Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pop up ads in the bottom corner coupled with redirects


  • Please log in to reply
12 replies to this topic

#1 geekidiot

geekidiot

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 16 August 2012 - 11:59 PM

Hi Experts, I saw a similar scenario on this forum( posted by Coopers123 on 18 May 2012) which I am facing now. I am running on IE8 XP.
Can please help me on this?
Having read the reply by Narenxp, I have download TDSSkiller, aswMBR and minitool and posting the result as follows :

TDSskiller log :

12:43:13.0593 5656 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
12:43:14.0078 5656 ============================================================
12:43:14.0078 5656 Current date / time: 2012/08/17 12:43:14.0078
12:43:14.0078 5656 SystemInfo:
12:43:14.0078 5656
12:43:14.0078 5656 OS Version: 5.1.2600 ServicePack: 3.0
12:43:14.0078 5656 Product type: Workstation
12:43:14.0078 5656 ComputerName: ROVIDAPC3
12:43:14.0078 5656 UserName: Administrator
12:43:14.0078 5656 Windows directory: C:\WINDOWS
12:43:14.0078 5656 System windows directory: C:\WINDOWS
12:43:14.0078 5656 Processor architecture: Intel x86
12:43:14.0078 5656 Number of processors: 2
12:43:14.0078 5656 Page size: 0x1000
12:43:14.0078 5656 Boot type: Normal boot
12:43:14.0078 5656 ============================================================
12:43:14.0484 5656 BG loaded
12:43:14.0656 5656 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:43:14.0656 5656 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:43:14.0656 5656 ============================================================
12:43:14.0656 5656 \Device\Harddisk0\DR0:
12:43:14.0656 5656 MBR partitions:
12:43:14.0656 5656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542DAB0
12:43:14.0656 5656 \Device\Harddisk1\DR1:
12:43:14.0656 5656 Invalid mbr signature
12:43:14.0656 5656 ============================================================
12:43:14.0687 5656 C: <-> \Device\Harddisk0\DR0\Partition1
12:43:14.0687 5656 ============================================================
12:43:14.0687 5656 Initialize success
12:43:14.0687 5656 ============================================================
12:43:20.0093 4264 ============================================================
12:43:20.0093 4264 Scan started
12:43:20.0093 4264 Mode: Manual; TDLFS;
12:43:20.0093 4264 ============================================================
12:43:20.0312 4264 ================ Scan services =============================
12:43:20.0390 4264 Abiosdsk - ok
12:43:20.0390 4264 abp480n5 - ok
12:43:20.0484 4264 [ 00659e56339389469473aec41587e706 ] ac.sharedstore C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
12:43:20.0484 4264 ac.sharedstore - ok
12:43:20.0500 4264 [ 0f2d66d5f08ebe2f77bb904288dcf6f0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
12:43:20.0515 4264 ac97intc - ok
12:43:20.0531 4264 [ 8fd99680a539792a30e97944fdaecf17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:43:20.0531 4264 ACPI - ok
12:43:20.0546 4264 [ 9859c0f6936e723e4892d7141b1327d5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:43:20.0546 4264 ACPIEC - ok
12:43:20.0562 4264 [ 9a11864873da202c996558b2106b0bbc ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:43:20.0562 4264 adpu160m - ok
12:43:20.0578 4264 [ 0ea9b1f0c6c90a509c8603775366adb7 ] adpu320 C:\WINDOWS\system32\DRIVERS\adpu320.sys
12:43:20.0578 4264 adpu320 - ok
12:43:20.0593 4264 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:43:20.0593 4264 aec - ok
12:43:20.0640 4264 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:43:20.0640 4264 AFD - ok
12:43:20.0640 4264 Aha154x - ok
12:43:20.0640 4264 [ 19dd0fb48b0c18892f70e2e7d61a1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:43:20.0640 4264 aic78u2 - ok
12:43:20.0671 4264 [ b7fe594a7468aa0132deb03fb8e34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:43:20.0671 4264 aic78xx - ok
12:43:20.0703 4264 [ a9a3daa780ca6c9671a19d52456705b4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:43:20.0703 4264 Alerter - ok
12:43:20.0718 4264 [ 8c515081584a38aa007909cd02020b3d ] ALG C:\WINDOWS\System32\alg.exe
12:43:20.0718 4264 ALG - ok
12:43:20.0718 4264 AliIde - ok
12:43:20.0718 4264 amsint - ok
12:43:20.0781 4264 [ 20f6f19fe9e753f2780dc2fa083ad597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:43:20.0781 4264 Apple Mobile Device - ok
12:43:20.0812 4264 [ d8849f77c0b66226335a59d26cb4edc6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:43:20.0812 4264 AppMgmt - ok
12:43:20.0812 4264 asc - ok
12:43:20.0812 4264 asc3350p - ok
12:43:20.0812 4264 asc3550 - ok
12:43:20.0875 4264 [ 0e5e4957549056e2bf2c49f4f6b601ad ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:43:20.0875 4264 aspnet_state - ok
12:43:20.0890 4264 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:43:20.0890 4264 AsyncMac - ok
12:43:20.0906 4264 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:43:20.0906 4264 atapi - ok
12:43:20.0906 4264 Atdisk - ok
12:43:20.0921 4264 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:43:20.0921 4264 Atmarpc - ok
12:43:20.0937 4264 [ def7a7882bec100fe0b2ce2549188f9d ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:43:20.0937 4264 AudioSrv - ok
12:43:20.0953 4264 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:43:20.0953 4264 audstub - ok
12:43:20.0968 4264 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:43:20.0968 4264 Beep - ok
12:43:21.0000 4264 [ 574738f61fca2935f5265dc4e5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
12:43:21.0046 4264 BITS - ok
12:43:21.0093 4264 [ f832f1505ad8b83474bd9a5b1b985e01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:43:21.0093 4264 Bonjour Service - ok
12:43:21.0125 4264 [ cfd4e51402da9838b5a04ae680af54a0 ] Browser C:\WINDOWS\System32\browser.dll
12:43:21.0125 4264 Browser - ok
12:43:21.0140 4264 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:43:21.0140 4264 cbidf2k - ok
12:43:21.0140 4264 cd20xrnt - ok
12:43:21.0156 4264 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:43:21.0156 4264 Cdaudio - ok
12:43:21.0156 4264 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:43:21.0156 4264 Cdfs - ok
12:43:21.0156 4264 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:43:21.0156 4264 Cdrom - ok
12:43:21.0156 4264 Changer - ok
12:43:21.0187 4264 [ 1cfe720eb8d93a7158a4ebc3ab178bde ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:43:21.0187 4264 CiSvc - ok
12:43:21.0187 4264 [ 34cbe729f38138217f9c80212a2a0c82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:43:21.0187 4264 ClipSrv - ok
12:43:21.0218 4264 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:43:21.0265 4264 clr_optimization_v2.0.50727_32 - ok
12:43:21.0265 4264 CmdIde - ok
12:43:21.0265 4264 COMSysApp - ok
12:43:21.0281 4264 Cpqarray - ok
12:43:21.0296 4264 [ 3d4e199942e29207970e04315d02ad3b ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:43:21.0312 4264 CryptSvc - ok
12:43:21.0312 4264 dac2w2k - ok
12:43:21.0312 4264 dac960nt - ok
12:43:21.0343 4264 [ a05433f6218dcb8f0dec232de65f8b26 ] DAMDrv C:\WINDOWS\system32\DRIVERS\DAMDrv.sys
12:43:21.0343 4264 DAMDrv - ok
12:43:21.0375 4264 [ 6b27a5c03dfb94b4245739065431322c ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:43:21.0375 4264 DcomLaunch - ok
12:43:21.0406 4264 [ 5e38d7684a49cacfb752b046357e0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:43:21.0406 4264 Dhcp - ok
12:43:21.0453 4264 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:43:21.0453 4264 Disk - ok
12:43:21.0500 4264 [ a53723176d0002feb486eff8e17812f2 ] DLABMFSM C:\WINDOWS\system32\DLA\DLABMFSM.SYS
12:43:21.0500 4264 DLABMFSM - ok
12:43:21.0500 4264 [ d4587063acea776699251e177d719586 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
12:43:21.0500 4264 DLABOIOM - ok
12:43:21.0500 4264 [ 5230cdb7e715f3a3b4a882e254cdd35d ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
12:43:21.0500 4264 DLACDBHM - ok
12:43:21.0531 4264 [ c950c2e7b9ed1a4fc4a2ac7ec044f1d6 ] DLADResM C:\WINDOWS\system32\DLA\DLADResM.SYS
12:43:21.0531 4264 DLADResM - ok
12:43:21.0531 4264 [ 24400137e387a24410c52a591f3cfb4d ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
12:43:21.0546 4264 DLAIFS_M - ok
12:43:21.0546 4264 [ 29a303feceb28641ecebdae89eb71c63 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
12:43:21.0546 4264 DLAOPIOM - ok
12:43:21.0546 4264 [ c93e33a22a1ae0c5508f3fb1f6d0a50c ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
12:43:21.0546 4264 DLAPoolM - ok
12:43:21.0546 4264 [ 77fe51f0f8d86804cb81f6ef6bfb86dd ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
12:43:21.0546 4264 DLARTL_M - ok
12:43:21.0546 4264 [ b953498c35a31e5ac98f49adbcf3e627 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
12:43:21.0562 4264 DLAUDFAM - ok
12:43:21.0562 4264 [ 4897704c093c1f59ce58fc65e1e1ef1e ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
12:43:21.0562 4264 DLAUDF_M - ok
12:43:21.0562 4264 dmadmin - ok
12:43:21.0593 4264 [ d992fe1274bde0f84ad826acae022a41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:43:21.0609 4264 dmboot - ok
12:43:21.0609 4264 [ 7c824cf7bbde77d95c08005717a95f6f ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:43:21.0609 4264 dmio - ok
12:43:21.0609 4264 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:43:21.0609 4264 dmload - ok
12:43:21.0625 4264 [ 57edec2e5f59f0335e92f35184bc8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:43:21.0625 4264 dmserver - ok
12:43:21.0640 4264 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:43:21.0640 4264 DMusic - ok
12:43:21.0656 4264 [ 5f7e24fa9eab896051ffb87f840730d2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:43:21.0656 4264 Dnscache - ok
12:43:21.0671 4264 [ 0f0f6e687e5e15579ef4da8dd6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:43:21.0671 4264 Dot3svc - ok
12:43:21.0750 4264 [ 5544d66f9a0cff5429f7a750929407e9 ] DpHost C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
12:43:21.0750 4264 DpHost - ok
12:43:21.0750 4264 [ 40f3b93b4e5b0126f2f5c0a7a5e22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:43:21.0750 4264 dpti2o - ok
12:43:21.0765 4264 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:43:21.0765 4264 drmkaud - ok
12:43:21.0781 4264 [ c00440385cf9f3d142917c63f989e244 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
12:43:21.0781 4264 DRVMCDB - ok
12:43:21.0781 4264 [ ffc371525aa55d1bae18715ebcb8797c ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
12:43:21.0781 4264 DRVNDDM - ok
12:43:21.0796 4264 [ 3fca03cbca11269f973b70fa483c88ef ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:43:21.0796 4264 E100B - ok
12:43:21.0828 4264 [ 6ae495427b5aa2612194176eede2c36a ] e1kexpress C:\WINDOWS\system32\DRIVERS\e1k5132.sys
12:43:21.0828 4264 e1kexpress - ok
12:43:21.0859 4264 [ 2187855a7703adef0cef9ee4285182cc ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:43:21.0859 4264 EapHost - ok
12:43:21.0875 4264 [ bc93b4a066477954555966d77fec9ecb ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:43:21.0875 4264 ERSvc - ok
12:43:21.0890 4264 [ 65df52f5b8b6e9bbd183505225c37315 ] Eventlog C:\WINDOWS\system32\services.exe
12:43:21.0906 4264 Eventlog - ok
12:43:21.0937 4264 [ d4991d98f2db73c60d042f1aef79efae ] EventSystem C:\WINDOWS\system32\es.dll
12:43:21.0937 4264 EventSystem - ok
12:43:21.0953 4264 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:43:21.0953 4264 Fastfat - ok
12:43:21.0984 4264 [ 99bc0b50f511924348be19c7c7313bbf ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:43:21.0984 4264 FastUserSwitchingCompatibility - ok
12:43:22.0000 4264 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
12:43:22.0000 4264 Fdc - ok
12:43:22.0000 4264 [ d45926117eb9fa946a6af572fbe1caa3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:43:22.0000 4264 Fips - ok
12:43:22.0031 4264 [ 614b050875190ffe7abbaf0cbb4fbbba ] FLCDLOCK C:\WINDOWS\system32\flcdlock.exe
12:43:22.0031 4264 FLCDLOCK - ok
12:43:22.0046 4264 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:43:22.0046 4264 Flpydisk - ok
12:43:22.0062 4264 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:43:22.0062 4264 FltMgr - ok
12:43:22.0078 4264 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:43:22.0078 4264 FontCache3.0.0.0 - ok
12:43:22.0109 4264 [ e0087225b137e57239ff40f8ae82059b ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
12:43:22.0109 4264 fssfltr - ok
12:43:22.0187 4264 [ 45b52394f9624237f33a8a3d73c0b221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
12:43:22.0187 4264 fsssvc - ok
12:43:22.0203 4264 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:43:22.0203 4264 Fs_Rec - ok
12:43:22.0203 4264 [ 6ac26732762483366c3969c9e4d2259d ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:43:22.0203 4264 Ftdisk - ok
12:43:22.0218 4264 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:43:22.0218 4264 Gpc - ok
12:43:22.0281 4264 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:43:22.0281 4264 gupdate - ok
12:43:22.0281 4264 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:43:22.0281 4264 gupdatem - ok
12:43:22.0328 4264 [ 5d4bc124faae6730ac002cdb67bf1a1c ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:43:22.0328 4264 gusvc - ok
12:43:22.0343 4264 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:43:22.0343 4264 HDAudBus - ok
12:43:22.0375 4264 [ 88a67c34e37186665e916fd347b50d19 ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
12:43:22.0375 4264 HECI - ok
12:43:22.0406 4264 [ 4fcca060dfe0c51a09dd5c3843888bcd ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:43:22.0406 4264 helpsvc - ok
12:43:22.0406 4264 HidServ - ok
12:43:22.0437 4264 [ ccf82c5ec8a7326c3066de870c06daf1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:43:22.0437 4264 HidUsb - ok
12:43:22.0468 4264 [ 8878bd685e490239777bfe51320b88e9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:43:22.0468 4264 hkmsvc - ok
12:43:22.0546 4264 [ 2666cfc4a063d75fe3d87bc334d7ecf5 ] HP ProtectTools Service C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
12:43:22.0546 4264 HP ProtectTools Service - ok
12:43:22.0609 4264 [ e27b4a34caa5da0e872477f4f71c50e2 ] HpFkCryptService C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
12:43:22.0609 4264 HpFkCryptService - ok
12:43:22.0656 4264 [ c9d858e20ae696e7a0d9a05b595f850a ] HPFSService C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
12:43:22.0656 4264 HPFSService - ok
12:43:22.0656 4264 hpn - ok
12:43:22.0781 4264 [ b14328cfeeb6b736be44c2c9db3b162c ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:43:22.0796 4264 hpqcxs08 - ok
12:43:22.0812 4264 [ df446ba625cc441617843e87798ce048 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
12:43:22.0812 4264 hpqddsvc - ok
12:43:22.0828 4264 [ d03d10f7ded688fecf50f8fbf1ea9b8a ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:43:22.0828 4264 HPZid412 - ok
12:43:22.0859 4264 [ 89f41658929393487b6b7d13c8528ce3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:43:22.0859 4264 HPZipr12 - ok
12:43:22.0875 4264 [ abcb05ccdbf03000354b9553820e39f8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:43:22.0875 4264 HPZius12 - ok
12:43:22.0906 4264 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:43:22.0906 4264 HTTP - ok
12:43:22.0921 4264 [ 6100a808600f44d999cebdef8841c7a3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:43:22.0937 4264 HTTPFilter - ok
12:43:22.0937 4264 i2omgmt - ok
12:43:22.0937 4264 i2omp - ok
12:43:22.0953 4264 [ 4a0b06aa8943c1e332520f7440c0aa30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:43:22.0953 4264 i8042prt - ok
12:43:22.0984 4264 [ 06b7ef73ba5f302eecc294cdf7e19702 ] i81x C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
12:43:23.0000 4264 i81x - ok
12:43:23.0015 4264 [ 7b5b44efe5eb9dadfb8ee29700885d23 ] iAimFP0 C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
12:43:23.0015 4264 iAimFP0 - ok
12:43:23.0031 4264 [ eb1f6bab6c22ede0ba551b527475f7e9 ] iAimFP1 C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
12:43:23.0031 4264 iAimFP1 - ok
12:43:23.0031 4264 [ 03ce989d846c1aa81145cb22fcb86d06 ] iAimFP2 C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
12:43:23.0031 4264 iAimFP2 - ok
12:43:23.0031 4264 [ 525849b4469de021d5d61b4db9be3a9d ] iAimFP3 C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
12:43:23.0031 4264 iAimFP3 - ok
12:43:23.0031 4264 [ 589c2bcdb5bd602bf7b63d210407ef8c ] iAimFP4 C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
12:43:23.0031 4264 iAimFP4 - ok
12:43:23.0046 4264 [ 0308aef61941e4af478fa1a0f83812f5 ] iAimFP5 C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
12:43:23.0046 4264 iAimFP5 - ok
12:43:23.0046 4264 [ 714038a8aa5de08e12062202cd7eaeb5 ] iAimFP6 C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
12:43:23.0046 4264 iAimFP6 - ok
12:43:23.0046 4264 [ 7bb3aa595e4507a788de1cdc63f4c8c4 ] iAimFP7 C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
12:43:23.0046 4264 iAimFP7 - ok
12:43:23.0062 4264 [ d83bdd5c059667a2f647a6be5703a4d2 ] iAimTV0 C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
12:43:23.0062 4264 iAimTV0 - ok
12:43:23.0062 4264 [ ed968d23354daa0d7c621580c012a1f6 ] iAimTV1 C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
12:43:23.0062 4264 iAimTV1 - ok
12:43:23.0062 4264 [ d738273f218a224c1ddac04203f27a84 ] iAimTV3 C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
12:43:23.0062 4264 iAimTV3 - ok
12:43:23.0062 4264 [ 0052d118995cbab152daabe6106d1442 ] iAimTV4 C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
12:43:23.0062 4264 iAimTV4 - ok
12:43:23.0078 4264 [ 791cc45de6e50445be72e8ad6401ff45 ] iAimTV5 C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
12:43:23.0078 4264 iAimTV5 - ok
12:43:23.0078 4264 [ 352fa0e98bc461ce1ce5d41f64db558d ] iAimTV6 C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
12:43:23.0078 4264 iAimTV6 - ok
12:43:23.0203 4264 [ d0190bbb1b577589548aba94e66d6838 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:43:23.0296 4264 ialm - ok
12:43:23.0328 4264 [ d483687eace0c065ee772481a96e05f5 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
12:43:23.0328 4264 iaStor - ok
12:43:23.0437 4264 [ 6f95324909b502e2651442c1548ab12f ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:43:23.0437 4264 IDriverT - ok
12:43:23.0500 4264 [ c01ac32dc5c03076cfb852cb5da5229c ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:43:23.0500 4264 idsvc - ok
12:43:23.0531 4264 [ 91c5e9f49f32110ced27e2f902fad607 ] IFXTPM C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
12:43:23.0531 4264 IFXTPM - ok
12:43:23.0546 4264 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:43:23.0546 4264 Imapi - ok
12:43:23.0593 4264 [ 661a7bb512a6fa96c811d896c1ecac2c ] ImapiService C:\WINDOWS\system32\imapihp.exe
12:43:23.0593 4264 ImapiService - ok
12:43:23.0593 4264 ini910u - ok
12:43:23.0703 4264 [ 744a7507d7a69a2a54638b8e5b630c0b ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:43:23.0796 4264 IntcAzAudAddService - ok
12:43:23.0812 4264 [ b5466a9250342a7aa0cd1fba13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
12:43:23.0812 4264 IntelIde - ok
12:43:23.0828 4264 [ 8c953733d8f36eb2133f5bb58808b66b ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:43:23.0828 4264 intelppm - ok
12:43:23.0828 4264 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:43:23.0843 4264 Ip6Fw - ok
12:43:23.0843 4264 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:43:23.0843 4264 IpFilterDriver - ok
12:43:23.0859 4264 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:43:23.0859 4264 IpInIp - ok
12:43:23.0875 4264 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:43:23.0875 4264 IpNat - ok
12:43:23.0875 4264 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:43:23.0890 4264 IPSec - ok
12:43:23.0890 4264 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:43:23.0890 4264 IRENUM - ok
12:43:23.0921 4264 [ 05a299ec56e52649b1cf2fc52d20f2d7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:43:23.0921 4264 isapnp - ok
12:43:23.0937 4264 [ 4ac11b2250106774f694df2db4ffed61 ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
12:43:23.0937 4264 Iviaspi - ok
12:43:23.0968 4264 [ 213822072085b5bbad9af30ab577d817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
12:43:23.0968 4264 IviRegMgr - ok
12:43:24.0015 4264 [ 9aa67569d5257462e230767510b0c815 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
12:43:24.0015 4264 JavaQuickStarterService - ok
12:43:24.0031 4264 [ 463c1ec80cd17420a542b7f36a36f128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:43:24.0031 4264 Kbdclass - ok
12:43:24.0062 4264 [ 9ef487a186dea361aa06913a75b3fa99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:43:24.0062 4264 kbdhid - ok
12:43:24.0078 4264 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:43:24.0078 4264 kmixer - ok
12:43:24.0093 4264 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:43:24.0093 4264 KSecDD - ok
12:43:24.0140 4264 [ 3a7c3cbe5d96b8ae96ce81f0b22fb527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
12:43:24.0140 4264 LanmanServer - ok
12:43:24.0171 4264 [ a8888a5327621856c0cec4e385f69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:43:24.0187 4264 lanmanworkstation - ok
12:43:24.0187 4264 lbrtfdc - ok
12:43:24.0234 4264 [ 9039717a906da0ae38420918801d9ab3 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
12:43:24.0234 4264 LightScribeService - ok
12:43:24.0265 4264 [ a7db739ae99a796d91580147e919cc59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:43:24.0265 4264 LmHosts - ok
12:43:24.0281 4264 [ 2763a02188ffb04287f5034ec5b6b451 ] LMS C:\Program Files\Intel\AMT\LMS.exe
12:43:24.0281 4264 LMS - ok
12:43:24.0296 4264 [ 6dfe7f2e8e8a337263aa5c92a215f161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
12:43:24.0328 4264 MBAMProtector - ok
12:43:24.0375 4264 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:43:24.0390 4264 MBAMService - ok
12:43:24.0421 4264 [ 986b1ff5814366d71e0ac5755c88f2d3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:43:24.0421 4264 Messenger - ok
12:43:24.0453 4264 [ 32bcd2aec12cee766b2488731a78127c ] MfeAVFK C:\WINDOWS\system32\drivers\MfeAVFK.sys
12:43:24.0453 4264 MfeAVFK - ok
12:43:24.0468 4264 [ 963abf1a4d3a19206f7b059e5a1a190b ] MfeBOPK C:\WINDOWS\system32\drivers\MfeBOPK.sys
12:43:24.0468 4264 MfeBOPK - ok
12:43:24.0468 4264 [ 586a07b1fa933c340d990419d6894d7a ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
12:43:24.0484 4264 mfehidk - ok
12:43:24.0484 4264 [ 820d6aa3f7f0cfa8a1fa8f63d3f1df04 ] MfeRKDK C:\WINDOWS\system32\drivers\MfeRKDK.sys
12:43:24.0500 4264 MfeRKDK - ok
12:43:24.0515 4264 [ 3812e49fa67a3f604895f0d0c2e1ef90 ] mfetdik C:\WINDOWS\system32\drivers\mfetdik.sys
12:43:24.0515 4264 mfetdik - ok
12:43:24.0531 4264 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:43:24.0531 4264 mnmdd - ok
12:43:24.0562 4264 [ d18f1f0c101d06a1c1adf26eed16fcdd ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:43:24.0562 4264 mnmsrvc - ok
12:43:24.0578 4264 [ dfcbad3cec1c5f964962ae10e0bcc8e1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:43:24.0578 4264 Modem - ok
12:43:24.0593 4264 [ 35c9e97194c8cfb8430125f8dbc34d04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:43:24.0593 4264 Mouclass - ok
12:43:24.0609 4264 [ b1c303e17fb9d46e87a98e4ba6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:43:24.0609 4264 mouhid - ok
12:43:24.0625 4264 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:43:24.0625 4264 MountMgr - ok
12:43:24.0640 4264 [ d993bea500e7382dc4e760bf4f35efcb ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
12:43:24.0640 4264 MpFilter - ok
12:43:24.0781 4264 [ a69630d039c38018689190234f866d77 ] MpKsl7fbab642 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E5D1D99F-2FA5-452E-A777-A7E22D350E46}\MpKsl7fbab642.sys
12:43:24.0781 4264 MpKsl7fbab642 - ok
12:43:24.0781 4264 mraid35x - ok
12:43:24.0796 4264 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:43:24.0812 4264 MRxDAV - ok
12:43:24.0843 4264 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:43:24.0843 4264 MRxSmb - ok
12:43:24.0875 4264 [ a137f1470499a205abbb9aafb3b6f2b1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:43:24.0875 4264 MSDTC - ok
12:43:24.0875 4264 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:43:24.0875 4264 Msfs - ok
12:43:24.0890 4264 MSIServer - ok
12:43:24.0906 4264 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:43:24.0906 4264 MSKSSRV - ok
12:43:24.0953 4264 [ 24516bf4e12a46cb67302e2cdcb8cddf ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:43:24.0953 4264 MsMpSvc - ok
12:43:24.0953 4264 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:43:24.0953 4264 MSPCLOCK - ok
12:43:24.0968 4264 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:43:24.0968 4264 MSPQM - ok
12:43:24.0984 4264 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:43:24.0984 4264 mssmbios - ok
12:43:25.0000 4264 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:43:25.0000 4264 Mup - ok
12:43:25.0031 4264 [ 0102140028fad045756796e1c685d695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:43:25.0031 4264 napagent - ok
12:43:25.0046 4264 [ 8716356e49a665bdc7b114725b60a456 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:43:25.0046 4264 NDIS - ok
12:43:25.0078 4264 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:43:25.0078 4264 NdisTapi - ok
12:43:25.0093 4264 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:43:25.0093 4264 Ndisuio - ok
12:43:25.0109 4264 [ 5526cfebb619f7f763bd6a2e1b618078 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:43:25.0109 4264 NdisWan - ok
12:43:25.0140 4264 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:43:25.0140 4264 NDProxy - ok
12:43:25.0171 4264 [ a081cb6fb9a12668f233eb5414be3a0e ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
12:43:25.0187 4264 Net Driver HPZ12 - ok
12:43:25.0203 4264 [ 29c45722e20572b6440b57e3359e73ee ] Netaapl C:\WINDOWS\system32\DRIVERS\netaapl.sys
12:43:25.0203 4264 Netaapl - ok
12:43:25.0203 4264 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:43:25.0203 4264 NetBIOS - ok
12:43:25.0218 4264 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:43:25.0218 4264 NetBT - ok
12:43:25.0250 4264 [ b857ba82860d7ff85ae29b095645563b ] NetDDE C:\WINDOWS\system32\netdde.exe
12:43:25.0250 4264 NetDDE - ok
12:43:25.0265 4264 [ b857ba82860d7ff85ae29b095645563b ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:43:25.0265 4264 NetDDEdsdm - ok
12:43:25.0281 4264 [ bf2466b3e18e970d8a976fb95fc1ca85 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:43:25.0281 4264 Netlogon - ok
12:43:25.0296 4264 [ 13e67b55b3abd7bf3fe7aae5a0f9a9de ] Netman C:\WINDOWS\System32\netman.dll
12:43:25.0296 4264 Netman - ok
12:43:25.0328 4264 [ d34612c5d02d026535b3095d620626ae ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:43:25.0328 4264 NetTcpPortSharing - ok
12:43:25.0359 4264 [ 943337d786a56729263071623bbb9de5 ] Nla C:\WINDOWS\System32\mswsock.dll
12:43:25.0359 4264 Nla - ok
12:43:25.0390 4264 [ 0543fa119cf3fd2203851fd71202ffe1 ] nlsX86cc C:\WINDOWS\system32\NLSSRV32.EXE
12:43:25.0390 4264 nlsX86cc - ok
12:43:25.0390 4264 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:43:25.0390 4264 Npfs - ok
12:43:25.0421 4264 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:43:25.0437 4264 Ntfs - ok
12:43:25.0437 4264 [ bf2466b3e18e970d8a976fb95fc1ca85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:43:25.0437 4264 NtLmSsp - ok
12:43:25.0468 4264 [ 156f64a3345bd23c600655fb4d10bc08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:43:25.0468 4264 NtmsSvc - ok
12:43:25.0484 4264 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
12:43:25.0484 4264 Null - ok
12:43:25.0671 4264 [ cb0ce8de9f66a297cd86eb98921b8e58 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:43:25.0843 4264 nv - ok
12:43:25.0875 4264 [ 93187e98df4b8fe95d1c058601764c75 ] NVHDA C:\WINDOWS\system32\drivers\nvhda32.sys
12:43:25.0875 4264 NVHDA - ok
12:43:25.0890 4264 [ 1f31a588cc83a7b76715f9549515c161 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
12:43:25.0906 4264 nvsvc - ok
12:43:25.0921 4264 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:43:25.0921 4264 NwlnkFlt - ok
12:43:25.0921 4264 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:43:25.0921 4264 NwlnkFwd - ok
12:43:26.0000 4264 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:43:26.0000 4264 odserv - ok
12:43:26.0015 4264 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:43:26.0015 4264 ose - ok
12:43:26.0046 4264 [ c90018bafdc7098619a4a95b046b30f3 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
12:43:26.0046 4264 P3 - ok
12:43:26.0062 4264 [ 5575faf8f97ce5e713d108c2a58d7c7c ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
12:43:26.0062 4264 Parport - ok
12:43:26.0062 4264 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:43:26.0062 4264 PartMgr - ok
12:43:26.0078 4264 [ 70e98b3fd8e963a6a46a2e6247e0bea1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:43:26.0078 4264 ParVdm - ok
12:43:26.0078 4264 [ a219903ccf74233761d92bef471a07b1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:43:26.0078 4264 PCI - ok
12:43:26.0093 4264 PCIDump - ok
12:43:26.0093 4264 [ ccf5f451bb1a5a2a522a76e670000ff0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:43:26.0093 4264 PCIIde - ok
12:43:26.0109 4264 [ 9e89ef60e9ee05e3f2eef2da7397f1c1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:43:26.0109 4264 Pcmcia - ok
12:43:26.0109 4264 PDCOMP - ok
12:43:26.0125 4264 PDFRAME - ok
12:43:26.0125 4264 PDRELI - ok
12:43:26.0125 4264 PDRFRAME - ok
12:43:26.0125 4264 perc2 - ok
12:43:26.0140 4264 perc2hib - ok
12:43:26.0156 4264 [ 65df52f5b8b6e9bbd183505225c37315 ] PlugPlay C:\WINDOWS\system32\services.exe
12:43:26.0156 4264 PlugPlay - ok
12:43:26.0187 4264 [ 65bc271f337637731d3c71455ae1f476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
12:43:26.0187 4264 Pml Driver HPZ12 - ok
12:43:26.0187 4264 [ bf2466b3e18e970d8a976fb95fc1ca85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:43:26.0187 4264 PolicyAgent - ok
12:43:26.0203 4264 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:43:26.0203 4264 PptpMiniport - ok
12:43:26.0203 4264 [ bf2466b3e18e970d8a976fb95fc1ca85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:43:26.0203 4264 ProtectedStorage - ok
12:43:26.0218 4264 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:43:26.0218 4264 PSched - ok
12:43:26.0265 4264 [ a6a7ad767bf5141665f5c675f671b3e1 ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
12:43:26.0265 4264 PSI_SVC_2 - ok
12:43:26.0265 4264 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:43:26.0265 4264 Ptilink - ok
12:43:26.0281 4264 [ d86b4a68565e444d76457f14172c875a ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:43:26.0281 4264 PxHelp20 - ok
12:43:26.0296 4264 ql1080 - ok
12:43:26.0296 4264 Ql10wnt - ok
12:43:26.0296 4264 ql12160 - ok
12:43:26.0296 4264 ql1240 - ok
12:43:26.0296 4264 ql1280 - ok
12:43:26.0312 4264 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:43:26.0312 4264 RasAcd - ok
12:43:26.0343 4264 [ ad188be7bdf94e8df4ca0a55c00a5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:43:26.0343 4264 RasAuto - ok
12:43:26.0343 4264 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:43:26.0343 4264 Rasl2tp - ok
12:43:26.0375 4264 [ 76a9a3cbeadd68cc57cda5e1d7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:43:26.0375 4264 RasMan - ok
12:43:26.0375 4264 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:43:26.0375 4264 RasPppoe - ok
12:43:26.0375 4264 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:43:26.0375 4264 Raspti - ok
12:43:26.0406 4264 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:43:26.0406 4264 Rdbss - ok
12:43:26.0406 4264 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:43:26.0406 4264 RDPCDD - ok
12:43:26.0421 4264 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:43:26.0421 4264 rdpdr - ok
12:43:26.0453 4264 [ 43af5212bd8fb5ba6eed9754358bd8f7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:43:26.0453 4264 RDPWD - ok
12:43:26.0500 4264 [ 3c37bf86641bda977c3bf8a840f3b7fa ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:43:26.0515 4264 RDSessMgr - ok
12:43:26.0531 4264 [ f828dd7e1419b6653894a8f97a0094c5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:43:26.0546 4264 redbook - ok
12:43:26.0578 4264 [ 001b4278407f4303efc902a2b16f2453 ] regi C:\WINDOWS\system32\drivers\regi.sys
12:43:26.0578 4264 regi - ok
12:43:26.0593 4264 [ 7e699ff5f59b5d9de5390e3c34c67cf5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:43:26.0593 4264 RemoteAccess - ok
12:43:26.0609 4264 [ 5b19b557b0c188210a56a6b699d90b8f ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:43:26.0625 4264 RemoteRegistry - ok
12:43:26.0625 4264 RimUsb - ok
12:43:26.0687 4264 [ 2c4fb2e9f039287767c384e46ee91030 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
12:43:26.0687 4264 RimVSerPort - ok
12:43:26.0703 4264 [ d8b0b4ade32574b2d9c5cc34dc0dbbe7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
12:43:26.0703 4264 ROOTMODEM - ok
12:43:26.0734 4264 [ aaed593f84afa419bbae8572af87cf6a ] RpcLocator C:\WINDOWS\system32\locator.exe
12:43:26.0734 4264 RpcLocator - ok
12:43:26.0765 4264 [ 6b27a5c03dfb94b4245739065431322c ] RpcSs C:\WINDOWS\system32\rpcss.dll
12:43:26.0765 4264 RpcSs - ok
12:43:26.0796 4264 [ 98872dd0c249ae2314e35644498a37b7 ] RsvLock C:\WINDOWS\system32\drivers\RsvLock.sys
12:43:26.0796 4264 RsvLock - ok
12:43:26.0812 4264 [ 471b3f9741d762abe75e9deea4787e47 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:43:26.0812 4264 RSVP - ok
12:43:26.0828 4264 [ f3aadd30da4830df3a785da82b7d125a ] SafeBoot C:\WINDOWS\system32\drivers\SafeBoot.sys
12:43:26.0828 4264 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\SafeBoot.sys. md5: f3aadd30da4830df3a785da82b7d125a
12:43:26.0828 4264 SafeBoot ( LockedFile.Multi.Generic ) - warning
12:43:26.0828 4264 SafeBoot - detected LockedFile.Multi.Generic (1)
12:43:26.0843 4264 [ bf2466b3e18e970d8a976fb95fc1ca85 ] SamSs C:\WINDOWS\system32\lsass.exe
12:43:26.0843 4264 SamSs - ok
12:43:26.0843 4264 [ c344e569f59cf5ab42bb1bd9bc8c61bc ] SbAlg C:\WINDOWS\system32\drivers\SbAlg.sys
12:43:26.0843 4264 SbAlg - ok
12:43:26.0859 4264 [ b7cddf87da5cd335482653f23b61a870 ] SbFsLock C:\WINDOWS\system32\drivers\SbFsLock.sys
12:43:26.0859 4264 SbFsLock - ok
12:43:26.0859 4264 SBRE - ok
12:43:26.0875 4264 [ 86d007e7a654b9a71d1d7d856b104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:43:26.0875 4264 SCardSvr - ok
12:43:26.0906 4264 [ 0a9a7365a1ca4319aa7c1d6cd8e4eafa ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:43:26.0906 4264 Schedule - ok
12:43:26.0906 4264 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:43:26.0906 4264 Secdrv - ok
12:43:26.0937 4264 [ cbe612e2bb6a10e3563336191eda1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:43:26.0937 4264 seclogon - ok
12:43:26.0953 4264 [ 7fdd5d0684eca8c1f68b4d99d124dcd0 ] SENS C:\WINDOWS\system32\sens.dll
12:43:26.0953 4264 SENS - ok
12:43:26.0953 4264 [ 0f29512ccd6bead730039fb4bd2c85ce ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:43:26.0953 4264 serenum - ok
12:43:26.0968 4264 [ cca207a8896d4c6a0c9ce29a4ae411a7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:43:26.0968 4264 Serial - ok
12:43:27.0000 4264 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:43:27.0000 4264 Sfloppy - ok
12:43:27.0031 4264 [ 83f41d0d89645d7235c051ab1d9523ac ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:43:27.0031 4264 SharedAccess - ok
12:43:27.0046 4264 [ 99bc0b50f511924348be19c7c7313bbf ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:43:27.0046 4264 ShellHWDetection - ok
12:43:27.0046 4264 Simbad - ok
12:43:27.0046 4264 Sparrow - ok
12:43:27.0062 4264 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:43:27.0062 4264 splitter - ok
12:43:27.0078 4264 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:43:27.0078 4264 Spooler - ok
12:43:27.0078 4264 [ 76bb022c2fb6902fd5bdd4f78fc13a5d ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:43:27.0078 4264 sr - ok
12:43:27.0125 4264 [ 3805df0ac4296a34ba4bf93b346cc378 ] srservice C:\WINDOWS\system32\srsvc.dll
12:43:27.0125 4264 srservice - ok
12:43:27.0156 4264 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:43:27.0156 4264 Srv - ok
12:43:27.0171 4264 [ 0a5679b3714edab99e357057ee88fca6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:43:27.0171 4264 SSDPSRV - ok
12:43:27.0203 4264 [ a9573045baa16eab9b1085205b82f1ed ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
12:43:27.0203 4264 StillCam - ok
12:43:27.0234 4264 [ 8bad69cbac032d4bbacfce0306174c30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:43:27.0234 4264 stisvc - ok
12:43:27.0281 4264 [ b254b1434208f280edf3785613dcc41b ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
12:43:27.0281 4264 stllssvr - ok
12:43:27.0281 4264 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:43:27.0281 4264 swenum - ok
12:43:27.0296 4264 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:43:27.0296 4264 swmidi - ok
12:43:27.0296 4264 SwPrv - ok
12:43:27.0328 4264 [ 1ff3217614018630d0a6758630fc698c ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
12:43:27.0328 4264 symc810 - ok
12:43:27.0328 4264 [ 070e001d95cf725186ef8b20335f933c ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:43:27.0328 4264 symc8xx - ok
12:43:27.0328 4264 [ f2b7e8416f508368ac6730e2ae1c614f ] Symmpi C:\WINDOWS\system32\DRIVERS\symmpi.sys
12:43:27.0328 4264 Symmpi - ok
12:43:27.0328 4264 [ 80ac1c4abbe2df3b738bf15517a51f2c ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:43:27.0328 4264 sym_hi - ok
12:43:27.0328 4264 [ bf4fab949a382a8e105f46ebb4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:43:27.0328 4264 sym_u3 - ok
12:43:27.0343 4264 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:43:27.0343 4264 sysaudio - ok
12:43:27.0375 4264 [ c7abbc59b43274b1109df6b24d617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:43:27.0375 4264 SysmonLog - ok
12:43:27.0406 4264 [ 3cb78c17bb664637787c9a1c98f79c38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:43:27.0406 4264 TapiSrv - ok
12:43:27.0453 4264 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:43:27.0453 4264 Tcpip - ok
12:43:27.0468 4264 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:43:27.0484 4264 TDPIPE - ok
12:43:27.0500 4264 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:43:27.0500 4264 TDTCP - ok
12:43:27.0562 4264 [ 1a35e7079c650d9eb17b55e4ff4c0dcd ] TeamViewer5 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
12:43:27.0578 4264 TeamViewer5 - ok
12:43:27.0609 4264 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:43:27.0609 4264 TermDD - ok
12:43:27.0625 4264 [ ff3477c03be7201c294c35f684b3479f ] TermService C:\WINDOWS\System32\termsrv.dll
12:43:27.0625 4264 TermService - ok
12:43:27.0640 4264 [ 99bc0b50f511924348be19c7c7313bbf ] Themes C:\WINDOWS\System32\shsvcs.dll
12:43:27.0640 4264 Themes - ok
12:43:27.0656 4264 [ db7205804759ff62c34e3efd8a4cc76a ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:43:27.0656 4264 TlntSvr - ok
12:43:27.0656 4264 TosIde - ok
12:43:27.0687 4264 [ 55bca12f7f523d35ca3cb833c725f54e ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:43:27.0687 4264 TrkWks - ok
12:43:27.0718 4264 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:43:27.0718 4264 Udfs - ok
12:43:27.0718 4264 ultra - ok
12:43:27.0781 4264 [ d47e82866a6ff02dae9cedf127c4bee0 ] UNS C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
12:43:27.0812 4264 UNS - ok
12:43:27.0828 4264 [ 1ebafeb9a3fbdc41b8d9c7f0f687ad91 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:43:27.0828 4264 upnphost - ok
12:43:27.0843 4264 [ 05365fb38fca1e98f7a566aaaf5d1815 ] UPS C:\WINDOWS\System32\ups.exe
12:43:27.0843 4264 UPS - ok
12:43:27.0859 4264 [ d4fb6ecc60a428564ba8768b0e23c0fc ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
12:43:27.0875 4264 USBAAPL - ok
12:43:27.0890 4264 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:43:27.0890 4264 usbccgp - ok
12:43:27.0906 4264 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:43:27.0906 4264 usbehci - ok
12:43:27.0937 4264 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:43:27.0937 4264 usbhub - ok
12:43:27.0953 4264 [ a717c8721046828520c9edf31288fc00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:43:27.0953 4264 usbprint - ok
12:43:27.0968 4264 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:43:27.0968 4264 usbscan - ok
12:43:28.0000 4264 [ a32426d9b14a089eaa1d922e0c5801a9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:43:28.0000 4264 USBSTOR - ok
12:43:28.0015 4264 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:43:28.0015 4264 usbuhci - ok
12:43:28.0031 4264 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:43:28.0031 4264 VgaSave - ok
12:43:28.0046 4264 [ 3b3efcda263b8ac14fdf9cbdd0791b2e ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
12:43:28.0046 4264 ViaIde - ok
12:43:28.0062 4264 [ 4c8fcb5cc53aab716d810740fe59d025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:43:28.0062 4264 VolSnap - ok
12:43:28.0093 4264 [ 7a9db3a67c333bf0bd42e42b8596854b ] VSS C:\WINDOWS\System32\vssvc.exe
12:43:28.0093 4264 VSS - ok
12:43:28.0109 4264 [ 54af4b1d5459500ef0937f6d33b1914f ] W32Time C:\WINDOWS\system32\w32time.dll
12:43:28.0109 4264 W32Time - ok
12:43:28.0125 4264 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:43:28.0125 4264 Wanarp - ok
12:43:28.0156 4264 [ fd47474bd21794508af449d9d91af6e6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:43:28.0156 4264 Wdf01000 - ok
12:43:28.0156 4264 WDICA - ok
12:43:28.0171 4264 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:43:28.0171 4264 wdmaud - ok
12:43:28.0218 4264 [ 77a354e28153ad2d5e120a5a8687bc06 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:43:28.0218 4264 WebClient - ok
12:43:28.0250 4264 [ 2d0e4ed081963804ccc196a0929275b5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:43:28.0250 4264 winmgmt - ok
12:43:28.0312 4264 [ c51b4a5c05a5475708e3c81c7765b71d ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:43:28.0312 4264 WmdmPmSN - ok
12:43:28.0343 4264 [ e76f8807070ed04e7408a86d6d3a6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:43:28.0343 4264 Wmi - ok
12:43:28.0359 4264 [ c42584fd66ce9e17403aebca199f7bdb ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:43:28.0359 4264 WmiAcpi - ok
12:43:28.0390 4264 [ e0673f1106e62a68d2257e376079f821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:43:28.0390 4264 WmiApSrv - ok
12:43:28.0468 4264 [ f74e3d9a7fa9556c3bbb14d4e5e63d3b ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
12:43:28.0484 4264 WMPNetworkSvc - ok
12:43:28.0515 4264 [ 7c278e6408d1dce642230c0585a854d5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:43:28.0515 4264 wscsvc - ok
12:43:28.0531 4264 [ 35321fb577cdc98ce3eb3a3eb9e4610a ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:43:28.0531 4264 wuauserv - ok
12:43:28.0562 4264 [ f15feafffbb3644ccc80c5da584e6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:43:28.0562 4264 WudfPf - ok
12:43:28.0578 4264 [ 28b524262bce6de1f7ef9f510ba3985b ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:43:28.0578 4264 WudfRd - ok
12:43:28.0578 4264 [ 05231c04253c5bc30b26cbaae680ed89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:43:28.0593 4264 WudfSvc - ok
12:43:28.0609 4264 [ 81dc3f549f44b1c1fff022dec9ecf30b ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:43:28.0625 4264 WZCSVC - ok
12:43:28.0656 4264 [ 295d21f14c335b53cb8154e5b1f892b9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:43:28.0656 4264 xmlprov - ok
12:43:28.0656 4264 ================ Scan global ===============================
12:43:28.0687 4264 (42f1f4c0afb08410e5f02d4b13ebb623) C:\WINDOWS\system32\basesrv.dll
12:43:28.0718 4264 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
12:43:28.0718 4264 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
12:43:28.0734 4264 (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:43:28.0734 4264 [Global] - ok
12:43:28.0734 4264 ================ Scan MBR ==================================
12:43:28.0750 4264 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:43:29.0109 4264 \Device\Harddisk0\DR0 - ok
12:43:29.0109 4264 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
12:43:29.0156 4264 \Device\Harddisk1\DR1 - ok
12:43:29.0156 4264 ================ Scan VBR ==================================
12:43:29.0156 4264 Boot (0x1200) (d814d3e9c7a060c08a7a6bfc1023ecbb) \Device\Harddisk0\DR0\Partition1
12:43:29.0156 4264 \Device\Harddisk0\DR0\Partition1 - ok
12:43:29.0156 4264 ============================================================
12:43:29.0156 4264 Scan finished
12:43:29.0156 4264 ============================================================
12:43:29.0156 4260 Detected object count: 1
12:43:29.0156 4260 Actual detected object count: 1
12:43:39.0093 4260 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
12:43:39.0093 4260 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip
12:43:43.0015 5832 Deinitialize success


aswMBR log :

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-17 12:45:34
-----------------------------
12:45:34.578 OS Version: Windows 5.1.2600 Service Pack 3
12:45:34.578 Number of processors: 2 586 0x170A
12:45:34.578 ComputerName: ROVIDAPC3 UserName:
12:45:35.359 Initialize success
12:49:16.890 AVAST engine defs: 12081601
12:49:26.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:49:26.171 Disk 0 Vendor: SAMSUNG_ 1AC0 Size: 305245MB BusType: 3
12:49:26.171 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
12:49:26.171 Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 476940MB BusType: 3
12:49:26.187 Disk 0 MBR read successfully
12:49:26.187 Disk 0 MBR scan
12:49:26.296 Disk 0 Windows 7 default MBR code
12:49:26.312 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048
12:49:26.328 Disk 0 scanning sectors +625140400
12:49:26.421 Disk 0 scanning C:\WINDOWS\system32\drivers
12:49:37.640 Service scanning
12:49:49.390 Service MpKsl7fbab642 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E5D1D99F-2FA5-452E-A777-A7E22D350E46}\MpKsl7fbab642.sys **LOCKED** 32
12:49:54.281 Service SafeBoot C:\WINDOWS\System32\Drivers\SafeBoot.sys **LOCKED** 32
12:50:02.093 Modules scanning
12:50:06.406 Disk 0 trace - called modules:
12:50:06.421 ntkrnlpa.exe CLASSPNP.SYS disk.sys tsk53.tmp hal.dll iaStor.sys
12:50:06.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8f3030]
12:50:06.437 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> \Device\00000069[0x8a8b5340]
12:50:06.437 5 tsk53.tmp[b7f51620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a8f6028]
12:50:07.046 AVAST engine scan C:\WINDOWS
12:50:15.484 AVAST engine scan C:\WINDOWS\system32
12:52:50.765 AVAST engine scan C:\WINDOWS\system32\drivers
12:53:03.718 AVAST engine scan C:\Documents and Settings\Administrator
12:53:55.828 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
12:53:55.843 The log file has been saved successfully to "C:\aswMBR.txt"


MinitoolBox log : ( it looks incredibly short compared to Cooper1234 :( )

MiniToolBox by Farbar Version: 23-07-2012
Ran by Administrator (administrator) on 17-08-2012 at 12:57:11
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost




Look forward to your advice, many many thanks!


p/s i'll be away for 3 days hence may not response to this post until 21 aug 2012.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:15 AM

Posted 17 August 2012 - 04:56 AM

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

Rogue killer

right click on it and select run as administrator

Now,click on HOSTS FIX option on right side

A log should get generated after the fix ,post the log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

Edited by narenxp, 17 August 2012 - 04:56 AM.


#3 geekidiot

geekidiot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 21 August 2012 - 04:12 AM

Hi, thanks, here we are:

1. Eset Online Scanner

C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\57\7dd26a39-153e8b12 Java/Exploit.CVE-2012-1723.AY trojan cleaned by deleting - quarantined

2. Rogue Killer - can't run this it says :

"Unable to logon
Logon failure : unknown user name or bad password"

3. Mini Toolbox

iniToolBox by Farbar Version: 23-07-2012
Ran by Administrator (administrator) on 21-08-2012 at 17:01:08
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost



4. FSS

Farbar Service Scanner Version: 06-08-2012
Ran by Administrator (administrator) on 21-08-2012 at 17:03:20
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
fssfltr(10) Gpc(6) IPSec(4) mfetdik(9) NetBT(5) PSched(7) Tcpip(3)
0x0E0000000400000001000000020000000300000009000000080000000B00000006000000070000000A0000000D000000100000000F00000005000000
IpSec Tag value is correct.

**** End of log ****

5. adware cleaner

# AdwCleaner v1.801 - Logfile created 08/21/2012 at 17:03:46
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - ROVIDAPC3
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\avg@toolbar
Folder Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\boost_interprocess
File Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Uninstall.exe

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.79

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",

*************************

AdwCleaner[S1].txt - [2061 octets] - [21/08/2012 17:03:46]

########## EOF - C:\AdwCleaner[S1].txt - [2189 octets] ##########

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:15 AM

Posted 21 August 2012 - 06:36 AM

"Unable to logon
Logon failure : unknown user name or bad password"


Run it from safemode with networking

#5 geekidiot

geekidiot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 22 August 2012 - 01:02 AM

:( still can't run, it says " This service cannot be started in safe mode"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:15 AM

Posted 22 August 2012 - 04:12 AM

.

Edited by narenxp, 23 August 2012 - 12:12 AM.


#7 geekidiot

geekidiot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 22 August 2012 - 11:20 PM

when i typed in "takeown /a /f hosts", it says : "takeown is not recognized as an internal or external command, operable program or batch file"

Here's the mini Toolbox log anyway :

MiniToolBox by Farbar Version: 23-07-2012
Ran by Administrator (administrator) on 23-08-2012 at 12:17:50
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================



66.197.194.231 www.google-analytics.com.
66.197.194.231 ad-emea.doubleclick.net.
66.197.194.231 www.statcounter.com.
69.72.252.254 www.google-analytics.com.
69.72.252.254 ad-emea.doubleclick.net.
69.72.252.254 www.statcounter.com.

127.0.0.1 localhost


**** End of log ****

#8 geekidiot

geekidiot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 22 August 2012 - 11:34 PM

hmm, now I'm having some pop up ads on the left bottom corner (T_T)

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:15 AM

Posted 23 August 2012 - 12:11 AM

I'm sorry you had a XP system

Press Windows+R key and type

cmd and click ok

Now copy following commands(bolded ones)and press ENTER one by one

cd C:\windows\system32\drivers\etc
cacls hosts /p everyone:f

press Y
attrib -s -h -r hosts
notepad hosts

A notepad should pop up

Now scroll to the bottom and delete the fake entries

You can check here on default hosts entries for windows XP

http://support.microsoft.com/kb/972034

Now launch mini toolbox and checkmark hosts contents alone and post the new log

#10 geekidiot

geekidiot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 23 August 2012 - 03:04 AM

done :

MiniToolBox by Farbar Version: 23-07-2012
Ran by Administrator (administrator) on 23-08-2012 at 16:03:37
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================




127.0.0.1 localhost


**** End of log ****

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:15 AM

Posted 23 August 2012 - 05:41 AM

That looks good.Run minitoolbox again and post the new log

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#12 geekidiot

geekidiot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 23 August 2012 - 09:07 PM

here we are :

MiniToolBox by Farbar Version: 23-07-2012
Ran by Administrator (administrator) on 24-08-2012 at 10:04:49
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================



127.0.0.1 localhost


**** End of log ****


Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/24/2012 10:05:53 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.exe\shell found and deleted!


Performing miscellaneous checks.

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Update [Missing Service]

* ImapiService => "C:\WINDOWS\system32\imapihp.exe" [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/24/2012 10:06:18 AM
Execution time: 0 hours(s), 0 minute(s), and 25 seconds(s)

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:15 AM

Posted 23 August 2012 - 09:08 PM

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users