Jump to content

Search the Community

Showing results for tags 'IP blocked'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 11 results

  1. Hello, I am an employee of Haven Today (website: haventoday.org). One of our donors reported that Malware Bytes was flagging our website as containing malware, which is a false positive. We are a non-profit Christian radio ministry. Our website contains a digital archive of our radio programs, a web store / donations page, and information about our ministry. Please remove our website from the list of blocked sites. I have attached a screenshot from the donor who reported the issue to us.
  2. I host several sites on IP 63.247.65.42 the latest release of Malwarebytes database is blocking this ip. It was working fine with Malwarebytes until the latest release. I have checked with my server provider and they cannot find any problems.
  3. Malwarebytes Anti-Malware reports "su2.ff.avast 92.242.140.21 IP blocked" every two minutes. Neither Malwarebytes nor Avast have found any problems. I ran FRST as advised in one of the similar posts. See the results below attached. I appreciate your time and efforts. FRST.txt Addition.txt
  4. Hi there, Could you please remove this IP from your list? This IP isn't blacklisted anywhere else, is it possible to know when and why it has been added to your list? For information: The website we're trying to access to is hxxp://www.twentea.eu but I think the whole /24 from the IP block could have been blacklisted times ago. Kind regards, John
  5. Hello ! Introduction: My name's Cristian and I'm new to the forum and also new to Malwarebytes. I've recently installed Malwarebytes because I noticed that there are some processes eating up my CPU in Task Mananger and thought that I am most certainly virused. (I was right) I had no other option but to try Malwarebyes - a friend recommended it to me. Here's the problem: I've installed Malywarebytes Free. Checked almost all boxes to make sure it searches everywhere. Finally after an hour of scanning it found 3 viruses and added them to quarantine. Copy from the scan log: Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 2 Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SVKP, , [2e6b80499fdc1f1731dbc42950b3f50b], PUP.Optional.Softonic.A, HKU\S-1-5-21-1547161642-484763869-1343024091-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [f9a0be0b9be01c1aae0ea574c0436d93], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 Trojan.Agent, C:\WINDOWS\system32\SVKP.sys, , [2e6b80499fdc1f1731dbc42950b3f50b], Physical Sectors: 0 (No malicious items detected) After adding these 3 viruses to quarantine, I restarted my PC (Malwarebytes told me to restart). The problem is that I am not sure if I am done with those viruses and if there are others which Malwarebytes did NOT detect during the full scan. After the PC restarted I left my PC alone for like 30 minutes, no applications were running, only empty desktop with desktop icons. After some minutes Malwarebytes detected and it said that blocked these IPs: Protection, 9/9/2014 8:59:18 PM, SYSTEM, EAGLE, Protection, Malicious Website Protection, Starting, Protection, 9/9/2014 9:00:08 PM, SYSTEM, EAGLE, Protection, Malicious Website Protection, Started, Detection, 9/9/2014 9:25:12 PM, SYSTEM, EAGLE, Protection, Malicious Website Protection, IP, 89.248.171.34, 0, Inbound, Protection, 9/9/2014 9:51:16 PM, SYSTEM, EAGLE, Protection, Malicious Website Protection, Stopping, Protection, 9/9/2014 9:51:16 PM, SYSTEM, EAGLE, Protection, Malicious Website Protection, Stopped, Protection, 9/9/2014 9:51:16 PM, SYSTEM, EAGLE, Protection, Malicious Website Protection, Starting, Protection, 9/9/2014 9:51:45 PM, SYSTEM, EAGLE, Protection, Malicious Website Protection, Started, Detection, 9/9/2014 10:04:31 PM, SYSTEM, EAGLE, Protection, Malicious Website Protection, IP, 46.246.111.77, 0, Inbound, Detection, 9/9/2014 10:18:15 PM, SYSTEM, EAGLE, Protection, Malicious Website Protection, IP, 93.174.93.51, 0, Inbound, I don't know whether I am being attacked or what is happening. Can someone from Malwarebytes check these IPs? I don't know what is going on. Please help me with these IPs. These are the only IPs that have been blocked until now. Help would be very appreciated ! Thank you Cristian.
  6. Hello, since the last update of Malwarebytes (today), I can not connect anymore to the site: www.concertogrosso.fr (I own this domain, and am the webmaster). Thanks for your help to solve the problem. Antoine
  7. Hi, I'm getting nearly constant IP Blocked messages logged by Malwarebytes Pro. These are both outgoing and incoming. They occur with my Internet browser open or closed. Full scans by Malwarebytes does not reveal any threats and neither does my Anti Virus Program. Also, the Windows Action Center (in the system tray) says that I'm infected with the Win32/Small.CA, virus. Although, no scans have detected it including the Windows Safety Scanner. I copy/pasted the results of DDS.txt and Attach.txt below. Thank you in advance for your help! Tim DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 10.0.9200.16611 Run by Tim at 8:03:09 on 2013-06-25 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3326.2136 [GMT -4:00] . AV: Webroot SecureAnywhere *Disabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Webroot SecureAnywhere *Disabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\atiesrxx.exe C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\RTHDCPL.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Intuit\QuickBooks 2011\QBHelp.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k secsvcs . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - c:\programdata\wrdata\pkg\LPBar.dll TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - c:\programdata\wrdata\pkg\LPBar.dll mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe" mRun: [MpsOnn] c:\windows\system32\spool\drivers\w32x86\3\MpsOnn.exe mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul mRun: [RTHDCPL] RTHDCPL.EXE mRun: [skyTel] SkyTel.EXE mRun: [soundMan] SOUNDMAN.EXE mRun: [AlcWzrd] ALCWZRD.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition \Display.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\instal~2.lnk - c:\program files\common files\wruninstall.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\instal~1.lnk - c:\program files\common files\wruninstall.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect \IntuitDataProtect.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate \qbupdate.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE uPolicies-Explorer: NoViewOnDrive = dword:0 uPolicies-Explorer: NoDrives = dword:0 uPolicies-Explorer: DisableLocalMachineRun = dword:0 uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0 uPolicies-Explorer: DisableCurrentUserRun = dword:0 uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0 uPolicies-Explorer: NoDriveTypeAutoRun = dword:0 uPolicies-Explorer: NoFile = dword:0 uPolicies-Explorer: HideClock = dword:0 uPolicies-Explorer: NoDevMgrUpdate = dword:0 uPolicies-Explorer: NoDFSTab = dword:0 uPolicies-Explorer: NoWindowsUpdate = dword:0 uPolicies-Explorer: NoEncryptOnMove = dword:0 uPolicies-Explorer: NoRunasInstallPrompt = dword:0 uPolicies-Explorer: NoResolveTrack = dword:0 uPolicies-Explorer: NoStartMenuSubFolders = dword:0 uPolicies-System: NoDispAppearancePage = dword:0 uPolicies-System: NoDispSettingsPage = dword:0 mPolicies-Explorer: NoViewOnDrive = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: DisableLocalMachineRun = dword:0 mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0 mPolicies-Explorer: DisableCurrentUserRun = dword:0 mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:0 mPolicies-Explorer: NoFile = dword:0 mPolicies-Explorer: HideClock = dword:0 mPolicies-Explorer: NoDevMgrUpdate = dword:0 mPolicies-Explorer: NoDFSTab = dword:0 mPolicies-Explorer: NoWindowsUpdate = dword:0 mPolicies-Explorer: NoEncryptOnMove = dword:0 mPolicies-Explorer: NoRunasInstallPrompt = dword:0 mPolicies-Explorer: NoResolveTrack = dword:0 mPolicies-Explorer: NoStartMenuSubFolders = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: NoDispAppearancePage = dword:0 mPolicies-System: NoDispSettingsPage = dword:0 mPolicies-Explorer: NoViewOnDrive = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: DisableLocalMachineRun = dword:0 mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0 mPolicies-Explorer: DisableCurrentUserRun = dword:0 mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:0 mPolicies-Explorer: NoFile = dword:0 mPolicies-Explorer: HideClock = dword:0 mPolicies-Explorer: NoDevMgrUpdate = dword:0 mPolicies-Explorer: NoDFSTab = dword:0 mPolicies-Explorer: NoWindowsUpdate = dword:0 mPolicies-Explorer: NoEncryptOnMove = dword:0 mPolicies-Explorer: NoRunasInstallPrompt = dword:0 mPolicies-Explorer: NoResolveTrack = dword:0 mPolicies-Explorer: NoStartMenuSubFolders = dword:0 mPolicies-System: NoDispAppearancePage = dword:0 mPolicies-System: NoDispSettingsPage = dword:0 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001011-0002-0011-ABCDEFFEDCBC} - <orphaned> IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - c:\programdata\wrdata\pkg\LPBar.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . d=Qydpf0KIwF1Fr6RRPI2vp09Qx7960W1PefrwdgTL1YWRWyUo6in6PN6VS7m59gst6zjhnPK4xtevtkkiPAeNbVdLz1lm1BKvO- eVx_B2d1Lb7EFrywmMr-EfCQUqniwFPL_qr5-6LT50B9lSJqZDgme2Vksu6ajL4Qvm6a-2VX8ROm8K0&t=634230999680000000 TCP: NameServer = 192.168.0.1 63.162.197.99 TCP: Interfaces\{959D1847-3019-4AFD-9860-BCFEA9905A3D} : DHCPNameServer = 192.168.0.1 63.162.197.99 Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" -- configure-user-settings --verbose-logging --system-level --multi-install --chrome Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\users\tim\appdata\roaming\mozilla\firefox\profiles\vpjbvn0t.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\nos\bin\np_gp.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\tim\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2012-11-5 117792] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-25 176128] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-12 418376] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-12 701512] R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-3-5 1257760] R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-7-16 2673064] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-9-24 102416] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-7 22856] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework \v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2012-11-5 742408] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-5-2 15872] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-2 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-13 1343400] . =============== Created Last 30 ================ . 2013-06-25 12:03:14 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f0f0f38a-7dbd-4d1f-b194- 982c03808607}\offreg.dll 2013-06-24 18:27:02 -------- d-----w- c:\users\tim\appdata\local\{C0A7A5FD-CAF5-476D-BFCF-9A550B5C312B} 2013-06-23 19:53:48 -------- d-----w- c:\users\tim\appdata\local\{F97A6549-B523-4EAB-9588-F6736C1F6A6D} 2013-06-22 14:01:41 -------- d-----w- c:\users\tim\appdata\local\{3EFB5DEE-90AE-44A3-B755-CD9E318564EF} 2013-06-22 02:01:30 -------- d-----w- c:\users\tim\appdata\local\{16DA8AF5-70F2-4A14-B7C7-A5F698C49FF6} 2013-06-21 14:01:19 -------- d-----w- c:\users\tim\appdata\local\{2D644E58-5D07-42B7-8769-91DE2A47E0B5} 2013-06-21 09:54:01 7068072 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f0f0f38a-7dbd-4d1f-b194- 982c03808607}\mpengine.dll 2013-06-20 17:42:20 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-06-20 15:12:59 -------- d-----w- c:\users\tim\appdata\local\{318BCB3E-1B46-48C3-A5F9-25251791CFE1} 2013-06-20 00:42:30 -------- d-----w- c:\users\tim\appdata\local\{C079FDC3-78B9-4664-B03A-00AA5EB29109} 2013-06-19 11:31:27 -------- d-----w- c:\users\tim\appdata\local\{C9DFA013-7BDD-4B09-BCCA-4385BC83B26C} 2013-06-18 23:31:16 -------- d-----w- c:\users\tim\appdata\local\{B494C055-597E-4FF5-886D-DAF8928FCE61} 2013-06-18 12:50:02 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-06-18 11:30:52 -------- d-----w- c:\users\tim\appdata\local\{D0E72053-7E75-4FF2-8C2B-D407E7CBFED6} 2013-06-17 23:30:30 -------- d-----w- c:\users\tim\appdata\local\{7D3AE746-FCCC-4BEB-8C29-C0A26BD867A1} 2013-06-17 11:29:29 -------- d-----w- c:\users\tim\appdata\local\{D8E6C074-C46D-4318-8BD2-40BE6941B099} 2013-06-16 18:41:29 -------- d-----w- c:\users\tim\appdata\local\{9ECFA7F1-BBAE-4E7F-8947-F75AE0FD2294} 2013-06-16 06:41:18 -------- d-----w- c:\users\tim\appdata\local\{F0179482-1EF0-4D20-B4BD-C4567676A823} 2013-06-15 18:41:08 -------- d-----w- c:\users\tim\appdata\local\{96DE1A6E-18DC-4DDD-9AEA-26FAB06E078D} 2013-06-14 17:06:41 -------- d-----w- c:\users\tim\appdata\local\{8AB9F9CE-7A9C-4208-955E-6FD232C304D5} 2013-06-13 16:53:09 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-06-13 16:53:09 218112 ----a-w- c:\program files\internet explorer\sqmapi.dll 2013-06-13 16:51:02 2877440 ----a-w- c:\windows\system32\jscript9.dll 2013-06-13 16:51:02 108032 ----a-w- c:\program files\internet explorer\jsdebuggeride.dll 2013-06-13 16:51:01 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-06-13 16:51:01 61440 ----a-w- c:\windows\system32\iesetup.dll 2013-06-13 16:51:01 257536 ----a-w- c:\program files\internet explorer\ieproxy.dll 2013-06-13 16:51:01 235520 ----a-w- c:\program files\internet explorer\IEShims.dll 2013-06-13 16:51:01 109056 ----a-w- c:\windows\system32\iesysprep.dll 2013-06-13 16:50:59 817664 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll 2013-06-13 16:50:58 770648 ----a-w- c:\program files\internet explorer\iexplore.exe 2013-06-13 16:50:58 1767936 ----a-w- c:\windows\system32\wininet.dll 2013-06-13 10:10:10 -------- d-----w- c:\users\tim\appdata\local\{652850D7-51F4-4DB4-9774-F7EDDA80BED4} 2013-06-12 22:09:59 -------- d-----w- c:\users\tim\appdata\local\{2210522D-B0C8-4535-A3BE-1B83C068B258} 2013-06-12 10:09:35 -------- d-----w- c:\users\tim\appdata\local\{6BF5FF51-0AA5-465A-806A-D8C1FCD8899B} 2013-06-12 03:03:04 1505280 ----a-w- c:\windows\system32\d3d11.dll 2013-06-12 03:02:55 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-06-12 03:02:46 492544 ----a-w- c:\windows\system32\win32spl.dll 2013-06-12 03:02:38 903168 ----a-w- c:\windows\system32\certutil.exe 2013-06-12 03:02:38 43008 ----a-w- c:\windows\system32\certenc.dll 2013-06-12 03:02:38 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-06-12 03:02:38 1160192 ----a-w- c:\windows\system32\crypt32.dll 2013-06-12 03:02:38 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-06-12 03:02:27 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-06-12 03:02:18 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-06-12 03:02:18 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-06-12 03:02:14 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-11 22:09:12 -------- d-----w- c:\users\tim\appdata\local\{0CBA7CAA-F9DD-403F-83E3-B1C2CB6F71CF} 2013-06-11 10:09:01 -------- d-----w- c:\users\tim\appdata\local\{6A0B75B9-5F46-4E6D-9124-997CC72A0EE0} 2013-06-10 16:16:41 -------- d-----w- c:\users\tim\appdata\local\{97FD5385-B236-4041-8BBB-36EB1A6F9866} 2013-06-10 04:16:17 -------- d-----w- c:\users\tim\appdata\local\{CF63D6F7-DD28-4B74-BC8B-3B268C56ECBD} 2013-06-09 08:48:15 -------- d-----w- c:\users\tim\appdata\local\{B7AFB439-BA00-4D01-BAF8-D06882BF056A} 2013-06-08 20:48:00 -------- d-----w- c:\users\tim\appdata\local\{8EABA058-A9AF-4F0B-BB5F-A8D9EA26EA28} 2013-06-08 08:47:49 -------- d-----w- c:\users\tim\appdata\local\{4FA8842E-D162-421E-9B1E-68C3690AA6A4} 2013-06-07 20:47:38 -------- d-----w- c:\users\tim\appdata\local\{E7B9A743-BAF5-45FD-9EEF-86BF9DFD410B} 2013-06-06 20:25:07 -------- d-----w- c:\users\tim\appdata\local\{D8CA27CB-39AF-42E3-840E-F3F97E4ECAA6} 2013-06-05 15:58:56 -------- d-----w- c:\users\tim\appdata\local\{A8A55630-D8BC-411D-BAC8-FA741E1F2A95} 2013-06-05 03:58:45 -------- d-----w- c:\users\tim\appdata\local\{695B03E5-68CC-46F2-A6C1-B775D607870D} 2013-06-04 15:58:35 -------- d-----w- c:\users\tim\appdata\local\{661432C0-10B0-4BF2-8BCF-CF4B1ACEC527} 2013-06-03 21:42:24 -------- d-----w- c:\users\tim\appdata\local\{C9A22B7D-C2E4-4677-97DB-74263AF19D7C} 2013-06-03 09:12:19 -------- d-----w- c:\users\tim\appdata\local\{29FA48BD-EA91-4390-8DF1-43C3D4BFE5B3} 2013-06-02 21:12:09 -------- d-----w- c:\users\tim\appdata\local\{5BD816BF-3E8E-465A-8D95-45B227C3B442} 2013-06-02 02:47:30 -------- d-----w- c:\users\tim\appdata\local\{5E03ACB1-2F75-4013-B4B4-E64F825F8477} 2013-06-01 14:47:20 -------- d-----w- c:\users\tim\appdata\local\{9F83F0B5-1779-4D8C-ACF0-9C47B14B5184} 2013-05-31 18:56:54 -------- d-----w- c:\users\tim\appdata\local\{E7FA7081-E04F-4DF7-99A8-F8085856E9E5} 2013-05-30 15:39:01 -------- d-----w- c:\users\tim\appdata\local\{04473252-621D-4B42-9C85-D13D0A4E308B} 2013-05-30 03:38:51 -------- d-----w- c:\users\tim\appdata\local\{32D681E2-D77A-4494-919A-5060E2CD04D0} 2013-05-29 15:38:40 -------- d-----w- c:\users\tim\appdata\local\{CC958464-3344-41B5-93F1-1E50A2E02C13} 2013-05-29 02:22:57 -------- d-----w- c:\users\tim\appdata\local\{0AA8A01B-6F9A-40C9-BDF5-8948BFA7FCA7} 2013-05-28 14:22:32 -------- d-----w- c:\users\tim\appdata\local\{484280FA-DE96-4F3C-B9C6-4F0B26111E7C} 2013-05-28 02:22:21 -------- d-----w- c:\users\tim\appdata\local\{FDBCA697-1770-40A5-8E71-F95B12AB7370} 2013-05-27 20:40:20 -------- d-----w- c:\users\tim\appdata\local\Microsoft Games 2013-05-27 14:22:10 -------- d-----w- c:\users\tim\appdata\local\{841C2364-DCD0-4D0E-A023-B1EBB66BC29D} 2013-05-27 02:21:59 -------- d-----w- c:\users\tim\appdata\local\{200CFC8E-2319-466D-8BD5-C9E9A3C56B09} 2013-05-26 14:21:35 -------- d-----w- c:\users\tim\appdata\local\{816605A6-9E23-438F-A708-AA8569D309F3} . ==================== Find3M ==================== . 2013-06-22 08:54:11 151728 ----a-w- c:\windows\system32\WRusr.dll 2013-06-22 08:54:11 117792 ----a-w- c:\windows\system32\drivers\WRkrn.sys 2013-06-13 01:48:23 867240 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-06-13 01:48:17 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-11 20:54:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-11 20:54:11 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-02 06:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 05:18:40 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-04-10 05:18:40 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-04-10 03:14:06 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-28 18:41:34 36864 ----a-w- c:\windows\system32\pdf995mon.dll 2013-03-28 18:41:34 1667072 ----a-w- c:\windows\system32\pdfmona.dll 2012-11-15 14:39:14 9842040 ----a-w- c:\program files\common files\wruninstall.exe . ============= FINISH: 8:03:33.84 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume2 Install Date: 1/12/2011 10:42:09 AM System Uptime: 6/25/2013 4:41:01 AM (4 hours ago) . Motherboard: Dell Inc. | | 0CU409 Processor: Intel® Core2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2200/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 93 GiB total, 51.46 GiB free. D: is CDROM () E: is FIXED (NTFS) - 10 GiB total, 6.838 GiB free. F: is FIXED (NTFS) - 130 GiB total, 16.798 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP311: 6/4/2013 10:34:29 AM - Windows Update RP312: 6/11/2013 4:13:37 AM - Windows Update RP313: 6/13/2013 12:50:22 PM - Windows Update RP314: 6/18/2013 5:22:51 AM - Windows Update RP315: 6/20/2013 1:41:24 PM - Installed Java 7 Update 25 RP316: 6/21/2013 5:53:43 AM - Windows Update . ==== Installed Programs ====================== . Adobe AIR Adobe Download Manager Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.7) Amazon MP3 Downloader 1.0.15 AMD Drag and Drop Transcoding APC PowerChute Personal Edition ATI Catalyst Install Manager ATI Catalyst Registration Audacity 2.0.3 Bonjour Canon FAXPHONE L80 CANON iMAGE GATEWAY MyCamera Download Plugin CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Internet Library for ZoomBrowser EX Canon MOV Decoder Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility CanoScan Toolbox Ver4.9 Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy ccc-core-static ccc-utility CCC Help English Compatibility Pack for the 2007 Office system D3DX10 Debut Video Capture Software Dell System Detect Driver Sweeper 2.1.0 Express Burn FFmpeg v0.6.2 for Audacity FlvGrabber Free Hide Folder Garmin City Navigator North America NT 2011 Garmin MapSource Garmin POI Loader Garmin USB Drivers Garmin WebUpdater Google Chrome Google Earth Google Update Helper H&R Block Deluxe + Efile + State 2012 H&R Block North Carolina 2012 HP Photo Creations ieSpell Intel® TV Wizard Internet TV for Windows Media Center IrfanView (remove only) Java 7 Update 25 Java Auto Updater Junk Mail filter update LAME v3.99.3 (for Windows) Listen to YouTube 5.0 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Access database engine 2010 (English) Microsoft Application Error Reporting Microsoft IntelliPoint 8.0 Microsoft IntelliType Pro 8.0 Microsoft Office Live Meeting 2007 Microsoft Office XP Professional with FrontPage Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Streets & Trips 2011 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Mozilla Firefox 4.0.1 (x86 en-US) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Pdf995 (installed by H&R Block) PdfEdit995 (installed by H&R Block) Prism Video File Converter QuickBooks QuickBooks Pro 2011 Quicken WillMaker Plus 2011 Realtek High Definition Audio Driver Retrospect 7.6 Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) TeamViewer 7 The Lord of the Rings FREE Trial Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) VC 9.0 Runtime VideoPad Video Editor VLC media player 2.0.5 Webroot SecureAnywhere Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mail Attachment Extractor 1.00 Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Center Add-in for Flash WMV9/VC-1 Video Playback . ==== Event Viewer Messages From Past Week ======== . 6/25/2013 6:07:02 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {078AEF33-C48A-49F7-AFF3- A0EE810BFE7C}. The error: "2" Happened while starting this command: C:\Windows\system32\igfxsrvc.exe -Embedding 6/24/2013 9:16:31 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107. 6/24/2013 9:16:31 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. 6/22/2013 4:54:00 AM, Error: Service Control Manager [7031] - The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 6/19/2013 9:34:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 6/19/2013 9:34:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 6/19/2013 11:22:54 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 6/19/2013 11:22:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 6/19/2013 11:22:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 6/19/2013 11:22:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 6/19/2013 11:22:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 6/19/2013 11:22:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 6/19/2013 11:22:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 6/19/2013 11:22:38 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf 6/19/2013 11:22:37 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/19/2013 11:22:37 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 6/19/2013 11:22:37 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 6/19/2013 11:22:37 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 6/19/2013 11:22:37 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 6/19/2013 11:22:37 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 6/19/2013 11:22:37 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/19/2013 11:22:37 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/19/2013 11:22:37 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 6/19/2013 11:22:37 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. . ==== End Of File ===========================
  8. How to remove blacklisted IP address 213.13.145.4 from Malwarebytes server ? 213.13.145.4 is the IP of a very big space ( http://homepages.sapo.pt/ ) where are hosted many thousands of personal sites. I see in your DBase ( http://malc0de.com/database/index.php?&search=213.13.145.4&page=1 ) that this IP is blocked since 2010-09-03. Everyone who open a new page in http://homepages.sapo.pt/, is immediately blocked by malwarebytes. Those sites have no problems, but are blocked by MBAM: signos.com.sapo.pt/index2.htm www.matematica.com.sapo.pt/ tvgames.no.sapo.pt/ mercado.no.sapo.pt/ www.no.sapo.pt/ (... and plus hundreds of thousands sites ! Check w/google. ) Is not a good reason to unblock this IP ? Thanks Carlos
  9. Hi, sapor.com.my mail server IP 12.137.162.235 blacklisted. Please unblock it if it is believed to be clean.
  10. Hi, Mail IP for the domain below blocked upt.com.my 124.217.242.2 We believe it is a clean IP Please unblock it. Looking forward your prompt reply
  11. For the the last week I have been getting random messages from Malwarebytes telling me that an attempt to contact an IP has been blocked. Here is sample (recently it has been the outlook.exe process but in the beginning it was other exe). 2012/04/16 09:29:39 -0400 JRAU-PC johnr IP-BLOCK 78.46.103.25 (Type: outgoing, Port: 60009, Process: outlook.exe) Below are the DDS and ATTACH logs. Thanks, John DDS.TXT. DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by johnr at 9:34:43 on 2012-04-16 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8073.4802 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2012\avgrsa.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Common Files\SPBA\upeksvr.exe C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe C:\Windows\system32\svchost.exe -k apphost C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe C:\Windows\system32\IProsetMonitor.exe C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe C:\Program Files (x86)\AVG\AVG2012\avgemca.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE C:\Windows\System32\rundll32.exe C:\Program Files (x86)\Citrix\GoToAssist Express Expert\383\g2ax_start.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Canon Electronics\DR2010C\TouchDR.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Citrix\GoToAssist Express Expert\383\g2ax_comm_expert.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files (x86)\Citrix\GoToAssist Express Expert\383\g2ax_user_expert.exe C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k iissvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Cisco Systems\VPN Client\vpngui.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\splwow64.exe C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files (x86)\AVG\AVG2012\avgcsrvx.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [GoToAssist Express Expert] "C:\Program Files (x86)\Citrix\GoToAssist Express Expert\383\g2ax_start.exe" "/Trigger RunAtLogon" mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [DR-2010C CaptureOnTouch] "C:\Program Files (x86)\Canon Electronics\DR2010C\TouchDR.exe" LOGON mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" StartupFolder: C:\Users\johnr\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: DisableCAD = 1 (0x1) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://68.70.80.30/CACHE/stc/1/binaries/vpnweb.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724 TCP: Interfaces\{013D2C29-2558-43AD-8DDA-E5D8431E7218} : NameServer = 192.168.1.1 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll BHO-X64: Trend Micro NSC BHO - No File BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO-X64: AVG Do-Not-Track - No File BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup mRun-x64: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [DR-2010C CaptureOnTouch] "C:\Program Files (x86)\Canon Electronics\DR2010C\TouchDR.exe" LOGON mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\avgidseha.sys --> C:\Windows\system32\DRIVERS\avgidseha.sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?] R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-2-14 5104992] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-3 13336] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?] R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-9 654408] R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-4-1 67400] R2 MsDtsServer;SQL Server Integration Services;C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2008-11-25 199520] R2 msftesql$SYNCO_SQL;SQL Server FullText Search (SYNCO_SQL);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2007-6-22 158568] R2 MSOLAP$SYNCO_SQL;SQL Server Analysis Services (SYNCO_SQL);C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [2008-11-25 31648608] R2 MSSQL$SYNCO_SQL;SQL Server (SYNCO_SQL);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 39626592] R2 ReportServer$SYNCO_SQL;SQL Server Reporting Services (SYNCO_SQL);C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2008-11-25 14688] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 SQLAgent$SYNCO_SQL;SQL Server Agent (SYNCO_SQL);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [2008-11-25 426336] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-3 2656280] R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-9-9 475088] R3 acsock;acsock;C:\Windows\system32\DRIVERS\acsock64.sys --> C:\Windows\system32\DRIVERS\acsock64.sys [?] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?] R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S2 WebFarmService;Web Farm Controller Service;C:\Program Files\IIS\Microsoft Web Farm Framework\WebFarmService.exe [2011-10-12 15600] S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?] S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-04-13 11:52:03 -------- d-sh--w- C:\$RECYCLE.BIN 2012-04-13 11:30:56 98816 ----a-w- C:\Windows\sed.exe 2012-04-13 11:30:56 518144 ----a-w- C:\Windows\SWREG.exe 2012-04-13 11:30:56 256000 ----a-w- C:\Windows\PEV.exe 2012-04-13 11:30:56 208896 ----a-w- C:\Windows\MBR.exe 2012-04-12 13:29:42 -------- d-----w- C:\Users\johnr\AppData\Roaming\AVG2012 2012-04-12 13:28:57 -------- d--h--w- C:\ProgramData\Common Files 2012-04-12 13:28:53 -------- d-----w- C:\Windows\SysWow64\drivers\AVG 2012-04-12 13:28:28 -------- d-----w- C:\Windows\System32\drivers\AVG 2012-04-12 13:28:28 -------- d-----w- C:\ProgramData\AVG2012 2012-04-12 13:28:28 -------- d-----w- C:\$AVG 2012-04-12 13:28:00 -------- d-----w- C:\Program Files (x86)\AVG 2012-04-12 13:25:30 -------- d-----w- C:\ProgramData\MFAData 2012-04-11 07:00:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-04-11 07:00:57 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-04-11 07:00:57 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-04-11 07:00:57 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-04-11 07:00:57 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-04-11 07:00:57 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-04-11 07:00:57 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-04-10 22:37:29 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CA60A16F-87AF-401D-9FFF-E39AAD30769E}\mpengine.dll 2012-04-09 21:05:52 -------- d-----w- C:\Users\johnr\AppData\Roaming\Malwarebytes 2012-04-09 21:05:49 -------- d-----w- C:\ProgramData\Malwarebytes 2012-04-09 21:05:48 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-04-09 21:05:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-03-30 16:21:11 -------- d-----w- C:\ADBImp 2012-03-30 11:18:48 -------- d-----w- C:\Users\johnr\AppData\Local\LogMeIn 2012-03-30 11:18:48 -------- d-----w- C:\ProgramData\LogMeIn 2012-03-26 19:04:11 -------- d-----w- C:\Program Files (x86)\Common Files\Softerra 2012-03-26 11:08:09 -------- d-----w- C:\Users\johnr\AppData\Local\Wave Systems Corp 2012-03-23 19:45:54 264704 ----a-w- C:\Windows\SysWow64\ssleay32.dll 2012-03-23 19:45:54 264704 ----a-w- C:\Windows\SysWow64\libssl32.dll 2012-03-23 19:45:54 1177600 ----a-w- C:\Windows\SysWow64\libeay32.dll 2012-03-23 19:45:50 -------- d-----w- C:\OpenSSL-Win32 2012-03-23 12:25:26 61440 ----a-w- C:\Windows\SysWow64\BJLogger.dll 2012-03-23 12:25:26 45056 ----a-w- C:\Windows\SysWow64\BJLogMsg.dll 2012-03-23 12:25:26 393216 ----a-w- C:\Windows\SysWow64\BJtrace.exe 2012-03-23 12:25:26 -------- d-----w- C:\Program Files (x86)\Boldon James 2012-03-23 12:25:18 306688 ----a-w- C:\Windows\IsUninst.exe 2012-03-22 19:37:48 -------- d-----w- C:\Users\johnr\AppData\Local\Softerra 2012-03-22 19:31:27 -------- d-----w- C:\Program Files (x86)\Softerra 2012-03-22 19:20:03 -------- d-----w- C:\LDAP 2012-03-22 19:20:01 -------- d-----w- C:\LDAP_2 2012-03-20 19:52:42 -------- d-----w- C:\FacStaff_Ent 2012-03-18 19:03:59 -------- d-----w- C:\MediEase_DN 2012-03-17 22:21:27 -------- d-----w- C:\Users\johnr\AppData\Local\Apple Computer . ==================== Find3M ==================== . 2012-03-11 12:24:31 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll 2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-02-22 09:25:50 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys 2012-02-22 09:25:32 289872 ----a-w- C:\Windows\System32\drivers\avgldx64.sys 2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-02-14 16:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX 2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-01-31 08:46:48 36944 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys 2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe . ============= FINISH: 9:35:04.04 =============== . ATTACH.TXT UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 6/11/2011 7:22:06 PM System Uptime: 4/13/2012 7:51:25 AM (74 hours ago) . Motherboard: Dell Inc. | | 0HY9JP Processor: Intel® Core™ i5-2500 CPU @ 3.30GHz | CPU 1 | 1584/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 471 GiB total, 394.261 GiB free. D: is FIXED (NTFS) - 293 GiB total, 262.362 GiB free. E: is FIXED (NTFS) - 167 GiB total, 152.509 GiB free. F: is CDROM () G: is Removable H: is FIXED (FAT32) - 466 GiB total, 336.934 GiB free. K: is NetworkDisk (NTFS) - 78 GiB total, 19.06 GiB free. Y: is NetworkDisk (NTFS) - 71 GiB total, 22.052 GiB free. Z: is NetworkDisk (NTFS) - 78 GiB total, 19.06 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco Systems VPN Adapter for 64-bit Windows Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter for 64-bit Windows PNP Device ID: ROOT\NET\0000 Service: CVirtA . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Device ID: ROOT\NET\0001 Manufacturer: Cisco Systems Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 PNP Device ID: ROOT\NET\0001 Service: vpnva . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: DW1520 Wireless-N WLAN Half-Mini Card Device ID: PCI\VEN_14E4&DEV_4353&SUBSYS_000E1028&REV_01\4&3DFD8E7&0&00E2 Manufacturer: Broadcom Name: DW1520 Wireless-N WLAN Half-Mini Card PNP Device ID: PCI\VEN_14E4&DEV_4353&SUBSYS_000E1028&REV_01\4&3DFD8E7&0&00E2 Service: BCM43XX . ==== System Restore Points =================== . RP161: 3/30/2012 12:23:00 PM - Configured Microsoft Office Professional 2007 RP162: 3/30/2012 8:00:54 PM - Windows Update RP163: 4/2/2012 12:57:19 PM - Windows Modules Installer RP164: 4/3/2012 4:09:00 AM - Windows Update RP165: 4/6/2012 12:56:24 PM - Windows Update RP166: 4/10/2012 6:36:41 PM - Windows Update RP167: 4/11/2012 3:00:24 AM - Windows Update RP168: 4/12/2012 9:27:43 AM - Installed AVG 2012 RP169: 4/12/2012 9:28:06 AM - Installed AVG 2012 . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe AIR Adobe Flash Player 11 Plugin Adobe Reader X (10.0.1) Apple Application Support Apple Software Update Boldon James LDAP Toolkit Canon DR-2010C Driver Cisco AnyConnect Secure Mobility Client Cisco AnyConnect Secure Mobility Client Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Citrix online plug-in - web Citrix online plug-in (DV) Citrix online plug-in (HDX) Citrix online plug-in (USB) Citrix online plug-in (Web) Crystal Reports for .NET Framework 2.0 (x86) Crystal Reports for Visual Studio CyberLink PowerDVD 9.5 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell Data Protection | Access Dell Data Protection | Access | Drivers Dell Data Protection | Access | Middleware DirectX 9 Runtime Dotfuscator Software Services - Community Edition DR-2010C CaptureOnTouch Epson Event Manager Epson FAX Utility Epson PC-FAX Driver EPSON Scan EpsonNet Setup 3.3 GoToManage Expert 1.6.0.383 GoToMyPC Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2522890) Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2529927) Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054) Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2548139) Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2549864) Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2635973) Intel® Control Center Intel® Identity Protection Technology 1.0.71.0 Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Java Auto Updater Java™ 6 Update 26 Junk Mail filter update Malwarebytes Anti-Malware version 1.61.0.1400 Mesh Runtime Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft ASP.NET MVC 2 Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools Microsoft Office 2003 Web Components Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2007 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Excel MUI (English) 2007 Microsoft Office Excel MUI (English) 2010 Microsoft Office File Validation Add-In Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2007 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional 2007 Microsoft Office Professional 2010 Microsoft Office Project MUI (English) 2010 Microsoft Office Project Professional 2010 Microsoft Office Proof (English) 2007 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2007 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (English) 2010 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2007 Microsoft Office Word MUI (English) 2010 Microsoft Project 2010 Service Pack 1 (SP1) Microsoft Project Professional 2010 Microsoft Report Viewer Redistributable 2008 (KB971119) Microsoft Silverlight Microsoft Silverlight 3 SDK Microsoft Silverlight 4 SDK Microsoft SQL Server 2005 Books Online (English) Microsoft SQL Server Migration Assistant 2005 for Oracle Microsoft SQL Server Migration Assistant 2005 for Oracle Extension Pack Microsoft SQL Server System CLR Types Microsoft Sync Framework SDK v1.0 SP1 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 Microsoft Visual F# 2.0 Runtime Microsoft Visual Studio 2005 Premier Partner Edition - ENU Microsoft Visual Studio 2005 Premier Partner Edition - ENU Service Pack 1 (KB926601) Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Visual Studio 2010 Professional - ENU Microsoft Visual Studio 2010 Service Pack 1 Microsoft Visual Studio 2010 SharePoint Developer Tools Microsoft Visual Studio Macro Tools MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NoteTab Light 6 (Remove only) OpenSSL 1.0.1 (32-bit) PhotoShowExpress QuickTime Realtek High Definition Audio Driver Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 SAP Crystal Reports, version for Visual Studio 2010 Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition Security Update for Microsoft Visual Studio 2005 Premier Partner Edition - ENU (KB2251481) Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2645410) Security Update for Microsoft Visual Studio Macro Tools (KB2669970) Softerra LDAP Browser 4.5 Sonic CinePlayer Decoder Pack SSW Enterprise Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft Visual Studio 2005 Premier Partner Edition - ENU (KB932232) Visual Studio 2008 x64 Redistributables Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU WCF RIA Services V1.0 SP1 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 4/9/2012 5:07:26 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 4/9/2012 5:03:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TdmService with arguments "" in order to run the server: {285E95B2-ACD5-4405-8D24-2D73E65DD047} 4/9/2012 5:02:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 4/9/2012 5:02:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 4/9/2012 5:02:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 4/9/2012 5:02:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 4/9/2012 5:02:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ctxusbm discache spldr tmtdi Wanarpv6 4/9/2012 5:02:14 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 4/14/2012 8:27:52 PM, Error: Microsoft-Windows-DistributedCOM [10009] - DCOM was unable to communicate with the computer (local) using any of the configured protocols. 4/13/2012 7:54:05 AM, Error: Service Control Manager [7023] - The Web Farm Controller Service service terminated with the following error: %%-2147023728 4/13/2012 7:54:00 AM, Error: Service Control Manager [7022] - The Web Farm Controller Service service hung on starting. 4/13/2012 7:52:27 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the vpnagent service. 4/13/2012 7:51:50 AM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully. 4/13/2012 7:41:07 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 4/13/2012 7:41:06 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect. 4/13/2012 7:41:06 AM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/13/2012 7:40:35 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found. 4/13/2012 7:40:35 AM, Error: Service Control Manager [7000] - The Web Farm Controller Service service failed to start due to the following error: A device attached to the system is not functioning. 4/13/2012 7:39:47 AM, Error: Service Control Manager [7000] - The SQL Server Reporting Services (SYNCO_SQL) service failed to start due to the following error: A device attached to the system is not functioning. 4/13/2012 7:36:32 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 4/13/2012 7:34:31 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 4/12/2012 9:31:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server Analysis Services (SYNCO_SQL) service to connect. 4/12/2012 9:31:15 AM, Error: Service Control Manager [7000] - The SQL Server Analysis Services (SYNCO_SQL) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/12/2012 8:51:30 AM, Error: Service Control Manager [7034] - The Trend Micro Client/Server Security Agent Proxy Service service terminated unexpectedly. It has done this 3 time(s). 4/12/2012 8:51:21 AM, Error: Service Control Manager [7031] - The Trend Micro Client/Server Security Agent Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service. 4/12/2012 10:37:15 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107. 4/12/2012 10:37:15 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. 4/11/2012 9:19:03 AM, Error: Service Control Manager [7034] - The Trend Micro Client/Server Security Agent Personal Firewall service terminated unexpectedly. It has done this 2 time(s). 4/11/2012 9:18:59 AM, Error: Service Control Manager [7034] - The Trend Micro Client/Server Security Agent Proxy Service service terminated unexpectedly. It has done this 2 time(s). 4/11/2012 7:24:39 AM, Error: Service Control Manager [7034] - The Trend Micro Client/Server Security Agent Personal Firewall service terminated unexpectedly. It has done this 1 time(s). 4/11/2012 7:24:33 AM, Error: Service Control Manager [7034] - The Trend Micro Client/Server Security Agent Proxy Service service terminated unexpectedly. It has done this 1 time(s). 4/11/2012 7:02:33 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.