google redirect (bon-search.net) - please help

strangetiger · April 19, 2012

Hi all!

Hope you can help me - have an incredibly annoying problem with google (as well as yahoo and firefox) where clicking on a link from google I am redirected via bon-search.net to an unrelated site.

This happens most often on additional browser tabs - the first IE Google or Firefox screen will usually link correctly (although not always) but additional tabs will not work properly at all and typing in the address in the browser address bar doesn't work either.

I have run MalwareBytes multiple times, as well as antivirus with AVG, Trend Micro, etc., without much success. Below is the log from HijackThis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 3:15:52 PM, on 19/04/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Brownie\BrstsWnd.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Brownie\Brnipmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\nikki\Local Settings\Temporary Internet Files\Content.IE5\71WFSL91\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=1080816

O1 - Hosts: 93.113.196.118 www.google.com

O1 - Hosts: 93.113.196.119 www.bing.com

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [brStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [etpmyy6fze] C:\Documents and Settings\nikki\etpmyy6fze.exe

O4 - HKUS\S-1-5-21-3412679897-3502492104-3480369037-1150\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User '?')

O4 - HKUS\S-1-5-21-3412679897-3502492104-3480369037-1150\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-3412679897-3502492104-3480369037-1191\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User '?')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.asos.com

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab?rnd=3345172118

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = decoder.local

O17 - HKLM\Software\..\Telephony: DomainName = decoder.local

O17 - HKLM\System\CCS\Services\Tcpip\..\{6A70F077-30B7-46D8-ABED-1D917788B90E}: Domain = decoder.local

O17 - HKLM\System\CCS\Services\Tcpip\..\{6A70F077-30B7-46D8-ABED-1D917788B90E}: NameServer = 192.168.0.241

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = decoder.local

O17 - HKLM\System\CS1\Services\Tcpip\..\{6A70F077-30B7-46D8-ABED-1D917788B90E}: Domain = decoder.local

O17 - HKLM\System\CS1\Services\Tcpip\..\{6A70F077-30B7-46D8-ABED-1D917788B90E}: NameServer = 192.168.0.241

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = decoder.local

O17 - HKLM\System\CS2\Services\Tcpip\..\{6A70F077-30B7-46D8-ABED-1D917788B90E}: Domain = decoder.local

O17 - HKLM\System\CS2\Services\Tcpip\..\{6A70F077-30B7-46D8-ABED-1D917788B90E}: NameServer = 192.168.0.241

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/nikki/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.gif

--

End of file - 10201 bytes

______________________________________

any help would be greatly appreciated!

Thanks!

Maniac · April 19, 2012

Hello strangetiger and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please follow the instructions here:

http://forums.malwarebytes.org/index.php?showtopic=9573

Post both of log files in your next reply.

strangetiger · April 20, 2012

Hi Maniac! Thanks so much for coming to my assistance!

As per instructions, below are the dds.txt and attach.txt files:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29

Run by nikki at 9:55:48 on 2012-04-20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1409 [GMT 10:00]

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Brownie\BrstsWnd.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Brownie\Brnipmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.au/

uDefault_Page_URL = hxxp://companyweb

uSearch Bar =

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [etpmyy6fze] c:\documents and settings\nikki\etpmyy6fze.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Regedit32] c:\windows\system32\regedit.exe

mPolicies-system: RunStartupScriptSync = 1 (0x1)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: asos.com\www

Trusted Zone: officeworks.com.au\www

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab?rnd=3345172118

TCP: DhcpNameServer = 192.168.0.241 192.231.203.132 192.231.203.3

TCP: Interfaces\{6A70F077-30B7-46D8-ABED-1D917788B90E} : NameServer = 192.168.0.241

TCP: Interfaces\{6A70F077-30B7-46D8-ABED-1D917788B90E} : DhcpNameServer = 192.168.0.241 192.231.203.132 192.231.203.3

Notify: igfxcui - igfxdev.dll

Notify: LMIinit - LMIinit.dll

Hosts: 93.113.196.118 www.google.com

Hosts: 93.113.196.119 www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\nikki\application data\mozilla\firefox\profiles\alvqrs73.default\

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-4-12 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-5-13 47640]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-17 654408]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 253088]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-17 22344]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== Created Last 30 ================

.

2012-04-17 04:13:40 -------- d-----w- c:\documents and settings\nikki\application data\Malwarebytes

2012-04-17 04:13:34 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-17 04:13:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-17 04:13:34 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-04-17 02:26:36 -------- d-----w- c:\documents and settings\nikki\application data\AVG

2012-04-17 02:09:59 -------- d-----w- c:\documents and settings\nikki\application data\AVG2012

2012-04-17 02:07:27 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2012-04-17 02:06:51 -------- d-----w- c:\documents and settings\all users\application data\AVG2012

2012-04-17 02:06:15 -------- d-----w- c:\program files\AVG

2012-04-17 02:02:29 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2012-04-15 23:23:03 4126368 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-04-15 22:57:54 44368 ----a-w- c:\windows\system32\drivers\20cb95d47b2c6bbd.sys

2012-04-12 05:56:33 19136 ----a-w- c:\documents and settings\nikki\etpmyy6fze.exe

2012-04-04 05:53:56 182160 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2012-04-01 23:21:09 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-03-30 00:12:07 -------- d-----w- c:\documents and settings\nikki\application data\tiger-k

2012-03-30 00:12:07 -------- d-----w- c:\documents and settings\nikki\application data\Leawo

2012-03-30 00:07:46 175616 ----a-w- c:\windows\system32\unrar.dll

2012-03-30 00:07:44 -------- d-----w- c:\program files\K-Lite Codec Pack

2012-03-30 00:07:39 606208 ----a-w- c:\windows\system32\xvidcore.dll

2012-03-30 00:07:39 139264 ----a-w- c:\windows\system32\xvid.ax

2012-03-30 00:07:33 -------- d-----w- c:\program files\Leawo

.

==================== Find3M ====================

.

2012-04-15 23:23:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-06 23:20:23 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-02-06 23:20:21 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

2012-02-06 23:20:18 30592 ----a-w- c:\windows\system32\LMIport.dll

2012-02-06 23:20:17 87424 ----a-w- c:\windows\system32\LMIinit.dll

.

============= FINISH: 9:56:25.32 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 22/08/2008 10:12:24 AM

System Uptime: 20/04/2012 9:23:55 AM (0 hours ago)

.

Motherboard: Dell Inc. | | 0RK936

Processor: Intel® Core2 Duo CPU E4600 @ 2.40GHz | Socket 775 | 2394/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 229 GiB total, 199.283 GiB free.

D: is CDROM ()

U: is NetworkDisk (NTFS) - 932 GiB total, 631.582 GiB free.

V: is NetworkDisk (NTFS) - 932 GiB total, 631.582 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP460: 21/02/2012 3:45:21 PM - System Checkpoint

RP461: 22/02/2012 5:46:29 PM - System Checkpoint

RP462: 23/02/2012 7:14:15 PM - System Checkpoint

RP463: 27/02/2012 1:18:49 PM - System Checkpoint

RP464: 28/02/2012 1:24:17 PM - System Checkpoint

RP465: 29/02/2012 5:19:23 PM - System Checkpoint

RP466: 1/03/2012 5:24:20 PM - System Checkpoint

RP467: 5/03/2012 10:28:18 AM - System Checkpoint

RP468: 6/03/2012 11:53:34 AM - System Checkpoint

RP469: 7/03/2012 1:37:29 PM - System Checkpoint

RP470: 8/03/2012 4:55:19 PM - System Checkpoint

RP471: 12/03/2012 9:57:47 AM - System Checkpoint

RP472: 13/03/2012 10:41:07 AM - System Checkpoint

RP473: 14/03/2012 1:53:20 PM - System Checkpoint

RP474: 15/03/2012 2:50:47 PM - Installed Windows Media Player 11

RP475: 16/03/2012 4:47:31 PM - System Checkpoint

RP476: 20/03/2012 12:57:40 PM - System Checkpoint

RP477: 21/03/2012 4:53:45 PM - System Checkpoint

RP478: 22/03/2012 6:22:44 PM - System Checkpoint

RP479: 26/03/2012 11:18:46 AM - System Checkpoint

RP480: 27/03/2012 12:02:50 PM - System Checkpoint

RP481: 28/03/2012 1:39:25 PM - System Checkpoint

RP482: 29/03/2012 5:28:19 PM - System Checkpoint

RP483: 30/03/2012 12:04:26 PM - Installed Windows Media Player 11

RP484: 2/04/2012 10:49:48 AM - System Checkpoint

RP485: 3/04/2012 1:02:19 PM - System Checkpoint

RP486: 4/04/2012 1:21:27 PM - System Checkpoint

RP487: 5/04/2012 3:43:11 PM - System Checkpoint

RP488: 10/04/2012 10:24:41 AM - System Checkpoint

RP489: 11/04/2012 1:36:11 PM - System Checkpoint

RP490: 12/04/2012 3:32:24 PM - Installed Google Earth.

RP491: 13/04/2012 5:35:13 PM - System Checkpoint

RP492: 16/04/2012 12:23:49 PM - System Checkpoint

RP493: 17/04/2012 12:06:14 PM - Installed AVG 2012

RP494: 17/04/2012 12:06:38 PM - Installed AVG 2012

RP495: 18/04/2012 9:28:03 AM - Removed AVG 2012

RP496: 18/04/2012 9:29:19 AM - Removed AVG 2012

RP497: 19/04/2012 10:04:14 AM - System Checkpoint

.

==== Installed Programs ======================

.

Leawo AVI Converter version 5.0.0.0

7-Zip 9.20

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.3)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVG PC Tuneup

Bonjour

Brother HL-5350DN

Browser Address Error Redirector

Dell Support Center (Support Software)

Dell System Restore

FileZilla Client 3.4.0

Google Earth

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections 12.1.8.0

iTunes

Java Auto Updater

Java 6 Update 29

JobBag v5

K-Lite Codec Pack 7.6.0 (Basic)

LogMeIn

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business 2007

Microsoft Office Small Business Connectivity Components

Microsoft Office Word MUI (English) 2007

Microsoft Software Update for Web Folders (English) 12

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 4.0 (x86 en-GB)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

OGA Notifier 1.7.0105.35.0

PDFCreator

Picasa 3

PowerDVD

QuickTime

Realtek High Definition Audio Driver

Roxio Activation Module

Roxio Creator Audio

Roxio Creator BDAV Plugin

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Drag-to-Disc

Roxio Express Labeler 3

Roxio Update Manager

Samsung ML-2010 Series

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2466156)

Security Update for 2007 Microsoft Office System (KB2509488)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office Excel 2007 (KB2464583)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2464594)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows XP (KB950759)

Sonic CinePlayer Decoder Pack

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office Outlook 2007 (KB2509470)

Update for Outlook 2007 Junk Email Filter (KB2522999)

Update for Windows Internet Explorer 8 (KB971180)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

WebFldrs XP

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Small Business Server 2008 ClientAgent

Windows Small Business Server 2008 WMI Provider

Windows XP Service Pack 3

.

==== Event Viewer Messages From Past Week ========

.

19/04/2012 9:37:08 AM, error: NETLOGON [5719] - No Domain Controller is available for domain DECODER due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

17/04/2012 3:05:13 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor

17/04/2012 3:05:05 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

17/04/2012 2:16:28 PM, error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: A device attached to the system is not functioning.

17/04/2012 2:16:28 PM, error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: A device attached to the system is not functioning.

17/04/2012 2:13:41 PM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: A device attached to the system is not functioning.

17/04/2012 12:10:00 PM, error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: The dependency service or group failed to start.

17/04/2012 12:07:21 PM, error: Service Control Manager [7001] - The AVGIDSDriver service depends on the AVGIDSFilter service which failed to start because of the following error: The dependency service or group failed to start.

17/04/2012 12:07:20 PM, error: Service Control Manager [7001] - The AVGIDSFilter service depends on the AVGIDSShim service which failed to start because of the following error: A device attached to the system is not functioning.

17/04/2012 12:07:18 PM, error: Service Control Manager [7000] - The AVGIDSShim service failed to start due to the following error: A device attached to the system is not functioning.

17/04/2012 12:07:17 PM, error: Service Control Manager [7000] - The AVG TDI Driver service failed to start due to the following error: A device attached to the system is not functioning.

17/04/2012 12:07:15 PM, error: Service Control Manager [7000] - The AVG Mini-Filter Resident Anti-Virus Shield service failed to start due to the following error: A device attached to the system is not functioning.

17/04/2012 12:07:13 PM, error: Service Control Manager [7000] - The AVG AVI Loader Driver service failed to start due to the following error: A device attached to the system is not functioning.

17/04/2012 12:07:11 PM, error: Service Control Manager [7000] - The AVG Anti-Rootkit Driver service failed to start due to the following error: A device attached to the system is not functioning.

17/04/2012 1:30:36 AM, error: Service Control Manager [7028] - The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

16/04/2012 8:55:42 AM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

16/04/2012 4:22:39 PM, error: Kerberos [4] - The kerberos client received a KRB_AP_ERR_MODIFIED error from the server hp8000$. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (DECODER.LOCAL), and the client realm. Please contact your system administrator.

16/04/2012 2:42:51 PM, error: Service Control Manager [7028] - The BITS Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

.

==== End Of File ===========================

Many thanks again!

Maniac · April 20, 2012

Your great mistake is to uninstall your antivirus program and to stay without any. Once complete, it is necessary to immediately change all your passwords and install an antivirus program. I will send you some suggestions at the end.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

TDSSKiller log
Malwarebytes' Anti-Malware log
a new fresh DDS log file

strangetiger · April 23, 2012

Hi there!

As requested, please find below the TDSSKIller Log and in the next post the MalwareBytes' Anti-Malware log and new DDS log file:

10:04:19.0678 3528 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47

10:04:20.0960 3528 ============================================================

10:04:20.0960 3528 Current date / time: 2012/04/23 10:04:20.0960

10:04:20.0960 3528 SystemInfo:

10:04:20.0960 3528

10:04:20.0960 3528 OS Version: 5.1.2600 ServicePack: 3.0

10:04:20.0960 3528 Product type: Workstation

10:04:20.0960 3528 ComputerName: DELL-10240

10:04:20.0960 3528 UserName: nikki

10:04:20.0960 3528 Windows directory: C:\WINDOWS

10:04:20.0960 3528 System windows directory: C:\WINDOWS

10:04:20.0960 3528 Processor architecture: Intel x86

10:04:20.0960 3528 Number of processors: 2

10:04:20.0960 3528 Page size: 0x1000

10:04:20.0960 3528 Boot type: Normal boot

10:04:20.0960 3528 ============================================================

10:04:26.0241 3528 !crdlk

10:04:26.0397 3528 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'

10:04:26.0413 3528 \Device\Harddisk0\DR0:

10:04:26.0413 3528 MBR partitions:

10:04:26.0413 3528 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x1CA5A09D

10:04:26.0444 3528 C: <-> \Device\Harddisk0\DR0\Partition0

10:04:26.0444 3528 Initialize success

10:04:26.0444 3528 ============================================================

10:04:41.0570 3560 ============================================================

10:04:41.0570 3560 Scan started

10:04:41.0570 3560 Mode: Manual; SigCheck; TDLFS;

10:04:41.0570 3560 ============================================================

10:04:42.0007 3560 Suspicious service (NoAccess): 20cb95d47b2c6bbd

10:04:42.0101 3560 20cb95d47b2c6bbd (9c029ef2c394e6d415e81ce9f681bd28) C:\WINDOWS\System32\Drivers\20cb95d47b2c6bbd.sys

10:04:42.0101 3560 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\20cb95d47b2c6bbd.sys. md5: 9c029ef2c394e6d415e81ce9f681bd28

10:04:42.0132 3560 20cb95d47b2c6bbd ( LockedService.Multi.Generic ) - warning

10:04:42.0132 3560 20cb95d47b2c6bbd - detected LockedService.Multi.Generic (1)

10:04:42.0132 3560 Abiosdsk - ok

10:04:42.0241 3560 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

10:04:42.0570 3560 abp480n5 - ok

10:04:42.0663 3560 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

10:04:42.0757 3560 ACPI - ok

10:04:42.0788 3560 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

10:04:42.0882 3560 ACPIEC - ok

10:04:43.0007 3560 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

10:04:43.0023 3560 AdobeFlashPlayerUpdateSvc - ok

10:04:43.0101 3560 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

10:04:43.0179 3560 adpu160m - ok

10:04:43.0273 3560 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

10:04:43.0351 3560 aec - ok

10:04:43.0413 3560 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

10:04:43.0507 3560 AFD - ok

10:04:43.0585 3560 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

10:04:43.0726 3560 agp440 - ok

10:04:43.0757 3560 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

10:04:43.0866 3560 agpCPQ - ok

10:04:43.0929 3560 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

10:04:43.0960 3560 Aha154x - ok

10:04:43.0991 3560 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

10:04:44.0101 3560 aic78u2 - ok

10:04:44.0132 3560 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

10:04:44.0210 3560 aic78xx - ok

10:04:44.0304 3560 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

10:04:44.0398 3560 Alerter - ok

10:04:44.0445 3560 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

10:04:44.0538 3560 ALG - ok

10:04:44.0648 3560 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

10:04:44.0726 3560 AliIde - ok

10:04:44.0788 3560 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

10:04:44.0867 3560 alim1541 - ok

10:04:44.0913 3560 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

10:04:44.0992 3560 amdagp - ok

10:04:45.0054 3560 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

10:04:45.0101 3560 amsint - ok

10:04:45.0242 3560 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

10:04:45.0257 3560 Apple Mobile Device - ok

10:04:45.0382 3560 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

10:04:45.0476 3560 AppMgmt - ok

10:04:45.0554 3560 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

10:04:45.0648 3560 asc - ok

10:04:45.0726 3560 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

10:04:45.0757 3560 asc3350p - ok

10:04:45.0773 3560 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

10:04:45.0851 3560 asc3550 - ok

10:04:45.0913 3560 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

10:04:45.0945 3560 aspnet_state - ok

10:04:46.0070 3560 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

10:04:46.0148 3560 AsyncMac - ok

10:04:46.0179 3560 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

10:04:46.0242 3560 atapi - ok

10:04:46.0257 3560 Atdisk - ok

10:04:46.0273 3560 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

10:04:46.0351 3560 Atmarpc - ok

10:04:46.0476 3560 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

10:04:46.0554 3560 AudioSrv - ok

10:04:46.0632 3560 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

10:04:46.0710 3560 audstub - ok

10:04:46.0851 3560 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

10:04:46.0929 3560 Beep - ok

10:04:46.0992 3560 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

10:04:47.0117 3560 BITS - ok

10:04:47.0226 3560 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe

10:04:47.0242 3560 Bonjour Service - ok

10:04:47.0382 3560 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

10:04:47.0476 3560 Browser - ok

10:04:47.0538 3560 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

10:04:47.0632 3560 cbidf - ok

10:04:47.0632 3560 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

10:04:47.0710 3560 cbidf2k - ok

10:04:47.0773 3560 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

10:04:47.0804 3560 cd20xrnt - ok

10:04:47.0835 3560 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

10:04:47.0898 3560 Cdaudio - ok

10:04:47.0992 3560 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

10:04:48.0070 3560 Cdfs - ok

10:04:48.0117 3560 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

10:04:48.0195 3560 Cdrom - ok

10:04:48.0242 3560 Changer - ok

10:04:48.0273 3560 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

10:04:48.0445 3560 CiSvc - ok

10:04:48.0476 3560 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

10:04:48.0601 3560 ClipSrv - ok

10:04:48.0742 3560 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:04:48.0773 3560 clr_optimization_v2.0.50727_32 - ok

10:04:48.0867 3560 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

10:04:49.0007 3560 CmdIde - ok

10:04:49.0054 3560 COMSysApp - ok

10:04:49.0085 3560 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

10:04:49.0226 3560 Cpqarray - ok

10:04:49.0304 3560 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

10:04:49.0382 3560 CryptSvc - ok

10:04:49.0476 3560 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

10:04:49.0554 3560 dac2w2k - ok

10:04:49.0617 3560 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

10:04:49.0710 3560 dac960nt - ok

10:04:49.0773 3560 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

10:04:49.0835 3560 DcomLaunch - ok

10:04:49.0945 3560 DgiVecp (a5034f77b278f07e224fe07cf98a8b76) C:\WINDOWS\system32\Drivers\DgiVecp.sys

10:04:49.0960 3560 DgiVecp ( UnsignedFile.Multi.Generic ) - warning

10:04:49.0960 3560 DgiVecp - detected UnsignedFile.Multi.Generic (1)

10:04:50.0023 3560 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

10:04:50.0117 3560 Dhcp - ok

10:04:50.0164 3560 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

10:04:50.0226 3560 Disk - ok

10:04:50.0320 3560 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS

10:04:50.0335 3560 DLABMFSM - ok

10:04:50.0367 3560 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS

10:04:50.0367 3560 DLABOIOM - ok

10:04:50.0382 3560 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

10:04:50.0382 3560 DLACDBHM - ok

10:04:50.0398 3560 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS

10:04:50.0398 3560 DLADResM - ok

10:04:50.0414 3560 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS

10:04:50.0414 3560 DLAIFS_M - ok

10:04:50.0429 3560 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS

10:04:50.0429 3560 DLAOPIOM - ok

10:04:50.0445 3560 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS

10:04:50.0445 3560 DLAPoolM - ok

10:04:50.0460 3560 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

10:04:50.0460 3560 DLARTL_M - ok

10:04:50.0476 3560 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS

10:04:50.0476 3560 DLAUDFAM - ok

10:04:50.0492 3560 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS

10:04:50.0492 3560 DLAUDF_M - ok

10:04:50.0554 3560 dmadmin - ok

10:04:50.0632 3560 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

10:04:50.0757 3560 dmboot - ok

10:04:50.0882 3560 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

10:04:50.0976 3560 dmio - ok

10:04:50.0992 3560 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

10:04:51.0101 3560 dmload - ok

10:04:51.0179 3560 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

10:04:51.0257 3560 dmserver - ok

10:04:51.0414 3560 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

10:04:51.0492 3560 DMusic - ok

10:04:51.0570 3560 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

10:04:51.0601 3560 Dnscache - ok

10:04:51.0664 3560 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

10:04:51.0742 3560 Dot3svc - ok

10:04:51.0789 3560 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

10:04:51.0882 3560 dpti2o - ok

10:04:51.0960 3560 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

10:04:52.0039 3560 drmkaud - ok

10:04:52.0132 3560 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

10:04:52.0148 3560 DRVMCDB - ok

10:04:52.0195 3560 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

10:04:52.0195 3560 DRVNDDM - ok

10:04:52.0257 3560 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

10:04:52.0351 3560 E100B - ok

10:04:52.0492 3560 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

10:04:52.0507 3560 e1express - ok

10:04:52.0554 3560 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

10:04:52.0648 3560 EapHost - ok

10:04:52.0773 3560 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

10:04:52.0851 3560 ERSvc - ok

10:04:52.0914 3560 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

10:04:52.0929 3560 Eventlog - ok

10:04:53.0054 3560 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

10:04:53.0117 3560 EventSystem - ok

10:04:53.0210 3560 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

10:04:53.0289 3560 Fastfat - ok

10:04:53.0398 3560 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

10:04:53.0429 3560 FastUserSwitchingCompatibility - ok

10:04:53.0507 3560 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe

10:04:53.0585 3560 Fax - ok

10:04:53.0726 3560 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

10:04:53.0804 3560 Fdc - ok

10:04:53.0836 3560 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

10:04:53.0898 3560 Fips - ok

10:04:54.0070 3560 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

10:04:54.0148 3560 Flpydisk - ok

10:04:54.0211 3560 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

10:04:54.0289 3560 FltMgr - ok

10:04:54.0445 3560 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

10:04:54.0476 3560 FontCache3.0.0.0 - ok

10:04:54.0617 3560 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

10:04:54.0695 3560 Fs_Rec - ok

10:04:54.0742 3560 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

10:04:54.0836 3560 Ftdisk - ok

10:04:54.0976 3560 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

10:04:54.0976 3560 GEARAspiWDM - ok

10:04:55.0023 3560 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

10:04:55.0117 3560 Gpc - ok

10:04:55.0304 3560 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

10:04:55.0304 3560 gusvc - ok

10:04:55.0507 3560 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

10:04:55.0586 3560 HDAudBus - ok

10:04:55.0679 3560 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

10:04:55.0757 3560 helpsvc - ok

10:04:55.0836 3560 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

10:04:55.0929 3560 HidServ - ok

10:04:56.0054 3560 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

10:04:56.0132 3560 HidUsb - ok

10:04:56.0211 3560 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

10:04:56.0304 3560 hkmsvc - ok

10:04:56.0492 3560 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

10:04:56.0570 3560 hpn - ok

10:04:56.0632 3560 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

10:04:56.0695 3560 HTTP - ok

10:04:56.0804 3560 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

10:04:56.0882 3560 HTTPFilter - ok

10:04:57.0007 3560 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

10:04:57.0086 3560 i2omgmt - ok

10:04:57.0132 3560 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

10:04:57.0195 3560 i2omp - ok

10:04:57.0336 3560 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

10:04:57.0414 3560 i8042prt - ok

10:04:57.0711 3560 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

10:04:57.0851 3560 ialm - ok

10:04:57.0992 3560 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys

10:04:57.0992 3560 iaStor - ok

10:04:58.0117 3560 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

10:04:58.0164 3560 idsvc - ok

10:04:58.0367 3560 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

10:04:58.0445 3560 Imapi - ok

10:04:58.0492 3560 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

10:04:58.0586 3560 ImapiService - ok

10:04:58.0758 3560 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

10:04:58.0836 3560 ini910u - ok

10:04:58.0992 3560 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys

10:04:59.0117 3560 IntcAzAudAddService - ok

10:04:59.0289 3560 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

10:04:59.0367 3560 IntelIde - ok

10:04:59.0398 3560 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

10:04:59.0476 3560 intelppm - ok

10:04:59.0601 3560 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

10:04:59.0695 3560 Ip6Fw - ok

10:04:59.0726 3560 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

10:04:59.0836 3560 IpFilterDriver - ok

10:04:59.0945 3560 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

10:05:00.0023 3560 IpInIp - ok

10:05:00.0070 3560 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

10:05:00.0148 3560 IpNat - ok

10:05:00.0273 3560 iPod Service (9033d67b7112d23eded6789bacded128) C:\Program Files\iPod\bin\iPodService.exe

10:05:00.0304 3560 iPod Service - ok

10:05:00.0476 3560 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

10:05:00.0554 3560 IPSec - ok

10:05:00.0601 3560 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

10:05:00.0695 3560 IRENUM - ok

10:05:00.0867 3560 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

10:05:01.0133 3560 isapnp - ok

10:05:01.0336 3560 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe

10:05:01.0336 3560 JavaQuickStarterService - ok

10:05:01.0508 3560 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

10:05:01.0586 3560 Kbdclass - ok

10:05:01.0664 3560 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

10:05:01.0742 3560 kbdhid - ok

10:05:01.0883 3560 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

10:05:01.0961 3560 kmixer - ok

10:05:02.0039 3560 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

10:05:02.0133 3560 KSecDD - ok

10:05:02.0242 3560 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

10:05:02.0273 3560 lanmanserver - ok

10:05:02.0351 3560 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

10:05:02.0398 3560 lanmanworkstation - ok

10:05:02.0508 3560 lbrtfdc - ok

10:05:02.0570 3560 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

10:05:02.0648 3560 LmHosts - ok

10:05:02.0836 3560 LMIGuardianSvc (2375e7e01635fbccde2f796a9e078e07) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

10:05:02.0836 3560 LMIGuardianSvc - ok

10:05:02.0898 3560 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys

10:05:02.0898 3560 LMIInfo - ok

10:05:02.0961 3560 LMIMaint (b9c127273eaba403311854a8dcb6d0aa) C:\Program Files\LogMeIn\x86\RaMaint.exe

10:05:02.0976 3560 LMIMaint - ok

10:05:03.0101 3560 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys

10:05:03.0117 3560 lmimirr - ok

10:05:03.0148 3560 LMIRfsClientNP - ok

10:05:03.0164 3560 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

10:05:03.0179 3560 LMIRfsDriver - ok

10:05:03.0336 3560 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe

10:05:03.0351 3560 LogMeIn - ok

10:05:03.0554 3560 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys

10:05:03.0570 3560 MBAMProtector - ok

10:05:03.0695 3560 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

10:05:03.0726 3560 MBAMService - ok

10:05:03.0851 3560 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

10:05:03.0930 3560 Messenger - ok

10:05:04.0039 3560 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

10:05:04.0133 3560 mnmdd - ok

10:05:04.0211 3560 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

10:05:04.0305 3560 mnmsrvc - ok

10:05:04.0398 3560 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

10:05:04.0492 3560 Modem - ok

10:05:04.0555 3560 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

10:05:04.0633 3560 Mouclass - ok

10:05:04.0695 3560 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

10:05:04.0789 3560 mouhid - ok

10:05:04.0883 3560 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

10:05:04.0961 3560 MountMgr - ok

10:05:05.0023 3560 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

10:05:05.0117 3560 mraid35x - ok

10:05:05.0211 3560 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

10:05:05.0305 3560 MRxDAV - ok

10:05:05.0398 3560 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

10:05:05.0461 3560 MRxSmb - ok

10:05:05.0555 3560 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

10:05:05.0648 3560 MSDTC - ok

10:05:05.0820 3560 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

10:05:05.0883 3560 Msfs - ok

10:05:05.0898 3560 MSIServer - ok

10:05:05.0945 3560 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

10:05:06.0023 3560 MSKSSRV - ok

10:05:06.0101 3560 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

10:05:06.0180 3560 MSPCLOCK - ok

10:05:06.0242 3560 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

10:05:06.0336 3560 MSPQM - ok

10:05:06.0461 3560 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

10:05:06.0539 3560 mssmbios - ok

10:05:06.0601 3560 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

10:05:06.0680 3560 Mup - ok

10:05:06.0805 3560 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

10:05:06.0898 3560 napagent - ok

10:05:07.0023 3560 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

10:05:07.0086 3560 NDIS - ok

10:05:07.0117 3560 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

10:05:07.0211 3560 NdisTapi - ok

10:05:07.0351 3560 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

10:05:07.0430 3560 Ndisuio - ok

10:05:07.0508 3560 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

10:05:07.0586 3560 NdisWan - ok

10:05:07.0695 3560 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

10:05:07.0742 3560 NDProxy - ok

10:05:07.0820 3560 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

10:05:07.0898 3560 NetBIOS - ok

10:05:07.0976 3560 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

10:05:08.0055 3560 NetBT - ok

10:05:08.0133 3560 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

10:05:08.0211 3560 NetDDE - ok

10:05:08.0242 3560 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

10:05:08.0305 3560 NetDDEdsdm - ok

10:05:08.0383 3560 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

10:05:08.0461 3560 Netlogon - ok

10:05:08.0539 3560 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

10:05:08.0617 3560 Netman - ok

10:05:08.0742 3560 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

10:05:08.0758 3560 NetTcpPortSharing - ok

10:05:08.0898 3560 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

10:05:08.0930 3560 Nla - ok

10:05:09.0023 3560 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

10:05:09.0164 3560 Npfs - ok

10:05:09.0195 3560 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

10:05:09.0383 3560 Ntfs - ok

10:05:09.0414 3560 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

10:05:09.0555 3560 NtLmSsp - ok

10:05:09.0680 3560 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

10:05:09.0789 3560 NtmsSvc - ok

10:05:09.0898 3560 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

10:05:09.0977 3560 Null - ok

10:05:10.0070 3560 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

10:05:10.0211 3560 nv - ok

10:05:10.0305 3560 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

10:05:10.0383 3560 NwlnkFlt - ok

10:05:10.0430 3560 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

10:05:10.0523 3560 NwlnkFwd - ok

10:05:10.0680 3560 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

10:05:10.0695 3560 odserv - ok

10:05:10.0773 3560 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

10:05:10.0773 3560 ose - ok

10:05:10.0945 3560 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

10:05:11.0008 3560 Parport - ok

10:05:11.0039 3560 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

10:05:11.0117 3560 PartMgr - ok

10:05:11.0242 3560 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

10:05:11.0320 3560 ParVdm - ok

10:05:11.0414 3560 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

10:05:11.0492 3560 PCI - ok

10:05:11.0539 3560 PCIDump - ok

10:05:11.0570 3560 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

10:05:11.0664 3560 PCIIde - ok

10:05:11.0742 3560 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

10:05:11.0820 3560 Pcmcia - ok

10:05:11.0898 3560 PDCOMP - ok

10:05:11.0945 3560 PDFRAME - ok

10:05:11.0961 3560 PDRELI - ok

10:05:11.0961 3560 PDRFRAME - ok

10:05:11.0992 3560 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

10:05:12.0070 3560 perc2 - ok

10:05:12.0133 3560 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

10:05:12.0227 3560 perc2hib - ok

10:05:12.0367 3560 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

10:05:12.0367 3560 PlugPlay - ok

10:05:12.0508 3560 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

10:05:12.0570 3560 PolicyAgent - ok

10:05:12.0648 3560 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

10:05:12.0727 3560 PptpMiniport - ok

10:05:12.0773 3560 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

10:05:12.0836 3560 ProtectedStorage - ok

10:05:12.0977 3560 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

10:05:13.0055 3560 PSched - ok

10:05:13.0133 3560 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

10:05:13.0227 3560 Ptilink - ok

10:05:13.0367 3560 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

10:05:13.0367 3560 PxHelp20 - ok

10:05:13.0508 3560 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

10:05:13.0602 3560 ql1080 - ok

10:05:13.0649 3560 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

10:05:13.0727 3560 Ql10wnt - ok

10:05:13.0805 3560 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

10:05:13.0883 3560 ql12160 - ok

10:05:13.0899 3560 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

10:05:13.0992 3560 ql1240 - ok

10:05:14.0133 3560 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

10:05:14.0227 3560 ql1280 - ok

10:05:14.0258 3560 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

10:05:14.0320 3560 RasAcd - ok

10:05:14.0399 3560 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

10:05:14.0492 3560 RasAuto - ok

10:05:14.0633 3560 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

10:05:14.0711 3560 Rasl2tp - ok

10:05:14.0789 3560 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

10:05:14.0899 3560 RasMan - ok

10:05:15.0039 3560 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

10:05:15.0117 3560 RasPppoe - ok

10:05:15.0149 3560 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

10:05:15.0242 3560 Raspti - ok

10:05:15.0289 3560 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

10:05:15.0367 3560 Rdbss - ok

10:05:15.0492 3560 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

10:05:15.0586 3560 RDPCDD - ok

10:05:15.0664 3560 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

10:05:15.0742 3560 rdpdr - ok

10:05:15.0852 3560 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

10:05:15.0977 3560 RDPWD - ok

10:05:16.0039 3560 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

10:05:16.0149 3560 RDSessMgr - ok

10:05:16.0274 3560 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

10:05:16.0399 3560 redbook - ok

10:05:16.0477 3560 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

10:05:16.0633 3560 RemoteAccess - ok

10:05:16.0742 3560 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

10:05:16.0836 3560 RemoteRegistry - ok

10:05:16.0899 3560 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

10:05:17.0102 3560 RpcLocator - ok

10:05:17.0258 3560 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

10:05:17.0305 3560 RpcSs - ok

10:05:17.0414 3560 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

10:05:17.0539 3560 RSVP - ok

10:05:17.0633 3560 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

10:05:17.0711 3560 SamSs - ok

10:05:17.0758 3560 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

10:05:17.0852 3560 SCardSvr - ok

10:05:17.0977 3560 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

10:05:18.0055 3560 Schedule - ok

10:05:18.0164 3560 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

10:05:18.0258 3560 Secdrv - ok

10:05:18.0367 3560 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

10:05:18.0477 3560 seclogon - ok

10:05:18.0539 3560 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

10:05:18.0664 3560 SENS - ok

10:05:18.0727 3560 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

10:05:18.0821 3560 serenum - ok

10:05:18.0852 3560 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

10:05:18.0930 3560 Serial - ok

10:05:19.0133 3560 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

10:05:19.0211 3560 Sfloppy - ok

10:05:19.0289 3560 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

10:05:19.0399 3560 SharedAccess - ok

10:05:19.0524 3560 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

10:05:19.0539 3560 ShellHWDetection - ok

10:05:19.0617 3560 Simbad - ok

10:05:19.0680 3560 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

10:05:19.0742 3560 sisagp - ok

10:05:19.0930 3560 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

10:05:20.0024 3560 SONYPVU1 - ok

10:05:20.0149 3560 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

10:05:20.0196 3560 Sparrow - ok

10:05:20.0289 3560 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

10:05:20.0367 3560 splitter - ok

10:05:20.0492 3560 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

10:05:20.0555 3560 Spooler - ok

10:05:20.0711 3560 sprtsvc_dellsupportcenter - ok

10:05:20.0883 3560 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

10:05:20.0961 3560 sr - ok

10:05:21.0102 3560 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

10:05:21.0180 3560 srservice - ok

10:05:21.0289 3560 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

10:05:21.0383 3560 Srv - ok

10:05:21.0555 3560 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

10:05:21.0633 3560 SSDPSRV - ok

10:05:21.0680 3560 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

10:05:21.0789 3560 stisvc - ok

10:05:21.0930 3560 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

10:05:21.0946 3560 stllssvr ( UnsignedFile.Multi.Generic ) - warning

10:05:21.0946 3560 stllssvr - detected UnsignedFile.Multi.Generic (1)

10:05:22.0102 3560 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

10:05:22.0180 3560 swenum - ok

10:05:22.0211 3560 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

10:05:22.0289 3560 swmidi - ok

10:05:22.0383 3560 SwPrv - ok

10:05:22.0446 3560 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

10:05:22.0586 3560 symc810 - ok

10:05:22.0664 3560 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

10:05:22.0821 3560 symc8xx - ok

10:05:22.0899 3560 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

10:05:23.0008 3560 sym_hi - ok

10:05:23.0039 3560 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

10:05:23.0117 3560 sym_u3 - ok

10:05:23.0211 3560 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

10:05:23.0289 3560 sysaudio - ok

10:05:23.0383 3560 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

10:05:23.0446 3560 SysmonLog - ok

10:05:23.0539 3560 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

10:05:23.0618 3560 TapiSrv - ok

10:05:23.0711 3560 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

10:05:23.0758 3560 Tcpip - ok

10:05:23.0852 3560 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

10:05:23.0946 3560 TDPIPE - ok

10:05:23.0977 3560 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

10:05:24.0118 3560 TDTCP - ok

10:05:24.0196 3560 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

10:05:24.0336 3560 TermDD - ok

10:05:24.0446 3560 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

10:05:24.0586 3560 TermService - ok

10:05:24.0680 3560 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

10:05:24.0680 3560 Themes - ok

10:05:24.0758 3560 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

10:05:24.0852 3560 TlntSvr - ok

10:05:24.0914 3560 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

10:05:25.0008 3560 TosIde - ok

10:05:25.0086 3560 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

10:05:25.0180 3560 TrkWks - ok

10:05:25.0258 3560 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

10:05:25.0336 3560 Udfs - ok

10:05:25.0539 3560 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

10:05:25.0586 3560 ultra - ok

10:05:25.0664 3560 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

10:05:25.0743 3560 Update - ok

10:05:25.0836 3560 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

10:05:25.0977 3560 upnphost - ok

10:05:26.0055 3560 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

10:05:26.0196 3560 UPS - ok

10:05:26.0321 3560 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

10:05:26.0399 3560 usbccgp - ok

10:05:26.0524 3560 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

10:05:26.0602 3560 usbehci - ok

10:05:26.0711 3560 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

10:05:26.0789 3560 usbhub - ok

10:05:26.0868 3560 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

10:05:26.0946 3560 usbprint - ok

10:05:27.0039 3560 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

10:05:27.0133 3560 USBSTOR - ok

10:05:27.0211 3560 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

10:05:27.0289 3560 usbuhci - ok

10:05:27.0383 3560 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

10:05:27.0461 3560 VgaSave - ok

10:05:27.0524 3560 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

10:05:27.0618 3560 viaagp - ok

10:05:27.0727 3560 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

10:05:27.0805 3560 ViaIde - ok

10:05:27.0852 3560 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

10:05:27.0930 3560 VolSnap - ok

10:05:28.0040 3560 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

10:05:28.0118 3560 VSS - ok

10:05:28.0211 3560 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

10:05:28.0290 3560 w32time - ok

10:05:28.0383 3560 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

10:05:28.0461 3560 Wanarp - ok

10:05:28.0540 3560 WDICA - ok

10:05:28.0633 3560 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

10:05:28.0711 3560 wdmaud - ok

10:05:28.0805 3560 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

10:05:28.0883 3560 WebClient - ok

10:05:28.0993 3560 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

10:05:29.0071 3560 winmgmt - ok

10:05:29.0180 3560 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll

10:05:29.0258 3560 WmdmPmSN - ok

10:05:29.0399 3560 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

10:05:29.0446 3560 Wmi - ok

10:05:29.0618 3560 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

10:05:29.0774 3560 WmiApSrv - ok

10:05:29.0852 3560 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

10:05:29.0993 3560 wscsvc - ok

10:05:30.0071 3560 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

10:05:30.0243 3560 wuauserv - ok

10:05:30.0321 3560 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

10:05:30.0508 3560 WZCSVC - ok

10:05:30.0618 3560 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

10:05:30.0711 3560 xmlprov - ok

10:05:30.0743 3560 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0

10:05:30.0821 3560 \Device\Harddisk0\DR0 - ok

10:05:30.0852 3560 Boot (0x1200) (85dacec4a57ea745bbb2d64f557f21b9) \Device\Harddisk0\DR0\Partition0

10:05:30.0852 3560 \Device\Harddisk0\DR0\Partition0 - ok

10:05:30.0852 3560 ============================================================

10:05:30.0852 3560 Scan finished

10:05:30.0852 3560 ============================================================

10:05:30.0961 3712 Detected object count: 3

10:05:30.0961 3712 Actual detected object count: 3

10:05:40.0993 3712 20cb95d47b2c6bbd ( LockedService.Multi.Generic ) - skipped by user

10:05:40.0993 3712 20cb95d47b2c6bbd ( LockedService.Multi.Generic ) - User select action: Skip

10:05:41.0009 3712 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user

10:05:41.0009 3712 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:05:41.0009 3712 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user

10:05:41.0009 3712 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip

__________________________________________________________________________________________

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.22.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

nikki :: DELL-10240 [administrator]

Protection: Disabled

23/04/2012 10:09:50 AM

mbam-log-2012-04-23 (10-09-50).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 319568

Time elapsed: 15 minute(s), 49 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Data: C:\WINDOWS\system32\regedit.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

_______________________________________________________________________________________

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29

Run by nikki at 10:29:12 on 2012-04-23

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1582 [GMT 10:00]

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Brownie\BrstsWnd.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\nikki\etpmyy6fze.exe

C:\Program Files\Brownie\Brnipmon.exe

C:\WINDOWS\system32\userinit.exe

C:\Program Files\Dell Support Center\gs_agent\dsc.exe