Jump to content

Jinx007

Members
 View Profile  See their activity

  • Posts

    20

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Jinx007
    Hello, Thanks for everything. Quickly read info above but will spend more time on week-end to go through it again. Jinx007. P.S. Hopefully I won't get any messages right after this topic is closed ;-)
  2. Jinx007
    Hello, Here is the scan result - quick question how to I ensure the 3 infected files are deleted rather than just quarantined-: C:\Documents and Settings\Grace\My Documents\IZArc4.1.6.exe Win32/OpenCandy application deleted - quarantined C:\System Volume Information\_restore{C5723442-0BB4-47D1-BD0E-A6181D2923BF}\RP10\A0054624.dll Win32/OpenCandy application cleaned by deleting - quarantined C:\System Volume Information\_restore{C5723442-0BB4-47D1-BD0E-A6181D2923BF}\RP10\A0055806.exe Win32/OpenCandy application deleted - quarantined Thanks for your help, Jinx007
  3. Jinx007
    I updated my Adobe Reader. Quick question for the java: Java 7u3 doesn't come differentiated between JDK and JRE do you mean Java 7u4? or do you mean Java7u3+EE (which is the only Java7u3 I see). Will scan machine tomorrow and post results. Thanks.
  4. Jinx007
    Just was on the same websites for the past 3 hours and no IP block message....
  5. Jinx007
    Hi, Did as instructed, so far the protection module now shows the Enabled Protection as opposed to Start Trial. Will have to wait 24hours but for now 13 days remaining to Trial. Now the IP block message is back: was on toshiba.ca, ncix.com, tigerdirect.ca and malwarebytes forum. I tried again TCPview and did not spot this IP address. Any ideas? Thanks, Jinx007
  6. Jinx007
    I don't think it's been more than 24 hours since I've reinstalled it so countdown shows Trial 13 remaining. The protection tab shows Start Trial. Instead of protection module. Here is the protection log of MBAM 12/05/10 00:20:36 -0400 OPHIEL Grace IP-BLOCK 89.28.8.80 (Type: outgoing) 2012/05/10 00:20:39 -0400 OPHIEL Grace IP-BLOCK 89.28.8.80 (Type: outgoing) 2012/05/10 00:20:39 -0400 OPHIEL Grace IP-BLOCK 89.28.8.80 (Type: outgoing) 2012/05/10 00:20:40 -0400 OPHIEL Grace IP-BLOCK 89.28.8.80 (Type: outgoing) 2012/05/10 00:20:40 -0400 OPHIEL Grace IP-BLOCK 89.28.8.80 (Type: outgoing) 2012/05/10 00:20:41 -0400 OPHIEL Grace IP-BLOCK 89.28.8.80 (Type: outgoing) 2012/05/10 00:25:28 -0400 OPHIEL Grace IP-BLOCK 89.28.8.80 (Type: outgoing) 2012/05/10 00:25:30 -0400 OPHIEL Grace IP-BLOCK 89.28.8.80 (Type: outgoing) 2012/05/10 00:25:31 -0400 OPHIEL Grace IP-BLOCK 89.28.8.80 (Type: outgoing) 2012/05/10 00:25:31 -0400 OPHIEL Grace IP-BLOCK 89.28.8.80 (Type: outgoing) 2012/05/10 00:25:32 -0400 OPHIEL Grace IP-BLOCK 89.28.8.80 (Type: outgoing) 2012/05/10 00:25:32 -0400 OPHIEL Grace IP-BLOCK 89.28.8.80 (Type: outgoing) 2012/05/10 08:21:06 -0400 OPHIEL Grace MESSAGE Starting protection 2012/05/10 08:21:22 -0400 OPHIEL Grace MESSAGE Protection started successfully 2012/05/10 08:21:25 -0400 OPHIEL Grace MESSAGE Starting IP protection 2012/05/10 08:21:55 -0400 OPHIEL Grace MESSAGE IP Protection started successfully 2012/05/10 18:35:09 -0400 OPHIEL MESSAGE Starting protection 2012/05/10 18:35:34 -0400 OPHIEL MESSAGE Protection started successfully 2012/05/10 18:35:37 -0400 OPHIEL MESSAGE Starting IP protection 2012/05/10 18:36:33 -0400 OPHIEL Grace MESSAGE IP Protection started successfully Thanks, Jinx007
  7. Jinx007
    I uninstalled the MBAM with mbam-clean.exe, reinstalled it, updated it, activated the trial version and scanned the computer. Got message about IP blocked again, checked tcpview and nothing there. Scanned found nothing. Previous version of MBAM seemed to be a little iffy with tria countdown stuck at 13 days and the protection tab not showing module but showing start trial while in trial mode. Here is the log Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.09.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.13 Grace :: OPHIEL [administrator] Protection: Enabled 09/05/2012 10:43:25 PM mbam-log-2012-05-09 (22-43-25).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 241313 Time elapsed: 1 hour(s), 2 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  8. Jinx007
    It appears when I am using my brower firefox but not all the time when I am surfing the web. It will appear once and I will click on the message to acknowlege it. Then it will appear intermittently sometimes every 3 or 4 minutes (and that's when it drives me up the wall) or every 10 minutes or so. So far today no IP block message. Right before I started this thread I read up on the update problem pinned topic so I have just reinstalled MBAM after uninstalling with mbam-clean.exe and redownloading and running the trial version again. I can redo that again tomorrow morning. Thanks, Jinx007
  9. Jinx007
    Also quick question, if trial is around 30 days any idead why it keeps sayings 13 days remaining...? Thanks for your help, Jinx 007
  10. Jinx007
    Here is the Extras.txt log OTL Extras logfile created on: 07/05/2012 10:26:20 PM - Run 1 OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Grace\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 1015.17 Mb Total Physical Memory | 305.15 Mb Available Physical Memory | 30.06% Memory free 2.38 Gb Paging File | 1.69 Gb Available in Paging File | 71.23% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 72.06 Gb Total Space | 57.06 Gb Free Space | 79.19% Space Free | Partition Type: NTFS Drive D: | 72.05 Gb Total Space | 71.99 Gb Free Space | 99.91% Space Free | Partition Type: NTFS Computer Name: OPHIEL | User Name: Grace | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1624125588-1240014260-3319197752-1005\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Documents and Settings\Grace\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Grace\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate "{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{64C118AC-FA2A-4E9C-A76E-DC22CA4FC20D}" = Dr.Eee EN "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software "{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8CA5B145-D630-9847-EE15-DD0961413874}" = ViKi Desktop Plug-in "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1 "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool "{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger "{D806E63B-0C11-4061-8DA9-1E980FB9A9EB}" = Data Sync "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "ASUS VIBE" = ASUS VIBE "Avira AntiVir Desktop" = Avira Free Antivirus "Caesar 3 3.00" = Caesar 3 3.00 "Eee Docking_is1" = Eee Docking 1.3.4.0 "Eee PC_1005HA" = Eee PC_1005HA Screen Saver "Eee Storage" = Eee Storage "ENTERPRISE" = Microsoft Office Enterprise 2007 "HDMI" = Intel® Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{64C118AC-FA2A-4E9C-A76E-DC22CA4FC20D}" = Dr.Eee EN "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "My Tribe_is1" = My Tribe "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "SynTPDeinstKey" = Synaptics Pointing Device Driver "ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1" = ViKi Desktop Plug-in "VLC media player" = VLC media player 1.0.2 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.01 (32-bit) "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1624125588-1240014260-3319197752-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Octoshape Streaming Services" = Octoshape Streaming Services ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12/02/2012 12:12:12 PM | Computer Name = OPHIEL | Source = Application Error | ID = 1000 Description = Faulting application asacpisvr.exe, version 6.1.1.1008, faulting module asacpisvr.exe, version 6.1.1.1008, fault address 0x000075e5. Error - 14/02/2012 1:34:31 AM | Computer Name = OPHIEL | Source = Application Hang | ID = 1002 Description = Hanging application mbam.exe, version 1.60.0.61, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 16/02/2012 2:10:12 PM | Computer Name = OPHIEL | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 10.0.1.4421, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 29/03/2012 8:32:37 AM | Computer Name = OPHIEL | Source = Avira Antivirus | ID = 4122 Description = Unable to load file AvShadow. Returned error code: 0x3e5 Error - 01/04/2012 6:53:58 PM | Computer Name = OPHIEL | Source = Application Error | ID = 1000 Description = Faulting application plugin-container.exe, version 11.0.0.4454, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00009823. Error - 08/04/2012 12:25:46 PM | Computer Name = OPHIEL | Source = Application Hang | ID = 1002 Description = Hanging application MyTribe.RWG, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 03/05/2012 7:21:05 PM | Computer Name = OPHIEL | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved Error - 04/05/2012 9:26:30 PM | Computer Name = OPHIEL | Source = Application Hang | ID = 1002 Description = Hanging application mbam.exe, version 1.60.0.80, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 05/05/2012 5:26:04 PM | Computer Name = OPHIEL | Source = MsiInstaller | ID = 11606 Description = Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data. Error - 05/05/2012 5:26:05 PM | Computer Name = OPHIEL | Source = MsiInstaller | ID = 11606 Description = Product: Sophos Virus Removal Tool -- Error 1606.Could not access network location data. [ ODiag Events ] Error - 30/07/2011 9:56:36 AM | Computer Name = OPHIEL | Source = Microsoft Office 12 Diagnostics | ID = 320 Description = An unexpected error occurred. Tag: 2t2i. Error code: N/A [ OSession Events ] Error - 30/07/2011 9:52:00 AM | Computer Name = OPHIEL | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash. Error - 30/07/2011 9:53:14 AM | Computer Name = OPHIEL | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 55 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 03/05/2012 6:54:27 PM | Computer Name = OPHIEL | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip Error - 03/05/2012 6:56:17 PM | Computer Name = OPHIEL | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 03/05/2012 7:02:21 PM | Computer Name = OPHIEL | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 03/05/2012 7:26:27 PM | Computer Name = OPHIEL | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 03/05/2012 7:53:53 PM | Computer Name = OPHIEL | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 04/05/2012 9:27:47 PM | Computer Name = OPHIEL | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 04/05/2012 9:27:49 PM | Computer Name = OPHIEL | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 04/05/2012 9:27:50 PM | Computer Name = OPHIEL | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 04/05/2012 9:29:00 PM | Computer Name = OPHIEL | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 06/05/2012 2:23:54 PM | Computer Name = OPHIEL | Source = PlugPlayManager | ID = 11 Description = The device Root\LEGACY_NPF\0000 disappeared from the system without first being prepared for removal. < End of report >
  11. Jinx007
    Hello here is the OTL Log OTL logfile created on: 07/05/2012 10:26:20 PM - Run 1 OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\Grace\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 1015.17 Mb Total Physical Memory | 305.15 Mb Available Physical Memory | 30.06% Memory free 2.38 Gb Paging File | 1.69 Gb Available in Paging File | 71.23% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 72.06 Gb Total Space | 57.06 Gb Free Space | 79.19% Space Free | Partition Type: NTFS Drive D: | 72.05 Gb Total Space | 71.99 Gb Free Space | 99.91% Space Free | Partition Type: NTFS Computer Name: OPHIEL | User Name: Grace | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/05/07 22:25:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Grace\Desktop\OTL.exe PRC - [2012/04/25 23:35:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/12/15 16:00:35 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011/12/15 16:00:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011/12/15 16:00:12 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2011/12/15 16:00:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011/11/15 00:45:44 | 000,142,848 | ---- | M] () -- C:\Program Files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe PRC - [2009/07/08 03:10:31 | 003,054,136 | ---- | M] (ASUS) -- C:\WINDOWS\AsScrPro.exe PRC - [2009/06/25 11:25:40 | 000,712,704 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe PRC - [2009/06/08 10:15:10 | 000,397,312 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe PRC - [2009/04/16 22:46:30 | 000,630,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe PRC - [2009/04/16 21:58:54 | 000,118,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsTray.exe PRC - [2009/03/25 13:43:40 | 000,376,832 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe PRC - [2009/03/13 19:15:02 | 000,098,304 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe PRC - [2009/01/08 09:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\Grace\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe PRC - [2008/09/02 10:26:16 | 001,448,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2008/09/02 10:26:16 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012/04/25 23:35:20 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011/12/15 16:00:24 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll MOD - [2011/11/15 00:45:44 | 000,142,848 | ---- | M] () -- C:\Program Files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe MOD - [2009/06/25 11:25:40 | 000,712,704 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe MOD - [2009/06/25 10:15:22 | 000,135,168 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\Enumeration.dll MOD - [2009/06/23 00:06:06 | 000,839,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2009/06/23 00:06:06 | 000,029,968 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\SqliteShared\1.0.3390.31024__0d0f4b69e50e559b\SqliteShared.dll MOD - [2009/06/23 00:00:39 | 011,415,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b092220cf0e2f24084bb531f1d178565\mscorlib.ni.dll MOD - [2009/06/23 00:00:05 | 000,667,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll MOD - [2009/06/23 00:00:05 | 000,260,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009/06/23 00:00:04 | 003,018,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2009/06/23 00:00:04 | 000,389,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2009/06/23 00:00:02 | 002,878,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009/06/23 00:00:01 | 005,316,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2009/06/23 00:00:01 | 002,035,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2009/06/22 23:59:58 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll MOD - [2009/06/08 10:15:10 | 000,397,312 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe MOD - [2009/04/13 12:08:40 | 000,136,464 | ---- | M] () -- C:\Program Files\ASUS\Eee Storage\EcaremeDLL.dll MOD - [2009/03/23 17:55:50 | 000,176,128 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\Parser.dll MOD - [2009/03/23 17:53:46 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\ClientSocket.dll MOD - [2008/09/02 10:25:26 | 002,854,912 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll MOD - [2008/09/02 10:23:22 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012/05/06 17:23:45 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/25 23:35:22 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/12/15 16:00:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/12/15 16:00:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/02/15 14:54:43 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011/12/15 16:00:35 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/12/15 16:00:35 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011/07/29 11:25:36 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\86768985.sys -- (86768985) DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/03/30 05:13:30 | 005,063,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009/03/14 02:05:26 | 001,528,928 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2009/03/02 01:03:47 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c) DRV - [2008/11/19 18:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf) DRV - [2008/08/19 10:16:36 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2008/08/19 10:16:28 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008/07/24 05:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2008/05/29 23:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2008/04/08 18:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI) DRV - [2008/03/10 06:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid) DRV - [2008/02/04 05:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1624125588-1240014260-3319197752-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global IE - HKU\S-1-5-21-1624125588-1240014260-3319197752-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1624125588-1240014260-3319197752-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-1624125588-1240014260-3319197752-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:home" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Documents and Settings\Grace\Application Data\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/25 23:35:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/06 23:56:46 | 000,000,000 | ---D | M] [2011/12/01 19:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Grace\Application Data\Mozilla\Extensions [2012/05/01 23:46:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Grace\Application Data\Mozilla\Firefox\Profiles\us8p9xj7.default\extensions [2011/12/30 13:06:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/04/25 23:35:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/12/30 04:34:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/12/30 04:34:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/05/06 14:25:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKU\S-1-5-21-1624125588-1240014260-3319197752-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-1624125588-1240014260-3319197752-1005\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [synAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKU\S-1-5-21-1624125588-1240014260-3319197752-1005..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () O4 - HKU\S-1-5-21-1624125588-1240014260-3319197752-1005..\Run: [Octoshape Streaming Services] C:\Documents and Settings\Grace\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Documents and Settings\Grace\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk = C:\Program Files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1624125588-1240014260-3319197752-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1624125588-1240014260-3319197752-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1624125588-1240014260-3319197752-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1624125588-1240014260-3319197752-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.shockwave.com/content/deliciousteagarden/sis/gamehouseplayer.cab (GameHouse Games Player) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave.com/content/insaniquarium/sis/popcaploader_v10.cab (PopCapLoader Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.20.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB7BB092-D147-473D-9287-4C720238026A}: DhcpNameServer = 192.168.20.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Eee PC Seashell_2.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Eee PC Seashell_2.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/05/20 15:19:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKU\S-1-5-21-1624125588-1240014260-3319197752-1005..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/05/07 22:25:46 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Grace\Desktop\OTL.exe [2012/05/06 21:13:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012/05/06 14:15:08 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012/05/06 14:13:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/05/06 14:13:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/05/06 14:13:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/05/06 14:13:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/05/06 14:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012/05/06 14:12:51 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/05/06 14:11:32 | 004,485,787 | R--- | C] (Swearware) -- C:\Documents and Settings\Grace\Desktop\ComboFix.exe [2012/05/05 21:37:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Grace\Start Menu\Programs\Administrative Tools [2012/05/05 21:31:42 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Grace\Desktop\dds.scr [2012/05/05 21:23:33 | 000,300,832 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Grace\Desktop\Tcpview.exe [2012/05/05 21:05:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Grace\Application Data\Malwarebytes [2012/05/05 21:05:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/05/05 21:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/05/05 21:05:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/05/05 21:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/05/05 20:57:50 | 000,080,456 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Grace\Desktop\mbam-clean.exe [2012/05/05 20:53:15 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Grace\Desktop\mbam-setup-1.61.0.1400.exe [2012/05/03 20:23:42 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Grace\Desktop\tdsskiller.exe [2012/04/30 22:44:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos [2012/04/30 22:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Grace\Start Menu\Programs\Sophos [2012/04/30 22:43:50 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2012/04/25 23:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla [2012/04/25 23:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/04/21 16:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype [2012/04/21 16:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012/04/14 15:14:52 | 085,508,592 | ---- | C] (Sophos Limited) -- C:\Documents and Settings\Grace\Desktop\Sophos Virus Removal Tool.exe [2012/04/08 19:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Grace\My Documents\hair_cuts [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/05/07 22:35:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/05/07 22:25:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Grace\Desktop\OTL.exe [2012/05/07 22:25:09 | 000,395,768 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/05/07 22:25:09 | 000,059,842 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/05/07 22:22:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/05/07 22:21:20 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Grace\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk [2012/05/07 22:20:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/05/07 22:20:36 | 1064,554,496 | -HS- | M] () -- C:\hiberfil.sys [2012/05/06 20:21:36 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2012/05/06 17:23:45 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/05/06 17:23:44 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/05/06 17:21:11 | 001,527,625 | ---- | M] () -- C:\Documents and Settings\Grace\My Documents\RyersonWireless-RU-Secure-XP.pdf [2012/05/06 15:12:13 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Grace\Desktop\tdsskiller.exe [2012/05/06 14:25:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/05/06 14:15:14 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012/05/06 14:11:40 | 004,485,787 | R--- | M] (Swearware) -- C:\Documents and Settings\Grace\Desktop\ComboFix.exe [2012/05/05 21:31:37 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Grace\Desktop\dds.scr [2012/05/05 21:23:28 | 000,300,832 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Grace\Desktop\Tcpview.exe [2012/05/05 21:05:37 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Grace\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2012/05/05 21:05:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/05 20:58:49 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Grace\Desktop\mbam-setup-1.61.0.1400.exe [2012/05/05 20:57:42 | 000,080,456 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Grace\Desktop\mbam-clean.exe [2012/05/05 18:34:44 | 133,463,472 | ---- | M] () -- C:\Documents and Settings\Grace\Desktop\setup_11.0.0.1245.x01_2012_05_02_15_38.exe [2012/05/05 17:28:15 | 000,002,561 | ---- | M] () -- C:\Documents and Settings\Grace\Desktop\Sophos Virus Removal Tool.lnk [2012/05/03 20:20:41 | 002,055,783 | ---- | M] () -- C:\Documents and Settings\Grace\Desktop\tdsskiller.zip [2012/05/03 20:07:56 | 133,491,528 | ---- | M] () -- C:\Documents and Settings\Grace\Desktop\setup_11.0.0.1245.x01_2012_05_03_11_38.exe [2012/05/03 18:35:15 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\Grace\Desktop\Avira Free Antivirus Profile Complete system scan.LNK [2012/04/30 23:47:29 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\Grace\My Documents\spider.sav [2012/04/26 20:32:09 | 000,609,280 | ---- | M] () -- C:\Documents and Settings\Grace\Desktop\My Heaven Your Earth - Heaven's Scourge.one [2012/04/14 15:17:09 | 085,508,592 | ---- | M] (Sophos Limited) -- C:\Documents and Settings\Grace\Desktop\Sophos Virus Removal Tool.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/05/06 17:21:11 | 001,527,625 | ---- | C] () -- C:\Documents and Settings\Grace\My Documents\RyersonWireless-RU-Secure-XP.pdf [2012/05/06 14:15:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012/05/06 14:15:10 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012/05/06 14:13:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/05/06 14:13:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/05/06 14:13:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/05/06 14:13:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/05/06 14:13:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012/05/05 21:05:37 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Grace\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2012/05/05 21:05:37 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/05 18:34:44 | 133,463,472 | ---- | C] () -- C:\Documents and Settings\Grace\Desktop\setup_11.0.0.1245.x01_2012_05_02_15_38.exe [2012/05/04 21:29:24 | 1064,554,496 | -HS- | C] () -- C:\hiberfil.sys [2012/05/03 20:20:47 | 002,055,783 | ---- | C] () -- C:\Documents and Settings\Grace\Desktop\tdsskiller.zip [2012/05/03 20:07:57 | 133,491,528 | ---- | C] () -- C:\Documents and Settings\Grace\Desktop\setup_11.0.0.1245.x01_2012_05_03_11_38.exe [2012/05/03 18:35:15 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\Grace\Desktop\Avira Free Antivirus Profile Complete system scan.LNK [2012/04/30 22:44:00 | 000,002,561 | ---- | C] () -- C:\Documents and Settings\Grace\Desktop\Sophos Virus Removal Tool.lnk [2012/04/21 16:51:23 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2012/01/23 23:15:28 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini [2012/01/23 22:40:49 | 000,110,060 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp [2012/01/23 22:40:49 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp [2012/01/23 22:32:59 | 000,110,060 | ---- | C] () -- C:\WINDOWS\hpoins11.dat [2012/01/23 22:32:59 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat [2011/11/19 20:51:40 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat [2011/05/16 21:36:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat < End of report >
  12. Jinx007
    I also wanted to mention that even though I am running the trial version of MBA when I click on the protection tab it doesn't show the protect module running and its options. It still says Start Trial. Could that have anything to do with it? The IP message is now back....grrrr. Thanks, Jinx007
  13. Jinx007
    I am not getting the IP blocks anymore but they were happening yesterday and a couple of days before every 5 minutes or so (on average). Is there anything in these logs? Should I do some more scanning? Quick question if the trial lasts longer than 13 days what does that mean? A glitch? Does that compromise the security of my computer? Thanks, Jinx007
  14. Jinx007
    Hello, 15:12:40.0906 3752 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18 15:12:41.0375 3752 ============================================================ 15:12:41.0375 3752 Current date / time: 2012/05/06 15:12:41.0375 15:12:41.0375 3752 SystemInfo: 15:12:41.0375 3752 15:12:41.0375 3752 OS Version: 5.1.2600 ServicePack: 3.0 15:12:41.0375 3752 Product type: Workstation 15:12:41.0375 3752 ComputerName: OPHIEL 15:12:41.0375 3752 UserName: Grace 15:12:41.0375 3752 Windows directory: C:\WINDOWS 15:12:41.0375 3752 System windows directory: C:\WINDOWS 15:12:41.0375 3752 Processor architecture: Intel x86 15:12:41.0375 3752 Number of processors: 2 15:12:41.0375 3752 Page size: 0x1000 15:12:41.0375 3752 Boot type: Normal boot 15:12:41.0375 3752 ============================================================ 15:12:42.0609 3752 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 15:12:42.0609 3752 ============================================================ 15:12:42.0609 3752 \Device\Harddisk0\DR0: 15:12:42.0625 3752 MBR partitions: 15:12:42.0625 3752 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x901F5C0 15:12:42.0625 3752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x901F5FF, BlocksNum 0x901B73E 15:12:42.0625 3752 ============================================================ 15:12:42.0671 3752 C: <-> \Device\Harddisk0\DR0\Partition0 15:12:42.0718 3752 D: <-> \Device\Harddisk0\DR0\Partition1 15:12:42.0718 3752 ============================================================ 15:12:42.0718 3752 Initialize success 15:12:42.0718 3752 ============================================================ 15:13:08.0140 3936 ============================================================ 15:13:08.0140 3936 Scan started 15:13:08.0140 3936 Mode: Manual; 15:13:08.0140 3936 ============================================================ 15:13:08.0875 3936 86768985 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\86768985.sys 15:13:08.0890 3936 86768985 - ok 15:13:08.0906 3936 Abiosdsk - ok 15:13:08.0921 3936 abp480n5 - ok 15:13:08.0968 3936 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 15:13:08.0968 3936 ACPI - ok 15:13:09.0000 3936 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 15:13:09.0000 3936 ACPIEC - ok 15:13:09.0078 3936 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 15:13:09.0078 3936 AdobeFlashPlayerUpdateSvc - ok 15:13:09.0093 3936 adpu160m - ok 15:13:09.0171 3936 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 15:13:09.0187 3936 aec - ok 15:13:09.0234 3936 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 15:13:09.0234 3936 AFD - ok 15:13:09.0250 3936 Aha154x - ok 15:13:09.0265 3936 aic78u2 - ok 15:13:09.0296 3936 aic78xx - ok 15:13:09.0328 3936 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 15:13:09.0343 3936 Alerter - ok 15:13:09.0375 3936 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 15:13:09.0375 3936 ALG - ok 15:13:09.0375 3936 AliIde - ok 15:13:09.0578 3936 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys 15:13:09.0640 3936 Ambfilt - ok 15:13:09.0734 3936 amsint - ok 15:13:10.0000 3936 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files\Avira\AntiVir Desktop\sched.exe 15:13:10.0000 3936 AntiVirSchedulerService - ok 15:13:10.0046 3936 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 15:13:10.0062 3936 AntiVirService - ok 15:13:10.0062 3936 AppMgmt - ok 15:13:10.0250 3936 AR5416 (e0ee769d14128014965e03b433f5f46e) C:\WINDOWS\system32\DRIVERS\athw.sys 15:13:10.0312 3936 AR5416 - ok 15:13:10.0328 3936 asc - ok 15:13:10.0343 3936 asc3350p - ok 15:13:10.0359 3936 asc3550 - ok 15:13:10.0437 3936 aspnet_state (d33c507942299753868204cc7642fa27) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 15:13:10.0453 3936 aspnet_state - ok 15:13:10.0468 3936 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys 15:13:10.0468 3936 AsusACPI - ok 15:13:10.0515 3936 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 15:13:10.0515 3936 AsyncMac - ok 15:13:10.0562 3936 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 15:13:10.0562 3936 atapi - ok 15:13:10.0578 3936 Atdisk - ok 15:13:10.0625 3936 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 15:13:10.0625 3936 Atmarpc - ok 15:13:10.0671 3936 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 15:13:10.0671 3936 AudioSrv - ok 15:13:10.0703 3936 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 15:13:10.0703 3936 audstub - ok 15:13:10.0750 3936 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 15:13:10.0765 3936 avgntflt - ok 15:13:10.0796 3936 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys 15:13:10.0812 3936 avipbb - ok 15:13:10.0843 3936 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys 15:13:10.0843 3936 avkmgr - ok 15:13:10.0890 3936 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 15:13:10.0906 3936 Beep - ok 15:13:10.0968 3936 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 15:13:10.0984 3936 BITS - ok 15:13:11.0031 3936 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 15:13:11.0031 3936 Browser - ok 15:13:11.0109 3936 btaudio (4b43dfe1c1fbb305a1dc5504ef9bb34e) C:\WINDOWS\system32\drivers\btaudio.sys 15:13:11.0125 3936 btaudio - ok 15:13:11.0171 3936 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys 15:13:11.0171 3936 BTDriver - ok 15:13:11.0312 3936 BTKRNL (70455baffc078b6152d1e52376296467) C:\WINDOWS\system32\DRIVERS\btkrnl.sys 15:13:11.0343 3936 BTKRNL - ok 15:13:11.0453 3936 btwdins (e43f7709f36444681978f9dc067a976b) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 15:13:11.0468 3936 btwdins - ok 15:13:11.0515 3936 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys 15:13:11.0515 3936 BTWDNDIS - ok 15:13:11.0546 3936 btwhid (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys 15:13:11.0546 3936 btwhid - ok 15:13:11.0562 3936 BTWUSB (2cfc2bd8785f82a42fcad83de1fa5a36) C:\WINDOWS\system32\Drivers\btwusb.sys 15:13:11.0578 3936 BTWUSB - ok 15:13:11.0593 3936 catchme - ok 15:13:11.0625 3936 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 15:13:11.0640 3936 cbidf2k - ok 15:13:11.0687 3936 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 15:13:11.0687 3936 CCDECODE - ok 15:13:11.0703 3936 cd20xrnt - ok 15:13:11.0734 3936 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 15:13:11.0765 3936 Cdaudio - ok 15:13:11.0796 3936 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 15:13:11.0828 3936 Cdfs - ok 15:13:11.0859 3936 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 15:13:11.0859 3936 Cdrom - ok 15:13:11.0875 3936 Changer - ok 15:13:11.0906 3936 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 15:13:11.0906 3936 CiSvc - ok 15:13:11.0937 3936 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 15:13:11.0937 3936 ClipSrv - ok 15:13:12.0000 3936 clr_optimization_v2.0.50727_32 (3c4d595e7f9b747325aef28b4adcaae5) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:13:12.0015 3936 clr_optimization_v2.0.50727_32 - ok 15:13:12.0046 3936 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 15:13:12.0046 3936 CmBatt - ok 15:13:12.0062 3936 CmdIde - ok 15:13:12.0093 3936 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 15:13:12.0093 3936 Compbatt - ok 15:13:12.0109 3936 COMSysApp - ok 15:13:12.0140 3936 Cpqarray - ok 15:13:12.0187 3936 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 15:13:12.0187 3936 CryptSvc - ok 15:13:12.0203 3936 dac2w2k - ok 15:13:12.0218 3936 dac960nt - ok 15:13:12.0296 3936 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 15:13:12.0312 3936 DcomLaunch - ok 15:13:12.0359 3936 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 15:13:12.0359 3936 Dhcp - ok 15:13:12.0406 3936 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 15:13:12.0406 3936 Disk - ok 15:13:12.0421 3936 dmadmin - ok 15:13:12.0515 3936 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 15:13:12.0546 3936 dmboot - ok 15:13:12.0593 3936 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 15:13:12.0609 3936 dmio - ok 15:13:12.0625 3936 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 15:13:12.0625 3936 dmload - ok 15:13:12.0656 3936 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 15:13:12.0656 3936 dmserver - ok 15:13:12.0687 3936 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 15:13:12.0703 3936 DMusic - ok 15:13:12.0750 3936 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll 15:13:12.0750 3936 Dnscache - ok 15:13:12.0781 3936 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 15:13:12.0796 3936 Dot3svc - ok 15:13:12.0796 3936 dpti2o - ok 15:13:12.0828 3936 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 15:13:12.0828 3936 drmkaud - ok 15:13:12.0875 3936 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 15:13:12.0875 3936 EapHost - ok 15:13:12.0906 3936 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 15:13:12.0906 3936 ERSvc - ok 15:13:12.0968 3936 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 15:13:12.0968 3936 Eventlog - ok 15:13:13.0015 3936 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 15:13:13.0031 3936 EventSystem - ok 15:13:13.0062 3936 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 15:13:13.0078 3936 Fastfat - ok 15:13:13.0125 3936 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll 15:13:13.0140 3936 FastUserSwitchingCompatibility - ok 15:13:13.0171 3936 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 15:13:13.0203 3936 Fdc - ok 15:13:13.0234 3936 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 15:13:13.0265 3936 Fips - ok 15:13:13.0281 3936 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 15:13:13.0296 3936 Flpydisk - ok 15:13:13.0343 3936 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 15:13:13.0359 3936 FltMgr - ok 15:13:13.0390 3936 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 15:13:13.0406 3936 Fs_Rec - ok 15:13:13.0437 3936 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 15:13:13.0453 3936 Ftdisk - ok 15:13:13.0484 3936 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 15:13:13.0484 3936 Gpc - ok 15:13:13.0515 3936 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 15:13:13.0515 3936 HDAudBus - ok 15:13:13.0562 3936 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 15:13:13.0578 3936 helpsvc - ok 15:13:13.0593 3936 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll 15:13:13.0593 3936 HidServ - ok 15:13:13.0625 3936 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 15:13:13.0640 3936 HidUsb - ok 15:13:13.0671 3936 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 15:13:13.0671 3936 hkmsvc - ok 15:13:13.0687 3936 hpn - ok 15:13:13.0765 3936 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 15:13:13.0765 3936 HTTP - ok 15:13:13.0812 3936 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 15:13:13.0828 3936 HTTPFilter - ok 15:13:13.0843 3936 i2omgmt - ok 15:13:13.0859 3936 i2omp - ok 15:13:13.0906 3936 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 15:13:13.0906 3936 i8042prt - ok 15:13:14.0468 3936 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 15:13:14.0687 3936 ialm - ok 15:13:14.0875 3936 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\drivers\iaStor.sys 15:13:14.0875 3936 iaStor - ok 15:13:14.0921 3936 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 15:13:14.0921 3936 Imapi - ok 15:13:14.0968 3936 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 15:13:14.0984 3936 ImapiService - ok 15:13:15.0000 3936 ini910u - ok 15:13:15.0500 3936 IntcAzAudAddService (1ae3cff80017ef89da959350724c7194) C:\WINDOWS\system32\drivers\RtkHDAud.sys 15:13:15.0687 3936 IntcAzAudAddService - ok 15:13:15.0812 3936 IntelIde - ok 15:13:15.0875 3936 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 15:13:15.0875 3936 intelppm - ok 15:13:15.0906 3936 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 15:13:15.0906 3936 Ip6Fw - ok 15:13:15.0921 3936 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 15:13:15.0921 3936 IpFilterDriver - ok 15:13:15.0937 3936 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 15:13:15.0953 3936 IpInIp - ok 15:13:16.0000 3936 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 15:13:16.0000 3936 IpNat - ok 15:13:16.0046 3936 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 15:13:16.0046 3936 IPSec - ok 15:13:16.0078 3936 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 15:13:16.0078 3936 IRENUM - ok 15:13:16.0125 3936 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 15:13:16.0140 3936 isapnp - ok 15:13:16.0296 3936 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe 15:13:16.0312 3936 JavaQuickStarterService - ok 15:13:16.0359 3936 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 15:13:16.0359 3936 Kbdclass - ok 15:13:16.0406 3936 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 15:13:16.0421 3936 kmixer - ok 15:13:16.0468 3936 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys 15:13:16.0515 3936 KSecDD - ok 15:13:16.0562 3936 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys 15:13:16.0562 3936 L1c - ok 15:13:16.0609 3936 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll 15:13:16.0625 3936 LanmanServer - ok 15:13:16.0671 3936 lanmanworkstation (1b67b632786fef1c1bbaef46c2f3f2e6) C:\WINDOWS\System32\wkssvc.dll 15:13:16.0703 3936 lanmanworkstation - ok 15:13:16.0703 3936 lbrtfdc - ok 15:13:16.0765 3936 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 15:13:16.0781 3936 LmHosts - ok 15:13:16.0812 3936 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys 15:13:16.0828 3936 MBAMProtector - ok 15:13:16.0953 3936 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 15:13:16.0968 3936 MBAMService - ok 15:13:17.0000 3936 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 15:13:17.0015 3936 Messenger - ok 15:13:17.0093 3936 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 15:13:17.0109 3936 Microsoft Office Groove Audit Service - ok 15:13:17.0140 3936 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 15:13:17.0171 3936 mnmdd - ok 15:13:17.0203 3936 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 15:13:17.0203 3936 mnmsrvc - ok 15:13:17.0234 3936 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 15:13:17.0265 3936 Modem - ok 15:13:17.0421 3936 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys 15:13:17.0484 3936 Monfilt - ok 15:13:17.0515 3936 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 15:13:17.0515 3936 Mouclass - ok 15:13:17.0562 3936 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 15:13:17.0562 3936 mouhid - ok 15:13:17.0609 3936 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 15:13:17.0625 3936 MountMgr - ok 15:13:17.0718 3936 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 15:13:17.0718 3936 MozillaMaintenance - ok 15:13:17.0734 3936 mraid35x - ok 15:13:17.0781 3936 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 15:13:17.0781 3936 MRxDAV - ok 15:13:17.0859 3936 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 15:13:17.0875 3936 MRxSmb - ok 15:13:17.0890 3936 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 15:13:17.0906 3936 MSDTC - ok 15:13:17.0921 3936 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 15:13:17.0953 3936 Msfs - ok 15:13:17.0953 3936 MSIServer - ok 15:13:17.0984 3936 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 15:13:17.0984 3936 MSKSSRV - ok 15:13:18.0000 3936 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 15:13:18.0000 3936 MSPCLOCK - ok 15:13:18.0015 3936 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 15:13:18.0015 3936 MSPQM - ok 15:13:18.0062 3936 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 15:13:18.0062 3936 mssmbios - ok 15:13:18.0078 3936 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 15:13:18.0078 3936 MSTEE - ok 15:13:18.0125 3936 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 15:13:18.0125 3936 Mup - ok 15:13:18.0140 3936 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 15:13:18.0156 3936 NABTSFEC - ok 15:13:18.0203 3936 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 15:13:18.0218 3936 napagent - ok 15:13:18.0265 3936 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 15:13:18.0312 3936 NDIS - ok 15:13:18.0343 3936 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 15:13:18.0343 3936 NdisIP - ok 15:13:18.0375 3936 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 15:13:18.0375 3936 NdisTapi - ok 15:13:18.0421 3936 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 15:13:18.0421 3936 Ndisuio - ok 15:13:18.0437 3936 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 15:13:18.0437 3936 NdisWan - ok 15:13:18.0484 3936 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 15:13:18.0484 3936 NDProxy - ok 15:13:18.0531 3936 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 15:13:18.0531 3936 NetBIOS - ok 15:13:18.0578 3936 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 15:13:18.0578 3936 NetBT - ok 15:13:18.0625 3936 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 15:13:18.0625 3936 NetDDE - ok 15:13:18.0640 3936 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 15:13:18.0640 3936 NetDDEdsdm - ok 15:13:18.0687 3936 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 15:13:18.0687 3936 Netlogon - ok 15:13:18.0750 3936 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 15:13:18.0750 3936 Netman - ok 15:13:18.0828 3936 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll 15:13:18.0828 3936 Nla - ok 15:13:18.0875 3936 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 15:13:18.0890 3936 Npfs - ok 15:13:18.0937 3936 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 15:13:19.0000 3936 Ntfs - ok 15:13:19.0015 3936 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 15:13:19.0015 3936 NtLmSsp - ok 15:13:19.0078 3936 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 15:13:19.0093 3936 NtmsSvc - ok 15:13:19.0125 3936 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 15:13:19.0140 3936 Null - ok 15:13:19.0171 3936 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 15:13:19.0171 3936 NwlnkFlt - ok 15:13:19.0187 3936 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 15:13:19.0187 3936 NwlnkFwd - ok 15:13:19.0312 3936 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 15:13:19.0328 3936 odserv - ok 15:13:19.0375 3936 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:13:19.0375 3936 ose - ok 15:13:19.0421 3936 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 15:13:19.0437 3936 Parport - ok 15:13:19.0468 3936 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 15:13:19.0500 3936 PartMgr - ok 15:13:19.0531 3936 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 15:13:19.0562 3936 ParVdm - ok 15:13:19.0593 3936 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 15:13:19.0593 3936 PCI - ok 15:13:19.0593 3936 PCIDump - ok 15:13:19.0609 3936 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 15:13:19.0609 3936 PCIIde - ok 15:13:19.0640 3936 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 15:13:19.0687 3936 Pcmcia - ok 15:13:19.0687 3936 PDCOMP - ok 15:13:19.0703 3936 PDFRAME - ok 15:13:19.0718 3936 PDRELI - ok 15:13:19.0734 3936 PDRFRAME - ok 15:13:19.0750 3936 perc2 - ok 15:13:19.0765 3936 perc2hib - ok 15:13:19.0828 3936 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 15:13:19.0843 3936 PlugPlay - ok 15:13:19.0859 3936 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 15:13:19.0859 3936 PolicyAgent - ok 15:13:19.0890 3936 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 15:13:19.0890 3936 PptpMiniport - ok 15:13:19.0906 3936 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 15:13:19.0906 3936 ProtectedStorage - ok 15:13:19.0921 3936 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 15:13:19.0937 3936 PSched - ok 15:13:19.0953 3936 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 15:13:19.0953 3936 Ptilink - ok 15:13:19.0968 3936 ql1080 - ok 15:13:19.0984 3936 Ql10wnt - ok 15:13:20.0000 3936 ql12160 - ok 15:13:20.0015 3936 ql1240 - ok 15:13:20.0015 3936 ql1280 - ok 15:13:20.0046 3936 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 15:13:20.0046 3936 RasAcd - ok 15:13:20.0078 3936 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 15:13:20.0078 3936 RasAuto - ok 15:13:20.0109 3936 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 15:13:20.0109 3936 Rasl2tp - ok 15:13:20.0140 3936 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 15:13:20.0156 3936 RasMan - ok 15:13:20.0187 3936 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 15:13:20.0187 3936 RasPppoe - ok 15:13:20.0203 3936 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 15:13:20.0203 3936 Raspti - ok 15:13:20.0250 3936 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 15:13:20.0250 3936 Rdbss - ok 15:13:20.0296 3936 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 15:13:20.0296 3936 RDPCDD - ok 15:13:20.0359 3936 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 15:13:20.0359 3936 RDPWD - ok 15:13:20.0390 3936 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 15:13:20.0390 3936 RDSessMgr - ok 15:13:20.0421 3936 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 15:13:20.0437 3936 redbook - ok 15:13:20.0468 3936 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 15:13:20.0468 3936 RemoteAccess - ok 15:13:20.0515 3936 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 15:13:20.0515 3936 RpcLocator - ok 15:13:20.0578 3936 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll 15:13:20.0593 3936 RpcSs - ok 15:13:20.0625 3936 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 15:13:20.0640 3936 RSVP - ok 15:13:20.0656 3936 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 15:13:20.0656 3936 SamSs - ok 15:13:20.0703 3936 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 15:13:20.0703 3936 SCardSvr - ok 15:13:20.0765 3936 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 15:13:20.0765 3936 Schedule - ok 15:13:20.0796 3936 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 15:13:20.0812 3936 Secdrv - ok 15:13:20.0843 3936 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 15:13:20.0843 3936 seclogon - ok 15:13:20.0875 3936 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 15:13:20.0875 3936 SENS - ok 15:13:20.0890 3936 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 15:13:20.0921 3936 Serial - ok 15:13:20.0937 3936 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 15:13:20.0953 3936 Sfloppy - ok 15:13:21.0031 3936 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 15:13:21.0046 3936 SharedAccess - ok 15:13:21.0078 3936 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll 15:13:21.0093 3936 ShellHWDetection - ok 15:13:21.0093 3936 Simbad - ok 15:13:21.0187 3936 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe 15:13:21.0187 3936 SkypeUpdate - ok 15:13:21.0234 3936 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 15:13:21.0234 3936 SLIP - ok 15:13:21.0234 3936 Sparrow - ok 15:13:21.0281 3936 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 15:13:21.0281 3936 splitter - ok 15:13:21.0328 3936 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe 15:13:21.0328 3936 Spooler - ok 15:13:21.0359 3936 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 15:13:21.0375 3936 sr - ok 15:13:21.0406 3936 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 15:13:21.0406 3936 srservice - ok 15:13:21.0453 3936 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys 15:13:21.0468 3936 Srv - ok 15:13:21.0500 3936 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 15:13:21.0515 3936 SSDPSRV - ok 15:13:21.0546 3936 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 15:13:21.0546 3936 ssmdrv - ok 15:13:21.0578 3936 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 15:13:21.0593 3936 stisvc - ok 15:13:21.0609 3936 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 15:13:21.0625 3936 streamip - ok 15:13:21.0656 3936 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 15:13:21.0656 3936 swenum - ok 15:13:21.0687 3936 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 15:13:21.0703 3936 swmidi - ok 15:13:21.0703 3936 SwPrv - ok 15:13:21.0718 3936 symc810 - ok 15:13:21.0734 3936 symc8xx - ok 15:13:21.0750 3936 sym_hi - ok 15:13:21.0750 3936 sym_u3 - ok 15:13:21.0812 3936 SynTP (a10d781153bb23036b474ffedb448266) C:\WINDOWS\system32\DRIVERS\SynTP.sys 15:13:21.0828 3936 SynTP - ok 15:13:21.0843 3936 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 15:13:21.0843 3936 sysaudio - ok 15:13:21.0875 3936 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 15:13:21.0890 3936 SysmonLog - ok 15:13:21.0937 3936 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 15:13:21.0953 3936 TapiSrv - ok 15:13:22.0015 3936 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 15:13:22.0031 3936 Tcpip - ok 15:13:22.0062 3936 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 15:13:22.0093 3936 TDPIPE - ok 15:13:22.0109 3936 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 15:13:22.0125 3936 TDTCP - ok 15:13:22.0156 3936 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 15:13:22.0171 3936 TermDD - ok 15:13:22.0203 3936 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 15:13:22.0218 3936 TermService - ok 15:13:22.0265 3936 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll 15:13:22.0265 3936 Themes - ok 15:13:22.0281 3936 TosIde - ok 15:13:22.0328 3936 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 15:13:22.0343 3936 TrkWks - ok 15:13:22.0375 3936 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 15:13:22.0421 3936 Udfs - ok 15:13:22.0421 3936 ultra - ok 15:13:22.0500 3936 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 15:13:22.0500 3936 Update - ok 15:13:22.0546 3936 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 15:13:22.0546 3936 upnphost - ok 15:13:22.0578 3936 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 15:13:22.0578 3936 UPS - ok 15:13:22.0609 3936 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 15:13:22.0609 3936 usbccgp - ok 15:13:22.0656 3936 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 15:13:22.0656 3936 usbehci - ok 15:13:22.0671 3936 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 15:13:22.0671 3936 usbhub - ok 15:13:22.0703 3936 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 15:13:22.0718 3936 usbprint - ok 15:13:22.0750 3936 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 15:13:22.0750 3936 usbstor - ok 15:13:22.0781 3936 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 15:13:22.0781 3936 usbuhci - ok 15:13:22.0812 3936 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 15:13:22.0828 3936 usbvideo - ok 15:13:22.0859 3936 uvclf (c019889035cdc1a06f2febc93cbb6897) C:\WINDOWS\system32\DRIVERS\uvclf.sys 15:13:22.0859 3936 uvclf - ok 15:13:22.0890 3936 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 15:13:22.0890 3936 VgaSave - ok 15:13:22.0906 3936 ViaIde - ok 15:13:22.0953 3936 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 15:13:22.0984 3936 VolSnap - ok 15:13:23.0031 3936 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 15:13:23.0046 3936 VSS - ok 15:13:23.0093 3936 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 15:13:23.0109 3936 W32Time - ok 15:13:23.0140 3936 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 15:13:23.0140 3936 Wanarp - ok 15:13:23.0218 3936 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys 15:13:23.0218 3936 Wdf01000 - ok 15:13:23.0234 3936 WDICA - ok 15:13:23.0281 3936 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 15:13:23.0281 3936 wdmaud - ok 15:13:23.0328 3936 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 15:13:23.0328 3936 WebClient - ok 15:13:23.0406 3936 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 15:13:23.0406 3936 winmgmt - ok 15:13:23.0468 3936 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 15:13:23.0468 3936 WmdmPmSN - ok 15:13:23.0515 3936 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 15:13:23.0531 3936 WmiApSrv - ok 15:13:23.0671 3936 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 15:13:23.0687 3936 WMPNetworkSvc - ok 15:13:23.0718 3936 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 15:13:23.0718 3936 WS2IFSL - ok 15:13:23.0750 3936 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 15:13:23.0750 3936 wscsvc - ok 15:13:23.0796 3936 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 15:13:23.0796 3936 WSTCODEC - ok 15:13:23.0843 3936 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 15:13:23.0843 3936 wuauserv - ok 15:13:23.0875 3936 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 15:13:23.0875 3936 WudfPf - ok 15:13:23.0890 3936 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 15:13:23.0906 3936 WudfRd - ok 15:13:23.0921 3936 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 15:13:23.0937 3936 WudfSvc - ok 15:13:24.0015 3936 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 15:13:24.0031 3936 WZCSVC - ok 15:13:24.0062 3936 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 15:13:24.0078 3936 xmlprov - ok 15:13:24.0125 3936 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 15:13:24.0375 3936 \Device\Harddisk0\DR0 - ok 15:13:24.0390 3936 Boot (0x1200) (abc80859b9756239d1b706b70c05384c) \Device\Harddisk0\DR0\Partition0 15:13:24.0390 3936 \Device\Harddisk0\DR0\Partition0 - ok 15:13:24.0421 3936 Boot (0x1200) (23d9801df2bad941df900c69868db793) \Device\Harddisk0\DR0\Partition1 15:13:24.0421 3936 \Device\Harddisk0\DR0\Partition1 - ok 15:13:24.0421 3936 ============================================================ 15:13:24.0437 3936 Scan finished 15:13:24.0437 3936 ============================================================ 15:13:24.0453 3148 Detected object count: 0 15:13:24.0453 3148 Actual detected object count: 0 15:14:19.0265 3820 Deinitialize success
  15. Jinx007
    Hello daledoc1, I read that article yesterday but the odd thing is that the IP blocking message from MBAM was coming up when I wasn't running skype. It's really weird that now, still going about usual routine on my computer, and MBAM's message concerning that IP no longer popping up....posted combofix log now in the other section and waiting for reply. Thanks for your help daledoc1.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.