Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop up ads & screen re-direction


  • Please log in to reply
11 replies to this topic

#1 Tony Lucas

Tony Lucas

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 23 July 2012 - 07:51 AM

Hi,

I get an advert that slides up in the bottom right hand corner. These ads seem to be context sensitive. The ave no URL or address somI suspect they are using code on my PC to drive this advertising. The adverts are often from valid companies: Booking.com, Wonga, etc but I don't know if the link would go there as I just shut them down. Additionally, the infection seems to hijack my screen when I move from one page on a website to another on that website. It shows the message "The page has moved - redirecting" and goes to a random page or other website of Google results page.

I have run several analysis programs suggested on your forum advise pages and tried to use GMER but the infection refuses to let that load regardless of what I call it. I get a warning screen in English and Polish saying I am not authorised to download that routine.

Looking at other forum results for similar problems, I have run and got the reports I think you require. The Rootrepeal report is interesting.

Hope you can help. :blink:

TDSKIller report:

13:22:38.0218 3148 TDSS rootkit removing tool 2.7.47.0 Jul 20 2012 20:36:30
13:22:38.0593 3148 ============================================================
13:22:38.0593 3148 Current date / time: 2012/07/23 13:22:38.0593
13:22:38.0593 3148 SystemInfo:
13:22:38.0593 3148
13:22:38.0593 3148 OS Version: 5.1.2600 ServicePack: 3.0
13:22:38.0593 3148 Product type: Workstation
13:22:38.0593 3148 ComputerName: TONY
13:22:38.0593 3148 UserName: DC7600
13:22:38.0593 3148 Windows directory: C:\WINDOWS
13:22:38.0593 3148 System windows directory: C:\WINDOWS
13:22:38.0593 3148 Processor architecture: Intel x86
13:22:38.0593 3148 Number of processors: 2
13:22:38.0593 3148 Page size: 0x1000
13:22:38.0593 3148 Boot type: Normal boot
13:22:38.0593 3148 ============================================================
13:22:40.0343 3148 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x50BB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
13:22:40.0343 3148 Drive \Device\Harddisk1\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:22:40.0359 3148 ============================================================
13:22:40.0359 3148 \Device\Harddisk0\DR0:
13:22:40.0359 3148 MBR partitions:
13:22:40.0359 3148 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A02471
13:22:40.0359 3148 \Device\Harddisk1\DR2:
13:22:40.0359 3148 MBR partitions:
13:22:40.0359 3148 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
13:22:40.0359 3148 ============================================================
13:22:40.0390 3148 C: <-> \Device\Harddisk0\DR0\Partition0
13:22:40.0593 3148 G: <-> \Device\Harddisk1\DR2\Partition0
13:22:40.0593 3148 ============================================================
13:22:40.0593 3148 Initialize success
13:22:40.0593 3148 ============================================================
13:23:05.0687 4816 ============================================================
13:23:05.0687 4816 Scan started
13:23:05.0687 4816 Mode: Manual; TDLFS;
13:23:05.0687 4816 ============================================================
13:23:06.0250 4816 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:23:06.0250 4816 !SASCORE - ok
13:23:06.0375 4816 Abiosdsk - ok
13:23:06.0375 4816 abp480n5 - ok
13:23:06.0421 4816 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:23:06.0437 4816 ACPI - ok
13:23:06.0468 4816 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:23:06.0468 4816 ACPIEC - ok
13:23:06.0546 4816 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:23:06.0546 4816 AdobeFlashPlayerUpdateSvc - ok
13:23:06.0562 4816 adpu160m - ok
13:23:06.0609 4816 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:23:06.0609 4816 aec - ok
13:23:06.0656 4816 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:23:06.0656 4816 AFD - ok
13:23:06.0671 4816 Aha154x - ok
13:23:06.0687 4816 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:23:06.0687 4816 aic78u2 - ok
13:23:06.0687 4816 aic78xx - ok
13:23:06.0734 4816 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
13:23:06.0734 4816 Alerter - ok
13:23:06.0750 4816 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
13:23:06.0750 4816 ALG - ok
13:23:06.0750 4816 AliIde - ok
13:23:06.0781 4816 Amfilter (f826b306d88c2cea3e64d1be7e83bb73) C:\WINDOWS\system32\DRIVERS\Amfilter.sys
13:23:06.0781 4816 Amfilter - ok
13:23:06.0796 4816 amsint - ok
13:23:06.0812 4816 Amusbprt (c861a356af7277f6ae23cc70b0a9559c) C:\WINDOWS\system32\DRIVERS\Amusbprt.sys
13:23:06.0812 4816 Amusbprt - ok
13:23:06.0921 4816 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
13:23:06.0921 4816 AOL ACS - ok
13:23:06.0968 4816 ApfiltrService (9910a9c7d307a9e156d951248601c33e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
13:23:06.0968 4816 ApfiltrService - ok
13:23:07.0031 4816 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:23:07.0031 4816 Apple Mobile Device - ok
13:23:07.0093 4816 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
13:23:07.0093 4816 AppMgmt - ok
13:23:07.0093 4816 asc - ok
13:23:07.0109 4816 asc3350p - ok
13:23:07.0109 4816 asc3550 - ok
13:23:07.0218 4816 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:23:07.0234 4816 aspnet_state - ok
13:23:07.0265 4816 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:23:07.0265 4816 AsyncMac - ok
13:23:07.0312 4816 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:23:07.0312 4816 atapi - ok
13:23:07.0312 4816 Atdisk - ok
13:23:07.0343 4816 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:23:07.0343 4816 Atmarpc - ok
13:23:07.0375 4816 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
13:23:07.0375 4816 AudioSrv - ok
13:23:07.0421 4816 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:23:07.0421 4816 audstub - ok
13:23:07.0468 4816 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
13:23:07.0468 4816 AVGIDSDriver - ok
13:23:07.0468 4816 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
13:23:07.0484 4816 AVGIDSEH - ok
13:23:07.0484 4816 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
13:23:07.0484 4816 AVGIDSFilter - ok
13:23:07.0500 4816 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
13:23:07.0500 4816 AVGIDSShim - ok
13:23:07.0531 4816 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
13:23:07.0531 4816 Avgldx86 - ok
13:23:07.0531 4816 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
13:23:07.0531 4816 Avgmfx86 - ok
13:23:07.0546 4816 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
13:23:07.0546 4816 Avgrkx86 - ok
13:23:07.0578 4816 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
13:23:07.0578 4816 Avgtdix - ok
13:23:07.0640 4816 b57w2k (bf9c01a3040d75bfb95beffa216173df) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
13:23:07.0656 4816 b57w2k - ok
13:23:07.0687 4816 BCMTPM (647cea50bcaac1034f3d2d655b9825fa) C:\WINDOWS\system32\DRIVERS\btpmw32.sys
13:23:07.0687 4816 BCMTPM - ok
13:23:07.0734 4816 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:23:07.0734 4816 Beep - ok
13:23:07.0781 4816 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
13:23:07.0812 4816 BITS - ok
13:23:07.0843 4816 Blfp (07a758bffb297819252aa72bab0e6611) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
13:23:07.0859 4816 Blfp - ok
13:23:07.0968 4816 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:23:08.0000 4816 Bonjour Service - ok
13:23:08.0046 4816 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
13:23:08.0046 4816 Browser - ok
13:23:08.0156 4816 Browser Defender Update Service (7229b58039d5a9338ad633e8ab60619c) C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
13:23:08.0156 4816 Browser Defender Update Service - ok
13:23:08.0187 4816 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:23:08.0187 4816 cbidf2k - ok
13:23:08.0187 4816 cd20xrnt - ok
13:23:08.0218 4816 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:23:08.0218 4816 Cdaudio - ok
13:23:08.0265 4816 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:23:08.0265 4816 Cdfs - ok
13:23:08.0281 4816 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:23:08.0281 4816 Cdrom - ok
13:23:08.0281 4816 Changer - ok
13:23:08.0312 4816 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
13:23:08.0312 4816 CiSvc - ok
13:23:08.0359 4816 CLBStor (3b15740f137b2b243fdae2e7b9c391f7) C:\WINDOWS\system32\drivers\CLBStor.sys
13:23:08.0359 4816 CLBStor - ok
13:23:08.0359 4816 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
13:23:08.0359 4816 ClipSrv - ok
13:23:08.0484 4816 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:23:08.0484 4816 clr_optimization_v2.0.50727_32 - ok
13:23:08.0484 4816 CmdIde - ok
13:23:08.0500 4816 COMSysApp - ok
13:23:08.0515 4816 Cpqarray - ok
13:23:08.0562 4816 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
13:23:08.0578 4816 CryptSvc - ok
13:23:08.0578 4816 dac2w2k - ok
13:23:08.0578 4816 dac960nt - ok
13:23:08.0640 4816 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:23:08.0640 4816 DcomLaunch - ok
13:23:08.0687 4816 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
13:23:08.0687 4816 Dhcp - ok
13:23:08.0703 4816 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:23:08.0703 4816 Disk - ok
13:23:08.0703 4816 dmadmin - ok
13:23:08.0765 4816 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:23:08.0781 4816 dmboot - ok
13:23:08.0796 4816 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
13:23:08.0812 4816 dmio - ok
13:23:08.0828 4816 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:23:08.0828 4816 dmload - ok
13:23:08.0859 4816 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
13:23:08.0859 4816 dmserver - ok
13:23:08.0859 4816 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:23:08.0859 4816 DMusic - ok
13:23:08.0890 4816 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
13:23:08.0906 4816 Dnscache - ok
13:23:08.0953 4816 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
13:23:08.0953 4816 Dot3svc - ok
13:23:08.0953 4816 dpti2o - ok
13:23:08.0984 4816 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:23:08.0984 4816 drmkaud - ok
13:23:09.0000 4816 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
13:23:09.0000 4816 EapHost - ok
13:23:09.0015 4816 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
13:23:09.0015 4816 ERSvc - ok
13:23:09.0062 4816 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:23:09.0062 4816 Eventlog - ok
13:23:09.0109 4816 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
13:23:09.0125 4816 EventSystem - ok
13:23:09.0171 4816 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:23:09.0171 4816 Fastfat - ok
13:23:09.0234 4816 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:23:09.0234 4816 FastUserSwitchingCompatibility - ok
13:23:09.0250 4816 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:23:09.0250 4816 Fdc - ok
13:23:09.0265 4816 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:23:09.0265 4816 Fips - ok
13:23:09.0265 4816 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:23:09.0281 4816 Flpydisk - ok
13:23:09.0328 4816 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:23:09.0328 4816 FltMgr - ok
13:23:09.0453 4816 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:23:09.0453 4816 FontCache3.0.0.0 - ok
13:23:09.0500 4816 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:23:09.0500 4816 Fs_Rec - ok
13:23:09.0500 4816 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:23:09.0515 4816 Ftdisk - ok
13:23:09.0546 4816 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:23:09.0546 4816 GEARAspiWDM - ok
13:23:09.0593 4816 ggflt (93ca4d9a0433be0edd0b9f2f26d5e54c) C:\WINDOWS\system32\DRIVERS\ggflt.sys
13:23:09.0593 4816 ggflt - ok
13:23:09.0640 4816 ggsemc (17e678aab82ccdfb80e7614504933895) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
13:23:09.0640 4816 ggsemc - ok
13:23:09.0671 4816 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:23:09.0671 4816 Gpc - ok
13:23:09.0718 4816 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:23:09.0718 4816 HDAudBus - ok
13:23:09.0796 4816 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:23:09.0796 4816 helpsvc - ok
13:23:09.0843 4816 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
13:23:09.0843 4816 HidServ - ok
13:23:09.0843 4816 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:23:09.0859 4816 hidusb - ok
13:23:09.0890 4816 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
13:23:09.0890 4816 hkmsvc - ok
13:23:09.0906 4816 hpn - ok
13:23:09.0953 4816 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:23:09.0953 4816 HTTP - ok
13:23:09.0984 4816 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
13:23:10.0000 4816 HTTPFilter - ok
13:23:10.0000 4816 i2omgmt - ok
13:23:10.0000 4816 i2omp - ok
13:23:10.0046 4816 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:23:10.0046 4816 i8042prt - ok
13:23:10.0296 4816 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
13:23:10.0421 4816 ialm - ok
13:23:10.0593 4816 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:23:10.0656 4816 idsvc - ok
13:23:10.0765 4816 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:23:10.0781 4816 Imapi - ok
13:23:10.0828 4816 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
13:23:10.0828 4816 ImapiService - ok
13:23:10.0843 4816 ini910u - ok
13:23:11.0109 4816 IntcAzAudAddService (a109fe3ca1ee4e92292b349de1b32f7b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:23:11.0156 4816 IntcAzAudAddService - ok
13:23:11.0296 4816 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:23:11.0296 4816 IntelIde - ok
13:23:11.0343 4816 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:23:11.0343 4816 intelppm - ok
13:23:11.0359 4816 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:23:11.0359 4816 Ip6Fw - ok
13:23:11.0390 4816 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:23:11.0390 4816 IpFilterDriver - ok
13:23:11.0421 4816 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:23:11.0421 4816 IpInIp - ok
13:23:11.0453 4816 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:23:11.0453 4816 IpNat - ok
13:23:11.0546 4816 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
13:23:11.0578 4816 iPod Service - ok
13:23:11.0625 4816 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:23:11.0625 4816 IPSec - ok
13:23:11.0625 4816 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:23:11.0625 4816 IRENUM - ok
13:23:11.0640 4816 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:23:11.0640 4816 isapnp - ok
13:23:11.0765 4816 JavaQuickStarterService (a456937acc87bb40d7e2331f1e3a2ac5) C:\Program Files\Java\jre7\bin\jqs.exe
13:23:11.0765 4816 JavaQuickStarterService - ok
13:23:11.0781 4816 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:23:11.0781 4816 Kbdclass - ok
13:23:11.0812 4816 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:23:11.0812 4816 kbdhid - ok
13:23:11.0843 4816 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:23:11.0859 4816 kmixer - ok
13:23:11.0921 4816 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:23:11.0921 4816 KSecDD - ok
13:23:11.0953 4816 L8042Kbd (79d1dbfec599ec47244af7b06ae2a04e) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
13:23:11.0953 4816 L8042Kbd - ok
13:23:12.0000 4816 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
13:23:12.0015 4816 lanmanserver - ok
13:23:12.0062 4816 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
13:23:12.0078 4816 lanmanworkstation - ok
13:23:12.0078 4816 lbrtfdc - ok
13:23:12.0125 4816 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
13:23:12.0125 4816 LmHosts - ok
13:23:12.0203 4816 MatSvc (ddf15a42e27e8efe27b18fd403151a86) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
13:23:12.0218 4816 MatSvc - ok
13:23:12.0250 4816 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
13:23:12.0250 4816 MBAMProtector - ok
13:23:12.0312 4816 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:23:12.0312 4816 MBAMService - ok
13:23:12.0375 4816 McAfee SiteAdvisor Service (6c3d154fff0a97a6c3d9f78d60c41655) c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
13:23:12.0390 4816 McAfee SiteAdvisor Service - ok
13:23:12.0437 4816 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
13:23:12.0437 4816 Messenger - ok
13:23:12.0484 4816 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:23:12.0484 4816 mnmdd - ok
13:23:12.0500 4816 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
13:23:12.0500 4816 mnmsrvc - ok
13:23:12.0515 4816 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:23:12.0515 4816 Modem - ok
13:23:12.0546 4816 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:23:12.0562 4816 Mouclass - ok
13:23:12.0593 4816 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:23:12.0593 4816 mouhid - ok
13:23:12.0609 4816 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:23:12.0609 4816 MountMgr - ok
13:23:12.0609 4816 mraid35x - ok
13:23:12.0640 4816 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:23:12.0640 4816 MRxDAV - ok
13:23:12.0687 4816 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:23:12.0703 4816 MRxSmb - ok
13:23:12.0750 4816 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
13:23:12.0750 4816 MSDTC - ok
13:23:12.0796 4816 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:23:12.0796 4816 Msfs - ok
13:23:12.0796 4816 MSIServer - ok
13:23:12.0796 4816 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:23:12.0812 4816 MSKSSRV - ok
13:23:12.0812 4816 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:23:12.0812 4816 MSPCLOCK - ok
13:23:12.0812 4816 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:23:12.0812 4816 MSPQM - ok
13:23:12.0843 4816 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:23:12.0843 4816 mssmbios - ok
13:23:12.0875 4816 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:23:12.0890 4816 Mup - ok
13:23:12.0937 4816 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
13:23:12.0953 4816 napagent - ok
13:23:12.0968 4816 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:23:12.0984 4816 NDIS - ok
13:23:13.0015 4816 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:23:13.0015 4816 NdisTapi - ok
13:23:13.0031 4816 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:23:13.0031 4816 Ndisuio - ok
13:23:13.0046 4816 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:23:13.0062 4816 NdisWan - ok
13:23:13.0093 4816 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:23:13.0093 4816 NDProxy - ok
13:23:13.0109 4816 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:23:13.0109 4816 NetBIOS - ok
13:23:13.0125 4816 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:23:13.0125 4816 NetBT - ok
13:23:13.0171 4816 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:23:13.0171 4816 NetDDE - ok
13:23:13.0187 4816 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:23:13.0187 4816 NetDDEdsdm - ok
13:23:13.0218 4816 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:23:13.0218 4816 Netlogon - ok
13:23:13.0234 4816 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
13:23:13.0234 4816 Netman - ok
13:23:13.0359 4816 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:23:13.0359 4816 NetTcpPortSharing - ok
13:23:13.0421 4816 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
13:23:13.0421 4816 Nla - ok
13:23:13.0468 4816 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:23:13.0468 4816 Npfs - ok
13:23:13.0515 4816 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:23:13.0546 4816 Ntfs - ok
13:23:13.0546 4816 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:23:13.0546 4816 NtLmSsp - ok
13:23:13.0609 4816 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
13:23:13.0625 4816 NtmsSvc - ok
13:23:13.0687 4816 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:23:13.0687 4816 Null - ok
13:23:13.0718 4816 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:23:13.0718 4816 NwlnkFlt - ok
13:23:13.0734 4816 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:23:13.0734 4816 NwlnkFwd - ok
13:23:13.0843 4816 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:23:13.0875 4816 odserv - ok
13:23:13.0921 4816 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:23:13.0921 4816 ose - ok
13:23:13.0953 4816 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:23:13.0953 4816 Parport - ok
13:23:13.0968 4816 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:23:13.0968 4816 PartMgr - ok
13:23:14.0000 4816 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:23:14.0000 4816 ParVdm - ok
13:23:14.0046 4816 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:23:14.0046 4816 PCI - ok
13:23:14.0046 4816 PCIDump - ok
13:23:14.0062 4816 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:23:14.0078 4816 PCIIde - ok
13:23:14.0093 4816 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:23:14.0093 4816 Pcmcia - ok
13:23:14.0125 4816 PCTBD (f66917b35d1e543065bdba7853d2e26d) C:\WINDOWS\system32\Drivers\PCTBD.sys
13:23:14.0125 4816 PCTBD - ok
13:23:14.0156 4816 PCTCore (f7da28f2ab6cd32b2f76ee96edad8f20) C:\WINDOWS\system32\drivers\PCTCore.sys
13:23:14.0156 4816 PCTCore - ok
13:23:14.0187 4816 pctDS (3c9fd593e95b98c642b4486cd122c2fb) C:\WINDOWS\system32\drivers\pctDS.sys
13:23:14.0187 4816 pctDS - ok
13:23:14.0234 4816 pctEFA (db6b6e47165b9647b215ceeb4db33b87) C:\WINDOWS\system32\drivers\pctEFA.sys
13:23:14.0234 4816 pctEFA - ok
13:23:14.0265 4816 pctgntdi (44f1a3783bfb232117210a1ca7458f29) C:\WINDOWS\system32\drivers\pctgntdi.sys
13:23:14.0265 4816 pctgntdi - ok
13:23:14.0312 4816 pctplsg (e0ad22bc7e8147e669d5cb894fc02df1) C:\WINDOWS\system32\drivers\pctplsg.sys
13:23:14.0312 4816 pctplsg - ok
13:23:14.0343 4816 PCTSD (4ef1f03db9064459b9019a19a860db89) C:\WINDOWS\system32\Drivers\PCTSD.sys
13:23:14.0343 4816 PCTSD - ok
13:23:14.0359 4816 PDCOMP - ok
13:23:14.0359 4816 PDFRAME - ok
13:23:14.0359 4816 PDRELI - ok
13:23:14.0375 4816 PDRFRAME - ok
13:23:14.0375 4816 perc2 - ok
13:23:14.0390 4816 perc2hib - ok
13:23:14.0437 4816 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:23:14.0437 4816 PlugPlay - ok
13:23:14.0468 4816 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:23:14.0468 4816 PolicyAgent - ok
13:23:14.0500 4816 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:23:14.0500 4816 PptpMiniport - ok
13:23:14.0500 4816 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:23:14.0500 4816 ProtectedStorage - ok
13:23:14.0515 4816 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:23:14.0515 4816 PSched - ok
13:23:14.0546 4816 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:23:14.0546 4816 Ptilink - ok
13:23:14.0546 4816 ql1080 - ok
13:23:14.0562 4816 Ql10wnt - ok
13:23:14.0562 4816 ql12160 - ok
13:23:14.0578 4816 ql1240 - ok
13:23:14.0578 4816 ql1280 - ok
13:23:14.0625 4816 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:23:14.0625 4816 RasAcd - ok
13:23:14.0671 4816 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
13:23:14.0671 4816 RasAuto - ok
13:23:14.0687 4816 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:23:14.0703 4816 Rasl2tp - ok
13:23:14.0750 4816 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
13:23:14.0750 4816 RasMan - ok
13:23:14.0750 4816 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:23:14.0765 4816 RasPppoe - ok
13:23:14.0765 4816 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:23:14.0765 4816 Raspti - ok
13:23:14.0781 4816 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:23:14.0796 4816 Rdbss - ok
13:23:14.0812 4816 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:23:14.0812 4816 RDPCDD - ok
13:23:14.0828 4816 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:23:14.0828 4816 rdpdr - ok
13:23:14.0890 4816 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
13:23:14.0890 4816 RDPWD - ok
13:23:14.0921 4816 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
13:23:14.0937 4816 RDSessMgr - ok
13:23:14.0953 4816 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:23:14.0953 4816 redbook - ok
13:23:15.0000 4816 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
13:23:15.0000 4816 RemoteAccess - ok
13:23:15.0015 4816 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
13:23:15.0015 4816 RemoteRegistry - ok
13:23:15.0031 4816 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
13:23:15.0031 4816 RpcLocator - ok
13:23:15.0078 4816 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:23:15.0078 4816 RpcSs - ok
13:23:15.0109 4816 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:23:15.0125 4816 RSVP - ok
13:23:15.0140 4816 SABProcEnum - ok
13:23:15.0171 4816 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:23:15.0171 4816 SamSs - ok
13:23:15.0281 4816 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:23:15.0281 4816 SASDIFSV - ok
13:23:15.0296 4816 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:23:15.0296 4816 SASKUTIL - ok
13:23:15.0312 4816 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
13:23:15.0312 4816 SCardSvr - ok
13:23:15.0359 4816 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
13:23:15.0375 4816 Schedule - ok
13:23:15.0812 4816 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
13:23:15.0828 4816 sdAuxService - ok
13:23:15.0890 4816 sdCoreService (44323c0bcbffa66a7a90e93f5d027999) C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
13:23:15.0906 4816 sdCoreService - ok
13:23:16.0031 4816 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:23:16.0046 4816 Secdrv - ok
13:23:16.0078 4816 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
13:23:16.0078 4816 seclogon - ok
13:23:16.0093 4816 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
13:23:16.0093 4816 SENS - ok
13:23:16.0109 4816 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:23:16.0109 4816 serenum - ok
13:23:16.0125 4816 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:23:16.0125 4816 Serial - ok
13:23:16.0140 4816 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:23:16.0140 4816 Sfloppy - ok
13:23:16.0203 4816 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
13:23:16.0203 4816 SharedAccess - ok
13:23:16.0250 4816 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:23:16.0250 4816 ShellHWDetection - ok
13:23:16.0250 4816 Simbad - ok
13:23:16.0453 4816 Skype C2C Service (4ca43b85f22c7739311788b651a779cb) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
13:23:16.0515 4816 Skype C2C Service - ok
13:23:16.0593 4816 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files\Skype\Updater\Updater.exe
13:23:16.0609 4816 SkypeUpdate - ok
13:23:16.0687 4816 Sony PC Companion (5177d14a78e60fd61dcfc6b388e7e971) C:\Program Files\Sony\Sony PC Companion\PCCService.exe
13:23:16.0703 4816 Sony PC Companion - ok
13:23:16.0796 4816 Sparrow - ok
13:23:16.0843 4816 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:23:16.0843 4816 splitter - ok
13:23:16.0875 4816 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:23:16.0875 4816 Spooler - ok
13:23:16.0890 4816 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:23:16.0890 4816 sr - ok
13:23:16.0953 4816 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
13:23:16.0968 4816 srservice - ok
13:23:17.0031 4816 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:23:17.0046 4816 Srv - ok
13:23:17.0062 4816 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
13:23:17.0062 4816 SSDPSRV - ok
13:23:17.0109 4816 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
13:23:17.0140 4816 stisvc - ok
13:23:17.0171 4816 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:23:17.0171 4816 swenum - ok
13:23:17.0218 4816 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:23:17.0218 4816 swmidi - ok
13:23:17.0218 4816 SwPrv - ok
13:23:17.0234 4816 symc810 - ok
13:23:17.0234 4816 symc8xx - ok
13:23:17.0250 4816 sym_hi - ok
13:23:17.0250 4816 sym_u3 - ok
13:23:17.0281 4816 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:23:17.0281 4816 sysaudio - ok
13:23:17.0328 4816 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
13:23:17.0343 4816 SysmonLog - ok
13:23:17.0359 4816 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
13:23:17.0359 4816 TapiSrv - ok
13:23:17.0421 4816 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:23:17.0437 4816 Tcpip - ok
13:23:17.0468 4816 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:23:17.0468 4816 TDPIPE - ok
13:23:17.0500 4816 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:23:17.0500 4816 TDTCP - ok
13:23:17.0515 4816 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:23:17.0515 4816 TermDD - ok
13:23:17.0546 4816 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
13:23:17.0546 4816 TermService - ok
13:23:17.0593 4816 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:23:17.0593 4816 Themes - ok
13:23:17.0640 4816 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
13:23:17.0640 4816 TlntSvr - ok
13:23:17.0640 4816 TosIde - ok
13:23:17.0687 4816 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
13:23:17.0687 4816 TrkWks - ok
13:23:17.0703 4816 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:23:17.0718 4816 Udfs - ok
13:23:17.0718 4816 ultra - ok
13:23:17.0875 4816 Uniblue.MaxiDiskSvc (6125f6f2cfabe63d216c3fc9b4ecc482) C:\Program Files\Uniblue\MaxiDisk\service.exe
13:23:17.0875 4816 Uniblue.MaxiDiskSvc - ok
13:23:17.0906 4816 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:23:17.0921 4816 Update - ok
13:23:17.0968 4816 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
13:23:17.0984 4816 upnphost - ok
13:23:18.0015 4816 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
13:23:18.0031 4816 UPS - ok
13:23:18.0062 4816 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:23:18.0078 4816 USBAAPL - ok
13:23:18.0109 4816 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:23:18.0109 4816 usbccgp - ok
13:23:18.0156 4816 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:23:18.0156 4816 usbehci - ok
13:23:18.0171 4816 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:23:18.0171 4816 usbhub - ok
13:23:18.0171 4816 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:23:18.0171 4816 usbprint - ok
13:23:18.0218 4816 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:23:18.0218 4816 usbscan - ok
13:23:18.0250 4816 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:23:18.0250 4816 USBSTOR - ok
13:23:18.0281 4816 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:23:18.0281 4816 usbuhci - ok
13:23:18.0296 4816 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:23:18.0296 4816 VgaSave - ok
13:23:18.0312 4816 ViaIde - ok
13:23:18.0312 4816 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:23:18.0312 4816 VolSnap - ok
13:23:18.0343 4816 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
13:23:18.0359 4816 VSS - ok
13:23:18.0375 4816 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
13:23:18.0390 4816 W32Time - ok
13:23:18.0437 4816 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:23:18.0437 4816 Wanarp - ok
13:23:18.0484 4816 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
13:23:18.0484 4816 wanatw - ok
13:23:18.0546 4816 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
13:23:18.0546 4816 Wdf01000 - ok
13:23:18.0562 4816 WDICA - ok
13:23:18.0593 4816 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:23:18.0609 4816 wdmaud - ok
13:23:18.0640 4816 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
13:23:18.0640 4816 WebClient - ok
13:23:18.0718 4816 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:23:18.0734 4816 winmgmt - ok
13:23:18.0781 4816 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
13:23:18.0781 4816 WmdmPmSN - ok
13:23:18.0828 4816 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
13:23:18.0843 4816 Wmi - ok
13:23:18.0890 4816 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:23:18.0890 4816 WmiAcpi - ok
13:23:18.0906 4816 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:23:18.0906 4816 WmiApSrv - ok
13:23:19.0015 4816 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
13:23:19.0031 4816 WMPNetworkSvc - ok
13:23:19.0046 4816 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:23:19.0046 4816 WpdUsb - ok
13:23:19.0093 4816 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:23:19.0093 4816 WS2IFSL - ok
13:23:19.0140 4816 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
13:23:19.0140 4816 wscsvc - ok
13:23:19.0140 4816 WSearch - ok
13:23:19.0156 4816 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
13:23:19.0156 4816 wuauserv - ok
13:23:19.0203 4816 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:23:19.0203 4816 WudfPf - ok
13:23:19.0218 4816 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:23:19.0218 4816 WudfRd - ok
13:23:19.0234 4816 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
13:23:19.0234 4816 WudfSvc - ok
13:23:19.0281 4816 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
13:23:19.0296 4816 WZCSVC - ok
13:23:19.0296 4816 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
13:23:19.0312 4816 xmlprov - ok
13:23:19.0453 4816 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (5867ce254625645345c833510d24f124) C:\Program Files\CyberLink\PowerDVD\000.fcl
13:23:19.0453 4816 {95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok
13:23:19.0484 4816 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:23:20.0015 4816 \Device\Harddisk0\DR0 - ok
13:23:20.0015 4816 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
13:23:20.0171 4816 \Device\Harddisk1\DR2 - ok
13:23:20.0171 4816 Boot (0x1200) (fbaa1b74d5ecfb63d407fbdc3ceab0e2) \Device\Harddisk0\DR0\Partition0
13:23:20.0187 4816 \Device\Harddisk0\DR0\Partition0 - ok
13:23:20.0187 4816 Boot (0x1200) (96384bb00a354cd909863de16b036e67) \Device\Harddisk1\DR2\Partition0
13:23:20.0187 4816 \Device\Harddisk1\DR2\Partition0 - ok
13:23:20.0187 4816 ============================================================
13:23:20.0187 4816 Scan finished
13:23:20.0187 4816 ============================================================
13:23:20.0203 5188 Detected object count: 0
13:23:20.0203 5188 Actual detected object count: 0


aswMBR report:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-23 13:26:32
-----------------------------
13:26:32.859 OS Version: Windows 5.1.2600 Service Pack 3
13:26:32.859 Number of processors: 2 586 0x40A
13:26:32.859 ComputerName: TONY UserName:
13:26:33.375 Initialize success
13:27:10.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
13:27:10.546 Disk 0 Vendor: ST3160815AS 3.ADA Size: 152587MB BusType: 3
13:27:10.562 Disk 0 MBR read successfully
13:27:10.562 Disk 0 MBR scan
13:27:10.562 Disk 0 Windows XP default MBR code
13:27:10.562 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152580 MB offset 63
13:27:10.562 Disk 0 scanning sectors +312485040
13:27:10.640 Disk 0 scanning C:\WINDOWS\system32\drivers
13:27:17.265 Service scanning
13:27:29.625 Modules scanning
13:27:35.265 Disk 0 trace - called modules:
13:27:35.281 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
13:27:35.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b498ab8]
13:27:35.281 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> [0x8b52cac0]
13:27:35.281 5 PCTCore.sys[b9e0a82d] -> nt!IofCallDriver -> \Device\00000071[0x8b52f9e8]
13:27:35.281 7 ACPI.sys[b9f48620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8b4fc940]
13:27:35.281 Scan finished successfully
13:28:07.421 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\DC7600\My Documents\MBR.dat"
13:28:07.421 The log file has been saved successfully to "C:\Documents and Settings\DC7600\My Documents\aswMBR.txt"


Mini-tools report:

MiniToolBox by Farbar Version: 22-07-2012
Ran by DC7600 (administrator) on 23-07-2012 at 13:30:06
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost


Rootrepeal report:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2012/07/23 12:46
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\DC7600\Cookies\J8ASF018.txt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\DC7600\Cookies\PGVRM1OU.txt
Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\dc7600\local settings\temporary internet files\content.ie5\index.dat
Status: Allocation size mismatch (API: 471040, Raw: 475136)

Path: C:\Documents and Settings\DC7600\Application Data\Microsoft\Office\Recent\A0043862.LNK
Status: Locked to the Windows API!

Path: C:\Documents and Settings\DC7600\Application Data\Microsoft\Office\Recent\A0043861.LNK
Status: Locked to the Windows API!

Path: C:\Documents and Settings\DC7600\Local Settings\Apps\2.0\DWZG6GDZ.T1A\JB90EPDB.H23\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xb9e3a0b8

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xb9e0637c

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xb9e06644

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xb9e3ae98

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xb9e3b1b0

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xb9e391fc

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys" at address 0xba429738

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xb9e3b67a

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xb9e3a418

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys" at address 0xba4297dc

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys" at address 0xba429878

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys" at address 0xba429914

Shadow SSDT
-------------------
#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys" at address 0xba428dfc

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys" at address 0xba428d3c

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys" at address 0xba428d90

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys" at address 0xba428cba

==EOF==

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:53 AM

Posted 23 July 2012 - 07:56 AM

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

Rogue killer

right click on it and select run as administrator

Now,click on HOSTS FIX option on right side

A log should get generated after the fix ,post the log here

#3 Tony Lucas

Tony Lucas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 23 July 2012 - 12:58 PM

OK. Action taken and reports below. Problem is still there.

Eset report:

C:\Documents and Settings\DC7600\My Documents\powersuite.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\Program Files\Uniblue\SpeedUpMyPC\spnotifier.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\Program Files\Uniblue\SpeedUpMyPC\sp_move_serial.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\Program Files\Uniblue\SpeedUpMyPC\sp_ubm.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined

Malware Bytes:

Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.23.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
DC7600 :: TONY [administrator]

Protection: Enabled

23/07/2012 15:08:59
mbam-log-2012-07-23 (15-08-59).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 261206
Time elapsed: 1 hour(s), 49 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Rogue Killer
Hosts Section

127.0.0.1 localhost
::1 localhost
149.5.18.173 www.google-analytics.com.
149.5.18.173 ad-emea.doubleclick.net.
149.5.18.173 www.statcounter.com.


108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.

MBR Section

¤¤¤ MBR Check: ¤¤¤



All the rest were blank

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:53 AM

Posted 23 July 2012 - 08:36 PM

Please run Rogue killer again and post the log :thumbup2:

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

Edited by narenxp, 23 July 2012 - 08:37 PM.


#5 Tony Lucas

Tony Lucas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 24 July 2012 - 07:16 AM

Rogue Killer reports:

I kept the initial report and then click delete (wasn't sure from your instruction if I should or not but seemed logical to kill) which gave a different report so here are both:

First ~

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: DC7600 [Admin rights]
Mode: Scan -- Date: 07/24/2012 12:35:58

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost
149.5.18.173 www.google-analytics.com.
149.5.18.173 ad-emea.doubleclick.net.
149.5.18.173 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160815AS +++++
--- User ---
[MBR] b63e556ceb5628bf54dafa6b40bb2780
[BSP] 23d37ec02deb056af564693b2ad8de6f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152580 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD503HI USB Device +++++
--- User ---
[MBR] a035a0e1bfcc397905c31238c8984360
[BSP] 7513c7bce2cd442021c252e9a5d12227 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

Second ~

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: DC7600 [Admin rights]
Mode: Shortcuts HJfix -- Date: 07/24/2012 12:40:11

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 18 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 46 / Fail 0
My documents: Success 23 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 1005 / Fail 0
Backup: [NOT FOUND]

Drives:
[A:] \Device\Floppy0 -- 0x2 --> Skipped
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\Harddisk2\DP(1)0-0+5 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume2 -- 0x3 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt


Mini-toolbox report:

MiniToolBox by Farbar Version: 22-07-2012
Ran by DC7600 (administrator) on 24-07-2012 at 12:43:37
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetXtreme Gigabit Ethernet = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Tony

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet

Physical Address. . . . . . . . . : 00-18-71-7B-CF-D6

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

192.168.1.1

Lease Obtained. . . . . . . . . . : 24 July 2012 12:16:49

Lease Expires . . . . . . . . . . : 25 July 2012 12:16:49

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 173.194.41.78, 173.194.41.72, 173.194.41.67, 173.194.41.73
173.194.41.64, 173.194.41.70, 173.194.41.69, 173.194.41.68, 173.194.41.65
173.194.41.71, 173.194.41.66



Pinging google.com [173.194.41.78] with 32 bytes of data:



Reply from 173.194.41.78: bytes=32 time=44ms TTL=55

Reply from 173.194.41.78: bytes=32 time=42ms TTL=55



Ping statistics for 173.194.41.78:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 42ms, Maximum = 44ms, Average = 43ms

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=170ms TTL=44

Reply from 209.191.122.70: bytes=32 time=167ms TTL=44



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 167ms, Maximum = 170ms, Average = 168ms

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 71 7b cf d6 ...... Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 20
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 20
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 20
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 02 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 03 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/17/2012 10:45:16 PM) (Source: MatSvc) (User: )
Description: The MATS service encountered a failure when uploading data. hr=0xC004F018

Error: (07/17/2012 10:45:16 PM) (Source: MatSvc) (User: )
Description: The MATS service encountered a web service failure. hr=0xC004F018

Error: (07/17/2012 06:50:03 PM) (Source: MatSvc) (User: )
Description: The MATS service encountered a failure when uploading data. hr=0xC004F018

Error: (07/17/2012 06:50:02 PM) (Source: MatSvc) (User: )
Description: The MATS service encountered a web service failure. hr=0xC004F018

Error: (07/17/2012 06:45:15 PM) (Source: MatSvc) (User: )
Description: The MATS service encountered a failure when uploading data. hr=0xC004F018

Error: (07/17/2012 06:45:15 PM) (Source: MatSvc) (User: )
Description: The MATS service encountered a web service failure. hr=0xC004F018

Error: (07/17/2012 02:50:02 PM) (Source: MatSvc) (User: )
Description: The MATS service encountered a failure when uploading data. hr=0xC004F018

Error: (07/17/2012 02:50:02 PM) (Source: MatSvc) (User: )
Description: The MATS service encountered a web service failure. hr=0xC004F018

Error: (07/17/2012 02:45:15 PM) (Source: MatSvc) (User: )
Description: The MATS service encountered a failure when uploading data. hr=0xC004F018

Error: (07/17/2012 02:45:15 PM) (Source: MatSvc) (User: )
Description: The MATS service encountered a web service failure. hr=0xC004F018


System errors:
=============
Error: (07/24/2012 00:41:36 PM) (Source: DCOM) (User: TONY)
Description: DCOM got error "%%1058" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/24/2012 00:36:50 PM) (Source: DCOM) (User: TONY)
Description: DCOM got error "%%1058" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/24/2012 00:11:51 PM) (Source: DCOM) (User: TONY)
Description: DCOM got error "%%1058" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/24/2012 00:11:33 PM) (Source: DCOM) (User: TONY)
Description: DCOM got error "%%1058" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/24/2012 00:11:20 PM) (Source: DCOM) (User: TONY)
Description: DCOM got error "%%1058" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/24/2012 00:11:03 PM) (Source: DCOM) (User: TONY)
Description: DCOM got error "%%1058" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/24/2012 00:10:47 PM) (Source: DCOM) (User: TONY)
Description: DCOM got error "%%1058" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/24/2012 00:10:30 PM) (Source: DCOM) (User: TONY)
Description: DCOM got error "%%1058" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/24/2012 00:10:12 PM) (Source: DCOM) (User: TONY)
Description: DCOM got error "%%1058" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/24/2012 00:09:55 PM) (Source: DCOM) (User: TONY)
Description: DCOM got error "%%1058" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}


Microsoft Office Sessions:
=========================
Error: (06/13/2012 10:06:22 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1869 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Adobe Acrobat 5.0 (Version: 5.1)
Adobe Digital Editions
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Amazon MP3 Downloader 1.0.9
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Audacity 2.0
BenVista PhotoZoom Pro 4.1.2 (Version: 4.1.2)
Bonjour (Version: 3.0.0.10)
Broadcom Management Programs (Version: 9.03.02)
Broadcom NetXtreme Ethernet Controller (Version: 9.02.06)
Broadcom TPM Driver Installer (Version: 9.01.03)
Browser Guard 4.0 (Version: 4.0.0.1550)
CCleaner (Version: 3.19)
Dell Touchpad (Version: 7.1207.101.220)
ESET Online Scanner v3
exPressit S.E. 3.0
Free YouTube to MP3 TURBO Converter 2011
Google Chrome (Version: 20.0.1132.57)
Intel® Graphics Media Accelerator Driver
iTunes (Version: 10.6.0.40)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 18 (Version: 6.0.180)
Java™ 7 Update 5 (Version: 7.0.50)
LAME v3.99.3 (for Windows)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
McAfee SiteAdvisor (Version: 3.4.195)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2000 Professional (Version: 9.00.2720)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OpenOffice.org 3.2 (Version: 3.2.9483)
Paint Shop Pro 5.01
PC Tools Spyware Doctor with AntiVirus 9.0 (Version: 9.0)
Photo Story 3 for Windows (Version: 3.0.1115.11)
PowerDVD (Version: 7.3.3730c.0)
Realtek High Definition Audio Driver (Version: 5.10.0.6167)
RecordPad Sound Recorder
Serif PhotoPlus X5 (Version: 15.0.2.012)
Serif WebPlus Starter Edition 3.0 (Version: 3.0.0.004)
Shockwave
Skype Click to Call (Version: 6.0.10201)
Skype™ 5.9 (Version: 5.9.114)
Sony Ericsson Update Engine (Version: 2.12.8.23)
Sony PC Companion 2.10.079 (Version: 2.10.079)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 5.1.1002)
Switch Sound File Converter
The Battle for Middle-earth ™
Two Thrones
Uniblue DriverScanner (Version: 4.0.7.1)
Uniblue MaxiDisk
Uniblue PowerSuite
Uniblue RegistryBooster
Uniblue SpeedUpMyPC (Version: 5.2.1.7)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Viewpoint Media Player
Warrior Kings
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
Xtreme Xtractor 1.5 Trial Version
Zoiper (Version: 2.37)

========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 3319.35 MB
Available physical RAM: 2043.08 MB
Total Pagefile: 6225.38 MB
Available Pagefile: 4722.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.61 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:149 GB) (Free:117.27 GB) NTFS
3 Drive d: (LOTRBFME) (CDROM) (Total:3.95 GB) (Free:0 GB) UDF
5 Drive g: (Iomega HDD) (Fixed) (Total:465.76 GB) (Free:391.42 GB) NTFS

========================= Users: ========================================

User accounts for \\TONY

Administrator ASPNET DC7600
Guest HelpAssistant SUPPORT_388945a0


**** End of log ****


FSSbar Report

Farbar Service Scanner Version: 22-07-2012
Ran by DC7600 (administrator) on 24-07-2012 at 12:48:08
Running from "C:\Documents and Settings\DC7600\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(8) Gpc(3) IPSec(5) NetBT(6) pctgntdi(9) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000009000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Adware Cleaner report:
# AdwCleaner v1.703 - Logfile created 07/24/2012 at 12:49:51
# Updated 20/07/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : DC7600 - TONY
# Running from : C:\Documents and Settings\DC7600\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found : C:\Program Files\Viewpoint
Folder Found : C:\Program Files\WiseConvert

***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\SOFTWARE\Viewpoint
Key Found : HKLM\SOFTWARE\WiseConvert

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Documents and Settings\DC7600\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found : "description": "The fastest way to search the web.",
Found : "default_icon": "browser_icon_babylon48.png",
Found : "default_title": "Babylon Toolbar"
Found : "description": "Babylon ToolBar",
Found : "128": "babylon48.png",
Found : "48": "babylon48.png"
Found : "name": "Babylon Toolbar",
Found : "path": "BabylonChromeToolBar.dll",
Found : "update_url": "hxxp://img.babylon.com/ext/chrome/update/update1.xml",
Found : "path": "C:\\Program Files\\Viewpoint\\Viewpoint Experience Technology\\npViewpoint.dll",

*************************

AdwCleaner[R1].txt - [3201 octets] - [24/07/2012 12:49:51]

########## EOF - C:\AdwCleaner[R1].txt - [3329 octets] ##########

Adware cleaner wants to reboot the PC so I will add another message to say if successful or not.

Thanks for all your help.

Tony

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:53 AM

Posted 24 July 2012 - 07:20 AM

Download

adware cleaner

Launch it click on Delete

post the generated log


Do not click on search,click on DELETE ,system will reboot

Post the log

You should be free from pop ups by now :thumbup2:

#7 Tony Lucas

Tony Lucas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 24 July 2012 - 07:50 AM

Final report from Adwcleaner:

# AdwCleaner v1.703 - Logfile created 07/24/2012 at 12:50:22
# Updated 20/07/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : DC7600 - TONY
# Running from : C:\Documents and Settings\DC7600\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\WiseConvert

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\WiseConvert

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Documents and Settings\DC7600\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",
Deleted : "default_icon": "browser_icon_babylon48.png",
Deleted : "default_title": "Babylon Toolbar"
Deleted : "description": "Babylon ToolBar",
Deleted : "128": "babylon48.png",
Deleted : "48": "babylon48.png"
Deleted : "name": "Babylon Toolbar",
Deleted : "path": "BabylonChromeToolBar.dll",
Deleted : "update_url": "hxxp://img.babylon.com/ext/chrome/update/update1.xml",
Deleted : "path": "C:\\Program Files\\Viewpoint\\Viewpoint Experience Technology\\npViewpoint.dll",

*************************

AdwCleaner[R1].txt - [3330 octets] - [24/07/2012 12:49:51]
AdwCleaner[S1].txt - [3331 octets] - [24/07/2012 12:50:22]

########## EOF - C:\AdwCleaner[S1].txt - [3459 octets] ##########


So far everything seems fine and that annoying pop seems to have gone.

What is the reference to Babylon Chrome Toolbar? Is that something to do with Google Chrome? If not, do I need to get rid of it?

Thank you so much. It was really getting annoying being re-routed everywhere. :clapping:

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:53 AM

Posted 24 July 2012 - 08:08 AM

What is the reference to Babylon Chrome Toolbar? Is that something to do with Google Chrome? If not, do I need to get rid of it?


Chrome was hijacked my babylon toolbar.Please make sure to reinstall google chrome to remove any traces left.

Uninstall uniblue registry booster

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#9 Tony Lucas

Tony Lucas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 27 July 2012 - 09:24 AM

I tried that but TFC just stops my Pc from running. It just hangs and I have to power off to restsrt it. I have tried severa times now but no luck. I gets as far as saying it is stopping the background processes but then it hangs forever. I left overnight to see if it was just slow but it just wasn't doing anything.

Any suggestions?

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:53 AM

Posted 27 July 2012 - 09:48 AM

Run it in safemode :thumbup2:

#11 Tony Lucas

Tony Lucas
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 30 July 2012 - 06:31 PM

Thank you. All done and everything seems to be working fine. Great job.

:clapping:

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:53 AM

Posted 30 July 2012 - 07:32 PM

You're welcome :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users