[Closed] Malawarebytes blocking IP addresses

Status
Not open for further replies.
Simon wadey

Simon wadey

Posts: 13   +0
DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by siandmarg at 17:02:53 on 2012-10-24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3583.2453 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Memeo\AutoBackupPro\MemeoBackgroundService.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS1\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\WINDOWS1\system32\SearchIndexer.exe
C:\WINDOWS1\System32\alg.exe
C:\WINDOWS1\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS1\system32\RunDLL32.exe
C:\WINDOWS1\system32\rundll32.exe
C:\Documents and Settings\siandmarg.HOME-2B9F7C8EB0\Bluebirds\BlueBirds.exe
C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe
C:\WINDOWS1\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users.WINDOWS1\Application Data\HP Photo Creations\MessageCheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS1\system32\wbem\wmiprvse.exe
C:\WINDOWS1\System32\svchost.exe -k netsvcs
C:\WINDOWS1\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS1\system32\svchost.exe -k NetworkService
C:\WINDOWS1\system32\svchost.exe -k LocalService
C:\WINDOWS1\system32\svchost.exe -k LocalService
C:\WINDOWS1\system32\svchost.exe -k imgsvc
C:\WINDOWS1\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ninemsn.com.au/
mStart Page = hxxp://www.startsearcher.com
uURLSearchHooks: <No Name>: {327f75ed-061b-4339-8cc6-5dd45ad1396d} -
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
uRun: [bluebirds] c:\documents and settings\siandmarg.home-2b9f7c8eb0\bluebirds\BlueBirds.exe
uRun: [HP Photosmart 7510 series (NET)] "c:\program files\hp\hp photosmart 7510 series\bin\ScanToPCActivationApp.exe" -deviceID "CN1BF244ZB05T6:NW" -scfn "HP Photosmart 7510 series (NET)" -AutoStart 1
uRun: [Facebook Update] "c:\documents and settings\siandmarg.home-2b9f7c8eb0\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [ctfmon.exe] c:\windows1\system32\ctfmon.exe
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows1\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
dRun: [CTFMON.EXE] c:\windows1\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Search - http://tbedits.marineaquariumfree.c...A4BD-475B-9E32-70DC818D435E&n=2012102105&cv=1
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/Select/asusTek_sys_ctrl3.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1332241673640
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1328103057593
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 10.1.1.1
TCP: Interfaces\{FF5A8920-ABD5-48D4-BBDF-15AA465828B0} : DHCPNameServer = 10.1.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows1\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows1\system32\drivers\MpFilter.sys [2011-4-18 193552]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows1\system32\drivers\NBVol.sys [2012-2-7 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows1\system32\drivers\NBVolUp.sys [2012-2-7 12464]
R2 fssfltr;FssFltr;c:\windows1\system32\drivers\fssfltr_tdi.sys [2012-4-5 54760]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-12 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-6 676936]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackuppro\MemeoBackgroundService.exe [2011-5-13 25824]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2011-9-23 641832]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-2-22 1258856]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-2 14088]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows1\system32\drivers\dc3d.sys [2012-2-6 45288]
R3 MBAMProtector;MBAMProtector;c:\windows1\system32\drivers\mbam.sys [2012-8-6 22856]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows1\system32\drivers\viahduaa.sys [2008-5-8 2127728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows1\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows1\system32\drivers\ousbehci.sys [2012-2-12 45696]
S3 1394hub;1394 Enabled Hub;c:\windows1\system32\svchost.exe -k netsvcs [2006-2-28 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows1\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 250808]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows1\system32\drivers\netaapl.sys [2012-6-17 18432]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows1\system32\drivers\ousb2hub.sys [2012-2-12 56960]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows1\system32\drivers\wg111v2.sys --> c:\windows1\system32\drivers\wg111v2.sys [?]
S3 ST50220;Sonix ST50220 USB Video Camera Driver;c:\windows1\system32\drivers\ST50220.sys [2008-5-29 27520]
S3 SWDUMon;SWDUMon;c:\windows1\system32\drivers\SWDUMon.sys [2012-2-11 12984]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows1\system32\svchost.exe -k WINRM [2006-2-28 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows1\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-10-24 06:58:52 6918632 ----a-w- c:\documents and settings\all users.windows1\application data\microsoft\microsoft antimalware\definition updates\{d33c9c8f-1977-4ead-bd3c-92b8234b19e5}\mpengine.dll
2012-10-22 08:58:32 6918632 ------w- c:\documents and settings\all users.windows1\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-10-21 09:18:03 -------- d-----w- c:\documents and settings\siandmarg.home-2b9f7c8eb0\application data\Marine Aquarium Lite
2012-10-21 09:12:30 -------- d-----w- c:\program files\MarineAquarium3Free_57
2012-10-11 11:18:00 888168 ----a-w- c:\windows1\system32\nvdispgenco32.dll
2012-10-11 11:18:00 5947392 ----a-w- c:\windows1\system32\nvopencl.dll
2012-09-30 00:23:24 -------- d-----w- C:\AIROPS_MM_REL_V2010_9_1_CLIENT_LA
2012-09-29 10:45:12 -------- d-----w- c:\program files\Tansee iPhone Transfer Photo
.
==================== Find3M ====================
.
2012-10-23 10:39:14 1102256 ----a-w- c:\windows1\system32\nvdrsdb0.bin
2012-10-23 10:39:14 1 ----a-w- c:\windows1\system32\nvdrssel.bin
2012-10-23 10:39:09 1102256 ----a-w- c:\windows1\system32\nvdrsdb1.bin
2012-10-09 10:20:40 73656 ----a-w- c:\windows1\system32\FlashPlayerCPLApp.cpl
2012-10-09 10:20:40 696760 ----a-w- c:\windows1\system32\FlashPlayerApp.exe
2012-10-08 12:59:27 60 ----a-w- c:\windows1\wpd99.drv
2012-09-29 09:54:26 22856 ----a-w- c:\windows1\system32\drivers\mbam.sys
2012-09-24 05:32:24 477168 ----a-w- c:\windows1\system32\npdeployJava1.dll
2012-09-24 05:32:20 473072 ----a-w- c:\windows1\system32\deployJava1.dll
2012-09-24 03:51:47 73728 ----a-w- c:\windows1\system32\javacpl.cpl
2012-09-23 14:28:00 7446528 ----a-w- c:\windows1\system32\nvcuda.dll
2012-09-23 14:28:00 4494208 ----a-w- c:\windows1\system32\nv4_disp.dll
2012-09-23 14:28:00 2578792 ----a-w- c:\windows1\system32\nvcuvid.dll
2012-09-23 14:28:00 2376704 ----a-w- c:\windows1\system32\nvapi.dll
2012-09-23 14:28:00 19103744 ----a-w- c:\windows1\system32\nvoglnt.dll
2012-09-23 14:28:00 1866088 ----a-w- c:\windows1\system32\nvcuvenc.dll
2012-09-23 14:28:00 17551360 ----a-w- c:\windows1\system32\nvcompiler.dll
2012-09-23 14:28:00 12557728 ----a-w- c:\windows1\system32\drivers\nv4_mini.sys
2012-09-23 14:28:00 1009512 ----a-w- c:\windows1\system32\nvdispco32.dll
2012-09-23 13:04:24 54272 ----a-w- c:\windows1\system32\nvwddi.dll
2012-09-23 13:04:12 15512424 ----a-w- c:\windows1\system32\nvcpl.dll
2012-09-23 13:04:11 164200 ----a-w- c:\windows1\system32\nvsvc32.exe
2012-09-23 13:04:11 143720 ----a-w- c:\windows1\system32\nvcolor.exe
2012-09-23 13:04:11 108392 ----a-w- c:\windows1\system32\nvmctray.dll
2012-09-08 08:48:42 12984 ----a-w- c:\windows1\system32\drivers\SWDUMon.sys
2012-08-30 12:03:50 193552 ----a-w- c:\windows1\system32\drivers\MpFilter.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows1\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows1\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ----a-w- c:\windows1\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows1\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows1\system32\wintrust.dll
2012-08-21 13:33:26 2148864 ----a-w- c:\windows1\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows1\system32\ntkrnlpa.exe
2012-08-21 03:01:22 26840 ----a-w- c:\windows1\system32\drivers\GEARAspiWDM.sys
2012-08-21 03:01:22 106928 ----a-w- c:\windows1\system32\GEARAspi.dll
.
============= FINISH: 17:04:21.48 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 20/03/2012 4:43:14 PM
System Uptime: 24/10/2012 2:58:23 PM (3 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5KPL-CM
Processor: Intel Pentium III Xeon processor | Socket 775 | 2675/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 26.668 GiB free.
D: is FIXED (NTFS) - 75 GiB total, 60.406 GiB free.
E: is CDROM ()
G: is CDROM ()
K: is FIXED (NTFS) - 1863 GiB total, 1119.772 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&2C575ACB&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&2C575ACB&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP171: 29/07/2012 10:09:07 AM - Software Distribution Service 3.0
RP172: 31/07/2012 12:32:46 AM - Software Distribution Service 3.0
RP173: 1/08/2012 12:13:28 PM - Software Distribution Service 3.0
RP174: 6/08/2012 11:57:47 AM - Software Distribution Service 3.0
RP175: 7/08/2012 2:51:21 PM - Software Distribution Service 3.0
RP176: 8/08/2012 3:05:31 PM - Software Distribution Service 3.0
RP177: 9/08/2012 5:24:20 PM - Installed e-tax 2012
RP178: 10/08/2012 12:06:45 PM - Software Distribution Service 3.0
RP179: 12/08/2012 10:34:52 AM - Software Distribution Service 3.0
RP180: 13/08/2012 6:40:14 PM - Software Distribution Service 3.0
RP181: 14/08/2012 9:50:35 PM - System Checkpoint
RP182: 15/08/2012 9:53:04 AM - Software Distribution Service 3.0
RP183: 16/08/2012 2:19:35 PM - Software Distribution Service 3.0
RP184: 16/08/2012 2:34:57 PM - Software Distribution Service 3.0
RP185: 17/08/2012 8:41:23 PM - Software Distribution Service 3.0
RP186: 19/08/2012 7:44:47 PM - Software Distribution Service 3.0
RP187: 21/08/2012 9:23:09 AM - Software Distribution Service 3.0
RP188: 22/08/2012 10:44:46 AM - Software Distribution Service 3.0
RP189: 23/08/2012 2:32:42 PM - Software Distribution Service 3.0
RP190: 24/08/2012 5:36:36 PM - System Checkpoint
RP191: 27/08/2012 10:25:17 AM - Software Distribution Service 3.0
RP192: 28/08/2012 11:27:08 AM - Software Distribution Service 3.0
RP193: 29/08/2012 12:42:21 PM - System Checkpoint
RP194: 29/08/2012 10:58:51 PM - Software Distribution Service 3.0
RP195: 30/08/2012 2:10:28 PM - Installed Major League Baseball 2K12
RP196: 30/08/2012 2:30:25 PM - Installed DirectX
RP197: 31/08/2012 11:13:07 AM - Software Distribution Service 3.0
RP198: 2/09/2012 1:49:10 AM - System Checkpoint
RP199: 2/09/2012 2:02:35 AM - Software Distribution Service 3.0
RP200: 3/09/2012 10:07:56 AM - Software Distribution Service 3.0
RP201: 4/09/2012 10:18:29 AM - Software Distribution Service 3.0
RP202: 4/09/2012 6:07:35 PM - Removed Java(TM) 6 Update 31
RP203: 4/09/2012 6:08:03 PM - Installed Java(TM) 6 Update 35
RP204: 4/09/2012 6:43:07 PM - Installed DirectX
RP205: 5/09/2012 11:38:24 AM - Software Distribution Service 3.0
RP206: 7/09/2012 2:57:23 PM - Software Distribution Service 3.0
RP207: 8/09/2012 10:24:21 PM - Software Distribution Service 3.0
RP208: 10/09/2012 11:34:37 AM - Software Distribution Service 3.0
RP209: 11/09/2012 11:51:28 AM - System Checkpoint
RP210: 11/09/2012 5:41:12 PM - Software Distribution Service 3.0
RP211: 12/09/2012 7:16:50 PM - System Checkpoint
RP212: 12/09/2012 7:33:18 PM - Software Distribution Service 3.0
RP213: 13/09/2012 5:19:18 PM - Software Distribution Service 3.0
RP214: 14/09/2012 6:23:38 PM - System Checkpoint
RP215: 14/09/2012 6:55:17 PM - Installed inSSIDer
RP216: 14/09/2012 7:08:27 PM - Removed inSSIDer
RP217: 14/09/2012 7:08:54 PM - Removed SlimDrivers
RP218: 15/09/2012 8:17:44 AM - Software Distribution Service 3.0
RP219: 16/09/2012 1:31:35 AM - Software Distribution Service 3.0
RP220: 17/09/2012 4:15:38 AM - Software Distribution Service 3.0
RP221: 18/09/2012 1:59:26 PM - Software Distribution Service 3.0
RP222: 19/09/2012 2:41:16 PM - System Checkpoint
RP223: 20/09/2012 11:46:59 AM - Software Distribution Service 3.0
RP224: 21/09/2012 11:58:48 AM - System Checkpoint
RP225: 25/09/2012 12:01:51 PM - Software Distribution Service 3.0
RP226: 25/09/2012 3:35:38 PM - Software Distribution Service 3.0
RP227: 26/09/2012 9:08:30 PM - System Checkpoint
RP228: 27/09/2012 3:57:49 PM - Software Distribution Service 3.0
RP229: 28/09/2012 2:59:42 PM - Software Distribution Service 3.0
RP230: 29/09/2012 3:11:06 PM - Software Distribution Service 3.0
RP231: 30/09/2012 2:10:17 AM - Software Distribution Service 3.0
RP232: 30/09/2012 3:06:07 PM - Software Distribution Service 3.0
RP233: 1/10/2012 3:17:19 PM - System Checkpoint
RP234: 1/10/2012 7:06:47 PM - Software Distribution Service 3.0
RP235: 2/10/2012 7:06:05 PM - Software Distribution Service 3.0
RP236: 3/10/2012 9:13:52 PM - System Checkpoint
RP237: 4/10/2012 1:25:47 PM - Software Distribution Service 3.0
RP238: 5/10/2012 6:21:58 PM - System Checkpoint
RP239: 7/10/2012 6:53:35 PM - System Checkpoint
RP240: 8/10/2012 3:09:07 PM - Software Distribution Service 3.0
RP241: 9/10/2012 3:36:19 PM - System Checkpoint
RP242: 9/10/2012 9:41:52 PM - Software Distribution Service 3.0
RP243: 10/10/2012 3:31:57 PM - Software Distribution Service 3.0
RP244: 10/10/2012 10:05:59 PM - Software Distribution Service 3.0
RP245: 12/10/2012 3:12:56 PM - Software Distribution Service 3.0
RP246: 13/10/2012 5:20:36 PM - System Checkpoint
RP247: 13/10/2012 5:33:53 PM - Software Distribution Service 3.0
RP248: 14/10/2012 2:04:21 AM - Software Distribution Service 3.0
RP249: 14/10/2012 10:49:48 PM - Software Distribution Service 3.0
RP250: 16/10/2012 4:52:55 AM - Software Distribution Service 3.0
RP251: 17/10/2012 4:39:25 AM - Software Distribution Service 3.0
RP252: 18/10/2012 2:33:12 PM - Software Distribution Service 3.0
RP253: 19/10/2012 2:52:27 PM - Software Distribution Service 3.0
RP254: 20/10/2012 9:09:07 AM - Installed Java(TM) 6 Update 37
RP255: 20/10/2012 2:47:04 PM - Software Distribution Service 3.0
RP256: 21/10/2012 3:20:29 PM - System Checkpoint
RP257: 21/10/2012 5:34:46 PM - Software Distribution Service 3.0
RP258: 22/10/2012 6:42:22 PM - System Checkpoint
RP259: 22/10/2012 6:58:30 PM - Software Distribution Service 3.0
RP260: 23/10/2012 7:25:49 PM - System Checkpoint
RP261: 24/10/2012 5:18:08 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe InDesign CS5
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Aerosoft's - Flight Tales I
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asus_LCD_ScreenSaver
Bonjour
CCleaner
Citrix XenApp Web Plugin
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
e-tax 2011
e-tax 2012
Facebook Video Calling 1.2.0.159
Flight Simulator X
Flight Simulator X Service Pack 1
Free M4a to MP3 Converter 7.0
Free Video Flip and Rotate version 2.0.0.1228
Hewlett-Packard ACLM.NET v1.1.0.0
High-Definition Video Playback
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
HP Photo Creations
HP Photosmart 7510 series Basic Device Software
HP Photosmart 7510 series Help
HP Photosmart 7510 series Product Improvement Study
HP Product Detection
HP Update
iTunes
Java Auto Updater
Java(TM) 6 Update 37
LifeFrame2
LizardTech DjVu Control (autoinstall)
Logitech Gaming Software 5.10
Major League Baseball 2K12
Malwarebytes Anti-Malware version 1.65.1.1000
Memeo AutoSync
Memeo Backup Premium
Memeo LifeAgent Explorer Extension
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Flight Simulator X: Acceleration
Microsoft IntelliPoint 8.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Client EN-US Language Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
MW3
Nero 11
Nero 11 Cliparts
Nero 11 Disc Menus 1
Nero 11 Disc Menus 2
Nero 11 Disc Menus 3
Nero 11 Disc Menus Basic
Nero 11 Effects Basic
Nero 11 Image Samples
Nero 11 Kwik Themes 1
Nero 11 Kwik Themes 2
Nero 11 Kwik Themes 3
Nero 11 Kwik Themes 4
Nero 11 Kwik Themes Basic
Nero 11 PiP Effects 1
Nero 11 PiP Effects Basic
Nero 11 Video Samples
Nero 11 Video Transitions 1
Nero Audio Pack 1
Nero BackItUp 11
Nero BackItUp 11 Help (CHM)
Nero Backup Drivers
Nero Burning ROM 11
Nero Burning ROM 11 Help (CHM)
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 11
Nero CoverDesigner 11
Nero CoverDesigner 11 Help (CHM)
Nero Express 11
Nero Express 11 Help (CHM)
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero Recode 11
Nero Recode 11 Help (CHM)
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero SoundTrax 11
Nero SoundTrax 11 Help (CHM)
Nero Update
Nero Video 11
Nero Video 11 Help (CHM)
Nero WaveEditor 11
Nero WaveEditor 11 Help (CHM)
nero.prerequisites.msi
Nikon Message Center
Nikon RAW Codec
Nikon Transfer
NVIDIA Control Panel 306.81
NVIDIA Graphics Driver 306.81
NVIDIA Install Application
NVIDIA nView 136.28
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
NVIDIA Update 1.10.8
NVIDIA Update Components
PDF Settings CS5
Pdf995
Picture Control Utility
Platform
PowerISO
QuickTime
Seagate Dashboard
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
Snagit 10.0.2
swMSM
Tansee iPhone Transfer Photo 5.6.1.0
Tansee iPhone Transfer SMS 2.9.0.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA Platform Device Manager
VideoFileDownload
ViewNX
VLC media player 2.0.2
WebFldrs XP
welcome
WhiteCap
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR 4.10 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
23/10/2012 3:58:50 AM, error: System Error [1003] - Error code 000000d1, parameter1 0000002c, parameter2 00000002, parameter3 00000001, parameter4 b46bfa8c.
22/10/2012 6:23:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: NBVolUp
22/10/2012 3:05:01 PM, error: System Error [1003] - Error code 000000d1, parameter1 0000002c, parameter2 00000002, parameter3 00000001, parameter4 b462fa8c.
21/10/2012 6:12:21 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
21/10/2012 11:35:46 AM, error: WPDMTPDriver [15300] - MTP WPD Driver has failed to start. Error 0x8007001f.
21/10/2012 10:41:47 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
18/10/2012 2:25:29 PM, error: Dhcp [1002] - The IP address lease 10.1.1.4 for the Network Card with network address 002354193ACB has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
18/10/2012 11:45:39 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
18/10/2012 11:45:39 AM, error: Service Control Manager [7000] - The OrangeWare USB Enhanced Host Controller Service service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
17/10/2012 8:43:03 PM, error: Dhcp [1002] - The IP address lease 10.1.1.2 for the Network Card with network address 002354193ACB has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
17/10/2012 3:36:24 PM, error: Print [6161] - The document Microsoft Word - Belle Dame Roster.doc owned by siandmarg failed to print on printer HP Photosmart 7510 series (Network). Data type: NT EMF 1.008. Size of the spool file in bytes: 304220. Number of bytes printed: 167288. Total number of pages in the document: 3. Number of pages printed: 1. Client machine: \\HOME-2B9F7C8EB0. Win32 error code returned by the print processor: 0 (0x0).
.
==== End Of File ===========================
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-10-24 16:58:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-f WDC_WD1600JS-00MHB0 rev.02.01C03
Running: cluhk8hi.exe; Driver: C:\DOCUME~1\SIANDM~1.HOM\LOCALS~1\Temp\afwyyaoc.sys

---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
 
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org
Database version: v2012.10.23.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
siandmarg :: HOME-2B9F7C8EB0 [administrator]
Protection: Enabled
24/10/2012 3:54:48 PM
mbam-log-2012-10-24 (15-54-48).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 358584
Time elapsed: 11 minute(s), 58 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
Can anybody help stop the constant blocking of IP addresses by Malawarebytes or advise if this is normal
I also have a log of the potection events if required
Heeeeeelllllp!!!!!
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
ComboFix 12-10-23.01 - siandmarg 24/10/2012 18:56:42.2.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3583.2959 [GMT 10:00]
Running from: c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\1.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\4489.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\a.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\b.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\c.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\d.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\e.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\f.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\g.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\h.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\I.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\j.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\k.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\l.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\m.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\n.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\o.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\p.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\q.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\r.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\s.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\t.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\u.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\v.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\w.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\x.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\y.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\PriceGong\Data\z.txt
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Local Settings\Application Data\assembly\tmp
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Local Settings\Application Data\Install.exe
c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Local Settings\Application Data\ModifyFlash.exe
c:\program files\intellidownload\gunzip.exe
c:\program files\intellidownload\search.exe
c:\program files\SSearch
c:\program files\SSearch\sqlite3.exe
C:\Thumbs.db
c:\windows1\msvcr71.dll
c:\windows1\RazorDOX
c:\windows1\RazorDOX\RazorDOX.dll
c:\windows1\RazorDOX\RazorDOX.ini
c:\windows1\system32\URTTemp
c:\windows1\system32\URTTemp\regtlib.exe
D:\uninstall.exe
K:\Autorun.inf
K:\Setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NVSVC
-------\Service_NVSvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-24 to 2012-10-24 )))))))))))))))))))))))))))))))
.
.
2012-10-24 06:58 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users.WINDOWS1\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D33C9C8F-1977-4EAD-BD3C-92B8234B19E5}\mpengine.dll
2012-10-24 06:55 . 2012-10-24 06:55 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\PCHealth
2012-10-22 08:58 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users.WINDOWS1\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-21 09:18 . 2012-10-21 13:15 -------- d-----w- c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Application Data\Marine Aquarium Lite
2012-10-21 09:12 . 2012-10-21 09:14 -------- d-----w- c:\program files\MarineAquarium3Free_57
2012-10-11 11:18 . 2012-09-23 14:28 888168 ----a-w- c:\windows1\system32\nvdispgenco32.dll
2012-10-11 11:18 . 2012-09-23 14:28 5947392 ----a-w- c:\windows1\system32\nvopencl.dll
2012-09-30 00:23 . 2012-09-30 00:23 -------- d-----w- C:\AIROPS_MM_REL_V2010_9_1_CLIENT_LA
2012-09-29 10:45 . 2012-09-29 10:45 -------- d-----w- c:\program files\Tansee iPhone Transfer Photo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 10:20 . 2012-04-10 21:37 696760 ----a-w- c:\windows1\system32\FlashPlayerApp.exe
2012-10-09 10:20 . 2012-02-07 05:04 73656 ----a-w- c:\windows1\system32\FlashPlayerCPLApp.cpl
2012-09-29 09:54 . 2012-08-06 07:15 22856 ----a-w- c:\windows1\system32\drivers\mbam.sys
2012-09-24 05:32 . 2012-09-04 08:08 477168 ----a-w- c:\windows1\system32\npdeployJava1.dll
2012-09-24 05:32 . 2012-04-12 01:53 473072 ----a-w- c:\windows1\system32\deployJava1.dll
2012-09-24 03:51 . 2012-09-04 08:08 73728 ----a-w- c:\windows1\system32\javacpl.cpl
2012-09-23 14:28 . 2012-02-11 09:51 1009512 ----a-w- c:\windows1\system32\nvdispco32.dll
2012-09-23 14:28 . 2012-02-02 19:01 7446528 ----a-w- c:\windows1\system32\nvcuda.dll
2012-09-23 14:28 . 2012-02-02 19:01 2578792 ----a-w- c:\windows1\system32\nvcuvid.dll
2012-09-23 14:28 . 2012-02-02 19:01 19103744 ----a-w- c:\windows1\system32\nvoglnt.dll
2012-09-23 14:28 . 2012-02-02 19:01 1866088 ----a-w- c:\windows1\system32\nvcuvenc.dll
2012-09-23 14:28 . 2012-02-02 19:01 2376704 ----a-w- c:\windows1\system32\nvapi.dll
2012-09-23 14:28 . 2012-02-02 19:01 17551360 ----a-w- c:\windows1\system32\nvcompiler.dll
2012-09-23 14:28 . 2012-02-01 13:48 12557728 ----a-w- c:\windows1\system32\drivers\nv4_mini.sys
2012-09-23 14:28 . 2008-04-14 00:12 4494208 ----a-w- c:\windows1\system32\nv4_disp.dll
2012-09-23 13:09 . 2011-03-23 13:42 253952 ----a-w- c:\windows1\system32\nvrsth.dll
2012-09-23 13:09 . 2011-03-23 13:42 335872 ----a-w- c:\windows1\system32\nvrsar.dll
2012-09-23 13:09 . 2011-03-23 13:42 282624 ----a-w- c:\windows1\system32\nvrses.dll
2012-09-23 13:09 . 2011-03-23 13:42 274432 ----a-w- c:\windows1\system32\nvrspt.dll
2012-09-23 13:09 . 2011-03-23 13:42 270336 ----a-w- c:\windows1\system32\nvrsptb.dll
2012-09-23 13:09 . 2011-03-23 13:42 274432 ----a-w- c:\windows1\system32\nvrsja.dll
2012-09-23 13:09 . 2011-03-23 13:42 286720 ----a-w- c:\windows1\system32\nvrsfr.dll
2012-09-23 13:09 . 2011-03-23 13:42 229376 ----a-w- c:\windows1\system32\nvrszhc.dll
2012-09-23 13:09 . 2011-03-23 13:42 258048 ----a-w- c:\windows1\system32\nvrssl.dll
2012-09-23 13:09 . 2011-03-23 13:42 258048 ----a-w- c:\windows1\system32\nvrssk.dll
2012-09-23 13:09 . 2011-03-23 13:42 253952 ----a-w- c:\windows1\system32\nvrssv.dll
2012-09-23 13:09 . 2011-03-23 13:42 335872 ----a-w- c:\windows1\system32\nvrshe.dll
2012-09-23 13:09 . 2011-03-23 13:42 258048 ----a-w- c:\windows1\system32\nvrstr.dll
2012-09-23 13:09 . 2011-03-23 13:42 258048 ----a-w- c:\windows1\system32\nvrspl.dll
2012-09-23 13:09 . 2011-03-23 13:42 253952 ----a-w- c:\windows1\system32\nvrsno.dll
2012-09-23 13:09 . 2011-03-23 13:42 282624 ----a-w- c:\windows1\system32\nvrsel.dll
2012-09-23 13:09 . 2011-03-23 13:42 249856 ----a-w- c:\windows1\system32\nvrseng.dll
2012-09-23 13:09 . 2011-03-23 13:42 282624 ----a-w- c:\windows1\system32\nvrsit.dll
2012-09-23 13:09 . 2011-03-23 13:42 274432 ----a-w- c:\windows1\system32\nvrsesm.dll
2012-09-23 13:09 . 2011-03-23 13:42 266240 ----a-w- c:\windows1\system32\nvrsko.dll
2012-09-23 13:09 . 2011-03-23 13:42 249856 ----a-w- c:\windows1\system32\nvrscs.dll
2012-09-23 13:09 . 2011-03-23 13:42 249856 ----a-w- c:\windows1\system32\nvrsfi.dll
2012-09-23 13:09 . 2011-03-23 13:42 270336 ----a-w- c:\windows1\system32\nvrsru.dll
2012-09-23 13:09 . 2011-03-23 13:42 274432 ----a-w- c:\windows1\system32\nvrsnl.dll
2012-09-23 13:09 . 2011-03-23 13:42 253952 ----a-w- c:\windows1\system32\nvrsda.dll
2012-09-23 13:09 . 2011-03-23 13:42 126976 ----a-w- c:\windows1\system32\nvrszht.dll
2012-09-23 13:09 . 2011-03-23 13:42 278528 ----a-w- c:\windows1\system32\nvrsde.dll
2012-09-23 13:09 . 2011-03-23 13:42 262144 ----a-w- c:\windows1\system32\nvrshu.dll
2012-09-23 13:04 . 2011-03-23 13:42 54272 ----a-w- c:\windows1\system32\nvwddi.dll
2012-09-23 13:04 . 2011-03-23 13:42 15512424 ----a-w- c:\windows1\system32\nvcpl.dll
2012-09-23 13:04 . 2011-03-23 13:42 108392 ----a-w- c:\windows1\system32\nvmctray.dll
2012-09-23 13:04 . 2011-03-23 13:42 164200 ----a-w- c:\windows1\system32\nvsvc32.exe
2012-09-23 13:04 . 2011-03-23 13:42 143720 ----a-w- c:\windows1\system32\nvcolor.exe
2012-09-08 08:48 . 2012-02-11 07:34 12984 ----a-w- c:\windows1\system32\drivers\SWDUMon.sys
2012-08-30 12:03 . 2011-04-18 03:18 193552 ----a-w- c:\windows1\system32\drivers\MpFilter.sys
2012-08-28 15:14 . 2006-02-28 12:00 916992 ----a-w- c:\windows1\system32\wininet.dll
2012-08-28 15:14 . 2006-02-28 12:00 43520 ----a-w- c:\windows1\system32\licmgr10.dll
2012-08-28 15:14 . 2006-02-28 12:00 1469440 ----a-w- c:\windows1\system32\inetcpl.cpl
2012-08-28 12:07 . 2006-02-28 12:00 385024 ----a-w- c:\windows1\system32\html.iec
2012-08-24 13:53 . 2006-02-28 12:00 177664 ----a-w- c:\windows1\system32\wintrust.dll
2012-08-21 13:33 . 2006-02-28 12:00 2148864 ----a-w- c:\windows1\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2027520 ----a-w- c:\windows1\system32\ntkrnlpa.exe
2012-08-21 03:01 . 2012-02-07 09:17 26840 ----a-w- c:\windows1\system32\drivers\GEARAspiWDM.sys
2012-08-21 03:01 . 2012-02-07 09:17 106928 ----a-w- c:\windows1\system32\GEARAspi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bluebirds"="c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Bluebirds\BlueBirds.exe" [2009-04-29 270336]
"HP Photosmart 7510 series (NET)"="c:\program files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe" [2011-08-31 1804648]
"Facebook Update"="c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-09-19 896912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2000-01-01 40983152]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2000-01-01 1821576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"NvCplDaemon"="c:\windows1\system32\NvCpl.dll" [2012-09-23 15512424]
"NvMediaCenter"="NvMCTray.dll" [2012-09-23 108392]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-09-23 1634112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows1\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-20 519584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS1\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows1\pss\Nikon Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Start Menu^Programs^Startup^Snagit 10.lnk]
path=c:\documents and settings\All Users.WINDOWS1\Start Menu\Programs\Startup\Snagit 10.lnk
backup=c:\windows1\pss\Snagit 10.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS1^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users.WINDOWS1\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows1\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 17:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 12:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2012-02-02 05:55 37232 ----a-w- c:\windows1\ASScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]
2011-05-13 00:15 144608 ----a-w- c:\program files\Memeo\AutoSync\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Backup Premium]
2011-05-13 00:01 136416 ----a-w- c:\program files\Memeo\AutoBackupPro\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2011-09-20 04:53 1493288 ----a-w- c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]
2011-08-18 09:48 67456 ----a-w- c:\program files\Uniblue\RegistryBooster\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2011-06-01 23:06 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2010-06-14 06:10 153672 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 03:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-09-19 11:21 896912 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS1\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
"c:\\Documents and Settings\\siandmarg.HOME-2B9F7C8EB0\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\iw5sp.exe"=
"d:\\iw5mp.exe"=
"d:\\iw5mp_server.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows1\system32\drivers\NBVol.sys [7/02/2012 3:41 PM 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows1\system32\drivers\NBVolUp.sys [7/02/2012 3:41 PM 12464]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/09/2012 9:35 PM 399432]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackupPro\MemeoBackgroundService.exe [13/05/2011 10:01 AM 25824]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [23/09/2011 6:37 PM 641832]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [22/02/2012 6:05 PM 1258856]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2/06/2011 9:06 AM 14088]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows1\system32\drivers\dc3d.sys [6/02/2012 3:10 PM 45288]
R3 MBAMProtector;MBAMProtector;c:\windows1\system32\drivers\mbam.sys [6/08/2012 5:15 PM 22856]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows1\system32\drivers\viahduaa.sys [8/05/2008 9:23 PM 2127728]
S1 MpKsl0482e840;MpKsl0482e840;\??\c:\documents and settings\All Users.WINDOWS1\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D33C9C8F-1977-4EAD-BD3C-92B8234B19E5}\MpKsl0482e840.sys --> c:\documents and settings\All Users.WINDOWS1\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D33C9C8F-1977-4EAD-BD3C-92B8234B19E5}\MpKsl0482e840.sys [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/08/2012 5:15 PM 676936]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows1\system32\drivers\ousbehci.sys [12/02/2012 10:28 AM 45696]
S3 1394hub;1394 Enabled Hub;c:\windows1\system32\svchost.exe -k netsvcs [28/02/2006 10:00 PM 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows1\system32\Macromed\Flash\FlashPlayerUpdateService.exe [11/04/2012 7:37 AM 250808]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12/06/2011 11:15 AM 31125880]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows1\system32\drivers\netaapl.sys [17/06/2012 12:34 PM 18432]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/01/2010 9:37 PM 4640000]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows1\system32\drivers\ousb2hub.sys [12/02/2012 10:28 AM 56960]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows1\system32\DRIVERS\wg111v2.sys --> c:\windows1\system32\DRIVERS\wg111v2.sys [?]
S3 ST50220;Sonix ST50220 USB Video Camera Driver;c:\windows1\system32\drivers\ST50220.sys [29/05/2008 5:50 PM 27520]
S3 SWDUMon;SWDUMon;c:\windows1\system32\drivers\SWDUMon.sys [11/02/2012 5:34 PM 12984]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 1:37 PM 517096]
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-24 c:\windows1\Tasks\Adobe Flash Player Updater.job
- c:\windows1\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 10:20]
.
2012-10-22 c:\windows1\Tasks\AdobeAAMUpdater-1.0-HOME-2B9F7C8EB0-siandmarg.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-03-29 17:44]
.
2012-10-23 c:\windows1\Tasks\At1.job
- c:\program files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe [2011-08-31 08:07]
.
2012-10-23 c:\windows1\Tasks\At2.job
- c:\program files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe [2011-08-31 08:07]
.
2012-10-24 c:\windows1\Tasks\At3.job
- c:\program files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe [2011-08-31 08:07]
.
2012-10-23 c:\windows1\Tasks\At4.job
- c:\program files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe [2011-08-31 08:07]
.
2012-10-24 c:\windows1\Tasks\FacebookUpdateTaskUserS-1-5-21-343818398-1482476501-839522115-1004Core.job
- c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-02-02 06:13]
.
2012-10-24 c:\windows1\Tasks\FacebookUpdateTaskUserS-1-5-21-343818398-1482476501-839522115-1004UA.job
- c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-02-02 06:13]
.
2012-10-24 c:\windows1\Tasks\HP Photo Creations Communicator.job
- c:\documents and settings\All Users.WINDOWS1\Application Data\HP Photo Creations\MessageCheck.exe [2012-03-29 09:13]
.
2012-10-24 c:\windows1\Tasks\HP Photo Creations Messager.job
- c:\documents and settings\All Users.WINDOWS1\Application Data\HP Photo Creations\MessageCheck.exe [2012-03-29 09:13]
.
2012-10-24 c:\windows1\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 07:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ninemsn.com.au/
mStart Page = hxxp://www.startsearcher.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
Trusted Zone: virginblue.com.au\portal
TCP: DhcpNameServer = 10.1.1.1
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
MSConfigStartUp-Google Update - c:\documents and settings\siandmarg.HOME-2B9F7C8EB0\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
AddRemove-MW3v1.4.382 - d:\\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-24 19:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS1\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS1\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1428)
c:\windows1\system32\WININET.dll
c:\program files\NVIDIA Corporation\nview\nview.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MI1933~1\Office14\1033\GrooveIntlResource.dll
c:\windows1\system32\ieframe.dll
c:\windows1\system32\webcheck.dll
c:\windows1\system32\WPDShServiceObj.dll
c:\windows1\system32\PortableDeviceTypes.dll
c:\windows1\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows1\system32\SearchIndexer.exe
c:\windows1\system32\wscntfy.exe
c:\windows1\system32\RunDLL32.exe
c:\windows1\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe
.
**************************************************************************
.
Completion time: 2012-10-24 19:18:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-24 09:17
.
Pre-Run: 28,510,445,568 bytes free
Post-Run: 28,759,642,112 bytes free
.
- - End Of File - - 29E97D5A8923974621103645C7398DF0
 
After 22 mins of running combofix I got this

2012/10/24 19:44:42 +1000 HOME-2B9F7C8EB0 siandmarg IP-BLOCK 31.133.43.11 (Type: outgoing)

This was copied from malwarebytes log
 
Good job!

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.
 
Tried to download and run ADWCleaner by xplode and got error
"The application or DLL C;\WINDOWS\system32\WSOCK32dll is not valid windows image, please check this against your installation diskett.

The tital bar of this error reads
adwcleaner[1].exe - Bad Image
 
Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death
 
Wow what a crap 2 days blue screen of death corrupted wsock files couldnt boot windows and so format and reinstall was the only option well at least the viruses are gone
I will keep going to get all updates etc done and if I have any other issues I will reopen a new thread
Thanks for your help
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
794
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back