Suspected malware/virus

[djbohn]

I am receiving regular Anti-Malware messages saying that potentially malicious outbounds are blocked.

Anti-Malware scan shows zero items found.

Thanks in advance.

Dan

---------------------------------------------------------------------------------------------------------------------------------

dds.txt:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30

Run by billie at 12:30:08 on 2012-02-09

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.204 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\Hotspot Shield\bin\openvpnas.exe

C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

C:\Program Files\Hotspot Shield\bin\hsswd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

C:\WINDOWS\system32\TODDSrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\SmartTechnology\Software\ProfilerU.exe

C:\Program Files\SmartTechnology\Software\SaiMfd.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\sol.exe

C:\WINDOWS\system32\wscntfy.exe

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe

uRun: [Google Update] "c:\documents and settings\billie\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [skyTel] SkyTel.EXE

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay

mRun: [NDSTray.exe] NDSTray.exe

mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe

mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe

mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe

mRun: [TFncKy] TFncKy.exe

mRun: [TPSMain] TPSMain.exe

mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

mRun: [ProfilerU] c:\program files\smarttechnology\software\ProfilerU.exe

mRun: [saiMfd] c:\program files\smarttechnology\software\SaiMfd.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1326719779109

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\billie\application data\mozilla\firefox\profiles\dljv4m0d.default\

FF - plugin: c:\documents and settings\billie\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin2.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin3.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin4.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin5.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin6.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-1-6 331608]

R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-1 652360]

R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-6-28 98816]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-1 20464]

R3 SaiK0CCC;SaiK0CCC;c:\windows\system32\drivers\SaiK0CCC.sys [2010-8-10 138760]

R3 SaiU0CCC;SaiU0CCC;c:\windows\system32\drivers\SaiU0CCC.sys [2010-8-10 35336]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-19 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-19 136176]

S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\pedrv.sys --> c:\sysprep\PEDrv.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-02-09 14:50:22 -------- d-----w- c:\documents and settings\billie\application data\tor

2012-02-09 14:11:03 -------- d-----w- C:\Tor Browser

2012-02-09 14:10:50 21203363 ----a-w- C:\tor-browser-2.2.35-5_en-US.exe

2012-02-09 11:53:16 -------- d-----w- c:\windows\SxsCaPendDel

2012-02-07 16:26:44 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-02-07 16:26:43 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-02-07 16:26:36 180224 ----a-w- c:\windows\system32\QTCF.dll

2012-02-07 16:26:30 -------- d-----w- c:\program files\QuickTime Alternative

2012-02-07 16:23:08 79872 ----a-w- c:\windows\system32\ff_vfw.dll

2012-02-07 16:23:04 -------- d-----w- c:\program files\ffdshow

2012-02-07 16:14:26 -------- d-----w- c:\program files\MPC-HomeCinema.1.6.0.4014.x86

2012-02-06 19:22:31 -------- d-----w- c:\program files\uTorrent

2012-02-06 19:11:32 -------- d-----w- c:\documents and settings\billie\application data\uTorrent

2012-02-06 11:43:42 -------- d-----w- c:\program files\proXPN

2012-02-06 11:37:59 -------- d-----w- C:\Hotspot Shield

2012-02-06 11:36:18 597832 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor90.dll

2012-02-06 11:36:18 597832 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor80.dll

2012-02-06 11:36:17 597832 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor70.dll

2012-02-06 11:36:17 597832 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor60.dll

2012-02-06 11:36:17 597832 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor50.dll

2012-02-06 11:36:16 613704 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll

2012-02-06 11:36:14 -------- d-----w- c:\program files\Hotspot Shield

2012-02-04 18:08:55 -------- d-----w- c:\program files\LopeSoft

2012-02-04 14:57:23 -------- d-----w- c:\program files\Foxit Software

2012-02-03 17:51:50 -------- d-sh--w- c:\documents and settings\billie\UserData

2012-02-02 19:02:31 -------- d-----w- c:\program files\Steam

2012-02-02 19:01:44 -------- d-----w- c:\program files\Valve

2012-02-02 19:01:42 -------- d---a-w- C:\HL2-TMP

2012-02-01 19:06:58 -------- d-----w- c:\documents and settings\billie\application data\AVG2012

2012-02-01 19:04:46 -------- d-----w- c:\windows\system32\drivers\AVG

2012-02-01 19:04:46 -------- d-----w- c:\documents and settings\all users\application data\AVG2012

2012-02-01 12:29:45 -------- d-----w- c:\program files\ESET

2012-02-01 11:55:52 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-01 11:55:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-01-31 13:54:10 -------- d-sha-r- C:\cmdcons

2012-01-30 13:14:48 -------- d-----w- c:\documents and settings\billie\application data\DonationCoder

2012-01-30 13:08:37 -------- d-----w- c:\documents and settings\all users\application data\DonationCoder

2012-01-30 13:08:36 -------- d-----w- c:\program files\ScreenshotCaptor

2012-01-29 18:11:09 -------- d-----w- C:\Quake2

2012-01-29 13:05:01 -------- d-----w- c:\program files\backups

2012-01-28 20:56:49 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2012-01-28 17:33:59 141272 ----a-w- c:\windows\system32\WRusr.dll

2012-01-28 17:33:59 106824 ----a-w- c:\windows\system32\drivers\WRkrn.sys

2012-01-28 17:33:59 -------- d-----w- c:\documents and settings\all users\application data\WRData

2012-01-27 16:21:45 -------- d-----w- c:\program files\Incredible Machines

2012-01-26 18:45:55 -------- d-----w- c:\documents and settings\billie\application data\Hoyle FaceCreator

2012-01-26 18:45:47 -------- d-----w- c:\documents and settings\billie\application data\Hoyle Card Games

2012-01-26 18:31:15 -------- d-----w- c:\program files\Encore

2012-01-26 15:43:31 -------- d-----w- c:\documents and settings\all users\application data\PopCap Games

2012-01-23 19:29:28 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2012-01-23 19:29:26 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-01-23 15:55:05 -------- d-----w- c:\program files\JDownloader

2012-01-23 15:41:54 -------- d-----w- c:\documents and settings\billie\application data\LibreOffice

2012-01-23 15:37:17 -------- d-----w- c:\windows\ShellNew

2012-01-23 15:34:59 -------- d-----w- c:\program files\LibreOffice 3.4

2012-01-23 12:47:34 814040 ----a-w- c:\program files\mozilla firefox\sqlite3.dll

2012-01-22 14:21:24 -------- d-----w- c:\documents and settings\billie\application data\Malwarebytes

2012-01-22 14:20:58 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-01-21 15:11:53 -------- d-----w- C:\sm110v130

2012-01-20 16:45:35 -------- d-----w- c:\program files\Tracker Software

2012-01-20 05:37:11 -------- d-----w- C:\My Web Sites

2012-01-20 05:34:56 -------- d-----w- c:\program files\WinHTTrack

2012-01-20 04:27:52 121239 ----a-w- c:\windows\File Renamer - Basic Uninstaller.exe

2012-01-20 04:27:37 -------- d-----w- c:\program files\File Renamer

2012-01-20 04:09:36 -------- d-----w- c:\documents and settings\billie\local settings\application data\File Renamer Basic

2012-01-20 02:47:54 -------- d-----w- c:\documents and settings\billie\application data\xrecode2

2012-01-20 02:47:41 -------- d-----w- c:\program files\xrecode II

2012-01-20 02:16:40 -------- d-----w- C:\tmp

2012-01-18 15:25:32 -------- d--h--w- c:\windows\PIF

2012-01-18 14:27:14 -------- d-----w- c:\program files\blockout

2012-01-18 14:07:19 -------- d-----w- c:\program files\common files\Bitdefender

2012-01-18 13:24:31 -------- d-----w- C:\loderun2

2012-01-18 08:15:27 388608 ----a-w- c:\program files\HijackThis.exe

2012-01-17 19:45:34 -------- d-----w- c:\documents and settings\billie\local settings\application data\Temp

2012-01-17 18:54:26 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2012-01-17 18:52:00 -------- d-----w- c:\program files\AVG

2012-01-17 12:05:36 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-01-17 12:05:35 274288 ----a-w- c:\windows\system32\mucltui.dll

2012-01-16 22:15:54 -------- d-----w- c:\documents and settings\billie\application data\Auslogics

2012-01-16 22:15:44 -------- d-----w- c:\program files\Auslogics

2012-01-16 22:07:22 -------- d-----w- c:\program files\CCleaner

2012-01-16 18:40:21 -------- d-----w- c:\program files\Croteam

2012-01-16 16:33:58 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2012-01-16 16:33:52 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2012-01-16 12:48:50 222080 ------w- c:\windows\system32\MpSigStub.exe

2012-01-16 12:11:46 -------- d-----w- c:\documents and settings\billie\local settings\application data\Opera

2012-01-16 09:32:57 -------- d-----w- c:\documents and settings\billie\local settings\application data\SmartTechnology

2012-01-16 09:30:58 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2012-01-16 09:30:58 21504 ----a-w- c:\windows\system32\hidserv.dll

2012-01-16 09:30:51 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2012-01-16 09:30:51 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2012-01-16 09:25:43 -------- d-----w- c:\documents and settings\all users\application data\SmartTechnology

2012-01-16 09:25:16 -------- d-----w- c:\program files\SmartTechnology

2012-01-15 18:21:47 -------- d-----w- c:\program files\XCalc

2012-01-15 15:53:31 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2012-01-15 15:17:28 -------- d-----w- c:\documents and settings\all users\application data\Norton

2012-01-15 15:17:01 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller

2012-01-15 12:51:25 -------- d-----w- c:\documents and settings\billie\.swt

2012-01-15 12:51:19 -------- d-----w- c:\documents and settings\billie\application data\Azureus

2012-01-15 12:50:04 -------- d-----w- c:\program files\Vuze

2012-01-15 12:25:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

==================== Find3M ====================

.

2012-01-30 17:37:32 561152 ----a-w- c:\program files\Convert.exe

2012-01-04 23:01:58 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys

2012-01-04 23:01:54 32768 ----a-w- c:\windows\system32\drivers\taphss.sys

2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe

2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll

2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll

.

============= FINISH: 12:31:19.31 ===============

-----------------------------------------------------------------------------------------------------------------------------

attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 12/24/2006 8:48:36 PM

System Uptime: 2/9/2012 6:56:46 AM (6 hours ago)

.

Motherboard: ATI | | SB450

Processor: Intel® Celeron® M CPU 420 @ 1.60GHz | U23 | 1596/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 74 GiB total, 16.037 GiB free.

D: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

µTorrent

7-Zip 9.20

Adobe AIR

Adobe Flash Player 11 Plugin

Adobe Flash Player ActiveX

Adobe Shockwave Player

Atheros Client Utility

Atheros Wireless LAN MiniPCI/PCIe card Driver

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

Auslogics Disk Defrag

AVG 2012

Blasterball 2 Revolution

BlockOut 2.4

Cafe Mahjongg

CCleaner

CD/DVD Drive Acoustic Silencer

Desktop Dialer

Digby's Donuts

Dream Day Honeymoon

DVD-RAM Driver

ESET Online Scanner v3

Family Feud Holiday

FATE

ffdshow v1.1.4096 [2011-11-29]

File Renamer - Basic

FileMenu Tools

Foxit Reader 5.1

Google Chrome

Google Earth

Google Update Helper

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Format SDK (KB902344)

Hotfix for Windows Media Format SDK (KB910998)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotspot Shield 2.24

Hoyle Card Games

InterVideo WinDVD for TOSHIBA

J2SE Runtime Environment 5.0 Update 6

Java Auto Updater

Java™ 6 Update 30

JDownloader 0.9

Jewel Quest 2

LibreOffice 3.4

LibreOffice 3.4 Help Pack (English)

Mahjongg Artifacts

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Mirror Magic Deluxe

Mozilla Firefox 9.0.1 (x86 en-US)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Office 2003 Trial Assistant

Picasa 2

proXPN 2.4.11

Quake 2 - id Software v3.20

QuickTime Alternative 3.2.2

REALTEK GbE & FE Ethernet PCI NIC Driver

Realtek High Definition Audio Driver

SCRABBLE

Screenshot Captor 2.105.01

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

Serious Sam: The First Encounter

Slingo Quest

Smart Technology Programming Software 7.0.12.11

Synaptics Pointing Device Driver

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Controls

TOSHIBA Direct Disc Writer

TOSHIBA Disc Creator

TOSHIBA Game Console

TOSHIBA Hotkey Utility

TOSHIBA PC Diagnostic Tool

TOSHIBA Power Saver

TOSHIBA Recovery Disc Creator

Toshiba Registration

TOSHIBA Software Modem

TOSHIBA Software Upgrades

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA TouchPad ON/Off Utility

TOSHIBA Utilities

TOSHIBA Virtual Sound

Touch and Launch

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB973874)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Viewpoint Media Player

Virtual Villagers The Lost Children

WebFldrs XP

WildTangent Web Driver

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinHTTrack Website Copier 3.44-1

xrecode II 1.0.0.185

.

==== Event Viewer Messages From Past Week ========

.

2/9/2012 8:17:10 AM, error: Dhcp [1002] - The IP address lease 173.0.7.178 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.9.254 (The DHCP Server sent a DHCPNACK message).

2/9/2012 7:53:43 AM, error: Dhcp [1002] - The IP address lease 173.0.7.174 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.7.254 (The DHCP Server sent a DHCPNACK message).

2/9/2012 7:48:47 AM, error: Dhcp [1002] - The IP address lease 10.25.64.100 for the Network Card with network address 00FF57A7EA93 has been denied by the DHCP server 10.25.55.254 (The DHCP Server sent a DHCPNACK message).

2/9/2012 7:48:24 AM, error: Dhcp [1002] - The IP address lease 10.4.48.83 for the Network Card with network address 00FF57A7EA93 has been denied by the DHCP server 10.25.71.254 (The DHCP Server sent a DHCPNACK message).

2/9/2012 10:26:19 AM, error: Dhcp [1002] - The IP address lease 173.0.9.174 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.11.254 (The DHCP Server sent a DHCPNACK message).

2/7/2012 4:07:27 PM, error: Dhcp [1002] - The IP address lease 192.168.2.8 for the Network Card with network address 0016CFB24A5D has been denied by the DHCP server 172.16.51.1 (The DHCP Server sent a DHCPNACK message).

2/7/2012 12:23:15 PM, error: Dhcp [1002] - The IP address lease 173.0.3.196 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.7.254 (The DHCP Server sent a DHCPNACK message).

2/7/2012 12:17:29 PM, error: Dhcp [1002] - The IP address lease 173.0.4.188 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.3.254 (The DHCP Server sent a DHCPNACK message).

2/7/2012 12:16:08 PM, error: Dhcp [1002] - The IP address lease 173.0.3.196 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.4.254 (The DHCP Server sent a DHCPNACK message).

2/7/2012 12:13:13 PM, error: Dhcp [1002] - The IP address lease 173.0.9.187 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.3.254 (The DHCP Server sent a DHCPNACK message).

2/7/2012 12:12:00 PM, error: Dhcp [1002] - The IP address lease 173.0.7.167 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.9.254 (The DHCP Server sent a DHCPNACK message).

2/7/2012 12:10:54 PM, error: Dhcp [1002] - The IP address lease 173.0.2.183 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.7.254 (The DHCP Server sent a DHCPNACK message).

2/7/2012 12:09:36 PM, error: Dhcp [1002] - The IP address lease 173.0.6.187 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.2.254 (The DHCP Server sent a DHCPNACK message).

2/7/2012 12:08:37 PM, error: Dhcp [1002] - The IP address lease 173.0.10.176 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.6.254 (The DHCP Server sent a DHCPNACK message).

2/7/2012 12:07:36 PM, error: Dhcp [1002] - The IP address lease 173.0.11.171 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.10.254 (The DHCP Server sent a DHCPNACK message).

2/7/2012 12:06:18 PM, error: Dhcp [1002] - The IP address lease 173.0.4.172 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.11.254 (The DHCP Server sent a DHCPNACK message).

2/7/2012 12:04:58 PM, error: Dhcp [1002] - The IP address lease 173.0.11.163 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.4.254 (The DHCP Server sent a DHCPNACK message).

2/7/2012 12:03:55 PM, error: Dhcp [1002] - The IP address lease 173.0.9.183 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.11.254 (The DHCP Server sent a DHCPNACK message).

2/7/2012 12:00:50 PM, error: Dhcp [1002] - The IP address lease 10.36.24.9 for the Network Card with network address 00FF57A7EA93 has been denied by the DHCP server 10.4.55.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 9:57:23 AM, error: Dhcp [1002] - The IP address lease 173.0.0.190 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.3.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 9:55:07 AM, error: Dhcp [1002] - The IP address lease 173.0.5.173 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.0.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 9:52:28 AM, error: Dhcp [1002] - The IP address lease 173.0.1.193 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.5.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 9:50:55 AM, error: Dhcp [1002] - The IP address lease 173.0.6.156 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.1.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 9:49:45 AM, error: Dhcp [1002] - The IP address lease 173.0.7.192 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.6.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 9:49:15 AM, error: Dhcp [1002] - The IP address lease 10.25.64.233 for the Network Card with network address 00FF57A7EA93 has been denied by the DHCP server 10.25.31.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 9:48:15 AM, error: Dhcp [1002] - The IP address lease 10.25.56.168 for the Network Card with network address 00FF57A7EA93 has been denied by the DHCP server 10.25.71.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 9:47:55 AM, error: Dhcp [1002] - The IP address lease 10.36.80.13 for the Network Card with network address 00FF57A7EA93 has been denied by the DHCP server 10.25.63.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 7:28:03 AM, error: Dhcp [1002] - The IP address lease 173.0.1.155 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.7.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 7:26:37 AM, error: Dhcp [1002] - The IP address lease 173.0.8.159 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.1.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 7:25:25 AM, error: Dhcp [1002] - The IP address lease 173.0.3.168 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.8.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 7:24:01 AM, error: Dhcp [1002] - The IP address lease 173.0.7.192 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.3.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 7:17:45 AM, error: Dhcp [1002] - The IP address lease 10.36.56.109 for the Network Card with network address 00FF57A7EA93 has been denied by the DHCP server 10.36.87.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 7:07:39 AM, error: Dhcp [1002] - The IP address lease 173.0.1.176 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.7.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 7:06:31 AM, error: Dhcp [1002] - The IP address lease 173.0.0.176 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.1.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 7:05:11 AM, error: Dhcp [1002] - The IP address lease 173.0.8.192 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.0.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 7:04:00 AM, error: Dhcp [1002] - The IP address lease 173.0.3.176 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.8.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 7:03:00 AM, error: Dhcp [1002] - The IP address lease 173.0.0.165 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.3.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 7:02:05 AM, error: Dhcp [1002] - The IP address lease 10.38.48.17 for the Network Card with network address 00FF57A7EA93 has been denied by the DHCP server 10.36.63.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 6:53:50 AM, error: Dhcp [1002] - The IP address lease 173.0.11.166 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.0.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 6:52:42 AM, error: Dhcp [1002] - The IP address lease 173.0.3.165 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.11.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 6:51:12 AM, error: Dhcp [1002] - The IP address lease 173.0.8.160 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.3.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 6:49:59 AM, error: Dhcp [1002] - The IP address lease 173.0.8.192 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.8.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 4:44:56 PM, error: Dhcp [1002] - The IP address lease 192.168.2.8 for the Network Card with network address 0016CFB24A5D has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).

2/6/2012 2:31:18 PM, error: Dhcp [1002] - The IP address lease 173.0.4.190 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.9.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 2:25:04 PM, error: Dhcp [1002] - The IP address lease 173.0.5.174 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.4.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 2:22:58 PM, error: Dhcp [1002] - The IP address lease 173.0.11.189 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.5.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 2:21:42 PM, error: Dhcp [1002] - The IP address lease 173.0.2.185 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.11.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 2:20:34 PM, error: Dhcp [1002] - The IP address lease 173.0.5.174 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.2.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 2:19:20 PM, error: Dhcp [1002] - The IP address lease 173.0.11.188 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.5.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 2:18:07 PM, error: Dhcp [1002] - The IP address lease 173.0.1.192 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.11.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 2:16:56 PM, error: Dhcp [1002] - The IP address lease 173.0.8.196 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.1.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 2:15:45 PM, error: Dhcp [1002] - The IP address lease 173.0.3.160 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.8.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 2:14:34 PM, error: Dhcp [1002] - The IP address lease 173.0.1.180 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.3.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 2:13:30 PM, error: Dhcp [1002] - The IP address lease 173.0.9.188 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.1.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 2:12:51 PM, error: Dhcp [1002] - The IP address lease 10.25.24.148 for the Network Card with network address 00FF57A7EA93 has been denied by the DHCP server 10.36.31.254 (The DHCP Server sent a DHCPNACK message).

2/6/2012 10:51:05 AM, error: Dhcp [1002] - The IP address lease 173.0.3.173 for the Network Card with network address 00FFB3D77342 has been denied by the DHCP server 173.0.9.254 (The DHCP Server sent a DHCPNACK message).

2/3/2012 1:24:07 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

2/3/2012 1:24:07 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/2/2012 10:12:28 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wscsvc service.

.

==== End Of File ===========================

[Elise]

Hello and

Lets also do a rootkit scan here.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• If TDSSKiller does not run, try renaming it.
  
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  
• Click the Start Scan button.
  
• Do not use the computer during the scan
  
• If the scan completes with nothing found, click Close to exit.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  
• Copy and paste the contents of that file in your next reply.

[djbohn]

Hello, elise025,

tdsskiller found no threats.

[Elise]

Hi, please run also the following scan.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

• 
  

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

[djbohn]

Her ya go:

ComboFix 12-02-10.01 - billie 02/10/2012 7:45.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.144 [GMT -5:00]

Running from: c:\documents and settings\billie\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

.

((((((((((((((((((((((((( Files Created from 2012-01-10 to 2012-02-10 )))))))))))))))))))))))))))))))

.

.

2012-02-09 14:50 . 2012-02-09 14:50 -------- d-----w- c:\documents and settings\billie\Application Data\tor

2012-02-09 14:11 . 2012-02-03 02:10 -------- d-----w- C:\Tor Browser

2012-02-09 14:10 . 2012-02-09 13:02 21203363 ----a-w- C:\tor-browser-2.2.35-5_en-US.exe

2012-02-09 13:38 . 2012-02-09 14:53 -------- d-----w- c:\documents and settings\billie\Application Data\Vidalia

2012-02-09 11:53 . 2012-02-09 11:57 -------- d-----w- c:\windows\SxsCaPendDel

2012-02-07 16:26 . 2012-02-07 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2012-02-07 16:26 . 2010-03-17 20:53 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-02-07 16:26 . 2010-03-17 20:53 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-02-07 16:26 . 2010-03-17 20:53 180224 ----a-w- c:\windows\system32\QTCF.dll

2012-02-07 16:26 . 2012-02-07 16:28 -------- d-----w- c:\program files\QuickTime Alternative

2012-02-07 16:23 . 2011-11-29 20:21 79872 ----a-w- c:\windows\system32\ff_vfw.dll

2012-02-07 16:23 . 2012-02-07 16:23 -------- d-----w- c:\program files\ffdshow

2012-02-07 16:15 . 2012-02-07 16:15 -------- d-----w- c:\documents and settings\billie\Application Data\Media Player Classic

2012-02-07 16:14 . 2012-01-30 20:30 -------- d-----w- c:\program files\MPC-HomeCinema.1.6.0.4014.x86

2012-02-06 19:22 . 2012-02-10 11:49 -------- d-----w- c:\program files\uTorrent

2012-02-06 19:11 . 2012-02-10 12:58 -------- d-----w- c:\documents and settings\billie\Application Data\uTorrent

2012-02-06 11:43 . 2012-02-09 15:26 -------- d-----w- c:\program files\proXPN

2012-02-06 11:37 . 2012-02-06 11:38 -------- d-----w- C:\Hotspot Shield

2012-02-06 11:36 . 2012-02-06 11:38 -------- d-----w- c:\program files\Hotspot Shield

2012-02-04 18:08 . 2012-02-04 18:08 -------- d-----w- c:\program files\LopeSoft

2012-02-04 14:57 . 2012-02-04 14:57 -------- d-----w- c:\program files\Foxit Software

2012-02-03 17:51 . 2012-02-03 17:51 -------- d-sh--w- c:\documents and settings\billie\UserData

2012-02-02 19:02 . 2012-02-02 19:02 -------- d-----w- c:\program files\Steam

2012-02-02 19:01 . 2012-02-02 19:01 -------- d-----w- c:\program files\Valve

2012-02-02 19:01 . 2012-02-02 19:20 -------- d---a-w- C:\HL2-TMP

2012-02-01 19:06 . 2012-02-01 19:06 -------- d-----w- c:\documents and settings\billie\Application Data\AVG2012

2012-02-01 19:04 . 2012-02-07 13:31 -------- d-----w- c:\windows\system32\drivers\AVG

2012-02-01 19:04 . 2012-02-01 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2012-02-01 12:29 . 2012-02-01 12:29 -------- d-----w- c:\program files\ESET

2012-02-01 11:55 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-01 11:55 . 2012-02-01 11:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-01-30 13:14 . 2012-01-30 13:14 -------- d-----w- c:\documents and settings\billie\Application Data\DonationCoder

2012-01-30 13:08 . 2012-01-30 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\DonationCoder

2012-01-30 13:08 . 2012-02-08 20:56 -------- d-----w- c:\program files\ScreenshotCaptor

2012-01-29 18:11 . 2012-01-29 18:12 -------- d-----w- C:\Quake2

2012-01-29 13:05 . 2012-01-29 13:05 -------- d-----w- c:\program files\backups

2012-01-28 20:56 . 2012-02-07 13:31 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2012-01-28 17:33 . 2012-01-28 17:34 106824 ----a-w- c:\windows\system32\drivers\WRkrn.sys

2012-01-28 17:33 . 2012-01-28 17:34 141272 ----a-w- c:\windows\system32\WRusr.dll

2012-01-28 17:33 . 2012-01-28 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\WRData

2012-01-27 16:21 . 2012-01-27 16:22 -------- d-----w- c:\program files\Incredible Machines

2012-01-26 18:45 . 2012-01-26 18:46 -------- d-----w- c:\documents and settings\billie\Application Data\Hoyle FaceCreator

2012-01-26 18:45 . 2012-02-03 18:34 -------- d-----w- c:\documents and settings\billie\Application Data\Hoyle Card Games

2012-01-26 18:31 . 2012-01-26 18:31 -------- d-----w- c:\program files\Encore

2012-01-26 15:43 . 2012-01-26 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games

2012-01-23 19:29 . 2011-11-10 10:54 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-01-23 15:55 . 2012-01-23 16:08 -------- d-----w- c:\program files\JDownloader

2012-01-23 15:41 . 2012-01-23 15:41 -------- d-----w- c:\documents and settings\billie\Application Data\LibreOffice

2012-01-23 15:37 . 2012-01-23 15:37 -------- d-----w- c:\windows\ShellNew

2012-01-23 15:34 . 2012-01-23 15:37 -------- d-----w- c:\program files\LibreOffice 3.4

2012-01-22 14:21 . 2012-01-22 14:21 -------- d-----w- c:\documents and settings\billie\Application Data\Malwarebytes

2012-01-22 14:20 . 2012-01-22 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-01-21 15:11 . 2012-01-21 15:12 -------- d-----w- C:\sm110v130

2012-01-20 16:45 . 2012-02-03 18:22 -------- d-----w- c:\program files\Tracker Software

2012-01-20 16:19 . 2012-01-20 16:19 -------- d-----w- c:\documents and settings\david\admin

2012-01-20 15:40 . 2012-01-20 15:40 -------- d-----w- c:\program files\Microsoft.NET

2012-01-20 05:37 . 2012-01-20 05:39 -------- d-----w- C:\My Web Sites

2012-01-20 05:34 . 2012-01-20 05:34 -------- d-----w- c:\program files\WinHTTrack

2012-01-20 04:27 . 2012-01-20 04:28 121239 ----a-w- c:\windows\File Renamer - Basic Uninstaller.exe

2012-01-20 04:27 . 2012-01-20 04:27 -------- d-----w- c:\program files\File Renamer

2012-01-20 04:09 . 2012-02-04 13:55 -------- d-----w- c:\documents and settings\billie\Local Settings\Application Data\File Renamer Basic

2012-01-20 02:47 . 2012-01-20 03:56 -------- d-----w- c:\documents and settings\billie\Application Data\xrecode2

2012-01-20 02:47 . 2012-01-20 02:47 -------- d-----w- c:\program files\xrecode II

2012-01-20 02:16 . 2012-01-20 02:35 -------- d-----w- C:\tmp

2012-01-18 15:25 . 2012-01-18 15:25 -------- d--h--w- c:\windows\PIF

2012-01-18 14:27 . 2012-01-18 21:35 -------- d-----w- c:\program files\blockout

2012-01-18 14:07 . 2012-01-18 14:07 -------- d-----w- c:\program files\Common Files\Bitdefender

2012-01-18 13:24 . 2012-01-27 15:18 -------- d-----w- C:\loderun2

2012-01-18 08:15 . 2012-01-18 08:15 388608 ----a-w- c:\program files\HijackThis.exe

2012-01-17 19:45 . 2012-01-17 19:45 -------- d-----w- c:\documents and settings\billie\Local Settings\Application Data\Temp

2012-01-17 19:44 . 2012-01-17 19:44 -------- d-----w- c:\program files\Common Files\Adobe AIR

2012-01-17 18:54 . 2012-01-17 18:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2012-01-17 18:52 . 2012-01-17 18:52 -------- d-----w- c:\program files\AVG

2012-01-17 12:05 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2012-01-16 22:15 . 2012-01-16 22:15 -------- d-----w- c:\documents and settings\billie\Application Data\Auslogics

2012-01-16 22:15 . 2012-01-16 22:15 -------- d-----w- c:\program files\Auslogics

2012-01-16 22:07 . 2012-01-16 22:07 -------- d-----w- c:\program files\CCleaner

2012-01-16 19:00 . 2012-01-16 19:00 -------- d-----w- c:\program files\7-Zip

2012-01-16 18:40 . 2012-01-16 18:40 -------- d-----w- c:\program files\Croteam

2012-01-16 16:33 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2012-01-16 16:33 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2012-01-16 12:48 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe

2012-01-16 12:11 . 2012-01-21 18:00 -------- d-----w- c:\documents and settings\billie\Local Settings\Application Data\Opera

2012-01-16 12:10 . 2012-01-21 18:00 -------- d-----w- c:\program files\Opera

2012-01-16 09:32 . 2012-01-16 09:32 -------- d-----w- c:\documents and settings\billie\Local Settings\Application Data\SmartTechnology

2012-01-16 09:30 . 2008-04-14 00:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2012-01-16 09:30 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll

2012-01-16 09:30 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2012-01-16 09:30 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2012-01-16 09:25 . 2012-01-16 09:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartTechnology

2012-01-16 09:25 . 2012-01-16 09:25 -------- d-----w- c:\program files\SmartTechnology

2012-01-15 18:21 . 2012-01-15 18:25 -------- d-----w- c:\program files\XCalc

2012-01-15 15:53 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2012-01-15 15:17 . 2012-01-15 15:17 -------- d-----w- c:\program files\Windows Sidebar

2012-01-15 15:17 . 2012-01-28 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2012-01-15 12:51 . 2012-01-15 12:51 -------- d-----w- c:\documents and settings\billie\.swt

2012-01-15 12:51 . 2012-02-06 16:03 -------- d-----w- c:\documents and settings\billie\Application Data\Azureus

2012-01-15 12:50 . 2012-02-06 19:10 -------- d-----w- c:\program files\Vuze

2012-01-15 12:25 . 2012-01-15 12:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-15 12:14 . 2012-01-15 12:14 -------- d-----w- c:\documents and settings\billie\Local Settings\Application Data\Mozilla

2012-01-14 22:36 . 2012-01-14 22:36 -------- d-sh--w- c:\documents and settings\david\IECompatCache

2012-01-14 22:35 . 2012-01-14 22:35 -------- d-sh--w- c:\documents and settings\david\PrivacIE

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-30 17:37 . 1999-10-31 03:54 561152 ----a-w- c:\program files\Convert.exe

2012-01-04 23:01 . 2012-01-04 23:01 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys

2012-01-04 23:01 . 2012-01-04 23:01 32768 ----a-w- c:\windows\system32\drivers\taphss.sys

2011-11-25 21:57 . 2006-07-17 18:24 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:25 . 2006-07-17 18:24 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 12:35 . 2006-07-17 18:24 60416 ----a-w- c:\windows\system32\packager.exe

2011-11-16 14:21 . 2006-07-17 18:24 354816 ----a-w- c:\windows\system32\winhttp.dll

2011-11-16 14:21 . 2006-07-17 18:24 152064 ----a-w- c:\windows\system32\schannel.dll

2011-12-21 07:24 . 2012-01-15 12:14 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]

"NDSTray.exe"="NDSTray.exe" [bU]

"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-07-25 364544]

"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-26 299008]

"RTHDCPL"="RTHDCPL.EXE" [2006-08-24 16050688]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]

"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 89541]

"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]

"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]

"TFncKy"="TFncKy.exe" [bU]

"TPSMain"="TPSMain.exe" [2005-06-01 282624]

"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]

"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2011-11-10 227840]

"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2011-11-10 123392]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=

"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]

R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [1/6/2012 1:36 PM 331608]

R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/1/2012 6:55 AM 652360]

R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 1:50 PM 98816]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/1/2012 6:55 AM 20464]

R3 SaiK0CCC;SaiK0CCC;c:\windows\system32\drivers\SaiK0CCC.sys [8/10/2010 9:40 AM 138760]

R3 SaiU0CCC;SaiU0CCC;c:\windows\system32\drivers\SaiU0CCC.sys [8/10/2010 9:40 AM 35336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/19/2012 11:51 AM 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/19/2012 11:51 AM 136176]

S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys --> c:\sysprep\PEDrv.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 61840801

*NewlyCreated* - 79536686

*NewlyCreated* - 84868677

*Deregistered* - 61840801

*Deregistered* - 79536686

*Deregistered* - 84868677

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-19 16:50]

.

2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-19 16:50]

.

2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2969973514-3865636018-3522048067-1006Core.job

- c:\documents and settings\billie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-21 18:02]

.

2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2969973514-3865636018-3522048067-1006UA.job

- c:\documents and settings\billie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-21 18:02]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\billie\Application Data\Mozilla\Firefox\Profiles\dljv4m0d.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-10 08:08

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2969973514-3865636018-3522048067-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:5b,77,71,8c,23,0f,1e,5e,54,a7,de,e0,41,69,41,d9,cf,99,a9,68,e4,74,04,

d8,e6,6d,40,7d,5c,54,11,3b,07,fd,61,f6,f7,35,60,c3,83,b4,a9,9e,ff,25,f7,f4,\

"??"=hex:aa,1e,4a,9e,c9,c4,8e,6b,d5,85,e1,f4,f3,3f,b3,b9

.

[HKEY_USERS\S-1-5-21-2969973514-3865636018-3522048067-1006\Software\SecuROM\License information*]

"datasecu"=hex:62,f1,29,59,3a,e5,cd,bf,f2,95,8b,0c,1d,df,1f,0d,fb,98,eb,46,e0,

58,82,a1,db,2c,ca,cf,1b,06,fd,2b,a9,4c,44,d3,4c,36,d7,d7,47,55,37,5a,78,f2,\

"rkeysecu"=hex:f5,3c,10,84,8a,c8,d2,53,23,2e,4a,30,fd,8a,b4,b9

.

[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]

"value"="?\01\00\0f\0c2!t"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1792)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(2652)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\TPwrCfg.DLL

c:\windows\system32\TPwrReg.dll

c:\windows\system32\TPSTrace.DLL

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2012-02-10 08:17:30

ComboFix-quarantined-files.txt 2012-02-10 13:17

ComboFix2.txt 2012-02-01 18:55

.

Pre-Run: 17,115,955,200 bytes free

Post-Run: 17,116,950,528 bytes free

.

- - End Of File - - C10D655E333DE14FBE8DDB6075376FCB

[Elise]

As I see no malware present here, I suspect the IP blocks are caused by uTorrent.

• Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  
• They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  
• Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  
• The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

Please make sure it is removed or shut down completely then see if you still get IP blocks.

[djbohn]

Thank you, and sorry for wasting your time. I will do some more research on p2p sharing sites, etc., and more than likely take your advice.

Dan

[djbohn]

PS,

Does combofix need to be uninstalled?

[Elise]

If you have no other problems beside this and you can indeed trace this back to uTorrent, then yes.

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean

Please do the following to remove the remaining programs from your PC:

• Delete the tools used during the disinfection:
  • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    

Please read these advices, in order to prevent reinfecting your PC:

1. Install and update the following programs regularly:
   • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
     A comprehensive tutorial and a list of possible firewalls can be found here.
     
   • an AntiVirus Software
     It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
     
   • an Anti-Spyware program
     Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
     SUPERAntiSpyware is another good scanner with high detection and removal rates.
     Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
     
   • Spyware Blaster
     A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
     

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

• Miekies' prevention suggestions
  
• So How did I get infected?
  
• Microsoft - 'Security at home'
  
• Calendar of Updates: See which updates have been released.
  
• How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:
  
• Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.
  
• osalt: Find (free) open source alternatives to known commercial software.

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!