Jump to content

strangetiger

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

 Content Type 

Everything posted by strangetiger

  1. strangetiger
    Hi there! As requested, please find below the TDSSKIller Log and in the next post the MalwareBytes' Anti-Malware log and new DDS log file: 10:04:19.0678 3528 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47 10:04:20.0960 3528 ============================================================ 10:04:20.0960 3528 Current date / time: 2012/04/23 10:04:20.0960 10:04:20.0960 3528 SystemInfo: 10:04:20.0960 3528 10:04:20.0960 3528 OS Version: 5.1.2600 ServicePack: 3.0 10:04:20.0960 3528 Product type: Workstation 10:04:20.0960 3528 ComputerName: DELL-10240 10:04:20.0960 3528 UserName: nikki 10:04:20.0960 3528 Windows directory: C:\WINDOWS 10:04:20.0960 3528 System windows directory: C:\WINDOWS 10:04:20.0960 3528 Processor architecture: Intel x86 10:04:20.0960 3528 Number of processors: 2 10:04:20.0960 3528 Page size: 0x1000 10:04:20.0960 3528 Boot type: Normal boot 10:04:20.0960 3528 ============================================================ 10:04:26.0241 3528 !crdlk 10:04:26.0397 3528 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A' 10:04:26.0413 3528 \Device\Harddisk0\DR0: 10:04:26.0413 3528 MBR partitions: 10:04:26.0413 3528 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x1CA5A09D 10:04:26.0444 3528 C: <-> \Device\Harddisk0\DR0\Partition0 10:04:26.0444 3528 Initialize success 10:04:26.0444 3528 ============================================================ 10:04:41.0570 3560 ============================================================ 10:04:41.0570 3560 Scan started 10:04:41.0570 3560 Mode: Manual; SigCheck; TDLFS; 10:04:41.0570 3560 ============================================================ 10:04:42.0007 3560 Suspicious service (NoAccess): 20cb95d47b2c6bbd 10:04:42.0101 3560 20cb95d47b2c6bbd (9c029ef2c394e6d415e81ce9f681bd28) C:\WINDOWS\System32\Drivers\20cb95d47b2c6bbd.sys 10:04:42.0101 3560 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\20cb95d47b2c6bbd.sys. md5: 9c029ef2c394e6d415e81ce9f681bd28 10:04:42.0132 3560 20cb95d47b2c6bbd ( LockedService.Multi.Generic ) - warning 10:04:42.0132 3560 20cb95d47b2c6bbd - detected LockedService.Multi.Generic (1) 10:04:42.0132 3560 Abiosdsk - ok 10:04:42.0241 3560 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 10:04:42.0570 3560 abp480n5 - ok 10:04:42.0663 3560 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 10:04:42.0757 3560 ACPI - ok 10:04:42.0788 3560 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 10:04:42.0882 3560 ACPIEC - ok 10:04:43.0007 3560 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 10:04:43.0023 3560 AdobeFlashPlayerUpdateSvc - ok 10:04:43.0101 3560 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 10:04:43.0179 3560 adpu160m - ok 10:04:43.0273 3560 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 10:04:43.0351 3560 aec - ok 10:04:43.0413 3560 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys 10:04:43.0507 3560 AFD - ok 10:04:43.0585 3560 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 10:04:43.0726 3560 agp440 - ok 10:04:43.0757 3560 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 10:04:43.0866 3560 agpCPQ - ok 10:04:43.0929 3560 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 10:04:43.0960 3560 Aha154x - ok 10:04:43.0991 3560 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 10:04:44.0101 3560 aic78u2 - ok 10:04:44.0132 3560 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 10:04:44.0210 3560 aic78xx - ok 10:04:44.0304 3560 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 10:04:44.0398 3560 Alerter - ok 10:04:44.0445 3560 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 10:04:44.0538 3560 ALG - ok 10:04:44.0648 3560 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 10:04:44.0726 3560 AliIde - ok 10:04:44.0788 3560 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 10:04:44.0867 3560 alim1541 - ok 10:04:44.0913 3560 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 10:04:44.0992 3560 amdagp - ok 10:04:45.0054 3560 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 10:04:45.0101 3560 amsint - ok 10:04:45.0242 3560 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 10:04:45.0257 3560 Apple Mobile Device - ok 10:04:45.0382 3560 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 10:04:45.0476 3560 AppMgmt - ok 10:04:45.0554 3560 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 10:04:45.0648 3560 asc - ok 10:04:45.0726 3560 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 10:04:45.0757 3560 asc3350p - ok 10:04:45.0773 3560 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 10:04:45.0851 3560 asc3550 - ok 10:04:45.0913 3560 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 10:04:45.0945 3560 aspnet_state - ok 10:04:46.0070 3560 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 10:04:46.0148 3560 AsyncMac - ok 10:04:46.0179 3560 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 10:04:46.0242 3560 atapi - ok 10:04:46.0257 3560 Atdisk - ok 10:04:46.0273 3560 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 10:04:46.0351 3560 Atmarpc - ok 10:04:46.0476 3560 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 10:04:46.0554 3560 AudioSrv - ok 10:04:46.0632 3560 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 10:04:46.0710 3560 audstub - ok 10:04:46.0851 3560 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 10:04:46.0929 3560 Beep - ok 10:04:46.0992 3560 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 10:04:47.0117 3560 BITS - ok 10:04:47.0226 3560 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe 10:04:47.0242 3560 Bonjour Service - ok 10:04:47.0382 3560 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 10:04:47.0476 3560 Browser - ok 10:04:47.0538 3560 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 10:04:47.0632 3560 cbidf - ok 10:04:47.0632 3560 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 10:04:47.0710 3560 cbidf2k - ok 10:04:47.0773 3560 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 10:04:47.0804 3560 cd20xrnt - ok 10:04:47.0835 3560 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 10:04:47.0898 3560 Cdaudio - ok 10:04:47.0992 3560 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 10:04:48.0070 3560 Cdfs - ok 10:04:48.0117 3560 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 10:04:48.0195 3560 Cdrom - ok 10:04:48.0242 3560 Changer - ok 10:04:48.0273 3560 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 10:04:48.0445 3560 CiSvc - ok 10:04:48.0476 3560 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 10:04:48.0601 3560 ClipSrv - ok 10:04:48.0742 3560 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 10:04:48.0773 3560 clr_optimization_v2.0.50727_32 - ok 10:04:48.0867 3560 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 10:04:49.0007 3560 CmdIde - ok 10:04:49.0054 3560 COMSysApp - ok 10:04:49.0085 3560 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 10:04:49.0226 3560 Cpqarray - ok 10:04:49.0304 3560 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 10:04:49.0382 3560 CryptSvc - ok 10:04:49.0476 3560 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 10:04:49.0554 3560 dac2w2k - ok 10:04:49.0617 3560 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 10:04:49.0710 3560 dac960nt - ok 10:04:49.0773 3560 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 10:04:49.0835 3560 DcomLaunch - ok 10:04:49.0945 3560 DgiVecp (a5034f77b278f07e224fe07cf98a8b76) C:\WINDOWS\system32\Drivers\DgiVecp.sys 10:04:49.0960 3560 DgiVecp ( UnsignedFile.Multi.Generic ) - warning 10:04:49.0960 3560 DgiVecp - detected UnsignedFile.Multi.Generic (1) 10:04:50.0023 3560 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 10:04:50.0117 3560 Dhcp - ok 10:04:50.0164 3560 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 10:04:50.0226 3560 Disk - ok 10:04:50.0320 3560 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS 10:04:50.0335 3560 DLABMFSM - ok 10:04:50.0367 3560 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS 10:04:50.0367 3560 DLABOIOM - ok 10:04:50.0382 3560 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 10:04:50.0382 3560 DLACDBHM - ok 10:04:50.0398 3560 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS 10:04:50.0398 3560 DLADResM - ok 10:04:50.0414 3560 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS 10:04:50.0414 3560 DLAIFS_M - ok 10:04:50.0429 3560 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS 10:04:50.0429 3560 DLAOPIOM - ok 10:04:50.0445 3560 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS 10:04:50.0445 3560 DLAPoolM - ok 10:04:50.0460 3560 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS 10:04:50.0460 3560 DLARTL_M - ok 10:04:50.0476 3560 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS 10:04:50.0476 3560 DLAUDFAM - ok 10:04:50.0492 3560 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS 10:04:50.0492 3560 DLAUDF_M - ok 10:04:50.0554 3560 dmadmin - ok 10:04:50.0632 3560 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 10:04:50.0757 3560 dmboot - ok 10:04:50.0882 3560 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 10:04:50.0976 3560 dmio - ok 10:04:50.0992 3560 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 10:04:51.0101 3560 dmload - ok 10:04:51.0179 3560 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 10:04:51.0257 3560 dmserver - ok 10:04:51.0414 3560 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 10:04:51.0492 3560 DMusic - ok 10:04:51.0570 3560 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 10:04:51.0601 3560 Dnscache - ok 10:04:51.0664 3560 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 10:04:51.0742 3560 Dot3svc - ok 10:04:51.0789 3560 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 10:04:51.0882 3560 dpti2o - ok 10:04:51.0960 3560 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 10:04:52.0039 3560 drmkaud - ok 10:04:52.0132 3560 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 10:04:52.0148 3560 DRVMCDB - ok 10:04:52.0195 3560 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 10:04:52.0195 3560 DRVNDDM - ok 10:04:52.0257 3560 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 10:04:52.0351 3560 E100B - ok 10:04:52.0492 3560 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 10:04:52.0507 3560 e1express - ok 10:04:52.0554 3560 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 10:04:52.0648 3560 EapHost - ok 10:04:52.0773 3560 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 10:04:52.0851 3560 ERSvc - ok 10:04:52.0914 3560 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 10:04:52.0929 3560 Eventlog - ok 10:04:53.0054 3560 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 10:04:53.0117 3560 EventSystem - ok 10:04:53.0210 3560 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 10:04:53.0289 3560 Fastfat - ok 10:04:53.0398 3560 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 10:04:53.0429 3560 FastUserSwitchingCompatibility - ok 10:04:53.0507 3560 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe 10:04:53.0585 3560 Fax - ok 10:04:53.0726 3560 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 10:04:53.0804 3560 Fdc - ok 10:04:53.0836 3560 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 10:04:53.0898 3560 Fips - ok 10:04:54.0070 3560 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 10:04:54.0148 3560 Flpydisk - ok 10:04:54.0211 3560 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 10:04:54.0289 3560 FltMgr - ok 10:04:54.0445 3560 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 10:04:54.0476 3560 FontCache3.0.0.0 - ok 10:04:54.0617 3560 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 10:04:54.0695 3560 Fs_Rec - ok 10:04:54.0742 3560 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 10:04:54.0836 3560 Ftdisk - ok 10:04:54.0976 3560 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 10:04:54.0976 3560 GEARAspiWDM - ok 10:04:55.0023 3560 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 10:04:55.0117 3560 Gpc - ok 10:04:55.0304 3560 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 10:04:55.0304 3560 gusvc - ok 10:04:55.0507 3560 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 10:04:55.0586 3560 HDAudBus - ok 10:04:55.0679 3560 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 10:04:55.0757 3560 helpsvc - ok 10:04:55.0836 3560 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll 10:04:55.0929 3560 HidServ - ok 10:04:56.0054 3560 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 10:04:56.0132 3560 HidUsb - ok 10:04:56.0211 3560 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 10:04:56.0304 3560 hkmsvc - ok 10:04:56.0492 3560 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 10:04:56.0570 3560 hpn - ok 10:04:56.0632 3560 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 10:04:56.0695 3560 HTTP - ok 10:04:56.0804 3560 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 10:04:56.0882 3560 HTTPFilter - ok 10:04:57.0007 3560 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 10:04:57.0086 3560 i2omgmt - ok 10:04:57.0132 3560 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 10:04:57.0195 3560 i2omp - ok 10:04:57.0336 3560 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 10:04:57.0414 3560 i8042prt - ok 10:04:57.0711 3560 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 10:04:57.0851 3560 ialm - ok 10:04:57.0992 3560 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys 10:04:57.0992 3560 iaStor - ok 10:04:58.0117 3560 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 10:04:58.0164 3560 idsvc - ok 10:04:58.0367 3560 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 10:04:58.0445 3560 Imapi - ok 10:04:58.0492 3560 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 10:04:58.0586 3560 ImapiService - ok 10:04:58.0758 3560 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 10:04:58.0836 3560 ini910u - ok 10:04:58.0992 3560 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys 10:04:59.0117 3560 IntcAzAudAddService - ok 10:04:59.0289 3560 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 10:04:59.0367 3560 IntelIde - ok 10:04:59.0398 3560 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 10:04:59.0476 3560 intelppm - ok 10:04:59.0601 3560 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 10:04:59.0695 3560 Ip6Fw - ok 10:04:59.0726 3560 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 10:04:59.0836 3560 IpFilterDriver - ok 10:04:59.0945 3560 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 10:05:00.0023 3560 IpInIp - ok 10:05:00.0070 3560 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 10:05:00.0148 3560 IpNat - ok 10:05:00.0273 3560 iPod Service (9033d67b7112d23eded6789bacded128) C:\Program Files\iPod\bin\iPodService.exe 10:05:00.0304 3560 iPod Service - ok 10:05:00.0476 3560 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 10:05:00.0554 3560 IPSec - ok 10:05:00.0601 3560 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 10:05:00.0695 3560 IRENUM - ok 10:05:00.0867 3560 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 10:05:01.0133 3560 isapnp - ok 10:05:01.0336 3560 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe 10:05:01.0336 3560 JavaQuickStarterService - ok 10:05:01.0508 3560 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 10:05:01.0586 3560 Kbdclass - ok 10:05:01.0664 3560 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 10:05:01.0742 3560 kbdhid - ok 10:05:01.0883 3560 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 10:05:01.0961 3560 kmixer - ok 10:05:02.0039 3560 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 10:05:02.0133 3560 KSecDD - ok 10:05:02.0242 3560 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 10:05:02.0273 3560 lanmanserver - ok 10:05:02.0351 3560 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 10:05:02.0398 3560 lanmanworkstation - ok 10:05:02.0508 3560 lbrtfdc - ok 10:05:02.0570 3560 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 10:05:02.0648 3560 LmHosts - ok 10:05:02.0836 3560 LMIGuardianSvc (2375e7e01635fbccde2f796a9e078e07) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe 10:05:02.0836 3560 LMIGuardianSvc - ok 10:05:02.0898 3560 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys 10:05:02.0898 3560 LMIInfo - ok 10:05:02.0961 3560 LMIMaint (b9c127273eaba403311854a8dcb6d0aa) C:\Program Files\LogMeIn\x86\RaMaint.exe 10:05:02.0976 3560 LMIMaint - ok 10:05:03.0101 3560 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys 10:05:03.0117 3560 lmimirr - ok 10:05:03.0148 3560 LMIRfsClientNP - ok 10:05:03.0164 3560 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 10:05:03.0179 3560 LMIRfsDriver - ok 10:05:03.0336 3560 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe 10:05:03.0351 3560 LogMeIn - ok 10:05:03.0554 3560 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys 10:05:03.0570 3560 MBAMProtector - ok 10:05:03.0695 3560 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 10:05:03.0726 3560 MBAMService - ok 10:05:03.0851 3560 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 10:05:03.0930 3560 Messenger - ok 10:05:04.0039 3560 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 10:05:04.0133 3560 mnmdd - ok 10:05:04.0211 3560 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 10:05:04.0305 3560 mnmsrvc - ok 10:05:04.0398 3560 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 10:05:04.0492 3560 Modem - ok 10:05:04.0555 3560 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 10:05:04.0633 3560 Mouclass - ok 10:05:04.0695 3560 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 10:05:04.0789 3560 mouhid - ok 10:05:04.0883 3560 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 10:05:04.0961 3560 MountMgr - ok 10:05:05.0023 3560 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 10:05:05.0117 3560 mraid35x - ok 10:05:05.0211 3560 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 10:05:05.0305 3560 MRxDAV - ok 10:05:05.0398 3560 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 10:05:05.0461 3560 MRxSmb - ok 10:05:05.0555 3560 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 10:05:05.0648 3560 MSDTC - ok 10:05:05.0820 3560 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 10:05:05.0883 3560 Msfs - ok 10:05:05.0898 3560 MSIServer - ok 10:05:05.0945 3560 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 10:05:06.0023 3560 MSKSSRV - ok 10:05:06.0101 3560 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 10:05:06.0180 3560 MSPCLOCK - ok 10:05:06.0242 3560 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 10:05:06.0336 3560 MSPQM - ok 10:05:06.0461 3560 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 10:05:06.0539 3560 mssmbios - ok 10:05:06.0601 3560 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 10:05:06.0680 3560 Mup - ok 10:05:06.0805 3560 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 10:05:06.0898 3560 napagent - ok 10:05:07.0023 3560 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 10:05:07.0086 3560 NDIS - ok 10:05:07.0117 3560 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 10:05:07.0211 3560 NdisTapi - ok 10:05:07.0351 3560 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 10:05:07.0430 3560 Ndisuio - ok 10:05:07.0508 3560 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 10:05:07.0586 3560 NdisWan - ok 10:05:07.0695 3560 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 10:05:07.0742 3560 NDProxy - ok 10:05:07.0820 3560 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 10:05:07.0898 3560 NetBIOS - ok 10:05:07.0976 3560 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 10:05:08.0055 3560 NetBT - ok 10:05:08.0133 3560 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 10:05:08.0211 3560 NetDDE - ok 10:05:08.0242 3560 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 10:05:08.0305 3560 NetDDEdsdm - ok 10:05:08.0383 3560 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 10:05:08.0461 3560 Netlogon - ok 10:05:08.0539 3560 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 10:05:08.0617 3560 Netman - ok 10:05:08.0742 3560 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 10:05:08.0758 3560 NetTcpPortSharing - ok 10:05:08.0898 3560 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 10:05:08.0930 3560 Nla - ok 10:05:09.0023 3560 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 10:05:09.0164 3560 Npfs - ok 10:05:09.0195 3560 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 10:05:09.0383 3560 Ntfs - ok 10:05:09.0414 3560 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 10:05:09.0555 3560 NtLmSsp - ok 10:05:09.0680 3560 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 10:05:09.0789 3560 NtmsSvc - ok 10:05:09.0898 3560 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 10:05:09.0977 3560 Null - ok 10:05:10.0070 3560 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10:05:10.0211 3560 nv - ok 10:05:10.0305 3560 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 10:05:10.0383 3560 NwlnkFlt - ok 10:05:10.0430 3560 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 10:05:10.0523 3560 NwlnkFwd - ok 10:05:10.0680 3560 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 10:05:10.0695 3560 odserv - ok 10:05:10.0773 3560 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 10:05:10.0773 3560 ose - ok 10:05:10.0945 3560 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 10:05:11.0008 3560 Parport - ok 10:05:11.0039 3560 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 10:05:11.0117 3560 PartMgr - ok 10:05:11.0242 3560 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 10:05:11.0320 3560 ParVdm - ok 10:05:11.0414 3560 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 10:05:11.0492 3560 PCI - ok 10:05:11.0539 3560 PCIDump - ok 10:05:11.0570 3560 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 10:05:11.0664 3560 PCIIde - ok 10:05:11.0742 3560 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 10:05:11.0820 3560 Pcmcia - ok 10:05:11.0898 3560 PDCOMP - ok 10:05:11.0945 3560 PDFRAME - ok 10:05:11.0961 3560 PDRELI - ok 10:05:11.0961 3560 PDRFRAME - ok 10:05:11.0992 3560 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 10:05:12.0070 3560 perc2 - ok 10:05:12.0133 3560 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 10:05:12.0227 3560 perc2hib - ok 10:05:12.0367 3560 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 10:05:12.0367 3560 PlugPlay - ok 10:05:12.0508 3560 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 10:05:12.0570 3560 PolicyAgent - ok 10:05:12.0648 3560 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 10:05:12.0727 3560 PptpMiniport - ok 10:05:12.0773 3560 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 10:05:12.0836 3560 ProtectedStorage - ok 10:05:12.0977 3560 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 10:05:13.0055 3560 PSched - ok 10:05:13.0133 3560 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 10:05:13.0227 3560 Ptilink - ok 10:05:13.0367 3560 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 10:05:13.0367 3560 PxHelp20 - ok 10:05:13.0508 3560 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 10:05:13.0602 3560 ql1080 - ok 10:05:13.0649 3560 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 10:05:13.0727 3560 Ql10wnt - ok 10:05:13.0805 3560 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 10:05:13.0883 3560 ql12160 - ok 10:05:13.0899 3560 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 10:05:13.0992 3560 ql1240 - ok 10:05:14.0133 3560 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 10:05:14.0227 3560 ql1280 - ok 10:05:14.0258 3560 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 10:05:14.0320 3560 RasAcd - ok 10:05:14.0399 3560 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 10:05:14.0492 3560 RasAuto - ok 10:05:14.0633 3560 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 10:05:14.0711 3560 Rasl2tp - ok 10:05:14.0789 3560 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 10:05:14.0899 3560 RasMan - ok 10:05:15.0039 3560 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 10:05:15.0117 3560 RasPppoe - ok 10:05:15.0149 3560 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 10:05:15.0242 3560 Raspti - ok 10:05:15.0289 3560 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 10:05:15.0367 3560 Rdbss - ok 10:05:15.0492 3560 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 10:05:15.0586 3560 RDPCDD - ok 10:05:15.0664 3560 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 10:05:15.0742 3560 rdpdr - ok 10:05:15.0852 3560 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 10:05:15.0977 3560 RDPWD - ok 10:05:16.0039 3560 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 10:05:16.0149 3560 RDSessMgr - ok 10:05:16.0274 3560 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 10:05:16.0399 3560 redbook - ok 10:05:16.0477 3560 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 10:05:16.0633 3560 RemoteAccess - ok 10:05:16.0742 3560 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 10:05:16.0836 3560 RemoteRegistry - ok 10:05:16.0899 3560 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 10:05:17.0102 3560 RpcLocator - ok 10:05:17.0258 3560 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 10:05:17.0305 3560 RpcSs - ok 10:05:17.0414 3560 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 10:05:17.0539 3560 RSVP - ok 10:05:17.0633 3560 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 10:05:17.0711 3560 SamSs - ok 10:05:17.0758 3560 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 10:05:17.0852 3560 SCardSvr - ok 10:05:17.0977 3560 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 10:05:18.0055 3560 Schedule - ok 10:05:18.0164 3560 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 10:05:18.0258 3560 Secdrv - ok 10:05:18.0367 3560 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 10:05:18.0477 3560 seclogon - ok 10:05:18.0539 3560 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 10:05:18.0664 3560 SENS - ok 10:05:18.0727 3560 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 10:05:18.0821 3560 serenum - ok 10:05:18.0852 3560 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 10:05:18.0930 3560 Serial - ok 10:05:19.0133 3560 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 10:05:19.0211 3560 Sfloppy - ok 10:05:19.0289 3560 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 10:05:19.0399 3560 SharedAccess - ok 10:05:19.0524 3560 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 10:05:19.0539 3560 ShellHWDetection - ok 10:05:19.0617 3560 Simbad - ok 10:05:19.0680 3560 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 10:05:19.0742 3560 sisagp - ok 10:05:19.0930 3560 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 10:05:20.0024 3560 SONYPVU1 - ok 10:05:20.0149 3560 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 10:05:20.0196 3560 Sparrow - ok 10:05:20.0289 3560 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 10:05:20.0367 3560 splitter - ok 10:05:20.0492 3560 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 10:05:20.0555 3560 Spooler - ok 10:05:20.0711 3560 sprtsvc_dellsupportcenter - ok 10:05:20.0883 3560 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 10:05:20.0961 3560 sr - ok 10:05:21.0102 3560 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 10:05:21.0180 3560 srservice - ok 10:05:21.0289 3560 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 10:05:21.0383 3560 Srv - ok 10:05:21.0555 3560 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 10:05:21.0633 3560 SSDPSRV - ok 10:05:21.0680 3560 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 10:05:21.0789 3560 stisvc - ok 10:05:21.0930 3560 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe 10:05:21.0946 3560 stllssvr ( UnsignedFile.Multi.Generic ) - warning 10:05:21.0946 3560 stllssvr - detected UnsignedFile.Multi.Generic (1) 10:05:22.0102 3560 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 10:05:22.0180 3560 swenum - ok 10:05:22.0211 3560 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 10:05:22.0289 3560 swmidi - ok 10:05:22.0383 3560 SwPrv - ok 10:05:22.0446 3560 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 10:05:22.0586 3560 symc810 - ok 10:05:22.0664 3560 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 10:05:22.0821 3560 symc8xx - ok 10:05:22.0899 3560 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 10:05:23.0008 3560 sym_hi - ok 10:05:23.0039 3560 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 10:05:23.0117 3560 sym_u3 - ok 10:05:23.0211 3560 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 10:05:23.0289 3560 sysaudio - ok 10:05:23.0383 3560 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 10:05:23.0446 3560 SysmonLog - ok 10:05:23.0539 3560 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 10:05:23.0618 3560 TapiSrv - ok 10:05:23.0711 3560 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 10:05:23.0758 3560 Tcpip - ok 10:05:23.0852 3560 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 10:05:23.0946 3560 TDPIPE - ok 10:05:23.0977 3560 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 10:05:24.0118 3560 TDTCP - ok 10:05:24.0196 3560 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 10:05:24.0336 3560 TermDD - ok 10:05:24.0446 3560 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 10:05:24.0586 3560 TermService - ok 10:05:24.0680 3560 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 10:05:24.0680 3560 Themes - ok 10:05:24.0758 3560 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 10:05:24.0852 3560 TlntSvr - ok 10:05:24.0914 3560 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 10:05:25.0008 3560 TosIde - ok 10:05:25.0086 3560 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 10:05:25.0180 3560 TrkWks - ok 10:05:25.0258 3560 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 10:05:25.0336 3560 Udfs - ok 10:05:25.0539 3560 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 10:05:25.0586 3560 ultra - ok 10:05:25.0664 3560 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 10:05:25.0743 3560 Update - ok 10:05:25.0836 3560 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 10:05:25.0977 3560 upnphost - ok 10:05:26.0055 3560 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 10:05:26.0196 3560 UPS - ok 10:05:26.0321 3560 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 10:05:26.0399 3560 usbccgp - ok 10:05:26.0524 3560 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 10:05:26.0602 3560 usbehci - ok 10:05:26.0711 3560 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 10:05:26.0789 3560 usbhub - ok 10:05:26.0868 3560 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 10:05:26.0946 3560 usbprint - ok 10:05:27.0039 3560 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 10:05:27.0133 3560 USBSTOR - ok 10:05:27.0211 3560 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 10:05:27.0289 3560 usbuhci - ok 10:05:27.0383 3560 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 10:05:27.0461 3560 VgaSave - ok 10:05:27.0524 3560 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 10:05:27.0618 3560 viaagp - ok 10:05:27.0727 3560 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 10:05:27.0805 3560 ViaIde - ok 10:05:27.0852 3560 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 10:05:27.0930 3560 VolSnap - ok 10:05:28.0040 3560 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 10:05:28.0118 3560 VSS - ok 10:05:28.0211 3560 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 10:05:28.0290 3560 w32time - ok 10:05:28.0383 3560 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 10:05:28.0461 3560 Wanarp - ok 10:05:28.0540 3560 WDICA - ok 10:05:28.0633 3560 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 10:05:28.0711 3560 wdmaud - ok 10:05:28.0805 3560 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 10:05:28.0883 3560 WebClient - ok 10:05:28.0993 3560 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 10:05:29.0071 3560 winmgmt - ok 10:05:29.0180 3560 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll 10:05:29.0258 3560 WmdmPmSN - ok 10:05:29.0399 3560 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll 10:05:29.0446 3560 Wmi - ok 10:05:29.0618 3560 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 10:05:29.0774 3560 WmiApSrv - ok 10:05:29.0852 3560 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 10:05:29.0993 3560 wscsvc - ok 10:05:30.0071 3560 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 10:05:30.0243 3560 wuauserv - ok 10:05:30.0321 3560 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 10:05:30.0508 3560 WZCSVC - ok 10:05:30.0618 3560 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 10:05:30.0711 3560 xmlprov - ok 10:05:30.0743 3560 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0 10:05:30.0821 3560 \Device\Harddisk0\DR0 - ok 10:05:30.0852 3560 Boot (0x1200) (85dacec4a57ea745bbb2d64f557f21b9) \Device\Harddisk0\DR0\Partition0 10:05:30.0852 3560 \Device\Harddisk0\DR0\Partition0 - ok 10:05:30.0852 3560 ============================================================ 10:05:30.0852 3560 Scan finished 10:05:30.0852 3560 ============================================================ 10:05:30.0961 3712 Detected object count: 3 10:05:30.0961 3712 Actual detected object count: 3 10:05:40.0993 3712 20cb95d47b2c6bbd ( LockedService.Multi.Generic ) - skipped by user 10:05:40.0993 3712 20cb95d47b2c6bbd ( LockedService.Multi.Generic ) - User select action: Skip 10:05:41.0009 3712 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user 10:05:41.0009 3712 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:05:41.0009 3712 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user 10:05:41.0009 3712 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip __________________________________________________________________________________________ Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.22.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 nikki :: DELL-10240 [administrator] Protection: Disabled 23/04/2012 10:09:50 AM mbam-log-2012-04-23 (10-09-50).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 319568 Time elapsed: 15 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Data: C:\WINDOWS\system32\regedit.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) _______________________________________________________________________________________ . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29 Run by nikki at 10:29:12 on 2012-04-23 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1582 [GMT 10:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\WINDOWS\Explorer.EXE C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Brownie\BrstsWnd.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\nikki\etpmyy6fze.exe C:\Program Files\Brownie\Brnipmon.exe C:\WINDOWS\system32\userinit.exe C:\Program Files\Dell Support Center\gs_agent\dsc.exe C:\Program Files\iPod\bin\iPodService.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com.au/ uDefault_Page_URL = hxxp://companyweb uSearch Bar = BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [etpmyy6fze] c:\documents and settings\nikki\etpmyy6fze.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mPolicies-system: RunStartupScriptSync = 1 (0x1) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: asos.com\www Trusted Zone: officeworks.com.au\www DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab?rnd=3345172118 TCP: DhcpNameServer = 192.168.0.241 192.231.203.132 192.231.203.3 TCP: Interfaces\{6A70F077-30B7-46D8-ABED-1D917788B90E} : NameServer = 192.168.0.241 TCP: Interfaces\{6A70F077-30B7-46D8-ABED-1D917788B90E} : DhcpNameServer = 192.168.0.241 192.231.203.132 192.231.203.3 Notify: igfxcui - igfxdev.dll Notify: LMIinit - LMIinit.dll Hosts: 93.113.196.118 www.google.com Hosts: 93.113.196.119 www.bing.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\nikki\application data\mozilla\firefox\profiles\alvqrs73.default\ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll . ============= SERVICES / DRIVERS =============== . R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-4-12 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-5-13 47640] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-17 654408] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 253088] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-17 22344] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . =============== Created Last 30 ================ . 2012-04-17 04:13:40 -------- d-----w- c:\documents and settings\nikki\application data\Malwarebytes 2012-04-17 04:13:34 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-17 04:13:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-17 04:13:34 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-04-17 02:26:36 -------- d-----w- c:\documents and settings\nikki\application data\AVG 2012-04-17 02:09:59 -------- d-----w- c:\documents and settings\nikki\application data\AVG2012 2012-04-17 02:07:27 -------- d--h--w- c:\documents and settings\all users\application data\Common Files 2012-04-17 02:06:51 -------- d-----w- c:\documents and settings\all users\application data\AVG2012 2012-04-17 02:06:15 -------- d-----w- c:\program files\AVG 2012-04-17 02:02:29 -------- d-----w- c:\documents and settings\all users\application data\MFAData 2012-04-15 23:23:03 4126368 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-04-15 22:57:54 44368 ----a-w- c:\windows\system32\drivers\20cb95d47b2c6bbd.sys 2012-04-12 05:56:33 19136 ----a-w- c:\documents and settings\nikki\etpmyy6fze.exe 2012-04-04 05:53:56 182160 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll 2012-04-01 23:21:09 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-03-30 00:12:07 -------- d-----w- c:\documents and settings\nikki\application data\tiger-k 2012-03-30 00:12:07 -------- d-----w- c:\documents and settings\nikki\application data\Leawo 2012-03-30 00:07:46 175616 ----a-w- c:\windows\system32\unrar.dll 2012-03-30 00:07:44 -------- d-----w- c:\program files\K-Lite Codec Pack 2012-03-30 00:07:39 606208 ----a-w- c:\windows\system32\xvidcore.dll 2012-03-30 00:07:39 139264 ----a-w- c:\windows\system32\xvid.ax 2012-03-30 00:07:33 -------- d-----w- c:\program files\Leawo . ==================== Find3M ==================== . 2012-04-15 23:23:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-06 23:20:23 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-02-06 23:20:21 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll 2012-02-06 23:20:18 30592 ----a-w- c:\windows\system32\LMIport.dll 2012-02-06 23:20:17 87424 ----a-w- c:\windows\system32\LMIinit.dll . ============= FINISH: 10:30:17.59 =============== I didn't encounter any problems, however there was no "cure" option on the TDSS Killer, so as directed I selected "skip". Thanks again!
  2. strangetiger
    Hi Maniac! Thanks so much for coming to my assistance! As per instructions, below are the dds.txt and attach.txt files: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29 Run by nikki at 9:55:48 on 2012-04-20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1409 [GMT 10:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Brownie\BrstsWnd.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Brownie\Brnipmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com.au/ uDefault_Page_URL = hxxp://companyweb uSearch Bar = BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [etpmyy6fze] c:\documents and settings\nikki\etpmyy6fze.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Regedit32] c:\windows\system32\regedit.exe mPolicies-system: RunStartupScriptSync = 1 (0x1) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: asos.com\www Trusted Zone: officeworks.com.au\www DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab?rnd=3345172118 TCP: DhcpNameServer = 192.168.0.241 192.231.203.132 192.231.203.3 TCP: Interfaces\{6A70F077-30B7-46D8-ABED-1D917788B90E} : NameServer = 192.168.0.241 TCP: Interfaces\{6A70F077-30B7-46D8-ABED-1D917788B90E} : DhcpNameServer = 192.168.0.241 192.231.203.132 192.231.203.3 Notify: igfxcui - igfxdev.dll Notify: LMIinit - LMIinit.dll Hosts: 93.113.196.118 www.google.com Hosts: 93.113.196.119 www.bing.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\nikki\application data\mozilla\firefox\profiles\alvqrs73.default\ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll . ============= SERVICES / DRIVERS =============== . R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-4-12 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-5-13 47640] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-17 654408] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 253088] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-17 22344] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . =============== Created Last 30 ================ . 2012-04-17 04:13:40 -------- d-----w- c:\documents and settings\nikki\application data\Malwarebytes 2012-04-17 04:13:34 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-17 04:13:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-17 04:13:34 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-04-17 02:26:36 -------- d-----w- c:\documents and settings\nikki\application data\AVG 2012-04-17 02:09:59 -------- d-----w- c:\documents and settings\nikki\application data\AVG2012 2012-04-17 02:07:27 -------- d--h--w- c:\documents and settings\all users\application data\Common Files 2012-04-17 02:06:51 -------- d-----w- c:\documents and settings\all users\application data\AVG2012 2012-04-17 02:06:15 -------- d-----w- c:\program files\AVG 2012-04-17 02:02:29 -------- d-----w- c:\documents and settings\all users\application data\MFAData 2012-04-15 23:23:03 4126368 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-04-15 22:57:54 44368 ----a-w- c:\windows\system32\drivers\20cb95d47b2c6bbd.sys 2012-04-12 05:56:33 19136 ----a-w- c:\documents and settings\nikki\etpmyy6fze.exe 2012-04-04 05:53:56 182160 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll 2012-04-01 23:21:09 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-03-30 00:12:07 -------- d-----w- c:\documents and settings\nikki\application data\tiger-k 2012-03-30 00:12:07 -------- d-----w- c:\documents and settings\nikki\application data\Leawo 2012-03-30 00:07:46 175616 ----a-w- c:\windows\system32\unrar.dll 2012-03-30 00:07:44 -------- d-----w- c:\program files\K-Lite Codec Pack 2012-03-30 00:07:39 606208 ----a-w- c:\windows\system32\xvidcore.dll 2012-03-30 00:07:39 139264 ----a-w- c:\windows\system32\xvid.ax 2012-03-30 00:07:33 -------- d-----w- c:\program files\Leawo . ==================== Find3M ==================== . 2012-04-15 23:23:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-06 23:20:23 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-02-06 23:20:21 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll 2012-02-06 23:20:18 30592 ----a-w- c:\windows\system32\LMIport.dll 2012-02-06 23:20:17 87424 ----a-w- c:\windows\system32\LMIinit.dll . ============= FINISH: 9:56:25.32 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 22/08/2008 10:12:24 AM System Uptime: 20/04/2012 9:23:55 AM (0 hours ago) . Motherboard: Dell Inc. | | 0RK936 Processor: Intel® Core2 Duo CPU E4600 @ 2.40GHz | Socket 775 | 2394/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 229 GiB total, 199.283 GiB free. D: is CDROM () U: is NetworkDisk (NTFS) - 932 GiB total, 631.582 GiB free. V: is NetworkDisk (NTFS) - 932 GiB total, 631.582 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP460: 21/02/2012 3:45:21 PM - System Checkpoint RP461: 22/02/2012 5:46:29 PM - System Checkpoint RP462: 23/02/2012 7:14:15 PM - System Checkpoint RP463: 27/02/2012 1:18:49 PM - System Checkpoint RP464: 28/02/2012 1:24:17 PM - System Checkpoint RP465: 29/02/2012 5:19:23 PM - System Checkpoint RP466: 1/03/2012 5:24:20 PM - System Checkpoint RP467: 5/03/2012 10:28:18 AM - System Checkpoint RP468: 6/03/2012 11:53:34 AM - System Checkpoint RP469: 7/03/2012 1:37:29 PM - System Checkpoint RP470: 8/03/2012 4:55:19 PM - System Checkpoint RP471: 12/03/2012 9:57:47 AM - System Checkpoint RP472: 13/03/2012 10:41:07 AM - System Checkpoint RP473: 14/03/2012 1:53:20 PM - System Checkpoint RP474: 15/03/2012 2:50:47 PM - Installed Windows Media Player 11 RP475: 16/03/2012 4:47:31 PM - System Checkpoint RP476: 20/03/2012 12:57:40 PM - System Checkpoint RP477: 21/03/2012 4:53:45 PM - System Checkpoint RP478: 22/03/2012 6:22:44 PM - System Checkpoint RP479: 26/03/2012 11:18:46 AM - System Checkpoint RP480: 27/03/2012 12:02:50 PM - System Checkpoint RP481: 28/03/2012 1:39:25 PM - System Checkpoint RP482: 29/03/2012 5:28:19 PM - System Checkpoint RP483: 30/03/2012 12:04:26 PM - Installed Windows Media Player 11 RP484: 2/04/2012 10:49:48 AM - System Checkpoint RP485: 3/04/2012 1:02:19 PM - System Checkpoint RP486: 4/04/2012 1:21:27 PM - System Checkpoint RP487: 5/04/2012 3:43:11 PM - System Checkpoint RP488: 10/04/2012 10:24:41 AM - System Checkpoint RP489: 11/04/2012 1:36:11 PM - System Checkpoint RP490: 12/04/2012 3:32:24 PM - Installed Google Earth. RP491: 13/04/2012 5:35:13 PM - System Checkpoint RP492: 16/04/2012 12:23:49 PM - System Checkpoint RP493: 17/04/2012 12:06:14 PM - Installed AVG 2012 RP494: 17/04/2012 12:06:38 PM - Installed AVG 2012 RP495: 18/04/2012 9:28:03 AM - Removed AVG 2012 RP496: 18/04/2012 9:29:19 AM - Removed AVG 2012 RP497: 19/04/2012 10:04:14 AM - System Checkpoint . ==== Installed Programs ====================== . Leawo AVI Converter version 5.0.0.0 7-Zip 9.20 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.3) Apple Application Support Apple Mobile Device Support Apple Software Update AVG PC Tuneup Bonjour Brother HL-5350DN Browser Address Error Redirector Dell Support Center (Support Software) Dell System Restore FileZilla Client 3.4.0 Google Earth Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel® Graphics Media Accelerator Driver Intel® PRO Network Connections 12.1.8.0 iTunes Java Auto Updater Java 6 Update 29 JobBag v5 K-Lite Codec Pack 7.6.0 (Basic) LogMeIn Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2003 Web Components Microsoft Office 2007 Primary Interop Assemblies Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Small Business 2007 Microsoft Office Small Business Connectivity Components Microsoft Office Word MUI (English) 2007 Microsoft Software Update for Web Folders (English) 12 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Mozilla Firefox 4.0 (x86 en-GB) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6.0 Parser (KB933579) OGA Notifier 1.7.0105.35.0 PDFCreator Picasa 3 PowerDVD QuickTime Realtek High Definition Audio Driver Roxio Activation Module Roxio Creator Audio Roxio Creator BDAV Plugin Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Drag-to-Disc Roxio Express Labeler 3 Roxio Update Manager Samsung ML-2010 Series Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2466156) Security Update for 2007 Microsoft Office System (KB2509488) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Office Excel 2007 (KB2464583) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2464594) Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) Security Update for Microsoft Office Publisher 2007 (KB2284697) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows XP (KB950759) Sonic CinePlayer Decoder Pack Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office Outlook 2007 (KB2509470) Update for Outlook 2007 Junk Email Filter (KB2522999) Update for Windows Internet Explorer 8 (KB971180) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) WebFldrs XP Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Small Business Server 2008 ClientAgent Windows Small Business Server 2008 WMI Provider Windows XP Service Pack 3 . ==== Event Viewer Messages From Past Week ======== . 19/04/2012 9:37:08 AM, error: NETLOGON [5719] - No Domain Controller is available for domain DECODER due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. 17/04/2012 3:05:13 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor 17/04/2012 3:05:05 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume. 17/04/2012 2:16:28 PM, error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: A device attached to the system is not functioning. 17/04/2012 2:16:28 PM, error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: A device attached to the system is not functioning. 17/04/2012 2:13:41 PM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: A device attached to the system is not functioning. 17/04/2012 12:10:00 PM, error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: The dependency service or group failed to start. 17/04/2012 12:07:21 PM, error: Service Control Manager [7001] - The AVGIDSDriver service depends on the AVGIDSFilter service which failed to start because of the following error: The dependency service or group failed to start. 17/04/2012 12:07:20 PM, error: Service Control Manager [7001] - The AVGIDSFilter service depends on the AVGIDSShim service which failed to start because of the following error: A device attached to the system is not functioning. 17/04/2012 12:07:18 PM, error: Service Control Manager [7000] - The AVGIDSShim service failed to start due to the following error: A device attached to the system is not functioning. 17/04/2012 12:07:17 PM, error: Service Control Manager [7000] - The AVG TDI Driver service failed to start due to the following error: A device attached to the system is not functioning. 17/04/2012 12:07:15 PM, error: Service Control Manager [7000] - The AVG Mini-Filter Resident Anti-Virus Shield service failed to start due to the following error: A device attached to the system is not functioning. 17/04/2012 12:07:13 PM, error: Service Control Manager [7000] - The AVG AVI Loader Driver service failed to start due to the following error: A device attached to the system is not functioning. 17/04/2012 12:07:11 PM, error: Service Control Manager [7000] - The AVG Anti-Rootkit Driver service failed to start due to the following error: A device attached to the system is not functioning. 17/04/2012 1:30:36 AM, error: Service Control Manager [7028] - The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key. 16/04/2012 8:55:42 AM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 16/04/2012 4:22:39 PM, error: Kerberos [4] - The kerberos client received a KRB_AP_ERR_MODIFIED error from the server hp8000$. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (DECODER.LOCAL), and the client realm. Please contact your system administrator. 16/04/2012 2:42:51 PM, error: Service Control Manager [7028] - The BITS Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key. . ==== End Of File =========================== Many thanks again!
  3. strangetiger
    Hi all! Hope you can help me - have an incredibly annoying problem with google (as well as yahoo and firefox) where clicking on a link from google I am redirected via bon-search.net to an unrelated site. This happens most often on additional browser tabs - the first IE Google or Firefox screen will usually link correctly (although not always) but additional tabs will not work properly at all and typing in the address in the browser address bar doesn't work either. I have run MalwareBytes multiple times, as well as antivirus with AVG, Trend Micro, etc., without much success. Below is the log from HijackThis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 3:15:52 PM, on 19/04/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Brownie\BrstsWnd.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Brownie\Brnipmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\nikki\Local Settings\Temporary Internet Files\Content.IE5\71WFSL91\HijackThis[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=1080816 O1 - Hosts: 93.113.196.118 www.google.com O1 - Hosts: 93.113.196.119 www.bing.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [brStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [etpmyy6fze] C:\Documents and Settings\nikki\etpmyy6fze.exe O4 - HKUS\S-1-5-21-3412679897-3502492104-3480369037-1150\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User '?') O4 - HKUS\S-1-5-21-3412679897-3502492104-3480369037-1150\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-3412679897-3502492104-3480369037-1191\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User '?') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.asos.com O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab?rnd=3345172118 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = decoder.local O17 - HKLM\Software\..\Telephony: DomainName = decoder.local O17 - HKLM\System\CCS\Services\Tcpip\..\{6A70F077-30B7-46D8-ABED-1D917788B90E}: Domain = decoder.local O17 - HKLM\System\CCS\Services\Tcpip\..\{6A70F077-30B7-46D8-ABED-1D917788B90E}: NameServer = 192.168.0.241 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = decoder.local O17 - HKLM\System\CS1\Services\Tcpip\..\{6A70F077-30B7-46D8-ABED-1D917788B90E}: Domain = decoder.local O17 - HKLM\System\CS1\Services\Tcpip\..\{6A70F077-30B7-46D8-ABED-1D917788B90E}: NameServer = 192.168.0.241 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = decoder.local O17 - HKLM\System\CS2\Services\Tcpip\..\{6A70F077-30B7-46D8-ABED-1D917788B90E}: Domain = decoder.local O17 - HKLM\System\CS2\Services\Tcpip\..\{6A70F077-30B7-46D8-ABED-1D917788B90E}: NameServer = 192.168.0.241 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/nikki/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.gif -- End of file - 10201 bytes ______________________________________ any help would be greatly appreciated! Thanks!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.