Jump to content

Malwarebytes blocked IP 89.28.8.80 Please help


Recommended Posts

Hello,

So after quick post in the general section I was directed here.

The last time I updated my malwarebytes to 1.61 I decided to try the trial version, everything seemed fine until 1. the trial lasted longer than 13 days 2. I repeatedly was getting this same message from malwarebytes that the 89.28.8.80 outgoing IP had been blocked.

I had no p2p software running, I was on firefox listening to some British comedy on youtube and no other window was opened and it would give me continually this same message. I had also scanned my pc with malwarebytes which didn't find anything, I also scanned with my current antivirus Avira (free), Sophos Virus Removal Tool and Kaspersky Removal Tool and none of them found anything on my system. Also scanned the whole pc in safe mode just to be safe.

I ran Tcpview and unchecked resolved addresses and the blocked ip did not show up.

I ran mbam-clean.exe and reinstalled mabam thinking it might be an update issue...so far no message pop up. But I'd rather be safe than sorry so I ran the dds tool and here are the logs. If someone could be kind enough to let me know if anything is actually wrong.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_29

Run by Grace at 21:37:03 on 2012-05-05

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.483 [GMT -4:00]

.

AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

C:\Program Files\EeePC\ACPI\AsEPCMon.exe

C:\Program Files\EeePC\ACPI\AsTray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\AsScrPro.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ASUS\Eee Docking\Eee Docking.exe

C:\Documents and Settings\Grace\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://eeepc.asus.com/global

uInternet Connection Wizard,ShellNext = iexplore

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe

uRun: [Octoshape Streaming Services] "c:\documents and settings\grace\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe

mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe

mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [synAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe

mRun: [LiveUpdate] c:\program files\asus\liveupdate\LiveUpdate.exe auto

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\grace\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\grace\startm~1\programs\startup\viikii~1.lnk - c:\program files\viikiidesktopplugin\ViiKiiDesktopPlugin.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.shockwave.com/content/deliciousteagarden/sis/gamehouseplayer.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/insaniquarium/sis/popcaploader_v10.cab

TCP: DhcpNameServer = 192.168.20.1

TCP: Interfaces\{AB7BB092-D147-473D-9287-4C720238026A} : DhcpNameServer = 192.168.20.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~4\office12\GR99D3~1.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\grace\application data\mozilla\firefox\profiles\us8p9xj7.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - plugin: c:\documents and settings\grace\application data\mozilla\plugins\npoctoshape.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll

.

============= SERVICES / DRIVERS ===============

.

R0 86768985;86768985;c:\windows\system32\drivers\86768985.sys [2011-7-30 133208]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-2-6 36000]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-2-6 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-2-6 110032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-2-6 74640]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-5 654408]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-6-1 38912]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-5 22344]

R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2012-1-23 39040]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-28 253088]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-6-22 1684736]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 129976]

S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?]

.

=============== Created Last 30 ================

.

2012-05-06 01:05:43 -------- d-----w- c:\documents and settings\grace\application data\Malwarebytes

2012-05-06 01:05:34 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-05-06 01:05:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-06 01:05:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-01 02:44:06 -------- d-----w- c:\documents and settings\all users\application data\Sophos

2012-05-01 02:44:00 73728 ----a-r- c:\documents and settings\grace\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-05-01 02:44:00 73728 ----a-r- c:\documents and settings\grace\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-05-01 02:44:00 73728 ----a-r- c:\documents and settings\grace\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe

2012-05-01 02:43:50 -------- d-----w- c:\program files\Sophos

2012-04-26 03:35:30 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-04-26 03:35:22 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe

2012-04-26 03:35:22 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe

.

==================== Find3M ====================

.

2012-04-19 22:36:00 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-19 22:36:00 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

.

============= FINISH: 21:37:55.25 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 15/09/2009 4:53:27 AM

System Uptime: 05/05/2012 9:02:18 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | 1005HA

Processor: Intel® Atom CPU N280 @ 1.66GHz | PBGA 437 | 1666/167mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 72 GiB total, 57.288 GiB free.

D: is FIXED (NTFS) - 72 GiB total, 71.986 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP2: 28/10/2011 10:50:05 AM - System Checkpoint

RP3: 10/12/2011 3:57:04 PM - Installed Java 6 Update 29

RP4: 27/12/2011 7:57:29 PM - Installed DirectX

RP5: 16/01/2012 11:02:54 AM - System Checkpoint

RP6: 23/01/2012 10:15:56 PM - Removed Genesys USB Mass Storage Device

RP7: 23/01/2012 10:19:57 PM - Installed USB2.0 UVC Camera Device

RP8: 23/01/2012 10:20:05 PM - Installed USB2.0 UVC Camera Device

RP9: 13/02/2012 11:22:58 AM - Installed DirectX

RP10: 30/04/2012 10:43:46 PM - Installed Sophos Virus Removal Tool.

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 Plugin

Adobe Reader 8.1.1

Adobe Shockwave Player 11.6

Asus ACPI Driver

ASUS VIBE

ASUSUpdate for Eee PC

Atheros Client Installation Program

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Avira Free Antivirus

Caesar 3 3.00

Compatibility Pack for the 2007 Office system

Data Sync

Dr.Eee EN

Eee Docking 1.3.4.0

Eee PC_1005HA Screen Saver

Eee Storage

EeeSplendid

EzMessenger

FontResizer

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954708)

Intel® Graphics Media Accelerator Driver

Java Auto Updater

Java 6 Update 29

Junk Mail filter update

LiveUpdate

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft .NET Framework 2.0

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft National Language Support Downlevel APIs

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

My Tribe

Octoshape Streaming Services

Ralink RT2860 Wireless LAN Card

Realtek High Definition Audio Driver

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953155)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Segoe UI

Skype™ 5.8

Sophos Virus Removal Tool

Super Hybrid Engine

swMSM

Synaptics Pointing Device Driver

Update for Office System 2007 Setup (KB929722)

Update for Windows XP (KB942763)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951618-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB953356)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

USB2.0 UVC Camera Device

VC80CRTRedist - 8.0.50727.6195

ViKi Desktop Plug-in

VLC media player 1.0.2

WebFldrs XP

WIDCOMM Bluetooth Software

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 7

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

WinRAR 4.01 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

03/05/2012 7:26:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

03/05/2012 6:56:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

03/05/2012 6:54:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip

03/05/2012 6:54:27 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

03/05/2012 6:54:27 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

03/05/2012 6:54:27 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

03/05/2012 6:54:27 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

03/05/2012 6:53:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

02/05/2012 10:34:43 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SophosVirusRemovalTool service.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello and :welcome:

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Hello,

Here is the combofix log:

ComboFix 12-05-06.03 - Grace 06/05/2012 14:16:47.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.472 [GMT -4:00]

Running from: c:\documents and settings\Grace\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Grace\My Documents\~WRD1907.tmp

C:\restore

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_NPF

.

.

((((((((((((((((((((((((( Files Created from 2012-04-06 to 2012-05-06 )))))))))))))))))))))))))))))))

.

.

2012-05-06 01:05 . 2012-05-06 01:05 -------- d-----w- c:\documents and settings\Grace\Application Data\Malwarebytes

2012-05-06 01:05 . 2012-05-06 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-05-06 01:05 . 2012-05-06 01:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-06 01:05 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-01 02:44 . 2012-05-01 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos

2012-05-01 02:44 . 2012-05-01 02:44 73728 ----a-r- c:\documents and settings\Grace\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-05-01 02:44 . 2012-05-01 02:44 73728 ----a-r- c:\documents and settings\Grace\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

2012-05-01 02:44 . 2012-05-01 02:44 73728 ----a-r- c:\documents and settings\Grace\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe

2012-05-01 02:43 . 2012-05-01 02:43 -------- d-----w- c:\program files\Sophos

2012-04-26 03:35 . 2012-04-26 03:35 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-04-26 03:35 . 2012-04-26 03:35 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-26 03:35 . 2012-04-26 03:35 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe

2012-04-21 20:51 . 2012-04-21 20:51 -------- d-----w- c:\program files\Common Files\Skype

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-19 22:36 . 2012-03-29 01:07 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-19 22:36 . 2011-06-11 17:21 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-29 12:18 . 2012-03-29 12:15 398407 ----a-w- c:\windows\1005HA-ASUS-0905.zip

2012-02-15 18:54 . 2012-02-07 03:43 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-04-26 03:35 . 2011-12-01 23:39 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-04-14 . CA74C32AD4E1C087066B321E0DA8C22E . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2008-04-14 . CA74C32AD4E1C087066B321E0DA8C22E . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]

@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"

[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]

2005-09-23 14:28 270848 ----a-w- c:\windows\system32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]

@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"

[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]

2005-09-23 14:28 270848 ----a-w- c:\windows\system32\mscoree.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-06-08 397312]

"Octoshape Streaming Services"="c:\documents and settings\Grace\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-17 630784]

"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]

"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-17 118784]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]

"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-08 3054136]

"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2009-06-25 712704]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]

"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\documents and settings\Grace\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

ViiKiiDesktopPlugin.lnk - c:\program files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe [2011-11-15 142848]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2007-10-11 02:51 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NIS]

2008-10-16 08:59 109056808 ----a-w- c:\program files\Norton Internet Security\Setup.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Documents and Settings\\Grace\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

.

R0 86768985;86768985;c:\windows\system32\drivers\86768985.sys [30/07/2011 9:49 AM 133208]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [06/02/2012 11:43 PM 36000]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [06/02/2012 11:43 PM 86224]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [05/05/2012 9:05 PM 654408]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [01/06/2009 3:26 AM 38912]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [05/05/2012 9:05 PM 22344]

R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [23/01/2012 11:15 PM 39040]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29/02/2012 8:50 AM 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [28/03/2012 9:07 PM 253088]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/06/2009 11:49 PM 1684736]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [25/04/2012 11:35 PM 129976]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*NewlyCreated* - WUAUSERV

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 22:36]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://eeepc.asus.com/global

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.20.1

DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.shockwave.com/content/deliciousteagarden/sis/gamehouseplayer.cab

FF - ProfilePath - c:\documents and settings\Grace\Application Data\Mozilla\Firefox\Profiles\us8p9xj7.default\

FF - prefs.js: browser.startup.homepage - about:home

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-06 14:26

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(496)

c:\windows\system32\WININET.dll

c:\program files\ASUS\Eee Storage\XPClient.dll

c:\program files\ASUS\Eee Storage\LogicNP.EZShellExtensions.dll

c:\program files\ASUS\Eee Storage\EcaremeDLL.dll

c:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3390.31024__0d0f4b69e50e559b\SqliteShared.dll

c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll

c:\windows\system32\btmmhook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\RTHDCPL.EXE

c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe

c:\windows\system32\igfxext.exe

c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2012-05-06 14:31:37 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-06 18:31

.

Pre-Run: 61,405,515,776 bytes free

Post-Run: 61,289,017,344 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - CE0908BCCCD3D100DCC4892080E0961D

Thanks in advance.

Link to post
Share on other sites

Lets also do an additional rootkit scan.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Hello,

15:12:40.0906 3752 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18

15:12:41.0375 3752 ============================================================

15:12:41.0375 3752 Current date / time: 2012/05/06 15:12:41.0375

15:12:41.0375 3752 SystemInfo:

15:12:41.0375 3752

15:12:41.0375 3752 OS Version: 5.1.2600 ServicePack: 3.0

15:12:41.0375 3752 Product type: Workstation

15:12:41.0375 3752 ComputerName: OPHIEL

15:12:41.0375 3752 UserName: Grace

15:12:41.0375 3752 Windows directory: C:\WINDOWS

15:12:41.0375 3752 System windows directory: C:\WINDOWS

15:12:41.0375 3752 Processor architecture: Intel x86

15:12:41.0375 3752 Number of processors: 2

15:12:41.0375 3752 Page size: 0x1000

15:12:41.0375 3752 Boot type: Normal boot

15:12:41.0375 3752 ============================================================

15:12:42.0609 3752 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

15:12:42.0609 3752 ============================================================

15:12:42.0609 3752 \Device\Harddisk0\DR0:

15:12:42.0625 3752 MBR partitions:

15:12:42.0625 3752 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x901F5C0

15:12:42.0625 3752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x901F5FF, BlocksNum 0x901B73E

15:12:42.0625 3752 ============================================================

15:12:42.0671 3752 C: <-> \Device\Harddisk0\DR0\Partition0

15:12:42.0718 3752 D: <-> \Device\Harddisk0\DR0\Partition1

15:12:42.0718 3752 ============================================================

15:12:42.0718 3752 Initialize success

15:12:42.0718 3752 ============================================================

15:13:08.0140 3936 ============================================================

15:13:08.0140 3936 Scan started

15:13:08.0140 3936 Mode: Manual;

15:13:08.0140 3936 ============================================================

15:13:08.0875 3936 86768985 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\86768985.sys

15:13:08.0890 3936 86768985 - ok

15:13:08.0906 3936 Abiosdsk - ok

15:13:08.0921 3936 abp480n5 - ok

15:13:08.0968 3936 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

15:13:08.0968 3936 ACPI - ok

15:13:09.0000 3936 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

15:13:09.0000 3936 ACPIEC - ok

15:13:09.0078 3936 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

15:13:09.0078 3936 AdobeFlashPlayerUpdateSvc - ok

15:13:09.0093 3936 adpu160m - ok

15:13:09.0171 3936 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

15:13:09.0187 3936 aec - ok

15:13:09.0234 3936 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

15:13:09.0234 3936 AFD - ok

15:13:09.0250 3936 Aha154x - ok

15:13:09.0265 3936 aic78u2 - ok

15:13:09.0296 3936 aic78xx - ok

15:13:09.0328 3936 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

15:13:09.0343 3936 Alerter - ok

15:13:09.0375 3936 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

15:13:09.0375 3936 ALG - ok

15:13:09.0375 3936 AliIde - ok

15:13:09.0578 3936 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys

15:13:09.0640 3936 Ambfilt - ok

15:13:09.0734 3936 amsint - ok

15:13:10.0000 3936 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files\Avira\AntiVir Desktop\sched.exe

15:13:10.0000 3936 AntiVirSchedulerService - ok

15:13:10.0046 3936 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

15:13:10.0062 3936 AntiVirService - ok

15:13:10.0062 3936 AppMgmt - ok

15:13:10.0250 3936 AR5416 (e0ee769d14128014965e03b433f5f46e) C:\WINDOWS\system32\DRIVERS\athw.sys

15:13:10.0312 3936 AR5416 - ok

15:13:10.0328 3936 asc - ok

15:13:10.0343 3936 asc3350p - ok

15:13:10.0359 3936 asc3550 - ok

15:13:10.0437 3936 aspnet_state (d33c507942299753868204cc7642fa27) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

15:13:10.0453 3936 aspnet_state - ok

15:13:10.0468 3936 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys

15:13:10.0468 3936 AsusACPI - ok

15:13:10.0515 3936 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:13:10.0515 3936 AsyncMac - ok

15:13:10.0562 3936 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

15:13:10.0562 3936 atapi - ok

15:13:10.0578 3936 Atdisk - ok

15:13:10.0625 3936 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:13:10.0625 3936 Atmarpc - ok

15:13:10.0671 3936 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

15:13:10.0671 3936 AudioSrv - ok

15:13:10.0703 3936 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

15:13:10.0703 3936 audstub - ok

15:13:10.0750 3936 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

15:13:10.0765 3936 avgntflt - ok

15:13:10.0796 3936 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys

15:13:10.0812 3936 avipbb - ok

15:13:10.0843 3936 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys

15:13:10.0843 3936 avkmgr - ok

15:13:10.0890 3936 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

15:13:10.0906 3936 Beep - ok

15:13:10.0968 3936 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

15:13:10.0984 3936 BITS - ok

15:13:11.0031 3936 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

15:13:11.0031 3936 Browser - ok

15:13:11.0109 3936 btaudio (4b43dfe1c1fbb305a1dc5504ef9bb34e) C:\WINDOWS\system32\drivers\btaudio.sys

15:13:11.0125 3936 btaudio - ok

15:13:11.0171 3936 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys

15:13:11.0171 3936 BTDriver - ok

15:13:11.0312 3936 BTKRNL (70455baffc078b6152d1e52376296467) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

15:13:11.0343 3936 BTKRNL - ok

15:13:11.0453 3936 btwdins (e43f7709f36444681978f9dc067a976b) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

15:13:11.0468 3936 btwdins - ok

15:13:11.0515 3936 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys

15:13:11.0515 3936 BTWDNDIS - ok

15:13:11.0546 3936 btwhid (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys

15:13:11.0546 3936 btwhid - ok

15:13:11.0562 3936 BTWUSB (2cfc2bd8785f82a42fcad83de1fa5a36) C:\WINDOWS\system32\Drivers\btwusb.sys

15:13:11.0578 3936 BTWUSB - ok

15:13:11.0593 3936 catchme - ok

15:13:11.0625 3936 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

15:13:11.0640 3936 cbidf2k - ok

15:13:11.0687 3936 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

15:13:11.0687 3936 CCDECODE - ok

15:13:11.0703 3936 cd20xrnt - ok

15:13:11.0734 3936 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

15:13:11.0765 3936 Cdaudio - ok

15:13:11.0796 3936 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

15:13:11.0828 3936 Cdfs - ok

15:13:11.0859 3936 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

15:13:11.0859 3936 Cdrom - ok

15:13:11.0875 3936 Changer - ok

15:13:11.0906 3936 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

15:13:11.0906 3936 CiSvc - ok

15:13:11.0937 3936 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

15:13:11.0937 3936 ClipSrv - ok

15:13:12.0000 3936 clr_optimization_v2.0.50727_32 (3c4d595e7f9b747325aef28b4adcaae5) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:13:12.0015 3936 clr_optimization_v2.0.50727_32 - ok

15:13:12.0046 3936 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

15:13:12.0046 3936 CmBatt - ok

15:13:12.0062 3936 CmdIde - ok

15:13:12.0093 3936 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

15:13:12.0093 3936 Compbatt - ok

15:13:12.0109 3936 COMSysApp - ok

15:13:12.0140 3936 Cpqarray - ok

15:13:12.0187 3936 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

15:13:12.0187 3936 CryptSvc - ok

15:13:12.0203 3936 dac2w2k - ok

15:13:12.0218 3936 dac960nt - ok

15:13:12.0296 3936 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

15:13:12.0312 3936 DcomLaunch - ok

15:13:12.0359 3936 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

15:13:12.0359 3936 Dhcp - ok

15:13:12.0406 3936 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

15:13:12.0406 3936 Disk - ok

15:13:12.0421 3936 dmadmin - ok

15:13:12.0515 3936 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

15:13:12.0546 3936 dmboot - ok

15:13:12.0593 3936 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

15:13:12.0609 3936 dmio - ok

15:13:12.0625 3936 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

15:13:12.0625 3936 dmload - ok

15:13:12.0656 3936 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

15:13:12.0656 3936 dmserver - ok

15:13:12.0687 3936 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

15:13:12.0703 3936 DMusic - ok

15:13:12.0750 3936 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll

15:13:12.0750 3936 Dnscache - ok

15:13:12.0781 3936 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

15:13:12.0796 3936 Dot3svc - ok

15:13:12.0796 3936 dpti2o - ok

15:13:12.0828 3936 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

15:13:12.0828 3936 drmkaud - ok

15:13:12.0875 3936 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

15:13:12.0875 3936 EapHost - ok

15:13:12.0906 3936 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

15:13:12.0906 3936 ERSvc - ok

15:13:12.0968 3936 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

15:13:12.0968 3936 Eventlog - ok

15:13:13.0015 3936 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

15:13:13.0031 3936 EventSystem - ok

15:13:13.0062 3936 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

15:13:13.0078 3936 Fastfat - ok

15:13:13.0125 3936 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll

15:13:13.0140 3936 FastUserSwitchingCompatibility - ok

15:13:13.0171 3936 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

15:13:13.0203 3936 Fdc - ok

15:13:13.0234 3936 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

15:13:13.0265 3936 Fips - ok

15:13:13.0281 3936 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

15:13:13.0296 3936 Flpydisk - ok

15:13:13.0343 3936 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

15:13:13.0359 3936 FltMgr - ok

15:13:13.0390 3936 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:13:13.0406 3936 Fs_Rec - ok

15:13:13.0437 3936 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:13:13.0453 3936 Ftdisk - ok

15:13:13.0484 3936 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

15:13:13.0484 3936 Gpc - ok

15:13:13.0515 3936 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

15:13:13.0515 3936 HDAudBus - ok

15:13:13.0562 3936 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

15:13:13.0578 3936 helpsvc - ok

15:13:13.0593 3936 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

15:13:13.0593 3936 HidServ - ok

15:13:13.0625 3936 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

15:13:13.0640 3936 HidUsb - ok

15:13:13.0671 3936 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

15:13:13.0671 3936 hkmsvc - ok

15:13:13.0687 3936 hpn - ok

15:13:13.0765 3936 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

15:13:13.0765 3936 HTTP - ok

15:13:13.0812 3936 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

15:13:13.0828 3936 HTTPFilter - ok

15:13:13.0843 3936 i2omgmt - ok

15:13:13.0859 3936 i2omp - ok

15:13:13.0906 3936 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

15:13:13.0906 3936 i8042prt - ok

15:13:14.0468 3936 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

15:13:14.0687 3936 ialm - ok

15:13:14.0875 3936 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\drivers\iaStor.sys

15:13:14.0875 3936 iaStor - ok

15:13:14.0921 3936 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

15:13:14.0921 3936 Imapi - ok

15:13:14.0968 3936 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

15:13:14.0984 3936 ImapiService - ok

15:13:15.0000 3936 ini910u - ok

15:13:15.0500 3936 IntcAzAudAddService (1ae3cff80017ef89da959350724c7194) C:\WINDOWS\system32\drivers\RtkHDAud.sys

15:13:15.0687 3936 IntcAzAudAddService - ok

15:13:15.0812 3936 IntelIde - ok

15:13:15.0875 3936 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

15:13:15.0875 3936 intelppm - ok

15:13:15.0906 3936 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

15:13:15.0906 3936 Ip6Fw - ok

15:13:15.0921 3936 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:13:15.0921 3936 IpFilterDriver - ok

15:13:15.0937 3936 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

15:13:15.0953 3936 IpInIp - ok

15:13:16.0000 3936 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

15:13:16.0000 3936 IpNat - ok

15:13:16.0046 3936 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

15:13:16.0046 3936 IPSec - ok

15:13:16.0078 3936 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

15:13:16.0078 3936 IRENUM - ok

15:13:16.0125 3936 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

15:13:16.0140 3936 isapnp - ok

15:13:16.0296 3936 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe

15:13:16.0312 3936 JavaQuickStarterService - ok

15:13:16.0359 3936 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:13:16.0359 3936 Kbdclass - ok

15:13:16.0406 3936 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

15:13:16.0421 3936 kmixer - ok

15:13:16.0468 3936 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys

15:13:16.0515 3936 KSecDD - ok

15:13:16.0562 3936 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys

15:13:16.0562 3936 L1c - ok

15:13:16.0609 3936 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll

15:13:16.0625 3936 LanmanServer - ok

15:13:16.0671 3936 lanmanworkstation (1b67b632786fef1c1bbaef46c2f3f2e6) C:\WINDOWS\System32\wkssvc.dll

15:13:16.0703 3936 lanmanworkstation - ok

15:13:16.0703 3936 lbrtfdc - ok

15:13:16.0765 3936 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

15:13:16.0781 3936 LmHosts - ok

15:13:16.0812 3936 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys

15:13:16.0828 3936 MBAMProtector - ok

15:13:16.0953 3936 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

15:13:16.0968 3936 MBAMService - ok

15:13:17.0000 3936 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

15:13:17.0015 3936 Messenger - ok

15:13:17.0093 3936 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

15:13:17.0109 3936 Microsoft Office Groove Audit Service - ok

15:13:17.0140 3936 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

15:13:17.0171 3936 mnmdd - ok

15:13:17.0203 3936 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

15:13:17.0203 3936 mnmsrvc - ok

15:13:17.0234 3936 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

15:13:17.0265 3936 Modem - ok

15:13:17.0421 3936 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys

15:13:17.0484 3936 Monfilt - ok

15:13:17.0515 3936 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

15:13:17.0515 3936 Mouclass - ok

15:13:17.0562 3936 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

15:13:17.0562 3936 mouhid - ok

15:13:17.0609 3936 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

15:13:17.0625 3936 MountMgr - ok

15:13:17.0718 3936 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

15:13:17.0718 3936 MozillaMaintenance - ok

15:13:17.0734 3936 mraid35x - ok

15:13:17.0781 3936 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:13:17.0781 3936 MRxDAV - ok

15:13:17.0859 3936 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:13:17.0875 3936 MRxSmb - ok

15:13:17.0890 3936 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

15:13:17.0906 3936 MSDTC - ok

15:13:17.0921 3936 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

15:13:17.0953 3936 Msfs - ok

15:13:17.0953 3936 MSIServer - ok

15:13:17.0984 3936 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:13:17.0984 3936 MSKSSRV - ok

15:13:18.0000 3936 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:13:18.0000 3936 MSPCLOCK - ok

15:13:18.0015 3936 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

15:13:18.0015 3936 MSPQM - ok

15:13:18.0062 3936 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:13:18.0062 3936 mssmbios - ok

15:13:18.0078 3936 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

15:13:18.0078 3936 MSTEE - ok

15:13:18.0125 3936 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

15:13:18.0125 3936 Mup - ok

15:13:18.0140 3936 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

15:13:18.0156 3936 NABTSFEC - ok

15:13:18.0203 3936 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

15:13:18.0218 3936 napagent - ok

15:13:18.0265 3936 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

15:13:18.0312 3936 NDIS - ok

15:13:18.0343 3936 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

15:13:18.0343 3936 NdisIP - ok

15:13:18.0375 3936 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:13:18.0375 3936 NdisTapi - ok

15:13:18.0421 3936 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:13:18.0421 3936 Ndisuio - ok

15:13:18.0437 3936 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:13:18.0437 3936 NdisWan - ok

15:13:18.0484 3936 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

15:13:18.0484 3936 NDProxy - ok

15:13:18.0531 3936 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

15:13:18.0531 3936 NetBIOS - ok

15:13:18.0578 3936 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

15:13:18.0578 3936 NetBT - ok

15:13:18.0625 3936 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

15:13:18.0625 3936 NetDDE - ok

15:13:18.0640 3936 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

15:13:18.0640 3936 NetDDEdsdm - ok

15:13:18.0687 3936 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:13:18.0687 3936 Netlogon - ok

15:13:18.0750 3936 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

15:13:18.0750 3936 Netman - ok

15:13:18.0828 3936 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll

15:13:18.0828 3936 Nla - ok

15:13:18.0875 3936 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

15:13:18.0890 3936 Npfs - ok

15:13:18.0937 3936 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

15:13:19.0000 3936 Ntfs - ok

15:13:19.0015 3936 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:13:19.0015 3936 NtLmSsp - ok

15:13:19.0078 3936 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

15:13:19.0093 3936 NtmsSvc - ok

15:13:19.0125 3936 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

15:13:19.0140 3936 Null - ok

15:13:19.0171 3936 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:13:19.0171 3936 NwlnkFlt - ok

15:13:19.0187 3936 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:13:19.0187 3936 NwlnkFwd - ok

15:13:19.0312 3936 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

15:13:19.0328 3936 odserv - ok

15:13:19.0375 3936 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:13:19.0375 3936 ose - ok

15:13:19.0421 3936 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

15:13:19.0437 3936 Parport - ok

15:13:19.0468 3936 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

15:13:19.0500 3936 PartMgr - ok

15:13:19.0531 3936 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

15:13:19.0562 3936 ParVdm - ok

15:13:19.0593 3936 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

15:13:19.0593 3936 PCI - ok

15:13:19.0593 3936 PCIDump - ok

15:13:19.0609 3936 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

15:13:19.0609 3936 PCIIde - ok

15:13:19.0640 3936 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

15:13:19.0687 3936 Pcmcia - ok

15:13:19.0687 3936 PDCOMP - ok

15:13:19.0703 3936 PDFRAME - ok

15:13:19.0718 3936 PDRELI - ok

15:13:19.0734 3936 PDRFRAME - ok

15:13:19.0750 3936 perc2 - ok

15:13:19.0765 3936 perc2hib - ok

15:13:19.0828 3936 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

15:13:19.0843 3936 PlugPlay - ok

15:13:19.0859 3936 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:13:19.0859 3936 PolicyAgent - ok

15:13:19.0890 3936 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

15:13:19.0890 3936 PptpMiniport - ok

15:13:19.0906 3936 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:13:19.0906 3936 ProtectedStorage - ok

15:13:19.0921 3936 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

15:13:19.0937 3936 PSched - ok

15:13:19.0953 3936 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

15:13:19.0953 3936 Ptilink - ok

15:13:19.0968 3936 ql1080 - ok

15:13:19.0984 3936 Ql10wnt - ok

15:13:20.0000 3936 ql12160 - ok

15:13:20.0015 3936 ql1240 - ok

15:13:20.0015 3936 ql1280 - ok

15:13:20.0046 3936 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:13:20.0046 3936 RasAcd - ok

15:13:20.0078 3936 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

15:13:20.0078 3936 RasAuto - ok

15:13:20.0109 3936 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:13:20.0109 3936 Rasl2tp - ok

15:13:20.0140 3936 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

15:13:20.0156 3936 RasMan - ok

15:13:20.0187 3936 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:13:20.0187 3936 RasPppoe - ok

15:13:20.0203 3936 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

15:13:20.0203 3936 Raspti - ok

15:13:20.0250 3936 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:13:20.0250 3936 Rdbss - ok

15:13:20.0296 3936 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:13:20.0296 3936 RDPCDD - ok

15:13:20.0359 3936 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

15:13:20.0359 3936 RDPWD - ok

15:13:20.0390 3936 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

15:13:20.0390 3936 RDSessMgr - ok

15:13:20.0421 3936 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

15:13:20.0437 3936 redbook - ok

15:13:20.0468 3936 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

15:13:20.0468 3936 RemoteAccess - ok

15:13:20.0515 3936 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

15:13:20.0515 3936 RpcLocator - ok

15:13:20.0578 3936 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

15:13:20.0593 3936 RpcSs - ok

15:13:20.0625 3936 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

15:13:20.0640 3936 RSVP - ok

15:13:20.0656 3936 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:13:20.0656 3936 SamSs - ok

15:13:20.0703 3936 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

15:13:20.0703 3936 SCardSvr - ok

15:13:20.0765 3936 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

15:13:20.0765 3936 Schedule - ok

15:13:20.0796 3936 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

15:13:20.0812 3936 Secdrv - ok

15:13:20.0843 3936 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

15:13:20.0843 3936 seclogon - ok

15:13:20.0875 3936 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

15:13:20.0875 3936 SENS - ok

15:13:20.0890 3936 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

15:13:20.0921 3936 Serial - ok

15:13:20.0937 3936 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

15:13:20.0953 3936 Sfloppy - ok

15:13:21.0031 3936 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

15:13:21.0046 3936 SharedAccess - ok

15:13:21.0078 3936 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll

15:13:21.0093 3936 ShellHWDetection - ok

15:13:21.0093 3936 Simbad - ok

15:13:21.0187 3936 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe

15:13:21.0187 3936 SkypeUpdate - ok

15:13:21.0234 3936 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

15:13:21.0234 3936 SLIP - ok

15:13:21.0234 3936 Sparrow - ok

15:13:21.0281 3936 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

15:13:21.0281 3936 splitter - ok

15:13:21.0328 3936 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe

15:13:21.0328 3936 Spooler - ok

15:13:21.0359 3936 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

15:13:21.0375 3936 sr - ok

15:13:21.0406 3936 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

15:13:21.0406 3936 srservice - ok

15:13:21.0453 3936 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys

15:13:21.0468 3936 Srv - ok

15:13:21.0500 3936 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

15:13:21.0515 3936 SSDPSRV - ok

15:13:21.0546 3936 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

15:13:21.0546 3936 ssmdrv - ok

15:13:21.0578 3936 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

15:13:21.0593 3936 stisvc - ok

15:13:21.0609 3936 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

15:13:21.0625 3936 streamip - ok

15:13:21.0656 3936 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

15:13:21.0656 3936 swenum - ok

15:13:21.0687 3936 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

15:13:21.0703 3936 swmidi - ok

15:13:21.0703 3936 SwPrv - ok

15:13:21.0718 3936 symc810 - ok

15:13:21.0734 3936 symc8xx - ok

15:13:21.0750 3936 sym_hi - ok

15:13:21.0750 3936 sym_u3 - ok

15:13:21.0812 3936 SynTP (a10d781153bb23036b474ffedb448266) C:\WINDOWS\system32\DRIVERS\SynTP.sys

15:13:21.0828 3936 SynTP - ok

15:13:21.0843 3936 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

15:13:21.0843 3936 sysaudio - ok

15:13:21.0875 3936 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

15:13:21.0890 3936 SysmonLog - ok

15:13:21.0937 3936 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

15:13:21.0953 3936 TapiSrv - ok

15:13:22.0015 3936 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

15:13:22.0031 3936 Tcpip - ok

15:13:22.0062 3936 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

15:13:22.0093 3936 TDPIPE - ok

15:13:22.0109 3936 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

15:13:22.0125 3936 TDTCP - ok

15:13:22.0156 3936 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

15:13:22.0171 3936 TermDD - ok

15:13:22.0203 3936 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

15:13:22.0218 3936 TermService - ok

15:13:22.0265 3936 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll

15:13:22.0265 3936 Themes - ok

15:13:22.0281 3936 TosIde - ok

15:13:22.0328 3936 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

15:13:22.0343 3936 TrkWks - ok

15:13:22.0375 3936 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

15:13:22.0421 3936 Udfs - ok

15:13:22.0421 3936 ultra - ok

15:13:22.0500 3936 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

15:13:22.0500 3936 Update - ok

15:13:22.0546 3936 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

15:13:22.0546 3936 upnphost - ok

15:13:22.0578 3936 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

15:13:22.0578 3936 UPS - ok

15:13:22.0609 3936 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

15:13:22.0609 3936 usbccgp - ok

15:13:22.0656 3936 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

15:13:22.0656 3936 usbehci - ok

15:13:22.0671 3936 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

15:13:22.0671 3936 usbhub - ok

15:13:22.0703 3936 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

15:13:22.0718 3936 usbprint - ok

15:13:22.0750 3936 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

15:13:22.0750 3936 usbstor - ok

15:13:22.0781 3936 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

15:13:22.0781 3936 usbuhci - ok

15:13:22.0812 3936 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

15:13:22.0828 3936 usbvideo - ok

15:13:22.0859 3936 uvclf (c019889035cdc1a06f2febc93cbb6897) C:\WINDOWS\system32\DRIVERS\uvclf.sys

15:13:22.0859 3936 uvclf - ok

15:13:22.0890 3936 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

15:13:22.0890 3936 VgaSave - ok

15:13:22.0906 3936 ViaIde - ok

15:13:22.0953 3936 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

15:13:22.0984 3936 VolSnap - ok

15:13:23.0031 3936 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

15:13:23.0046 3936 VSS - ok

15:13:23.0093 3936 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

15:13:23.0109 3936 W32Time - ok

15:13:23.0140 3936 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

15:13:23.0140 3936 Wanarp - ok

15:13:23.0218 3936 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

15:13:23.0218 3936 Wdf01000 - ok

15:13:23.0234 3936 WDICA - ok

15:13:23.0281 3936 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

15:13:23.0281 3936 wdmaud - ok

15:13:23.0328 3936 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

15:13:23.0328 3936 WebClient - ok

15:13:23.0406 3936 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

15:13:23.0406 3936 winmgmt - ok

15:13:23.0468 3936 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

15:13:23.0468 3936 WmdmPmSN - ok

15:13:23.0515 3936 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

15:13:23.0531 3936 WmiApSrv - ok

15:13:23.0671 3936 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

15:13:23.0687 3936 WMPNetworkSvc - ok

15:13:23.0718 3936 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

15:13:23.0718 3936 WS2IFSL - ok

15:13:23.0750 3936 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

15:13:23.0750 3936 wscsvc - ok

15:13:23.0796 3936 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

15:13:23.0796 3936 WSTCODEC - ok

15:13:23.0843 3936 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

15:13:23.0843 3936 wuauserv - ok

15:13:23.0875 3936 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

15:13:23.0875 3936 WudfPf - ok

15:13:23.0890 3936 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

15:13:23.0906 3936 WudfRd - ok

15:13:23.0921 3936 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

15:13:23.0937 3936 WudfSvc - ok

15:13:24.0015 3936 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

15:13:24.0031 3936 WZCSVC - ok

15:13:24.0062 3936 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

15:13:24.0078 3936 xmlprov - ok

15:13:24.0125 3936 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

15:13:24.0375 3936 \Device\Harddisk0\DR0 - ok

15:13:24.0390 3936 Boot (0x1200) (abc80859b9756239d1b706b70c05384c) \Device\Harddisk0\DR0\Partition0

15:13:24.0390 3936 \Device\Harddisk0\DR0\Partition0 - ok

15:13:24.0421 3936 Boot (0x1200) (23d9801df2bad941df900c69868db793) \Device\Harddisk0\DR0\Partition1

15:13:24.0421 3936 \Device\Harddisk0\DR0\Partition1 - ok

15:13:24.0421 3936 ============================================================

15:13:24.0437 3936 Scan finished

15:13:24.0437 3936 ============================================================

15:13:24.0453 3148 Detected object count: 0

15:13:24.0453 3148 Actual detected object count: 0

15:14:19.0265 3820 Deinitialize success

Link to post
Share on other sites

I am not getting the IP blocks anymore but they were happening yesterday and a couple of days before every 5 minutes or so (on average). Is there anything in these logs? Should I do some more scanning? Quick question if the trial lasts longer than 13 days what does that mean? A glitch? Does that compromise the security of my computer?

Thanks,

Jinx007

Link to post
Share on other sites

I also wanted to mention that even though I am running the trial version of MBA when I click on the protection tab it doesn't show the protect module running and its options. It still says Start Trial. Could that have anything to do with it?

The IP message is now back....grrrr.

Thanks,

Jinx007

Link to post
Share on other sites

Hi, the trial is 30 days as far as I know. Lets do an additional scan here.

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlicon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the runscan.png button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites

Hello here is the OTL Log

OTL logfile created on: 07/05/2012 10:26:20 PM - Run 1

OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Grace\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1015.17 Mb Total Physical Memory | 305.15 Mb Available Physical Memory | 30.06% Memory free

2.38 Gb Paging File | 1.69 Gb Available in Paging File | 71.23% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 72.06 Gb Total Space | 57.06 Gb Free Space | 79.19% Space Free | Partition Type: NTFS

Drive D: | 72.05 Gb Total Space | 71.99 Gb Free Space | 99.91% Space Free | Partition Type: NTFS

Computer Name: OPHIEL | User Name: Grace | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/07 22:25:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Grace\Desktop\OTL.exe

PRC - [2012/04/25 23:35:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/12/15 16:00:35 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011/12/15 16:00:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/12/15 16:00:12 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011/12/15 16:00:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/11/15 00:45:44 | 000,142,848 | ---- | M] () -- C:\Program Files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe

PRC - [2009/07/08 03:10:31 | 003,054,136 | ---- | M] (ASUS) -- C:\WINDOWS\AsScrPro.exe

PRC - [2009/06/25 11:25:40 | 000,712,704 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe

PRC - [2009/06/08 10:15:10 | 000,397,312 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe

PRC - [2009/04/16 22:46:30 | 000,630,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

PRC - [2009/04/16 21:58:54 | 000,118,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsTray.exe

PRC - [2009/03/25 13:43:40 | 000,376,832 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

PRC - [2009/03/13 19:15:02 | 000,098,304 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe

PRC - [2009/01/08 09:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\Grace\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

PRC - [2008/09/02 10:26:16 | 001,448,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

PRC - [2008/09/02 10:26:16 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/25 23:35:20 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2011/12/15 16:00:24 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2011/11/15 00:45:44 | 000,142,848 | ---- | M] () -- C:\Program Files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe

MOD - [2009/06/25 11:25:40 | 000,712,704 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe

MOD - [2009/06/25 10:15:22 | 000,135,168 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\Enumeration.dll

MOD - [2009/06/23 00:06:06 | 000,839,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll

MOD - [2009/06/23 00:06:06 | 000,029,968 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\SqliteShared\1.0.3390.31024__0d0f4b69e50e559b\SqliteShared.dll

MOD - [2009/06/23 00:00:39 | 011,415,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b092220cf0e2f24084bb531f1d178565\mscorlib.ni.dll

MOD - [2009/06/23 00:00:05 | 000,667,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

MOD - [2009/06/23 00:00:05 | 000,260,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

MOD - [2009/06/23 00:00:04 | 003,018,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

MOD - [2009/06/23 00:00:04 | 000,389,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll

MOD - [2009/06/23 00:00:02 | 002,878,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2009/06/23 00:00:01 | 005,316,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

MOD - [2009/06/23 00:00:01 | 002,035,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll

MOD - [2009/06/22 23:59:58 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

MOD - [2009/06/08 10:15:10 | 000,397,312 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe

MOD - [2009/04/13 12:08:40 | 000,136,464 | ---- | M] () -- C:\Program Files\ASUS\Eee Storage\EcaremeDLL.dll

MOD - [2009/03/23 17:55:50 | 000,176,128 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\Parser.dll

MOD - [2009/03/23 17:53:46 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\ClientSocket.dll

MOD - [2008/09/02 10:25:26 | 002,854,912 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll

MOD - [2008/09/02 10:23:22 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012/05/06 17:23:45 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/04/25 23:35:22 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011/12/15 16:00:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/12/15 16:00:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/02/15 14:54:43 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/12/15 16:00:35 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011/12/15 16:00:35 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2011/07/29 11:25:36 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\86768985.sys -- (86768985)

DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/03/30 05:13:30 | 005,063,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2009/03/14 02:05:26 | 001,528,928 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)

DRV - [2009/03/02 01:03:47 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)

DRV - [2008/11/19 18:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf)

DRV - [2008/08/19 10:16:36 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2008/08/19 10:16:28 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2008/07/24 05:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)

DRV - [2008/05/29 23:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)

DRV - [2008/04/08 18:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)

DRV - [2008/03/10 06:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)

DRV - [2008/02/04 05:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)

DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1624125588-1240014260-3319197752-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global

IE - HKU\S-1-5-21-1624125588-1240014260-3319197752-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1624125588-1240014260-3319197752-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-1624125588-1240014260-3319197752-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Documents and Settings\Grace\Application Data\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/25 23:35:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/06 23:56:46 | 000,000,000 | ---D | M]

[2011/12/01 19:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Grace\Application Data\Mozilla\Extensions

[2012/05/01 23:46:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Grace\Application Data\Mozilla\Firefox\Profiles\us8p9xj7.default\extensions

[2011/12/30 13:06:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/04/25 23:35:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/12/30 04:34:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/12/30 04:34:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/06 14:25:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3 - HKU\S-1-5-21-1624125588-1240014260-3319197752-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-1624125588-1240014260-3319197752-1005\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\AsScrPro.exe (ASUS)

O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [synAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)

O4 - HKU\S-1-5-21-1624125588-1240014260-3319197752-1005..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()

O4 - HKU\S-1-5-21-1624125588-1240014260-3319197752-1005..\Run: [Octoshape Streaming Services] C:\Documents and Settings\Grace\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Documents and Settings\Grace\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk = C:\Program Files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1624125588-1240014260-3319197752-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1624125588-1240014260-3319197752-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1624125588-1240014260-3319197752-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1624125588-1240014260-3319197752-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.shockwave.com/content/deliciousteagarden/sis/gamehouseplayer.cab (GameHouse Games Player)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave.com/content/insaniquarium/sis/popcaploader_v10.cab (PopCapLoader Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.20.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB7BB092-D147-473D-9287-4C720238026A}: DhcpNameServer = 192.168.20.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Eee PC Seashell_2.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Eee PC Seashell_2.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/05/20 15:19:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKU\S-1-5-21-1624125588-1240014260-3319197752-1005..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/07 22:25:46 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Grace\Desktop\OTL.exe

[2012/05/06 21:13:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012/05/06 14:15:08 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012/05/06 14:13:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012/05/06 14:13:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012/05/06 14:13:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012/05/06 14:13:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012/05/06 14:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012/05/06 14:12:51 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/05/06 14:11:32 | 004,485,787 | R--- | C] (Swearware) -- C:\Documents and Settings\Grace\Desktop\ComboFix.exe

[2012/05/05 21:37:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Grace\Start Menu\Programs\Administrative Tools

[2012/05/05 21:31:42 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Grace\Desktop\dds.scr

[2012/05/05 21:23:33 | 000,300,832 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Grace\Desktop\Tcpview.exe

[2012/05/05 21:05:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Grace\Application Data\Malwarebytes

[2012/05/05 21:05:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/05/05 21:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2012/05/05 21:05:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/05/05 21:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/05/05 20:57:50 | 000,080,456 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Grace\Desktop\mbam-clean.exe

[2012/05/05 20:53:15 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Grace\Desktop\mbam-setup-1.61.0.1400.exe

[2012/05/03 20:23:42 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Grace\Desktop\tdsskiller.exe

[2012/04/30 22:44:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos

[2012/04/30 22:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Grace\Start Menu\Programs\Sophos

[2012/04/30 22:43:50 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos

[2012/04/25 23:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla

[2012/04/25 23:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2012/04/21 16:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

[2012/04/21 16:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2012/04/14 15:14:52 | 085,508,592 | ---- | C] (Sophos Limited) -- C:\Documents and Settings\Grace\Desktop\Sophos Virus Removal Tool.exe

[2012/04/08 19:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Grace\My Documents\hair_cuts

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/07 22:35:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/05/07 22:25:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Grace\Desktop\OTL.exe

[2012/05/07 22:25:09 | 000,395,768 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/05/07 22:25:09 | 000,059,842 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/05/07 22:22:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/05/07 22:21:20 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Grace\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk

[2012/05/07 22:20:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/05/07 22:20:36 | 1064,554,496 | -HS- | M] () -- C:\hiberfil.sys

[2012/05/06 20:21:36 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2012/05/06 17:23:45 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2012/05/06 17:23:44 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2012/05/06 17:21:11 | 001,527,625 | ---- | M] () -- C:\Documents and Settings\Grace\My Documents\RyersonWireless-RU-Secure-XP.pdf

[2012/05/06 15:12:13 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Grace\Desktop\tdsskiller.exe

[2012/05/06 14:25:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012/05/06 14:15:14 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2012/05/06 14:11:40 | 004,485,787 | R--- | M] (Swearware) -- C:\Documents and Settings\Grace\Desktop\ComboFix.exe

[2012/05/05 21:31:37 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Grace\Desktop\dds.scr

[2012/05/05 21:23:28 | 000,300,832 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Grace\Desktop\Tcpview.exe

[2012/05/05 21:05:37 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Grace\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2012/05/05 21:05:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/05 20:58:49 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Grace\Desktop\mbam-setup-1.61.0.1400.exe

[2012/05/05 20:57:42 | 000,080,456 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Grace\Desktop\mbam-clean.exe

[2012/05/05 18:34:44 | 133,463,472 | ---- | M] () -- C:\Documents and Settings\Grace\Desktop\setup_11.0.0.1245.x01_2012_05_02_15_38.exe

[2012/05/05 17:28:15 | 000,002,561 | ---- | M] () -- C:\Documents and Settings\Grace\Desktop\Sophos Virus Removal Tool.lnk

[2012/05/03 20:20:41 | 002,055,783 | ---- | M] () -- C:\Documents and Settings\Grace\Desktop\tdsskiller.zip

[2012/05/03 20:07:56 | 133,491,528 | ---- | M] () -- C:\Documents and Settings\Grace\Desktop\setup_11.0.0.1245.x01_2012_05_03_11_38.exe

[2012/05/03 18:35:15 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\Grace\Desktop\Avira Free Antivirus Profile Complete system scan.LNK

[2012/04/30 23:47:29 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\Grace\My Documents\spider.sav

[2012/04/26 20:32:09 | 000,609,280 | ---- | M] () -- C:\Documents and Settings\Grace\Desktop\My Heaven Your Earth - Heaven's Scourge.one

[2012/04/14 15:17:09 | 085,508,592 | ---- | M] (Sophos Limited) -- C:\Documents and Settings\Grace\Desktop\Sophos Virus Removal Tool.exe

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/06 17:21:11 | 001,527,625 | ---- | C] () -- C:\Documents and Settings\Grace\My Documents\RyersonWireless-RU-Secure-XP.pdf

[2012/05/06 14:15:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2012/05/06 14:15:10 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2012/05/06 14:13:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012/05/06 14:13:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012/05/06 14:13:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012/05/06 14:13:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012/05/06 14:13:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012/05/05 21:05:37 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Grace\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2012/05/05 21:05:37 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/05 18:34:44 | 133,463,472 | ---- | C] () -- C:\Documents and Settings\Grace\Desktop\setup_11.0.0.1245.x01_2012_05_02_15_38.exe

[2012/05/04 21:29:24 | 1064,554,496 | -HS- | C] () -- C:\hiberfil.sys

[2012/05/03 20:20:47 | 002,055,783 | ---- | C] () -- C:\Documents and Settings\Grace\Desktop\tdsskiller.zip

[2012/05/03 20:07:57 | 133,491,528 | ---- | C] () -- C:\Documents and Settings\Grace\Desktop\setup_11.0.0.1245.x01_2012_05_03_11_38.exe

[2012/05/03 18:35:15 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\Grace\Desktop\Avira Free Antivirus Profile Complete system scan.LNK

[2012/04/30 22:44:00 | 000,002,561 | ---- | C] () -- C:\Documents and Settings\Grace\Desktop\Sophos Virus Removal Tool.lnk

[2012/04/21 16:51:23 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2012/01/23 23:15:28 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini

[2012/01/23 22:40:49 | 000,110,060 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp

[2012/01/23 22:40:49 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp

[2012/01/23 22:32:59 | 000,110,060 | ---- | C] () -- C:\WINDOWS\hpoins11.dat

[2012/01/23 22:32:59 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat

[2011/11/19 20:51:40 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat

[2011/05/16 21:36:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

< End of report >

Link to post
Share on other sites

Here is the Extras.txt log

OTL Extras logfile created on: 07/05/2012 10:26:20 PM - Run 1

OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Grace\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1015.17 Mb Total Physical Memory | 305.15 Mb Available Physical Memory | 30.06% Memory free

2.38 Gb Paging File | 1.69 Gb Available in Paging File | 71.23% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 72.06 Gb Total Space | 57.06 Gb Free Space | 79.19% Space Free | Partition Type: NTFS

Drive D: | 72.05 Gb Total Space | 71.99 Gb Free Space | 99.91% Space Free | Partition Type: NTFS

Computer Name: OPHIEL | User Name: Grace | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1624125588-1240014260-3319197752-1005\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Documents and Settings\Grace\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Grace\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate

"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer

"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{64C118AC-FA2A-4E9C-A76E-DC22CA4FC20D}" = Dr.Eee EN

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software

"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8CA5B145-D630-9847-EE15-DD0961413874}" = ViKi Desktop Plug-in

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool

"{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger

"{D806E63B-0C11-4061-8DA9-1E980FB9A9EB}" = Data Sync

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"ASUS VIBE" = ASUS VIBE

"Avira AntiVir Desktop" = Avira Free Antivirus

"Caesar 3 3.00" = Caesar 3 3.00

"Eee Docking_is1" = Eee Docking 1.3.4.0

"Eee PC_1005HA" = Eee PC_1005HA Screen Saver

"Eee Storage" = Eee Storage

"ENTERPRISE" = Microsoft Office Enterprise 2007

"HDMI" = Intel® Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{64C118AC-FA2A-4E9C-A76E-DC22CA4FC20D}" = Dr.Eee EN

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"My Tribe_is1" = My Tribe

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1" = ViKi Desktop Plug-in

"VLC media player" = VLC media player 1.0.2

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.01 (32-bit)

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1624125588-1240014260-3319197752-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 12/02/2012 12:12:12 PM | Computer Name = OPHIEL | Source = Application Error | ID = 1000

Description = Faulting application asacpisvr.exe, version 6.1.1.1008, faulting module

asacpisvr.exe, version 6.1.1.1008, fault address 0x000075e5.

Error - 14/02/2012 1:34:31 AM | Computer Name = OPHIEL | Source = Application Hang | ID = 1002

Description = Hanging application mbam.exe, version 1.60.0.61, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 16/02/2012 2:10:12 PM | Computer Name = OPHIEL | Source = Application Hang | ID = 1002

Description = Hanging application firefox.exe, version 10.0.1.4421, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 29/03/2012 8:32:37 AM | Computer Name = OPHIEL | Source = Avira Antivirus | ID = 4122

Description = Unable to load file AvShadow. Returned error code: 0x3e5

Error - 01/04/2012 6:53:58 PM | Computer Name = OPHIEL | Source = Application Error | ID = 1000

Description = Faulting application plugin-container.exe, version 11.0.0.4454, faulting

module kernel32.dll, version 5.1.2600.5781, fault address 0x00009823.

Error - 08/04/2012 12:25:46 PM | Computer Name = OPHIEL | Source = Application Hang | ID = 1002

Description = Hanging application MyTribe.RWG, version 0.0.0.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 03/05/2012 7:21:05 PM | Computer Name = OPHIEL | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: The server name or address could not be resolved

Error - 04/05/2012 9:26:30 PM | Computer Name = OPHIEL | Source = Application Hang | ID = 1002

Description = Hanging application mbam.exe, version 1.60.0.80, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 05/05/2012 5:26:04 PM | Computer Name = OPHIEL | Source = MsiInstaller | ID = 11606

Description = Product: Sophos Virus Removal Tool -- Error 1606.Could not access

network location data.

Error - 05/05/2012 5:26:05 PM | Computer Name = OPHIEL | Source = MsiInstaller | ID = 11606

Description = Product: Sophos Virus Removal Tool -- Error 1606.Could not access

network location data.

[ ODiag Events ]

Error - 30/07/2011 9:56:36 AM | Computer Name = OPHIEL | Source = Microsoft Office 12 Diagnostics | ID = 320

Description = An unexpected error occurred. Tag: 2t2i. Error code: N/A

[ OSession Events ]

Error - 30/07/2011 9:52:00 AM | Computer Name = OPHIEL | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 20

seconds with 0 seconds of active time. This session ended with a crash.

Error - 30/07/2011 9:53:14 AM | Computer Name = OPHIEL | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 55

seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 03/05/2012 6:54:27 PM | Computer Name = OPHIEL | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

AFD avipbb avkmgr Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip

Error - 03/05/2012 6:56:17 PM | Computer Name = OPHIEL | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service netman with

arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 03/05/2012 7:02:21 PM | Computer Name = OPHIEL | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service netman with

arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 03/05/2012 7:26:27 PM | Computer Name = OPHIEL | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 03/05/2012 7:53:53 PM | Computer Name = OPHIEL | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 04/05/2012 9:27:47 PM | Computer Name = OPHIEL | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service netman with

arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 04/05/2012 9:27:49 PM | Computer Name = OPHIEL | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 04/05/2012 9:27:50 PM | Computer Name = OPHIEL | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 04/05/2012 9:29:00 PM | Computer Name = OPHIEL | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 06/05/2012 2:23:54 PM | Computer Name = OPHIEL | Source = PlugPlayManager | ID = 11

Description = The device Root\LEGACY_NPF\0000 disappeared from the system without

first being prepared for removal.

< End of report >

Link to post
Share on other sites

When does the ip block appear? At random or if you are using a browser or program? If the latter, which browser are you using?

I am not sure about the trial, but to be sure I would uninstall MBAM and reinstall it, so we can exclude program corruption. If the program still persists I'll ask someone more knowledgeable about MBAM's ins and outs to have a look.

Link to post
Share on other sites

It appears when I am using my brower firefox but not all the time when I am surfing the web. It will appear once and I will click on the message to acknowlege it. Then it will appear intermittently sometimes every 3 or 4 minutes (and that's when it drives me up the wall) or every 10 minutes or so. So far today no IP block message.

Right before I started this thread I read up on the update problem pinned topic so I have just reinstalled MBAM after uninstalling with mbam-clean.exe and redownloading and running the trial version again. I can redo that again tomorrow morning.

Thanks,

Jinx007

Link to post
Share on other sites

I uninstalled the MBAM with mbam-clean.exe, reinstalled it, updated it, activated the trial version and scanned the computer.

Got message about IP blocked again, checked tcpview and nothing there. Scanned found nothing. Previous version of MBAM seemed to be a little iffy with tria countdown stuck at 13 days and the protection tab not showing module but showing start trial while in trial mode.

Here is the log

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.09.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.13

Grace :: OPHIEL [administrator]

Protection: Enabled

09/05/2012 10:43:25 PM

mbam-log-2012-05-09 (22-43-25).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 241313

Time elapsed: 1 hour(s), 2 minute(s), 39 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Previous version of MBAM seemed to be a little iffy with tria countdown stuck at 13 days and the protection tab not showing module but showing start trial while in trial mode.
Do you still have these problems or is this resolved after the uninstall/reinstall?

Can you post me the part of the MBAM protection log where the latest blocks are showing?

Link to post
Share on other sites

I don't think it's been more than 24 hours since I've reinstalled it so countdown shows Trial 13 remaining.

The protection tab shows Start Trial. Instead of protection module.

Here is the protection log of MBAM

12/05/10 00:20:36 -0400 OPHIEL Grace IP-BLOCK 89.28.8.80 (Type: outgoing)

2012/05/10 00:20:39 -0400 OPHIEL Grace IP-BLOCK 89.28.8.80 (Type: outgoing)

2012/05/10 00:20:39 -0400 OPHIEL Grace IP-BLOCK 89.28.8.80 (Type: outgoing)

2012/05/10 00:20:40 -0400 OPHIEL Grace IP-BLOCK 89.28.8.80 (Type: outgoing)

2012/05/10 00:20:40 -0400 OPHIEL Grace IP-BLOCK 89.28.8.80 (Type: outgoing)

2012/05/10 00:20:41 -0400 OPHIEL Grace IP-BLOCK 89.28.8.80 (Type: outgoing)

2012/05/10 00:25:28 -0400 OPHIEL Grace IP-BLOCK 89.28.8.80 (Type: outgoing)

2012/05/10 00:25:30 -0400 OPHIEL Grace IP-BLOCK 89.28.8.80 (Type: outgoing)

2012/05/10 00:25:31 -0400 OPHIEL Grace IP-BLOCK 89.28.8.80 (Type: outgoing)

2012/05/10 00:25:31 -0400 OPHIEL Grace IP-BLOCK 89.28.8.80 (Type: outgoing)

2012/05/10 00:25:32 -0400 OPHIEL Grace IP-BLOCK 89.28.8.80 (Type: outgoing)

2012/05/10 00:25:32 -0400 OPHIEL Grace IP-BLOCK 89.28.8.80 (Type: outgoing)

2012/05/10 08:21:06 -0400 OPHIEL Grace MESSAGE Starting protection

2012/05/10 08:21:22 -0400 OPHIEL Grace MESSAGE Protection started successfully

2012/05/10 08:21:25 -0400 OPHIEL Grace MESSAGE Starting IP protection

2012/05/10 08:21:55 -0400 OPHIEL Grace MESSAGE IP Protection started successfully

2012/05/10 18:35:09 -0400 OPHIEL MESSAGE Starting protection

2012/05/10 18:35:34 -0400 OPHIEL MESSAGE Protection started successfully

2012/05/10 18:35:37 -0400 OPHIEL MESSAGE Starting IP protection

2012/05/10 18:36:33 -0400 OPHIEL Grace MESSAGE IP Protection started successfully

Thanks,

Jinx007

Link to post
Share on other sites

Hi, can you run mbam-clean once more, and restart the computer when done. After the restart, do not reinstall MBAM, but instead do the following.

  1. Go to Start -> Run...
  2. Enter notepad in the Run dialog box.
  3. Press 10-14-2011%205-56-14%20PM.png.
  4. Highlight the contents of the following codebox, and copy and paste that text into notepad.
    Windows Registry Editor Version 5.00

    [-HKEY_LOCAL_MACHINE\Software\Malwarebytes' Anti-Malware (Trial)]


  5. Select File -> Save.
  6. Press the Desktop button on the left side of the save dialog.
  7. In the 10-14-2011%206-00-58%20PM.png box, type in Fix.reg.
  8. Press 10-14-2011%206-02-54%20PM.png.
  9. Close Notepad.
  10. Double click 10-14-2011%206-17-42%20PM.png on your desktop.
  11. Press Yes, and then Ok, when prompted.
  12. Right click on 10-14-2011%206-17-42%20PM.png and choose Delete.
  13. Press Yes.

After executing this script reinstall MBAM and see if the trial is still stuck.

Link to post
Share on other sites

Hi,

Did as instructed, so far the protection module now shows the Enabled Protection as opposed to Start Trial.

Will have to wait 24hours but for now 13 days remaining to Trial.

Now the IP block message is back: was on toshiba.ca, ncix.com, tigerdirect.ca and malwarebytes forum. I tried again TCPview and did not spot this IP address. Any ideas?

Thanks,

Jinx007

Link to post
Share on other sites

I'm glad to hear that! :)

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 7u3.
  • Look for "JDK 7u3 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

I updated my Adobe Reader. Quick question for the java: Java 7u3 doesn't come differentiated between JDK and JRE do you mean Java 7u4? or do you mean Java7u3+EE (which is the only Java7u3 I see).

Will scan machine tomorrow and post results. Thanks.

Link to post
Share on other sites

Hello,

Here is the scan result - quick question how to I ensure the 3 infected files are deleted rather than just quarantined-:

C:\Documents and Settings\Grace\My Documents\IZArc4.1.6.exe Win32/OpenCandy application deleted - quarantined

C:\System Volume Information\_restore{C5723442-0BB4-47D1-BD0E-A6181D2923BF}\RP10\A0054624.dll Win32/OpenCandy application cleaned by deleting - quarantined

C:\System Volume Information\_restore{C5723442-0BB4-47D1-BD0E-A6181D2923BF}\RP10\A0055806.exe Win32/OpenCandy application deleted - quarantined

Thanks for your help,

Jinx007

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.