cdd8ccc24f294b9914cc54dba0) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
12:15:42.0703 4088 SiS315 - ok
12:15:42.0734 4088 SISAGP (8dfbc5aa688caa1b7eebc704250fc06e) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
12:15:42.0781 4088 SISAGP - ok
12:15:42.0828 4088 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:15:42.0859 4088 SLIP - ok
12:15:42.0890 4088 Sparrow - ok
12:15:42.0921 4088 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:15:42.0953 4088 splitter - ok
12:15:43.0000 4088 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:15:43.0031 4088 Spooler - ok
12:15:43.0062 4088 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:15:43.0093 4088 sr - ok
12:15:43.0140 4088 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
12:15:43.0171 4088 srservice - ok
12:15:43.0250 4088 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:15:43.0343 4088 Srv - ok
12:15:43.0390 4088 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
12:15:43.0437 4088 SSDPSRV - ok
12:15:43.0468 4088 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
12:15:43.0515 4088 ssmdrv - ok
12:15:43.0562 4088 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
12:15:43.0640 4088 stisvc - ok
12:15:43.0687 4088 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:15:43.0718 4088 streamip - ok
12:15:43.0734 4088 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:15:43.0765 4088 swenum - ok
12:15:43.0796 4088 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:15:43.0828 4088 swmidi - ok
12:15:43.0843 4088 SwPrv - ok
12:15:43.0859 4088 symc810 - ok
12:15:43.0875 4088 symc8xx - ok
12:15:43.0890 4088 sym_hi - ok
12:15:43.0906 4088 sym_u3 - ok
12:15:43.0937 4088 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:15:43.0984 4088 sysaudio - ok
12:15:44.0031 4088 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
12:15:44.0062 4088 SysmonLog - ok
12:15:44.0093 4088 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
12:15:44.0140 4088 TapiSrv - ok
12:15:44.0187 4088 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:15:44.0265 4088 Tcpip - ok
12:15:44.0312 4088 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:15:44.0343 4088 TDPIPE - ok
12:15:44.0375 4088 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:15:44.0390 4088 TDTCP - ok
12:15:44.0453 4088 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:15:44.0484 4088 TermDD - ok
12:15:44.0562 4088 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
12:15:44.0640 4088 TermService - ok
12:15:44.0687 4088 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:15:44.0687 4088 Themes - ok
12:15:44.0703 4088 TosIde - ok
12:15:44.0750 4088 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
12:15:44.0781 4088 TrkWks - ok
12:15:44.0828 4088 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:15:44.0859 4088 Udfs - ok
12:15:44.0875 4088 ultra - ok
12:15:44.0937 4088 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:15:45.0000 4088 Update - ok
12:15:45.0046 4088 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
12:15:45.0078 4088 upnphost - ok
12:15:45.0109 4088 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
12:15:45.0156 4088 UPS - ok
12:15:45.0234 4088 USB28xxBGA (01f43ddc94653cd68d2794ec4500debc) C:\WINDOWS\system32\DRIVERS\emBDA.sys
12:15:45.0343 4088 USB28xxBGA - ok
12:15:45.0375 4088 USB28xxOEM (f887c3eee7abacd594b5f73b862c45fc) C:\WINDOWS\system32\DRIVERS\emOEM.sys
12:15:45.0406 4088 USB28xxOEM - ok
12:15:45.0453 4088 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:15:45.0468 4088 usbaudio - ok
12:15:45.0546 4088 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:15:45.0578 4088 usbccgp - ok
12:15:45.0625 4088 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:15:45.0640 4088 usbehci - ok
12:15:45.0687 4088 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:15:45.0718 4088 usbhub - ok
12:15:45.0750 4088 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:15:45.0765 4088 usbohci - ok
12:15:45.0812 4088 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:15:45.0843 4088 usbprint - ok
12:15:45.0859 4088 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:15:45.0906 4088 usbscan - ok
12:15:45.0937 4088 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:15:45.0968 4088 USBSTOR - ok
12:15:46.0000 4088 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:15:46.0031 4088 usbuhci - ok
12:15:46.0062 4088 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:15:46.0078 4088 VgaSave - ok
12:15:46.0125 4088 viaagp1 (0e3e3fae3a0a58b8d936a8e841a17d16) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
12:15:46.0156 4088 viaagp1 - ok
12:15:46.0203 4088 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
12:15:46.0203 4088 ViaIde - ok
12:15:46.0250 4088 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:15:46.0296 4088 VolSnap - ok
12:15:46.0359 4088 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
12:15:46.0437 4088 VSS - ok
12:15:46.0468 4088 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll
12:15:46.0500 4088 W32Time - ok
12:15:46.0546 4088 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:15:46.0578 4088 Wanarp - ok
12:15:46.0593 4088 WDICA - ok
12:15:46.0640 4088 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:15:46.0671 4088 wdmaud - ok
12:15:46.0718 4088 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
12:15:46.0750 4088 WebClient - ok
12:15:46.0843 4088 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:15:46.0875 4088 winmgmt - ok
12:15:46.0953 4088 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:15:46.0984 4088 WmdmPmSN - ok
12:15:47.0078 4088 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
12:15:47.0109 4088 WmiApSrv - ok
12:15:47.0281 4088 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:15:47.0500 4088 WMPNetworkSvc - ok
12:15:47.0593 4088 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:15:47.0625 4088 WS2IFSL - ok
12:15:47.0671 4088 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
12:15:47.0734 4088 wscsvc - ok
12:15:47.0765 4088 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:15:47.0796 4088 WSTCODEC - ok
12:15:47.0843 4088 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
12:15:47.0875 4088 wuauserv - ok
12:15:47.0921 4088 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:15:47.0937 4088 WudfPf - ok
12:15:47.0968 4088 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:15:48.0000 4088 WudfRd - ok
12:15:48.0031 4088 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:15:48.0078 4088 WudfSvc - ok
12:15:48.0140 4088 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
12:15:48.0234 4088 WZCSVC - ok
12:15:48.0281 4088 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
12:15:48.0328 4088 xmlprov - ok
12:15:48.0375 4088 {6080A529-897E-4629-A488-ABA0C29B635E} (3ee36328e860fbf102b54608a055c6be) C:\WINDOWS\system32\drivers\ialmsbw.sys
12:15:48.0406 4088 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
12:15:48.0437 4088 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (17f39a1916733ed228eb46ad67c35426) C:\WINDOWS\system32\drivers\ialmkchw.sys
12:15:48.0453 4088 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
12:15:48.0500 4088 MBR (0x1B8) (b716b775fcbdabf0e2ddff76f15c6790) \Device\Harddisk0\DR0
12:15:48.0546 4088 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:15:48.0546 4088 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:15:48.0562 4088 Boot (0x1200) (ce0c2ba6a7a49dafe5bdb0925d31fd4a) \Device\Harddisk0\DR0\Partition0
12:15:48.0562 4088 \Device\Harddisk0\DR0\Partition0 - ok
12:15:48.0593 4088 Boot (0x1200) (9ba4448c08cbf60244ac0c691c0d90d6) \Device\Harddisk0\DR0\Partition1
12:15:48.0593 4088 \Device\Harddisk0\DR0\Partition1 - ok
12:15:48.0593 4088 ============================================================
12:15:48.0593 4088 Scan finished
12:15:48.0593 4088 ============================================================
12:15:48.0625 0456 Detected object count: 2
12:15:48.0625 0456 Actual detected object count: 2
12:16:50.0437 0456 cxtzxryb ( LockedFile.Multi.Generic ) - skipped by user
12:16:50.0437 0456 cxtzxryb ( LockedFile.Multi.Generic ) - User select action: Skip
12:16:50.0453 0456 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:16:50.0453 0456 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
12:17:25.0453 3152 Deinitialize success

Gmer:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-19 13:43:42
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SV1203N rev.TQ100-23
Running: r09pxfv4.exe; Driver: C:\DOCUME~1\USETHI~1\LOCALS~1\Temp\pwxoyaoc.sys


---- System - GMER 1.0.15 ----

SSDT F7AF817C ZwClose
SSDT F7AF8136 ZwCreateKey
SSDT F7AF8186 ZwCreateSection
SSDT F7AF812C ZwCreateThread
SSDT F7AF813B ZwDeleteKey
SSDT F7AF8145 ZwDeleteValueKey
SSDT F7AF8177 ZwDuplicateObject
SSDT F7AF814A ZwLoadKey
SSDT F7AF8118 ZwOpenProcess
SSDT F7AF811D ZwOpenThread
SSDT F7AF8154 ZwReplaceKey
SSDT F7AF814F ZwRestoreKey
SSDT F7AF818B ZwSetContextThread
SSDT F7AF8140 ZwSetValueKey
SSDT F7AF8127 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

? lmnp.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@FriendlyName Indeo? video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@EncoderType 1

---- EOF - GMER 1.0.15 ----

Edited by Calando, 19 May 2012 - 03:14 PM.

#4 Calando

Calando

    New Member

  • Members
  • Pip
  • 8 posts

Posted 19 May 2012 - 03:13 PM

aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-19 13:47:19
-----------------------------
13:47:19.765 OS Version: Windows 5.1.2600 Service Pack 3
13:47:19.765 Number of processors: 1 586 0xA00
13:47:19.765 ComputerName: YOUR-O0KWKW9JWC UserName:
13:47:45.093 Initialize success
14:23:59.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:23:59.578 Disk 0 Vendor: SAMSUNG_SV1203N TQ100-23 Size: 114498MB BusType: 3
14:23:59.625 Disk 0 MBR read successfully
14:23:59.625 Disk 0 MBR scan
14:23:59.625 Disk 0 unknown MBR code
14:23:59.656 Disk 0 Partition 1 00 0B FAT32 RECOVERY 4643 MB offset 63
14:23:59.687 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 109841 MB offset 9510480
14:23:59.703 Disk 0 scanning sectors +234465840
14:23:59.953 Disk 0 scanning C:\WINDOWS\system32\drivers
14:24:47.906 Service scanning
14:25:16.312 Modules scanning
14:26:08.718 Disk 0 trace - called modules:
14:26:09.328 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:26:09.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84b0fab8]
14:26:09.343 3 CLASSPNP.SYS[f74d7fd7] -> nt!IofCallDriver -> \Device\0000005f[0x84adef18]
14:26:09.343 5 ACPI.sys[f743e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x84b12030]
14:26:09.343 Scan finished successfully
14:26:56.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Use This Account!\Desktop\MBR.dat"
14:26:56.515 The log file has been saved successfully to "C:\Documents and Settings\Use This Account!\Desktop\aswMBR.txt"

#5 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 19 May 2012 - 03:26 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#6 Calando

Calando

    New Member

  • Members
  • Pip
  • 8 posts

Posted 20 May 2012 - 11:23 AM

I ran malwarebytes repeatedly yesterday but it couldn't get rid of that one threat, should I keep trying it?

Eset:

C:\Documents and Settings\Owner\Local Settings\Temp\Acr7.tmp PDF/Exploit.Pidief.PBK.Gen trojan cleaned by deleting - quarantined
C:\Documents and Settings\Use This Account!\Local Settings\Temp\DAT4F.tmp.exe Win32/Rootkit.BlackEnergy.AC trojan cleaned by deleting (after the next restart)
C:\Documents and Settings\Use This Account!\Local Settings\Temporary Internet Files\Content.IE5\9D2X1URJ\7[1].exe Win32/Rootkit.BlackEnergy.AC trojan cleaned by deleting - quarantined
C:\Documents and Settings\Use This Account!\Local Settings\Temporary Internet Files\Content.IE5\WJWW01AJ\8[1].exe Win32/Simda.B trojan cleaned by deleting - quarantined
C:\Program Files\WildTangent\Apps\GameChannel\Games\28BA89E7-2F60-4BE7-BAA2-7949EB3FE527\WebDriverSilentInstall.exe Win32/Adware.WildTangent application deleted - quarantined
Operating memory Win32/Rootkit.BlackEnergy.AC trojan




MiniToolbox

MiniToolBox by Farbar Version: 18-01-2012
Ran by Use This Account! (administrator) on 20-05-2012 at 11:12:36
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost








































































































































































































69.10.57.36 www.google-analytics.com.
69.10.57.36 ad-emea.doubleclick.net.
69.10.57.36 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.

127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce MCP Networking Adapter = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : your-o0kwkw9jwc

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Peer-Peer

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : NVIDIA nForce MCP Networking Adapter

Physical Address. . . . . . . . . : 00-0C-6E-88-A3-41

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : Sunday, May 20, 2012 10:45:28 AM

Lease Expires . . . . . . . . . . : Sunday, May 20, 2012 11:45:28 AM

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.254

Name: google.com
Addresses: 173.194.37.39, 173.194.37.40, 173.194.37.41, 173.194.37.46
173.194.37.32, 173.194.37.33, 173.194.37.34, 173.194.37.35, 173.194.37.36
173.194.37.37, 173.194.37.38



Pinging google.com [173.194.37.33] with 32 bytes of data:



Reply from 173.194.37.33: bytes=32 time=28ms TTL=50

Reply from 173.194.37.33: bytes=32 time=27ms TTL=50



Ping statistics for 173.194.37.33:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 27ms, Maximum = 28ms, Average = 27ms

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.254

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=115ms TTL=46

Reply from 72.30.38.140: bytes=32 time=141ms TTL=46



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 115ms, Maximum = 141ms, Average = 128ms

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0c 6e 88 a3 41 ...... NVIDIA nForce MCP Networking Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.1 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.1 192.168.1.1 20
192.168.1.1 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.1 192.168.1.1 20
224.0.0.0 240.0.0.0 192.168.1.1 192.168.1.1 20
255.255.255.255 255.255.255.255 192.168.1.1 192.168.1.1 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 SpSubLSP.dll [File Not found] ()
Catalog9 02 SpSubLSP.dll [File Not found] ()
Catalog9 03 SpSubLSP.dll [File Not found] ()
Catalog9 04 SpSubLSP.dll [File Not found] ()
Catalog9 05 SpSubLSP.dll [File Not found] ()
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 11 SpSubLSP.dll [File Not found] ()
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/06/2012 04:55:21 PM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 12.0.6612.1000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/03/2012 11:30:21 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/03/2012 11:26:16 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/21/2012 03:02:15 PM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 12.0.6612.1000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/20/2012 11:47:23 AM) (Source: Application Error) (User: )
Description: Faulting application OPXPApp.exe, version 0.0.0.0, faulting module atsc51.dll, version 6.1.5.0, fault address 0x0001ba6a.
Error in creating result PEAP-TLV in response to received PEAP-TLV (OPXPApp.exe!ld!)

Error: (03/19/2012 05:13:36 AM) (Source: Application Error) (User: )
Description: Faulting application OPXPApp.exe, version 0.0.0.0, faulting module atsc51.dll, version 6.1.5.0, fault address 0x0001ba6a.
Processing media-specific event for [OPXPApp.exe!ws!]

Error: (03/19/2012 05:13:29 AM) (Source: Application Error) (User: )
Description: Faulting application OPXPApp.exe, version 0.0.0.0, faulting module atsc51.dll, version 6.1.5.0, fault address 0x0001ba6a.
Processing media-specific event for [OPXPApp.exe!ws!]

Error: (03/12/2012 08:41:21 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 10.0.2.4428, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/12/2012 08:41:08 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 10.0.2.4428, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/12/2012 08:41:08 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 10.0.2.4428, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (05/20/2012 09:45:41 AM) (Source: Service Control Manager) (User: )
Description: The mrtRate service failed to start due to the following error:
%%2

Error: (05/20/2012 09:45:41 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the cxtzxryb service to connect.

Error: (05/19/2012 11:02:04 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
agp440
fasttx2k
SISAGP
viaagp1

Error: (05/19/2012 11:01:54 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (05/19/2012 11:01:49 PM) (Source: Service Control Manager) (User: )
Description: The mrtRate service failed to start due to the following error:
%%2

Error: (05/19/2012 11:01:49 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the cxtzxryb service to connect.

Error: (05/19/2012 09:25:16 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
agp440
fasttx2k
SISAGP
viaagp1

Error: (05/19/2012 09:25:03 PM) (Source: Service Control Manager) (User: )
Description: The mrtRate service failed to start due to the following error:
%%2

Error: (05/19/2012 09:25:03 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the cxtzxryb service to connect.

Error: (05/19/2012 09:24:59 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe Acrobat 5.0 (Version: 5.0)
Adobe Flash Player 10 ActiveX (Version: 10.2.152.32)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 9.2 (Version: 9.2.0)
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
Apple Software Update (Version: 2.1.1.116)
ArcSoft PhotoImpression 5
ArcSoft Picture Software
Ask Toolbar (Version: 1.9.1.0)
Avira AntiVir Personal - Free Antivirus (Version: 10.2.0.707)
Blackhawk Striker from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
BlasterBall Wild from Hewlett-Packard Desktops (remove only)
ConvertHelper 2.2
Dark Orbit from Hewlett-Packard Desktops (remove only)
Disney`s Lilo and Stitch Pinball from Hewlett-Packard Desktops (remove only)
easy Internet sign-up (Version: FE UI-2.0.0.753)
EPSON CX 3800 Guide
EPSON Printer Software
EPSON Scan
ESET Online Scanner v3
Excavation from Hewlett-Packard Desktops (remove only)
GemMaster 3 from Hewlett-Packard Desktops (remove only)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
honestech VHS to DVD 4.0 Deluxe (Version: 4.0)
HP Deskjet printer preloaded drivers (Version: 1.00.0200)
HP Digital Imaging Album Printing 1.0 (Version: 1.00.0000)
HP Instant Support (Version: 4.03.03)
HP Memories Disc (Version: 1.0.7.808)
HP Photo and Imaging 1.2 - Photosmart Cameras (Version: 2.0.0000)
HP Photosmart printers preloaded drivers (Version: 1.00.0001)
HpSdpAppCoreApp (Version: 2.00.0000)
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player (Version: 4.0-B11.386)
KBD
Lernout & Hauspie TruVoice American English TTS Engine
LiveReg (Symantec Corporation) (Version: 2.2.5.1678)
LiveUpdate 1.80 (Symantec Corporation) (Version: 1.80.19.0)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
McAfee Security Scan Plus (Version: 2.0.181.2)
Media Go (Version: 2.0.317)
Media Go Video Playback Engine 1.84.112.07020 (Version: 1.84.112.07020)
Men In Black II CROSSFIRE from Hewlett-Packard Desktops (remove only)
Microsoft .NET Framework (English) (Version: 1.0.3705)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MUSICMATCHR Jukebox
NVIDIA Windows 2000/XP Display Drivers
OmniPass
PC-Doctor for Windows
PlayStation®Network Downloader (Version: 2.07.00849)
PlayStation®Store (Version: 4.5.16.13625)
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1 (Version: 2.2.1)
Quicken 2003 New User Edition (Version: 12.00.0000)
QuickTime (Version: 7.60.92.0)
RealOne Player
RecordNow (Version: 5.0)
RingMaster from Hewlett-Packard Desktops (remove only)
S3Display
S3Gamma2
S3Info2
S3Overlay
ShowBiz DVD
Simple Backup for My Pictures (Version: 4.83)
Simple Installer - Multilanguage Version
Snowboard Extreme from Hewlett-Packard Desktops (remove only)
Sonic Update Manager (Version: 2.80)
Space Rocks from Hewlett-Packard Desktops (remove only)
SpamSubtract
toolkit
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Updates from HP
USB2.0 VIDBOX NW03 (Version: 3.0.0)
Virtual Warfare from Hewlett-Packard Desktops (remove only)
WeatherBug (Version: 7.0.0.7)
WebFldrs XP (Version: 9.50.6513)
Weblink
WildTangent GameChannel (remove only)
Windows Driver Package - eMPIA Technology (USB28xxBGA) Media (06/22/2007 6.22.0116.0) (Version: 06/22/2007 6.22.0116.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WordPerfect Productivity Pack
WordPerfect Productivity Pack (Version: 10)

========================= Memory info: ===================================

Percentage of memory in use: 53%
Total physical RAM: 447.36 MB
Available physical RAM: 208.24 MB
Total Pagefile: 1058.11 MB
Available Pagefile: 730.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.76 MB

========================= Partitions: =====================================

2 Drive c: (HP_PAVILION) (Fixed) (Total:107.27 GB) (Free:86.44 GB) NTFS
3 Drive d: (HP_RECOVERY) (Fixed) (Total:4.53 GB) (Free:0.77 GB) FAT32

========================= Users: ========================================

User accounts for \\YOUR-O0KWKW9JWC

Administrator Guest HelpAssistant
Owner SUPPORT_388945a0 SUPPORT_fddfa904
Use This Account!


**** End of log ****

#7 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 20 May 2012 - 12:31 PM

Download

Rogue killer

Launch it,click on HOSTS FIX option on right side

A log should get generated after the fix ,post the log here

good luck

#8 Calando

Calando

    New Member

  • Members
  • Pip
  • 8 posts

Posted 20 May 2012 - 12:46 PM

I'm not seeing the popup this time!

RougueKiller

RogueKiller V7.4.5 [05/18/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Use This Account! [Admin rights]
Mode: HOSTSFix -- Date: 05/20/2012 12:43:00

¤¤¤ Bad processes: 2 ¤¤¤
[SUSP PATH] DAT4F.tmp.exe -- C:\DOCUME~1\USETHI~1\LOCALS~1\Temp\DAT4F.tmp.exe -> KILLED [TermProc]
[SUSP PATH] IadHide4.dll -- C:\DOCUME~1\USETHI~1\LOCALS~1\Temp\IadHide4.dll -> UNLOADED

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
69.10.57.36 www.google-analytics.com.
69.10.57.36 ad-emea.doubleclick.net.
69.10.57.36 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.


¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[1].txt >>
RKreport[1].txt

#9 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 20 May 2012 - 01:03 PM

good :)

I ran malwarebytes repeatedly yesterday but it couldn't get rid of that one threat, should I keep trying it?

Post your malwarebytes log

#10 Calando

Calando

    New Member

  • Members
  • Pip
  • 8 posts

Posted 20 May 2012 - 01:15 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.19.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Use This Account! :: YOUR-O0KWKW9JWC [administrator]

5/19/2012 9:34:33 PM
mbam-log-2012-05-19 (21-34-33).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 302333
Time elapsed: 1 hour(s), 14 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Delete on reboot.

(end)

#11 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 20 May 2012 - 01:42 PM

Press Windows+R key and type

cmd and click ok

Now copy this command and press ENTER

cacls C:\WINDOWS\system32\drivers\str.sys /p guest:n

Press Y

Reboot the PC

Press Windows+R key and type

cmd and click ok

Now copy this commands and press ENTER

cacls C:\WINDOWS\system32\drivers\str.sys /p everyone:f

Press Y

del C:\WINDOWS\system32\drivers\str.sys

Restart the PC and run mbam again and post the log

Edited by narenxp, 20 May 2012 - 01:42 PM.

#12 Calando

Calando

    New Member

  • Members
  • Pip
  • 8 posts

Posted 20 May 2012 - 04:48 PM

Things are looking really good! You're a wizard, narenxp!

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.19.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Use This Account! :: YOUR-O0KWKW9JWC [administrator]

5/20/2012 2:36:35 PM
mbam-log-2012-05-20 (14-36-35).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 302387
Time elapsed: 1 hour(s), 38 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#13 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 20 May 2012 - 05:10 PM

Thankyou :)

Download

LSP fix

run it. Check "I know what I'm doing" and select spsublsp.dll from the left hand side. Click the arrow so it goes over to the right. Click Finish.

Uninstall ASK TOOLBAR


Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

Edited by narenxp, 20 May 2012 - 05:12 PM.

#14 Calando

Calando

    New Member

  • Members
  • Pip
  • 8 posts

Posted 20 May 2012 - 06:21 PM

This computer's reboot sure got a workout ;)
Thanks a ton, Narenxp, I appreciate the (quick!) help!

#15 narenxp

narenxp

    Forum Addict

  • BC Advisor
  • PipPipPipPipPipPip
  • 16,365 posts
  • Gender:Male
  • Location:India

Posted 20 May 2012 - 06:27 PM

You're most welcome :thumbsup:
Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·