Jump to content

oz1222

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I dont think I set up that ProxyServer...What does that mean? Virus? Attached is the log. Result.txt
  2. Thank you for the quick response Computer Info: HP DV6700 4 GB Ram 32 Bit Vista Intel Core 2 Duo processor T5450 @ 1.66GHz Avira Antivirus Malwarebytes anti Malware Logs attached dds.txt attach.txt
  3. Hi, My PC is loading extremely slowly on Startup. Ive tried to minimize the stuff loading in the begining, but it didnt seem to help. I am running windows Vista on an HP Pavilion dv6000. What can I do to help this problem? Thank you,
  4. Thank you very much. I do have the pro version of Malwarebytes now. I also followed your other suggestions and will be starting a new post with my laptop. Thank you!
  5. Fantastic, Thank you for all of your help. This has already improved the performance of my computer a great deal. Thanks! Would it be possible to go through a similar diagnostic process for my laptop? There are not any obvious issues occuring to speak of, however I did have some viruses that malwarebyes has found and wiped out.
  6. Here is that URL http://www.pcpitstop.com/betapit/sec.asp?conid=24405456
  7. I followed your directions to a tee. Windows is updated to service pack 3 as well. Everything seems to be running well. I do, however, notice on Internet explorer, the screen scrolls in waves. Maybe it always has, but I just dont remember seeing that in the past. Is that normal or does it indicate an issue? It could be my monitor, however. Several months ago, it all the sudden got a lot dimmer than it used to be. I think it is burning out or something.
  8. Here are the two logs. Everything seems to be running good now. No more popups and google searches not being redirected. Thanks again! ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6522 # api_version=3.0.2 # EOSSerial=91768e5b39744e4cbd07f1b11aeb48ac # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-05-30 03:33:46 # local_time=2011-05-30 11:33:46 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=1797 16775141 100 93 0 42361126 0 0 # compatibility_mode=6143 16777215 0 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=54277 # found=0 # cleaned=0 # scan_time=1852 Results of screen317's Security Check version 0.99.12 Windows XP Service Pack 2 Out of date service pack!! Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Avira AntiVir Personal - Free Antivirus ESET Online Scanner v3 SonicStage Mastering Studio Audio Filter Custom Preset Avira successfully updated! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Adobe Flash Player Adobe Reader 6.0.1 Out of date Adobe Reader installed! ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Windows Defender MsMpEng.exe ``````````End of Log````````````
  9. I ran Combofix, however, it kept telling me that my Avira "Antivir Desktop" was still running. I shut it down per the instructions, but it continued to say it was running. I wasnt sure what to do, so I continued with the Combofix scan. Here is the log: ComboFix 11-05-25.01 - Jason Osolin 05/25/2011 18:05:47.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.536 [GMT -4:00] Running from: c:\documents and settings\Jason Osolin\Desktop\ComboFix.exe AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\jestertb.dll . . ((((((((((((((((((((((((( Files Created from 2011-04-25 to 2011-05-25 ))))))))))))))))))))))))))))))) . . 2011-05-25 21:24 . 2011-05-25 21:24 -------- d-----w- c:\windows\LastGood 2011-05-24 06:09 . 2011-05-24 06:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer 2011-05-24 00:19 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2011-05-24 00:19 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2011-05-24 00:18 . 2011-05-24 00:18 -------- d-----w- c:\program files\iPod 2011-05-24 00:18 . 2011-05-24 00:19 -------- d-----w- c:\program files\iTunes 2011-05-24 00:18 . 2011-05-24 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2011-05-24 00:18 . 2011-05-24 00:18 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll 2011-05-24 00:16 . 2011-05-24 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2011-05-20 19:50 . 2011-05-22 22:00 -------- d-----w- c:\windows\system32\NtmsData 2011-05-20 18:35 . 2011-05-20 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG 2011-05-20 18:23 . 2011-05-20 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant 2011-05-20 18:21 . 2011-05-20 18:21 -------- d-----w- c:\program files\Common Files\HP 2011-05-20 18:19 . 2008-10-29 23:44 737280 ----a-w- c:\windows\system32\hposwia_p02a.dll 2011-05-20 18:19 . 2008-10-29 00:31 372736 ----a-w- c:\windows\system32\hppldcoi.dll 2011-05-20 18:19 . 2008-10-10 09:10 966656 ----a-w- c:\windows\system32\hpost_p02a.dll 2011-05-20 18:19 . 2008-10-10 09:10 307200 ----a-w- c:\windows\system32\hposc_p02a.dll 2011-05-20 18:19 . 2008-10-29 00:31 309760 ----a-w- c:\windows\system32\difxapi.dll 2011-05-20 18:04 . 2011-05-20 18:13 -------- d-----w- c:\windows\SxsCaPendDel 2011-05-20 17:27 . 2011-05-20 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2011-05-20 16:48 . 2008-10-17 18:55 321536 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp696.dll 2011-05-20 16:48 . 2008-10-17 15:45 118272 ----a-w- c:\windows\system32\hpz3l696.dll 2011-05-20 16:48 . 2009-03-03 18:12 261432 ----a-w- c:\windows\system32\hpzids01.dll 2011-05-20 16:48 . 2011-05-20 16:48 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2011-05-20 16:47 . 2001-08-17 17:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys 2011-05-20 16:47 . 2001-08-17 17:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys 2011-05-20 16:45 . 2011-05-24 00:19 -------- dc----w- c:\windows\system32\DRVSTORE 2011-05-20 16:45 . 2011-05-20 16:45 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2011-05-20 16:44 . 2011-05-20 18:22 -------- d-----w- c:\program files\HP 2011-05-20 16:44 . 2004-08-04 02:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2011-05-20 16:44 . 2004-08-04 02:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2011-05-20 16:44 . 2004-08-04 03:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2011-05-20 16:44 . 2004-08-04 03:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2011-05-20 16:44 . 2004-08-04 03:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2011-05-20 16:44 . 2004-08-04 03:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2011-05-20 16:19 . 2011-04-01 21:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-05-20 16:19 . 2011-04-01 21:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-05-20 16:19 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-05-20 16:19 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-05-20 16:19 . 2011-05-20 16:19 -------- d-----w- c:\program files\Avira 2011-05-20 16:19 . 2011-05-20 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-05-20 03:44 . 2007-03-09 15:25 2321288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-05-20 03:44 . 2011-05-18 16:37 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{9892F134-BC6D-448B-BD00-5565CF85AB0D}\mpengine.dll 2011-05-20 03:44 . 2011-02-02 22:11 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-20 03:22 . 2011-05-20 03:22 -------- d-----w- c:\program files\Windows Defender 2011-05-20 01:05 . 2000-12-12 04:06 24424 ----a-r- c:\windows\system32\drivers\NET8511.SYS 2011-05-20 01:02 . 2011-05-20 01:02 -------- d-----w- c:\program files\Common Files\Adobe 2011-05-20 00:42 . 2011-05-20 00:42 -------- d-----w- c:\windows\Sun 2011-05-19 23:52 . 2011-05-19 23:52 -------- d-----w- c:\program files\Microsoft Works 2011-05-19 23:51 . 2011-05-19 23:51 -------- d-----w- c:\program files\Microsoft.NET 2011-05-19 23:48 . 2011-05-19 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2011-05-19 23:48 . 2011-05-19 23:48 -------- d-----r- C:\MSOCache 2011-05-19 23:43 . 2011-05-19 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2011-05-19 23:42 . 2011-05-19 23:42 -------- d-----w- c:\program files\interMute 2011-05-19 23:42 . 2011-05-19 23:29 -------- d-----w- c:\program files\MoodLogic 2011-05-19 23:40 . 2011-05-19 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\VAIO Media Platform 2011-05-19 23:40 . 2011-05-19 23:40 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll 2011-05-19 23:40 . 2011-05-19 23:40 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll 2011-05-19 23:40 . 2003-02-27 20:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll 2011-05-19 23:40 . 2002-12-05 18:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll 2011-05-19 23:40 . 2002-12-02 19:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe 2011-05-19 23:40 . 2002-12-02 17:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll 2011-05-19 23:40 . 2002-12-02 17:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll 2011-05-19 23:37 . 2011-05-19 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit 2011-05-19 23:37 . 2011-05-19 23:24 -------- d-----w- c:\program files\Quicken 2011-05-19 23:37 . 2002-11-21 14:57 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll 2011-05-19 23:37 . 2002-11-21 14:57 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll 2011-05-19 23:37 . 2002-11-21 14:57 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll 2011-05-19 23:37 . 2002-11-21 14:57 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll 2011-05-19 23:37 . 2002-11-21 14:57 188416 ----a-w- c:\windows\system32\IVIresizePX.dll 2011-05-19 23:37 . 2002-11-21 14:57 20480 ----a-w- c:\windows\system32\IVIresize.dll 2011-05-19 23:37 . 2011-05-19 23:39 -------- d-----w- c:\program files\InterVideo 2011-05-19 23:36 . 2004-02-10 15:01 3130328 ----a-w- c:\program files\Online Services\AOL Instant Messenger Setup\aimsetup.exe 2011-05-19 23:36 . 2001-09-28 21:00 128608 ----a-w- c:\program files\Online Services\AOL Instant Messenger Setup\Unwise.exe 2011-05-19 23:30 . 2011-05-19 23:30 -------- d-----w- c:\program files\Sonic 2011-05-19 23:30 . 2003-10-07 23:55 2981888 ----a-w- c:\windows\system32\iplw7.dll 2011-05-19 23:30 . 2003-10-07 23:55 2502656 ----a-w- c:\windows\system32\iplpx.dll 2011-05-19 23:30 . 2003-10-07 23:55 2785280 ----a-w- c:\windows\system32\iplm6.dll 2011-05-19 23:30 . 2003-10-07 23:55 2686976 ----a-w- c:\windows\system32\iplm5.dll 2011-05-19 23:30 . 2003-10-07 23:55 2531328 ----a-w- c:\windows\system32\iplp6.dll 2011-05-19 23:30 . 2003-10-07 23:55 53248 ----a-w- c:\windows\system32\ipl.dll 2011-05-19 23:30 . 2003-10-07 23:55 2973696 ----a-w- c:\windows\system32\ipla6.dll 2011-05-19 23:30 . 2003-10-07 23:55 19968 ----a-w- c:\windows\system32\Cpuinf32.dll 2011-05-19 23:28 . 2004-05-13 22:53 757760 ----a-w- c:\windows\system32\CDDBUI.dll 2011-05-19 23:28 . 2004-05-13 22:53 630784 ----a-w- c:\windows\system32\CDDBControl.dll 2011-05-19 23:27 . 2011-05-19 23:27 -------- d-----w- c:\program files\Common Files\Borland Shared 2011-05-19 23:27 . 2011-05-19 23:51 -------- d-----w- c:\windows\ShellNew 2011-05-19 23:27 . 2011-05-19 23:27 -------- d-----w- c:\program files\WordPerfect Office 12 2011-05-19 23:27 . 2011-05-19 23:27 -------- d-----w- c:\program files\Common Files\Corel 2011-05-19 23:24 . 2011-05-25 02:16 -------- d-----w- c:\documents and settings\Jason Osolin 2011-05-19 23:15 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2011-05-19 23:15 . 2001-08-17 21:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys 2011-05-19 22:51 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-19 22:51 . 2011-05-19 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-05-19 22:51 . 2011-05-19 23:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-19 22:51 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-19 22:47 . 2011-05-19 22:47 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-05-19 22:32 . 2009-01-07 22:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2011-05-19 22:31 . 2011-05-19 22:32 -------- dc-h--w- c:\windows\ie8 2011-05-19 22:20 . 2004-08-04 03:08 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys 2011-05-19 22:20 . 2004-08-04 03:08 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys 2011-05-19 22:20 . 2002-10-28 15:17 411008 ----a-w- c:\windows\system32\drivers\QSoftAud.sys 2011-05-19 22:20 . 2002-08-27 20:33 365460 ----a-w- c:\windows\system32\drivers\pscaudio.sys 2011-05-19 22:20 . 2002-07-18 18:47 9600 ----a-w- c:\windows\system32\drivers\QsndEnum.sys 2011-05-19 22:20 . 2002-06-19 19:23 135168 ----a-w- c:\windows\pscunins.dat 2011-05-19 22:20 . 2002-06-19 19:19 155648 ----a-w- c:\windows\pscunins.exe 2011-05-19 22:20 . 2002-02-19 13:10 32768 ----a-w- c:\windows\system32\pscprop.dll 2011-05-19 22:20 . 2001-05-24 19:57 22048 ----a-w- c:\windows\system32\cocpyinf.dll 2011-05-19 22:20 . 2003-01-13 22:28 159744 ----a-w- c:\windows\system32\qlmp.dll 2011-05-19 22:20 . 2002-09-12 18:22 65536 ----a-w- c:\windows\system32\Psa2.cpl 2011-05-19 22:19 . 2011-05-19 22:19 -------- d-----w- c:\program files\Philips 2011-05-19 22:12 . 2011-05-19 22:12 -------- d-----w- c:\documents and settings\All Users\SonicStage 2011-05-19 22:07 . 2008-02-26 11:59 294912 -c----w- c:\windows\system32\dllcache\msctf.dll 2011-05-19 22:04 . 2011-05-19 22:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 88363] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952] "SoundMan"="SOUNDMAN.EXE" [2004-10-21 77824] "AlcWzrd"="ALCWZRD.EXE" [2004-10-22 2744832] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-10 344064] "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-09-22 151552] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\{71C4F928-136A-4222-A191-310E081FB96B}\\setup\\hpznui01.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/20/2011 12:19 PM 136360] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/19/2011 6:51 PM 363344] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] R3 ADM8511;Belkin USB Ethernet Adapter;c:\windows\system32\drivers\NET8511.SYS [5/19/2011 9:05 PM 24424] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/19/2011 6:51 PM 20952] R3 PSC60x;Philips PCI Audio Driver (WDM);c:\windows\system32\drivers\pscaudio.sys [5/19/2011 6:20 PM 365460] R3 QsndEnum;QSound Virtual Audio Devices Bus Enumerator;c:\windows\system32\drivers\QsndEnum.sys [5/19/2011 6:20 PM 9600] R3 QSoftAud;Philips Sound Agent 2 (WDM);c:\windows\system32\drivers\QSoftAud.sys [5/19/2011 6:20 PM 411008] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2011-05-25 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20] . 2011-05-19 c:\windows\Tasks\Registration reminder 2.job - c:\windows\system32\OOBE\oobebaln.exe [2004-11-15 12:00] . 2011-05-19 c:\windows\Tasks\Registration reminder 3.job - c:\windows\system32\OOBE\oobebaln.exe [2004-11-15 12:00] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . - - - - ORPHANS REMOVED - - - - . AddRemove-{2D250E57-9890-44a6-B08F-5C02C991EF24} - c:\program files\HP\Digital Imaging\{2D250E57-9890-44a6-B08F-5C02C991EF24}\setup\hpzscr01.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-25 18:12 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(840) c:\windows\system32\Ati2evxx.dll . Completion time: 2011-05-25 18:14:07 ComboFix-quarantined-files.txt 2011-05-25 22:14 . Pre-Run: 182,798,495,744 bytes free Post-Run: 184,463,912,960 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 171CAE348AC76120891673C53D048D66 I also ran DDS, Here is the log from that: . DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Jason Osolin at 19:21:16 on 2011-05-25 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.501 [GMT -4:00] . AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Jason Osolin\Desktop\dds.scr C:\WINDOWS\system32\WSCRIPT.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople uInternet Settings,ProxyOverride = *.local BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe mRun: [soundMan] SOUNDMAN.EXE mRun: [AlcWzrd] ALCWZRD.EXE mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab Notify: AtiExtEvent - Ati2evxx.dll Notify: igfxcui - igfxsrvc.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll . ============= SERVICES / DRIVERS =============== . R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-20 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-20 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-20 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-20 61960] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-19 363344] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 ADM8511;Belkin USB Ethernet Adapter;c:\windows\system32\drivers\NET8511.SYS [2011-5-19 24424] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-19 20952] R3 PSC60x;Philips PCI Audio Driver (WDM);c:\windows\system32\drivers\pscaudio.sys [2011-5-19 365460] R3 QsndEnum;QSound Virtual Audio Devices Bus Enumerator;c:\windows\system32\drivers\QsndEnum.sys [2011-5-19 9600] R3 QSoftAud;Philips Sound Agent 2 (WDM);c:\windows\system32\drivers\QSoftAud.sys [2011-5-19 411008] . =============== Created Last 30 ================ . 2011-05-25 22:03:40 -------- d-sha-r- C:\cmdcons 2011-05-25 22:02:08 98816 ----a-w- c:\windows\sed.exe 2011-05-25 22:02:08 89088 ----a-w- c:\windows\MBR.exe 2011-05-25 22:02:08 256512 ----a-w- c:\windows\PEV.exe 2011-05-25 22:02:08 161792 ----a-w- c:\windows\SWREG.exe 2011-05-25 21:24:12 -------- d-----w- c:\windows\system32\SoftwareDistribution 2011-05-24 00:19:48 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2011-05-24 00:19:48 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2011-05-24 00:18:57 -------- d-----w- c:\program files\iPod 2011-05-24 00:18:54 -------- d-----w- c:\program files\iTunes 2011-05-24 00:18:54 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2011-05-24 00:18:21 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2011-05-24 00:18:21 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2011-05-24 00:18:21 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2011-05-24 00:18:21 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2011-05-24 00:18:21 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2011-05-24 00:18:21 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2011-05-24 00:18:21 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2011-05-24 00:17:32 -------- d-----w- c:\documents and settings\jason osolin\local settings\application data\Apple 2011-05-24 00:17:03 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-05-24 00:17:03 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-05-24 00:16:30 -------- d-----w- c:\program files\Bonjour 2011-05-23 23:17:29 -------- d-----w- c:\documents and settings\jason osolin\local settings\application data\Apple Computer 2011-05-20 19:50:13 -------- d-----w- c:\windows\system32\NtmsData 2011-05-20 19:49:06 -------- d-----w- c:\documents and settings\jason osolin\application data\Avira 2011-05-20 18:35:50 -------- d-----w- c:\documents and settings\all users\application data\WEBREG 2011-05-20 18:35:17 -------- d-----w- c:\documents and settings\jason osolin\local settings\application data\HP 2011-05-20 18:21:02 -------- d-----w- c:\program files\common files\HP 2011-05-20 18:19:35 966656 ----a-w- c:\windows\system32\hpost_p02a.dll 2011-05-20 18:19:35 737280 ----a-w- c:\windows\system32\hposwia_p02a.dll 2011-05-20 18:19:35 372736 ----a-w- c:\windows\system32\hppldcoi.dll 2011-05-20 18:19:35 307200 ----a-w- c:\windows\system32\hposc_p02a.dll 2011-05-20 18:19:34 309760 ----a-w- c:\windows\system32\difxapi.dll 2011-05-20 18:04:07 -------- d-----w- c:\windows\SxsCaPendDel 2011-05-20 16:48:50 321536 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp696.dll 2011-05-20 16:48:50 118272 ----a-w- c:\windows\system32\hpz3l696.dll 2011-05-20 16:48:49 261432 ----a-w- c:\windows\system32\hpzids01.dll 2011-05-20 16:47:41 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys 2011-05-20 16:47:41 6784 ----a-w- c:\windows\system32\drivers\serscan.sys 2011-05-20 16:45:36 -------- d-----w- c:\program files\common files\Hewlett-Packard 2011-05-20 16:44:46 -------- d-----w- c:\program files\HP 2011-05-20 16:44:42 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2011-05-20 16:44:42 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2011-05-20 16:44:40 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2011-05-20 16:44:40 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2011-05-20 16:44:35 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2011-05-20 16:44:35 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2011-05-20 16:19:33 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-05-20 16:19:26 -------- d-----w- c:\program files\Avira 2011-05-20 16:19:26 -------- d-----w- c:\documents and settings\all users\application data\Avira 2011-05-20 03:44:50 2321288 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll 2011-05-20 03:44:45 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{9892f134-bc6d-448b-bd00-5565cf85ab0d}\mpengine.dll 2011-05-20 03:44:44 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-20 01:05:04 24424 ----a-r- c:\windows\system32\drivers\NET8511.SYS 2011-05-20 01:02:30 -------- d-----w- c:\documents and settings\jason osolin\local settings\application data\Adobe 2011-05-19 23:48:43 -------- d-----w- c:\documents and settings\jason osolin\local settings\application data\Microsoft Help 2011-05-19 23:44:06 -------- d-----w- c:\documents and settings\jason osolin\application data\Symantec 2011-05-19 23:43:29 -------- d-----w- c:\documents and settings\all users\application data\Symantec 2011-05-19 23:42:38 -------- d-----w- c:\program files\interMute 2011-05-19 23:42:21 -------- d-----w- c:\program files\MoodLogic 2011-05-19 23:40:59 -------- d-----w- c:\documents and settings\all users\application data\VAIO Media Platform 2011-05-19 23:40:31 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll 2011-05-19 23:40:31 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll 2011-05-19 23:40:31 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe 2011-05-19 23:40:31 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll 2011-05-19 23:40:31 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll 2011-05-19 23:40:31 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll 2011-05-19 23:40:31 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll 2011-05-19 23:37:54 -------- d-----w- c:\program files\Quicken 2011-05-19 23:37:54 -------- d-----w- c:\documents and settings\all users\application data\Intuit 2011-05-19 23:37:10 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll 2011-05-19 23:37:10 20480 ----a-w- c:\windows\system32\IVIresize.dll 2011-05-19 23:37:10 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll 2011-05-19 23:37:10 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll 2011-05-19 23:37:10 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll 2011-05-19 23:37:10 188416 ----a-w- c:\windows\system32\IVIresizePX.dll 2011-05-19 23:37:08 -------- d-----w- c:\program files\InterVideo 2011-05-19 23:36:22 3130328 ----a-w- c:\program files\online services\aol instant messenger setup\aimsetup.exe 2011-05-19 23:36:22 128608 ----a-w- c:\program files\online services\aol instant messenger setup\Unwise.exe 2011-05-19 23:30:44 -------- d-----w- c:\program files\Sonic 2011-05-19 23:30:21 53248 ----a-w- c:\windows\system32\ipl.dll 2011-05-19 23:30:21 2981888 ----a-w- c:\windows\system32\iplw7.dll 2011-05-19 23:30:21 2973696 ----a-w- c:\windows\system32\ipla6.dll 2011-05-19 23:30:21 2785280 ----a-w- c:\windows\system32\iplm6.dll 2011-05-19 23:30:21 2686976 ----a-w- c:\windows\system32\iplm5.dll 2011-05-19 23:30:21 2531328 ----a-w- c:\windows\system32\iplp6.dll 2011-05-19 23:30:21 2502656 ----a-w- c:\windows\system32\iplpx.dll 2011-05-19 23:30:21 19968 ----a-w- c:\windows\system32\Cpuinf32.dll 2011-05-19 23:28:44 757760 ----a-w- c:\windows\system32\CDDBUI.dll 2011-05-19 23:28:44 630784 ----a-w- c:\windows\system32\CDDBControl.dll 2011-05-19 23:27:41 -------- d-----w- c:\program files\common files\Borland Shared 2011-05-19 23:27:29 -------- d-----w- c:\windows\ShellNew 2011-05-19 23:27:22 -------- d-----w- c:\program files\WordPerfect Office 12 2011-05-19 23:27:22 -------- d-----w- c:\program files\common files\Corel 2011-05-19 23:15:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2011-05-19 23:15:48 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys 2011-05-19 22:52:09 -------- d-----w- c:\documents and settings\jason osolin\application data\Malwarebytes 2011-05-19 22:51:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-19 22:51:41 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-05-19 22:51:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-19 22:51:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-19 22:42:40 -------- d-sh--w- c:\documents and settings\jason osolin\IECompatCache 2011-05-19 22:40:36 -------- d-sh--w- c:\documents and settings\jason osolin\PrivacIE 2011-05-19 22:37:58 -------- d-----w- c:\documents and settings\jason osolin\local settings\application data\ApplicationHistory 2011-05-19 22:37:47 -------- d-sh--w- c:\documents and settings\jason osolin\IETldCache 2011-05-19 22:32:19 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2011-05-19 22:31:27 -------- dc-h--w- c:\windows\ie8 2011-05-19 22:20:23 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys 2011-05-19 22:20:23 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys 2011-05-19 22:20:03 9600 ----a-w- c:\windows\system32\drivers\QsndEnum.sys 2011-05-19 22:20:03 411008 ----a-w- c:\windows\system32\drivers\QSoftAud.sys 2011-05-19 22:20:03 365460 ----a-w- c:\windows\system32\drivers\pscaudio.sys 2011-05-19 22:20:03 32768 ----a-w- c:\windows\system32\pscprop.dll 2011-05-19 22:20:03 22048 ----a-w- c:\windows\system32\cocpyinf.dll 2011-05-19 22:20:03 155648 ----a-w- c:\windows\pscunins.exe 2011-05-19 22:20:03 135168 ----a-w- c:\windows\pscunins.dat 2011-05-19 22:20:00 65536 ----a-w- c:\windows\system32\Psa2.cpl 2011-05-19 22:20:00 159744 ----a-w- c:\windows\system32\qlmp.dll 2011-05-19 22:19:59 -------- d-----w- c:\program files\Philips 2011-05-19 22:12:11 -------- d-----w- c:\documents and settings\all users\SonicStage 2011-05-19 22:07:50 294912 -c----w- c:\windows\system32\dllcache\msctf.dll 2011-05-19 22:04:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-19 21:08:40 -------- d-sh--w- c:\documents and settings\jason osolin\UserData . ==================== Find3M ==================== . 2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 20:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2011-04-06 20:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe . ============= FINISH: 19:21:44.50 =============== Thank you for all of your help!!
  10. I ran TDDS rootkit removing tool, Here is the log: 2011/05/24 22:04:31.0984 3716 TDSS rootkit removing tool 2.5.2.0 May 24 2011 11:01:23 2011/05/24 22:04:32.0390 3716 ================================================================================ 2011/05/24 22:04:32.0390 3716 SystemInfo: 2011/05/24 22:04:32.0390 3716 2011/05/24 22:04:32.0390 3716 OS Version: 5.1.2600 ServicePack: 2.0 2011/05/24 22:04:32.0390 3716 Product type: Workstation 2011/05/24 22:04:32.0390 3716 ComputerName: OZDESKTOP 2011/05/24 22:04:32.0406 3716 UserName: Jason Osolin 2011/05/24 22:04:32.0406 3716 Windows directory: C:\WINDOWS 2011/05/24 22:04:32.0406 3716 System windows directory: C:\WINDOWS 2011/05/24 22:04:32.0406 3716 Processor architecture: Intel x86 2011/05/24 22:04:32.0406 3716 Number of processors: 2 2011/05/24 22:04:32.0406 3716 Page size: 0x1000 2011/05/24 22:04:32.0406 3716 Boot type: Normal boot 2011/05/24 22:04:32.0406 3716 ================================================================================ 2011/05/24 22:04:33.0921 3716 Initialize success 2011/05/24 22:04:39.0109 0644 ================================================================================ 2011/05/24 22:04:39.0109 0644 Scan started 2011/05/24 22:04:39.0109 0644 Mode: Manual; 2011/05/24 22:04:39.0109 0644 ================================================================================ 2011/05/24 22:04:40.0171 0644 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/05/24 22:04:40.0234 0644 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/05/24 22:04:40.0296 0644 ADM8511 (d3fd36c3dab82cd4c85a4bd9a6538a6b) C:\WINDOWS\system32\DRIVERS\NET8511.SYS 2011/05/24 22:04:40.0421 0644 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys 2011/05/24 22:04:40.0515 0644 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys 2011/05/24 22:04:40.0640 0644 AgereSoftModem (f1beed4f73b9a37e6d30885a0851a1c1) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 2011/05/24 22:04:41.0015 0644 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/05/24 22:04:41.0234 0644 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/05/24 22:04:41.0296 0644 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/05/24 22:04:41.0406 0644 ati2mtag (5658b0f5c6bd9d77723b93398e48f0f3) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/05/24 22:04:41.0468 0644 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/05/24 22:04:41.0515 0644 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/05/24 22:04:41.0593 0644 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/05/24 22:04:41.0625 0644 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2011/05/24 22:04:41.0656 0644 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2011/05/24 22:04:41.0718 0644 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/05/24 22:04:41.0781 0644 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/05/24 22:04:41.0859 0644 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/05/24 22:04:41.0890 0644 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/05/24 22:04:41.0953 0644 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/05/24 22:04:42.0093 0644 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/05/24 22:04:42.0171 0644 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys 2011/05/24 22:04:42.0312 0644 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys 2011/05/24 22:04:42.0343 0644 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys 2011/05/24 22:04:42.0390 0644 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/05/24 22:04:42.0453 0644 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2011/05/24 22:04:42.0515 0644 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/05/24 22:04:42.0578 0644 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/05/24 22:04:42.0687 0644 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/05/24 22:04:42.0750 0644 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys 2011/05/24 22:04:42.0796 0644 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys 2011/05/24 22:04:42.0828 0644 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/05/24 22:04:42.0875 0644 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/05/24 22:04:42.0906 0644 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/05/24 22:04:42.0937 0644 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/05/24 22:04:43.0000 0644 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys 2011/05/24 22:04:43.0062 0644 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/05/24 22:04:43.0140 0644 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/05/24 22:04:43.0218 0644 HdAudAddService (160b24fd894e79e71c983ea403a6e6e7) C:\WINDOWS\system32\drivers\HdAudio.sys 2011/05/24 22:04:43.0281 0644 HDAudBus (4f11912e3b579013be7b1628791ebbcd) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/05/24 22:04:43.0375 0644 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/05/24 22:04:43.0531 0644 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/05/24 22:04:43.0703 0644 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/05/24 22:04:43.0796 0644 ialm (510a5e1cb84e82d4e89dff3d96752048) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2011/05/24 22:04:43.0859 0644 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/05/24 22:04:44.0062 0644 IntcAzAudAddService (1ed9ac45c69e650d4f12d1114132622b) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/05/24 22:04:44.0140 0644 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/05/24 22:04:44.0187 0644 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/05/24 22:04:44.0250 0644 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/05/24 22:04:44.0281 0644 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/05/24 22:04:44.0328 0644 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/05/24 22:04:44.0375 0644 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/05/24 22:04:44.0468 0644 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/05/24 22:04:44.0515 0644 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/05/24 22:04:44.0593 0644 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/05/24 22:04:44.0671 0644 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/05/24 22:04:44.0734 0644 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys 2011/05/24 22:04:44.0765 0644 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/05/24 22:04:44.0921 0644 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys 2011/05/24 22:04:45.0031 0644 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/05/24 22:04:45.0078 0644 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys 2011/05/24 22:04:45.0125 0644 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 2011/05/24 22:04:45.0187 0644 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/05/24 22:04:45.0250 0644 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/05/24 22:04:45.0281 0644 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/05/24 22:04:45.0390 0644 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/05/24 22:04:45.0484 0644 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/05/24 22:04:45.0562 0644 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 2011/05/24 22:04:45.0640 0644 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/05/24 22:04:45.0671 0644 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/05/24 22:04:45.0718 0644 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/05/24 22:04:45.0765 0644 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/05/24 22:04:45.0828 0644 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 2011/05/24 22:04:45.0906 0644 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 2011/05/24 22:04:46.0000 0644 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/05/24 22:04:46.0046 0644 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/05/24 22:04:46.0093 0644 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/05/24 22:04:46.0156 0644 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/05/24 22:04:46.0234 0644 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/05/24 22:04:46.0296 0644 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/05/24 22:04:46.0437 0644 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/05/24 22:04:46.0515 0644 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 2011/05/24 22:04:46.0640 0644 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/05/24 22:04:46.0828 0644 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/05/24 22:04:47.0000 0644 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/05/24 22:04:47.0046 0644 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/05/24 22:04:47.0171 0644 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/05/24 22:04:47.0312 0644 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/05/24 22:04:47.0390 0644 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/05/24 22:04:47.0453 0644 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/05/24 22:04:47.0515 0644 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/05/24 22:04:47.0625 0644 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/05/24 22:04:47.0718 0644 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/05/24 22:04:49.0859 0644 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/05/24 22:04:50.0125 0644 PSC60x (82c9072333d76bddaa6c57289264e5bb) C:\WINDOWS\system32\drivers\pscaudio.sys 2011/05/24 22:04:50.0203 0644 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/05/24 22:04:50.0250 0644 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/05/24 22:04:50.0328 0644 PxHelp20 (f3a3b00666a40c6914b7b2864f7dc1c0) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/05/24 22:04:50.0671 0644 QsndEnum (9f58dea2e68730f5ececee8d4ba14443) C:\WINDOWS\system32\DRIVERS\QsndEnum.sys 2011/05/24 22:04:50.0734 0644 QSoftAud (6de2581a32ec80bce140cf07c480022e) C:\WINDOWS\system32\drivers\QSoftAud.sys 2011/05/24 22:04:50.0812 0644 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/05/24 22:04:50.0906 0644 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/05/24 22:04:50.0984 0644 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/05/24 22:04:51.0031 0644 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/05/24 22:04:51.0109 0644 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/05/24 22:04:51.0203 0644 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/05/24 22:04:51.0328 0644 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/05/24 22:04:51.0453 0644 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/05/24 22:04:51.0656 0644 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/05/24 22:04:51.0765 0644 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys 2011/05/24 22:04:51.0828 0644 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 2011/05/24 22:04:52.0046 0644 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys 2011/05/24 22:04:52.0109 0644 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/05/24 22:04:52.0187 0644 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/05/24 22:04:52.0312 0644 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2011/05/24 22:04:52.0406 0644 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys 2011/05/24 22:04:52.0562 0644 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/05/24 22:04:52.0671 0644 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2011/05/24 22:04:53.0062 0644 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/05/24 22:04:53.0218 0644 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/05/24 22:04:53.0328 0644 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/05/24 22:04:53.0406 0644 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/05/24 22:04:53.0468 0644 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/05/24 22:04:53.0640 0644 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 2011/05/24 22:04:53.0765 0644 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys 2011/05/24 22:04:53.0906 0644 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/05/24 22:04:54.0015 0644 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/05/24 22:04:54.0109 0644 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/05/24 22:04:54.0187 0644 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/05/24 22:04:54.0250 0644 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/05/24 22:04:54.0343 0644 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/05/24 22:04:54.0406 0644 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/05/24 22:04:54.0484 0644 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/05/24 22:04:54.0734 0644 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 2011/05/24 22:04:54.0859 0644 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/05/24 22:04:55.0031 0644 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/05/24 22:04:55.0140 0644 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/05/24 22:04:55.0406 0644 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0 2011/05/24 22:04:55.0421 0644 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/05/24 22:04:55.0468 0644 MBR (0x1B8) (22b60c2f7cc381026ae3f4b3f331e328) \Device\Harddisk5\DR11 2011/05/24 22:04:56.0406 0644 ================================================================================ 2011/05/24 22:04:56.0406 0644 Scan finished 2011/05/24 22:04:56.0406 0644 ================================================================================ 2011/05/24 22:04:56.0468 1068 Detected object count: 1 2011/05/24 22:04:56.0468 1068 Actual detected object count: 1 2011/05/24 22:05:19.0187 1068 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/05/24 22:05:19.0187 1068 \Device\Harddisk0\DR0 - ok 2011/05/24 22:05:19.0187 1068 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 2011/05/24 22:05:25.0171 3584 Deinitialize success
  11. Also, I forgot to mention. My google searches are also being redirected to random span sites. Hopefully that information can help to determine what the issue is.
  12. Here are the logs requested: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6621 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 5/20/2011 10:13:11 PM mbam-log-2011-05-20 (22-13-11).txt Scan type: Quick scan Objects scanned: 143377 Time elapsed: 6 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) And the DDS: . DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Jason Osolin at 22:14:52 on 2011-05-20 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.233 [GMT -4:00] . AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\svchost.exe -k HPService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Jason Osolin\Desktop\dds.scr C:\WINDOWS\system32\WSCRIPT.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe mRun: [soundMan] SOUNDMAN.EXE mRun: [AlcWzrd] ALCWZRD.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab Notify: AtiExtEvent - Ati2evxx.dll Notify: igfxcui - igfxsrvc.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll . ============= SERVICES / DRIVERS =============== . R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-20 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-20 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-20 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-20 61960] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-19 363344] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 ADM8511;Belkin USB Ethernet Adapter;c:\windows\system32\drivers\NET8511.SYS [2011-5-19 24424] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-19 20952] R3 PSC60x;Philips PCI Audio Driver (WDM);c:\windows\system32\drivers\pscaudio.sys [2011-5-19 365460] R3 QsndEnum;QSound Virtual Audio Devices Bus Enumerator;c:\windows\system32\drivers\QsndEnum.sys [2011-5-19 9600] R3 QSoftAud;Philips Sound Agent 2 (WDM);c:\windows\system32\drivers\QSoftAud.sys [2011-5-19 411008] . =============== Created Last 30 ================ . 2011-05-20 19:50:13 -------- d-----w- c:\windows\system32\NtmsData 2011-05-20 19:49:06 -------- d-----w- c:\documents and settings\jason osolin\application data\Avira 2011-05-20 18:35:50 -------- d-----w- c:\documents and settings\all users\application data\WEBREG 2011-05-20 18:35:17 -------- d-----w- c:\documents and settings\jason osolin\local settings\application data\HP 2011-05-20 18:21:02 -------- d-----w- c:\program files\common files\HP 2011-05-20 18:19:35 966656 ----a-w- c:\windows\system32\hpost_p02a.dll 2011-05-20 18:19:35 737280 ----a-w- c:\windows\system32\hposwia_p02a.dll 2011-05-20 18:19:35 372736 ----a-w- c:\windows\system32\hppldcoi.dll 2011-05-20 18:19:35 307200 ----a-w- c:\windows\system32\hposc_p02a.dll 2011-05-20 18:19:34 309760 ----a-w- c:\windows\system32\difxapi.dll 2011-05-20 18:04:07 -------- d-----w- c:\windows\SxsCaPendDel 2011-05-20 16:48:50 321536 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp696.dll 2011-05-20 16:48:50 118272 ----a-w- c:\windows\system32\hpz3l696.dll 2011-05-20 16:48:49 261432 ----a-w- c:\windows\system32\hpzids01.dll 2011-05-20 16:47:41 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys 2011-05-20 16:47:41 6784 ----a-w- c:\windows\system32\drivers\serscan.sys 2011-05-20 16:45:36 -------- d-----w- c:\program files\common files\Hewlett-Packard 2011-05-20 16:44:46 -------- d-----w- c:\program files\HP 2011-05-20 16:44:42 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2011-05-20 16:44:42 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2011-05-20 16:44:40 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2011-05-20 16:44:40 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2011-05-20 16:44:35 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2011-05-20 16:44:35 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2011-05-20 16:19:33 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-05-20 16:19:26 -------- d-----w- c:\program files\Avira 2011-05-20 16:19:26 -------- d-----w- c:\documents and settings\all users\application data\Avira 2011-05-20 03:44:50 2321288 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll 2011-05-20 03:44:45 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{9892f134-bc6d-448b-bd00-5565cf85ab0d}\mpengine.dll 2011-05-20 03:44:44 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-20 01:05:04 24424 ----a-r- c:\windows\system32\drivers\NET8511.SYS 2011-05-20 01:02:30 -------- d-----w- c:\documents and settings\jason osolin\local settings\application data\Adobe 2011-05-19 23:48:43 -------- d-----w- c:\documents and settings\jason osolin\local settings\application data\Microsoft Help 2011-05-19 23:44:06 -------- d-----w- c:\documents and settings\jason osolin\application data\Symantec 2011-05-19 23:43:29 -------- d-----w- c:\documents and settings\all users\application data\Symantec 2011-05-19 23:42:38 -------- d-----w- c:\program files\interMute 2011-05-19 23:42:21 -------- d-----w- c:\program files\MoodLogic 2011-05-19 23:40:59 -------- d-----w- c:\documents and settings\all users\application data\VAIO Media Platform 2011-05-19 23:40:31 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll 2011-05-19 23:40:31 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll 2011-05-19 23:40:31 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe 2011-05-19 23:40:31 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll 2011-05-19 23:40:31 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll 2011-05-19 23:40:31 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll 2011-05-19 23:40:31 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll 2011-05-19 23:37:54 -------- d-----w- c:\program files\Quicken 2011-05-19 23:37:54 -------- d-----w- c:\documents and settings\all users\application data\Intuit 2011-05-19 23:37:10 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll 2011-05-19 23:37:10 20480 ----a-w- c:\windows\system32\IVIresize.dll 2011-05-19 23:37:10 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll 2011-05-19 23:37:10 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll 2011-05-19 23:37:10 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll 2011-05-19 23:37:10 188416 ----a-w- c:\windows\system32\IVIresizePX.dll 2011-05-19 23:37:08 -------- d-----w- c:\program files\InterVideo 2011-05-19 23:36:22 3130328 ----a-w- c:\program files\online services\aol instant messenger setup\aimsetup.exe 2011-05-19 23:36:22 128608 ----a-w- c:\program files\online services\aol instant messenger setup\Unwise.exe 2011-05-19 23:30:44 -------- d-----w- c:\program files\Sonic 2011-05-19 23:30:21 53248 ----a-w- c:\windows\system32\ipl.dll 2011-05-19 23:30:21 2981888 ----a-w- c:\windows\system32\iplw7.dll 2011-05-19 23:30:21 2973696 ----a-w- c:\windows\system32\ipla6.dll 2011-05-19 23:30:21 2785280 ----a-w- c:\windows\system32\iplm6.dll 2011-05-19 23:30:21 2686976 ----a-w- c:\windows\system32\iplm5.dll 2011-05-19 23:30:21 2531328 ----a-w- c:\windows\system32\iplp6.dll 2011-05-19 23:30:21 2502656 ----a-w- c:\windows\system32\iplpx.dll 2011-05-19 23:30:21 19968 ----a-w- c:\windows\system32\Cpuinf32.dll 2011-05-19 23:30:10 20992 ----a-w- c:\windows\jestertb.dll 2011-05-19 23:28:44 757760 ----a-w- c:\windows\system32\CDDBUI.dll 2011-05-19 23:28:44 630784 ----a-w- c:\windows\system32\CDDBControl.dll 2011-05-19 23:27:41 -------- d-----w- c:\program files\common files\Borland Shared 2011-05-19 23:27:29 -------- d-----w- c:\windows\ShellNew 2011-05-19 23:27:22 -------- d-----w- c:\program files\WordPerfect Office 12 2011-05-19 23:27:22 -------- d-----w- c:\program files\common files\Corel 2011-05-19 23:15:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2011-05-19 23:15:48 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys 2011-05-19 22:52:09 -------- d-----w- c:\documents and settings\jason osolin\application data\Malwarebytes 2011-05-19 22:51:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-19 22:51:41 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2011-05-19 22:51:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-19 22:51:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-19 22:42:40 -------- d-sh--w- c:\documents and settings\jason osolin\IECompatCache 2011-05-19 22:40:36 -------- d-sh--w- c:\documents and settings\jason osolin\PrivacIE 2011-05-19 22:37:58 -------- d-----w- c:\documents and settings\jason osolin\local settings\application data\ApplicationHistory 2011-05-19 22:37:47 -------- d-sh--w- c:\documents and settings\jason osolin\IETldCache 2011-05-19 22:32:19 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2011-05-19 22:31:27 -------- dc-h--w- c:\windows\ie8 2011-05-19 22:20:23 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys 2011-05-19 22:20:23 10624 ----a-w- c:\windows\system32\drivers\gameenum.sys 2011-05-19 22:20:03 9600 ----a-w- c:\windows\system32\drivers\QsndEnum.sys 2011-05-19 22:20:03 411008 ----a-w- c:\windows\system32\drivers\QSoftAud.sys 2011-05-19 22:20:03 365460 ----a-w- c:\windows\system32\drivers\pscaudio.sys 2011-05-19 22:20:03 32768 ----a-w- c:\windows\system32\pscprop.dll 2011-05-19 22:20:03 22048 ----a-w- c:\windows\system32\cocpyinf.dll 2011-05-19 22:20:03 155648 ----a-w- c:\windows\pscunins.exe 2011-05-19 22:20:03 135168 ----a-w- c:\windows\pscunins.dat 2011-05-19 22:20:00 65536 ----a-w- c:\windows\system32\Psa2.cpl 2011-05-19 22:20:00 159744 ----a-w- c:\windows\system32\qlmp.dll 2011-05-19 22:19:59 -------- d-----w- c:\program files\Philips 2011-05-19 22:12:11 -------- d-----w- c:\documents and settings\all users\SonicStage 2011-05-19 22:07:50 294912 -c----w- c:\windows\system32\dllcache\msctf.dll 2011-05-19 22:04:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-19 21:08:40 -------- d-sh--w- c:\documents and settings\jason osolin\UserData . ==================== Find3M ==================== . . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: WDC_WD2000JD-98HBB0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17 . device: opened successfully user: MBR read successfully . Disk trace: error: Read A device attached to the system is not functioning. kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: detected hooks: \Driver\atapi DriverStartIo -> 0x8671731B user & kernel MBR OK . ============= FINISH: 22:22:11.42 ===============
  13. Hi Everyone, I am new to this forum and have searched this issue to see if others were having the same problem. While I did find others with a similar issue, many others had P2P running, which cause this. What is happening is Malwarebytes keeps blocking potentially malicious websites, Type: Outgoing (IP addresses are listed below from my log) I scanned my computer with flash scan and full scan and it did not find anything. I also scanned with windows defender and it found nothing. I cannot figure out why my computer continues to try to access these websites. Can anyone help? Thank you, OZ1222 19:17:20 MESSAGE Protection started successfully 19:17:38 MESSAGE IP Protection started successfully 19:20:35 MESSAGE Protection started successfully 19:20:41 MESSAGE IP Protection started successfully 19:28:29 IP-BLOCK 67.29.139.153 (Type: outgoing) 19:28:32 IP-BLOCK 67.29.139.153 (Type: outgoing) 19:28:39 IP-BLOCK 67.29.139.153 (Type: outgoing) 19:29:00 IP-BLOCK 78.140.143.83 (Type: outgoing) 19:29:03 IP-BLOCK 78.140.143.83 (Type: outgoing) 19:29:21 IP-BLOCK 95.64.11.13 (Type: outgoing) 19:29:24 IP-BLOCK 95.64.11.13 (Type: outgoing) 19:29:30 IP-BLOCK 95.64.11.13 (Type: outgoing) 19:30:08 IP-BLOCK 89.187.53.53 (Type: outgoing) 19:30:11 IP-BLOCK 89.187.53.53 (Type: outgoing) 19:30:17 IP-BLOCK 89.187.53.53 (Type: outgoing) 19:30:52 IP-BLOCK 208.87.32.68 (Type: outgoing) 19:30:55 IP-BLOCK 208.87.32.68 (Type: outgoing) 19:31:01 IP-BLOCK 208.87.32.68 (Type: outgoing) 19:31:13 IP-BLOCK 208.87.32.68 (Type: outgoing) 19:31:16 IP-BLOCK 208.87.32.68 (Type: outgoing) 19:31:22 IP-BLOCK 208.87.32.68 (Type: outgoing) 19:31:24 IP-BLOCK 67.29.139.153 (Type: outgoing) 19:31:27 IP-BLOCK 67.29.139.153 (Type: outgoing) 19:31:33 IP-BLOCK 67.29.139.153 (Type: outgoing) 19:31:33 IP-BLOCK 64.111.196.118 (Type: outgoing) 19:31:36 IP-BLOCK 64.111.196.118 (Type: outgoing) 19:31:42 IP-BLOCK 64.111.196.118 (Type: outgoing) 19:40:18 MESSAGE Protection started successfully 19:40:26 MESSAGE IP Protection started successfully 19:50:18 IP-BLOCK 67.29.139.153 (Type: outgoing) 19:50:21 IP-BLOCK 67.29.139.153 (Type: outgoing) 19:50:27 IP-BLOCK 67.29.139.153 (Type: outgoing) 19:52:07 IP-BLOCK 67.29.139.153 (Type: outgoing) 19:52:10 IP-BLOCK 67.29.139.153 (Type: outgoing) 19:52:16 IP-BLOCK 67.29.139.153 (Type: outgoing) 19:53:20 IP-BLOCK 95.64.11.13 (Type: outgoing) 19:53:23 IP-BLOCK 95.64.11.13 (Type: outgoing) 19:53:29 IP-BLOCK 95.64.11.13 (Type: outgoing) 19:54:13 IP-BLOCK 208.87.32.68 (Type: outgoing) 20:03:01 IP-BLOCK 83.133.119.176 (Type: outgoing) 20:03:04 IP-BLOCK 83.133.119.176 (Type: outgoing) 20:03:10 IP-BLOCK 83.133.119.176 (Type: outgoing) 20:03:12 IP-BLOCK 83.133.119.176 (Type: outgoing) 20:03:15 IP-BLOCK 83.133.119.176 (Type: outgoing) 20:03:21 IP-BLOCK 83.133.119.176 (Type: outgoing) 20:03:35 IP-BLOCK 199.80.55.81 (Type: outgoing) 20:03:38 IP-BLOCK 199.80.55.81 (Type: outgoing) 20:03:45 IP-BLOCK 199.80.55.81 (Type: outgoing) 20:04:14 IP-BLOCK 64.111.196.118 (Type: outgoing) 20:04:17 IP-BLOCK 64.111.196.118 (Type: outgoing) 20:04:23 IP-BLOCK 64.111.196.118 (Type: outgoing) 20:12:53 IP-BLOCK 83.133.119.176 (Type: outgoing) 20:12:56 IP-BLOCK 83.133.119.176 (Type: outgoing) 20:13:02 IP-BLOCK 83.133.119.176 (Type: outgoing) 20:13:03 IP-BLOCK 83.133.119.176 (Type: outgoing) 20:13:05 IP-BLOCK 83.133.119.176 (Type: outgoing) 20:13:11 IP-BLOCK 83.133.119.176 (Type: outgoing) 20:13:15 IP-BLOCK 64.111.196.118 (Type: outgoing) 20:13:18 IP-BLOCK 64.111.196.118 (Type: outgoing) 20:13:24 IP-BLOCK 64.111.196.118 (Type: outgoing) 20:14:27 IP-BLOCK 208.94.233.34 (Type: outgoing) 20:14:30 IP-BLOCK 208.94.233.34 (Type: outgoing) 20:14:37 IP-BLOCK 208.94.233.34 (Type: outgoing) 20:20:20 IP-BLOCK 83.133.119.176 (Type: outgoing) 20:20:22 IP-BLOCK 83.133.119.176 (Type: outgoing) 20:20:23 IP-BLOCK 83.133.119.176 (Type: outgoing) 20:20:25 IP-BLOCK 83.133.119.176 (Type: outgoing) 20:20:29 IP-BLOCK 83.133.119.176 (Type: outgoing) 20:20:31 IP-BLOCK 83.133.119.176 (Type: outgoing) 20:20:46 IP-BLOCK 67.29.139.153 (Type: outgoing) 20:20:49 IP-BLOCK 67.29.139.153 (Type: outgoing) 20:20:55 IP-BLOCK 67.29.139.153 (Type: outgoing) 20:21:20 IP-BLOCK 67.29.139.153 (Type: outgoing) 20:21:23 IP-BLOCK 67.29.139.153 (Type: outgoing) 20:21:29 IP-BLOCK 67.29.139.153 (Type: outgoing) 20:43:36 IP-BLOCK 80.87.199.15 (Type: outgoing) 20:43:39 IP-BLOCK 80.87.199.15 (Type: outgoing) 20:43:45 IP-BLOCK 80.87.199.15 (Type: outgoing) 21:06:57 IP-BLOCK 67.29.139.153 (Type: outgoing) 21:07:00 IP-BLOCK 67.29.139.153 (Type: outgoing) 21:07:06 IP-BLOCK 67.29.139.153 (Type: outgoing) 21:09:59 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:10:02 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:10:03 IP-BLOCK 89.208.149.204 (Type: outgoing) 21:10:08 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:10:09 IP-BLOCK 89.208.149.204 (Type: outgoing) 21:10:21 IP-BLOCK 194.247.183.80 (Type: outgoing) 21:10:24 IP-BLOCK 194.247.183.80 (Type: outgoing) 21:10:30 IP-BLOCK 194.247.183.80 (Type: outgoing) 21:10:42 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:10:45 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:10:51 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:20:42 IP-BLOCK 89.208.149.204 (Type: outgoing) 21:20:45 IP-BLOCK 89.208.149.204 (Type: outgoing) 21:20:51 IP-BLOCK 89.208.149.204 (Type: outgoing) 21:21:03 IP-BLOCK 194.247.183.80 (Type: outgoing) 21:21:06 IP-BLOCK 194.247.183.80 (Type: outgoing) 21:21:12 IP-BLOCK 194.247.183.80 (Type: outgoing) 21:21:24 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:21:27 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:21:33 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:29:33 IP-BLOCK 208.73.210.29 (Type: outgoing) 21:29:36 IP-BLOCK 208.73.210.29 (Type: outgoing) 21:29:42 IP-BLOCK 208.73.210.29 (Type: outgoing) 21:29:54 IP-BLOCK 208.73.210.29 (Type: outgoing) 21:29:55 IP-BLOCK 208.87.32.68 (Type: outgoing) 21:29:56 IP-BLOCK 208.73.210.29 (Type: outgoing) 21:29:57 IP-BLOCK 208.73.210.29 (Type: outgoing) 21:29:58 IP-BLOCK 208.87.32.68 (Type: outgoing) 21:29:59 IP-BLOCK 208.73.210.29 (Type: outgoing) 21:30:03 IP-BLOCK 208.73.210.29 (Type: outgoing) 21:30:04 IP-BLOCK 208.87.32.68 (Type: outgoing) 21:30:04 IP-BLOCK 208.73.210.29 (Type: outgoing) 21:30:10 IP-BLOCK 208.94.233.34 (Type: outgoing) 21:30:13 IP-BLOCK 208.94.233.34 (Type: outgoing) 21:30:16 IP-BLOCK 208.87.32.68 (Type: outgoing) 21:30:17 IP-BLOCK 208.73.210.29 (Type: outgoing) 21:30:19 IP-BLOCK 208.87.32.68 (Type: outgoing) 21:30:19 IP-BLOCK 208.73.210.29 (Type: outgoing) 21:30:25 IP-BLOCK 208.87.32.68 (Type: outgoing) 21:30:26 IP-BLOCK 208.73.210.29 (Type: outgoing) 21:31:25 IP-BLOCK 89.208.149.204 (Type: outgoing) 21:31:27 IP-BLOCK 89.208.149.204 (Type: outgoing) 21:31:34 IP-BLOCK 89.208.149.204 (Type: outgoing) 21:31:46 IP-BLOCK 194.247.183.80 (Type: outgoing) 21:31:49 IP-BLOCK 194.247.183.80 (Type: outgoing) 21:31:55 IP-BLOCK 194.247.183.80 (Type: outgoing) 21:32:07 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:32:10 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:32:16 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:42:09 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:42:09 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:42:09 IP-BLOCK 95.143.193.171 (Type: outgoing) 21:42:12 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:42:12 IP-BLOCK 95.143.193.171 (Type: outgoing) 21:42:12 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:42:18 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:42:18 IP-BLOCK 95.143.193.171 (Type: outgoing) 21:42:18 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:42:30 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:42:30 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:42:33 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:42:33 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:42:39 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:42:39 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:42:44 IP-BLOCK 89.187.53.53 (Type: outgoing) 21:42:47 IP-BLOCK 89.187.53.53 (Type: outgoing) 21:42:52 IP-BLOCK 89.187.53.53 (Type: outgoing) 21:43:10 IP-BLOCK 95.143.193.171 (Type: outgoing) 21:43:13 IP-BLOCK 95.143.193.171 (Type: outgoing) 21:43:19 IP-BLOCK 95.143.193.171 (Type: outgoing) 21:43:31 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:43:34 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:43:40 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:44:04 IP-BLOCK 67.29.139.153 (Type: outgoing) 21:44:07 IP-BLOCK 67.29.139.153 (Type: outgoing) 21:44:13 IP-BLOCK 67.29.139.153 (Type: outgoing) 21:53:31 IP-BLOCK 95.143.193.171 (Type: outgoing) 21:53:34 IP-BLOCK 95.143.193.171 (Type: outgoing) 21:53:40 IP-BLOCK 95.143.193.171 (Type: outgoing) 21:53:52 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:53:56 IP-BLOCK 95.143.193.138 (Type: outgoing) 21:54:02 IP-BLOCK 95.143.193.138 (Type: outgoing) 22:03:52 IP-BLOCK 95.143.193.171 (Type: outgoing) 22:03:55 IP-BLOCK 95.143.193.171 (Type: outgoing) 22:04:01 IP-BLOCK 95.143.193.171 (Type: outgoing) 22:04:13 IP-BLOCK 95.143.193.138 (Type: outgoing) 22:04:16 IP-BLOCK 95.143.193.138 (Type: outgoing) 22:04:22 IP-BLOCK 95.143.193.138 (Type: outgoing) 22:04:40 IP-BLOCK 208.73.210.29 (Type: outgoing) 22:04:43 IP-BLOCK 208.73.210.29 (Type: outgoing) 22:04:49 IP-BLOCK 208.73.210.29 (Type: outgoing) 22:05:01 IP-BLOCK 208.73.210.29 (Type: outgoing) 22:05:04 IP-BLOCK 208.73.210.29 (Type: outgoing) 22:05:10 IP-BLOCK 208.73.210.29 (Type: outgoing) 22:14:13 IP-BLOCK 95.143.193.171 (Type: outgoing) 22:14:17 IP-BLOCK 95.143.193.171 (Type: outgoing) 22:14:23 IP-BLOCK 95.143.193.171 (Type: outgoing) 22:14:35 IP-BLOCK 95.143.193.138 (Type: outgoing) 22:14:38 IP-BLOCK 95.143.193.138 (Type: outgoing) 22:14:44 IP-BLOCK 95.143.193.138 (Type: outgoing) 22:21:37 MESSAGE Scheduled update executed successfully 22:21:37 MESSAGE IP Protection stopped 22:21:47 MESSAGE Database updated successfully 22:22:00 MESSAGE IP Protection started successfully 22:24:35 IP-BLOCK 95.143.193.171 (Type: outgoing) 22:24:38 IP-BLOCK 95.143.193.171 (Type: outgoing) 22:24:44 IP-BLOCK 95.143.193.171 (Type: outgoing) 22:24:56 IP-BLOCK 95.143.193.138 (Type: outgoing) 22:24:59 IP-BLOCK 95.143.193.138 (Type: outgoing) 22:25:05 IP-BLOCK 95.143.193.138 (Type: outgoing) 22:34:56 IP-BLOCK 95.143.193.171 (Type: outgoing) 22:34:59 IP-BLOCK 95.143.193.171 (Type: outgoing) 22:35:05 IP-BLOCK 95.143.193.171 (Type: outgoing) 22:35:17 IP-BLOCK 95.143.193.138 (Type: outgoing) 22:35:20 IP-BLOCK 95.143.193.138 (Type: outgoing) 22:35:27 IP-BLOCK 95.143.193.138 (Type: outgoing) 22:45:17 IP-BLOCK 95.143.193.171 (Type: outgoing) 22:45:20 IP-BLOCK 95.143.193.171 (Type: outgoing) 22:45:26 IP-BLOCK 95.143.193.171 (Type: outgoing) 22:45:38 IP-BLOCK 95.143.193.138 (Type: outgoing) 22:45:42 IP-BLOCK 95.143.193.138 (Type: outgoing) 22:45:48 IP-BLOCK 95.143.193.138 (Type: outgoing) 22:55:38 IP-BLOCK 95.143.193.171 (Type: outgoing) 22:55:41 IP-BLOCK 95.143.193.171 (Type: outgoing) 22:55:47 IP-BLOCK 95.143.193.171 (Type: outgoing) 22:56:00 IP-BLOCK 95.143.193.138 (Type: outgoing) 22:56:03 IP-BLOCK 95.143.193.138 (Type: outgoing) 22:56:09 IP-BLOCK 95.143.193.138 (Type: outgoing) 22:56:28 IP-BLOCK 89.187.53.53 (Type: outgoing) 22:56:31 IP-BLOCK 89.187.53.53 (Type: outgoing) 22:56:37 IP-BLOCK 89.187.53.53 (Type: outgoing) 22:57:01 IP-BLOCK 208.73.210.29 (Type: outgoing) 22:57:04 IP-BLOCK 208.73.210.29 (Type: outgoing) 22:57:10 IP-BLOCK 208.73.210.29 (Type: outgoing) 22:57:22 IP-BLOCK 208.73.210.29 (Type: outgoing) 22:57:25 IP-BLOCK 208.73.210.29 (Type: outgoing) 22:57:31 IP-BLOCK 208.73.210.29 (Type: outgoing) 22:57:58 IP-BLOCK 67.29.139.153 (Type: outgoing) 22:58:01 IP-BLOCK 67.29.139.153 (Type: outgoing) 22:58:07 IP-BLOCK 67.29.139.153 (Type: outgoing) 22:59:01 IP-BLOCK 91.212.226.180 (Type: outgoing) 22:59:04 IP-BLOCK 91.212.226.180 (Type: outgoing) 22:59:10 IP-BLOCK 91.212.226.180 (Type: outgoing) 22:59:44 IP-BLOCK 91.212.226.180 (Type: outgoing) 22:59:47 IP-BLOCK 91.212.226.180 (Type: outgoing) 22:59:53 IP-BLOCK 91.212.226.180 (Type: outgoing) 23:00:11 IP-BLOCK 91.212.226.182 (Type: outgoing) 23:00:14 IP-BLOCK 91.212.226.182 (Type: outgoing) 23:00:20 IP-BLOCK 91.212.226.182 (Type: outgoing) 23:04:17 IP-BLOCK 89.187.53.53 (Type: outgoing) 23:04:20 IP-BLOCK 89.187.53.53 (Type: outgoing) 23:04:26 IP-BLOCK 89.187.53.53 (Type: outgoing) 23:04:34 IP-BLOCK 91.212.226.180 (Type: outgoing) 23:04:37 IP-BLOCK 91.212.226.180 (Type: outgoing) 23:04:42 IP-BLOCK 91.212.226.180 (Type: outgoing) 23:05:35 IP-BLOCK 67.29.139.153 (Type: outgoing) 23:05:38 IP-BLOCK 67.29.139.153 (Type: outgoing) 23:05:44 IP-BLOCK 67.29.139.153 (Type: outgoing) 23:06:00 IP-BLOCK 95.143.193.171 (Type: outgoing) 23:06:03 IP-BLOCK 95.143.193.171 (Type: outgoing) 23:06:09 IP-BLOCK 95.143.193.171 (Type: outgoing) 23:06:21 IP-BLOCK 95.143.193.138 (Type: outgoing) 23:06:24 IP-BLOCK 95.143.193.138 (Type: outgoing) 23:06:30 IP-BLOCK 95.143.193.138 (Type: outgoing) 23:06:31 IP-BLOCK 91.212.226.180 (Type: outgoing) 23:06:34 IP-BLOCK 91.212.226.180 (Type: outgoing) 23:06:40 IP-BLOCK 91.212.226.180 (Type: outgoing) 23:16:21 IP-BLOCK 95.143.193.171 (Type: outgoing) 23:16:24 IP-BLOCK 95.143.193.171 (Type: outgoing) 23:16:30 IP-BLOCK 95.143.193.171 (Type: outgoing) 23:16:42 IP-BLOCK 95.143.193.138 (Type: outgoing) 23:16:45 IP-BLOCK 95.143.193.138 (Type: outgoing) 23:16:51 IP-BLOCK 95.143.193.138 (Type: outgoing) 23:17:42 IP-BLOCK 67.29.139.153 (Type: outgoing) 23:17:45 IP-BLOCK 67.29.139.153 (Type: outgoing) 23:17:51 IP-BLOCK 67.29.139.153 (Type: outgoing) 23:18:34 IP-BLOCK 208.87.32.68 (Type: outgoing) 23:18:37 IP-BLOCK 208.87.32.68 (Type: outgoing) 23:18:43 IP-BLOCK 208.87.32.68 (Type: outgoing) 23:20:42 IP-BLOCK 91.212.226.180 (Type: outgoing) 23:20:45 IP-BLOCK 91.212.226.180 (Type: outgoing) 23:20:51 IP-BLOCK 91.212.226.180 (Type: outgoing) 23:35:27 MESSAGE Protection started successfully 23:35:35 MESSAGE IP Protection started successfully 23:41:12 IP-BLOCK 91.212.226.180 (Type: outgoing) 23:41:15 IP-BLOCK 91.212.226.180 (Type: outgoing) 23:41:21 IP-BLOCK 91.212.226.180 (Type: outgoing) 23:41:36 IP-BLOCK 95.64.11.13 (Type: outgoing) 23:41:39 IP-BLOCK 95.64.11.13 (Type: outgoing) 23:41:45 IP-BLOCK 95.64.11.13 (Type: outgoing) 23:44:07 IP-BLOCK 95.143.193.138 (Type: outgoing) 23:44:10 IP-BLOCK 95.143.193.138 (Type: outgoing) 23:44:16 IP-BLOCK 95.143.193.138 (Type: outgoing) 23:44:28 IP-BLOCK 89.208.149.204 (Type: outgoing) 23:44:31 IP-BLOCK 89.208.149.204 (Type: outgoing) 23:44:37 IP-BLOCK 89.208.149.204 (Type: outgoing) 23:44:49 IP-BLOCK 95.143.193.138 (Type: outgoing) 23:44:52 IP-BLOCK 95.143.193.138 (Type: outgoing) 23:44:58 IP-BLOCK 95.143.193.138 (Type: outgoing) 23:45:06 IP-BLOCK 89.187.53.53 (Type: outgoing) 23:45:09 IP-BLOCK 89.187.53.53 (Type: outgoing) 23:45:15 IP-BLOCK 89.187.53.53 (Type: outgoing) 23:45:51 IP-BLOCK 83.133.119.176 (Type: outgoing) 23:45:54 IP-BLOCK 83.133.119.176 (Type: outgoing) 23:46:00 IP-BLOCK 83.133.119.176 (Type: outgoing) 23:46:03 IP-BLOCK 83.133.119.176 (Type: outgoing) 23:46:06 IP-BLOCK 83.133.119.176 (Type: outgoing) 23:46:12 IP-BLOCK 83.133.119.176 (Type: outgoing) 23:46:14 IP-BLOCK 67.29.139.153 (Type: outgoing) 23:46:17 IP-BLOCK 67.29.139.153 (Type: outgoing) 23:46:23 IP-BLOCK 67.29.139.153 (Type: outgoing) 23:51:42 IP-BLOCK 89.187.53.53 (Type: outgoing) 23:51:45 IP-BLOCK 89.187.53.53 (Type: outgoing) 23:51:51 IP-BLOCK 89.187.53.53 (Type: outgoing) 23:52:22 IP-BLOCK 83.133.119.176 (Type: outgoing) 23:52:25 IP-BLOCK 83.133.119.176 (Type: outgoing) 23:52:31 IP-BLOCK 83.133.119.176 (Type: outgoing) 23:52:39 IP-BLOCK 83.133.119.176 (Type: outgoing) 23:52:42 IP-BLOCK 83.133.119.176 (Type: outgoing) 23:52:48 IP-BLOCK 83.133.119.176 (Type: outgoing) 23:54:50 IP-BLOCK 194.247.183.80 (Type: outgoing) 23:54:53 IP-BLOCK 194.247.183.80 (Type: outgoing) 23:54:59 IP-BLOCK 194.247.183.80 (Type: outgoing) 23:55:11 IP-BLOCK 89.208.149.204 (Type: outgoing) 23:55:14 IP-BLOCK 89.208.149.204 (Type: outgoing) 23:55:20 IP-BLOCK 89.208.149.204 (Type: outgoing) 23:55:32 IP-BLOCK 95.143.193.138 (Type: outgoing) 23:55:35 IP-BLOCK 95.143.193.138 (Type: outgoing) 23:55:41 IP-BLOCK 95.143.193.138 (Type: outgoing) 23:58:07 IP-BLOCK 91.212.226.180 (Type: outgoing) 23:58:10 IP-BLOCK 91.212.226.180 (Type: outgoing) 23:58:16 IP-BLOCK 91.212.226.180 (Type: outgoing)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.