Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persistent Rootkit - multiple infenctions


  • Please log in to reply
6 replies to this topic

#1 darindw

darindw

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 03 May 2012 - 10:24 PM

Ok, i am at wits end here. Client brought computer in last week (From the look of things, they had already run an array of different apps in attempts to clean themselves - including combofix. I ran through my normal cleaning procedures until everything came back clean and returned computer. Later that day, they informed me of Google redirects and new antivirus warnings for quarantine. So, I took the computer back - sure enough - complete reinfection. ran rescue disks (avg and aviria, mbam, avast scan and avast boot scan, spurantispyware, etc..) - after initial cleaning, all clean - so, why do i think it is still infected? in double checking for rootkits - TDDSKiller, aswMBR, rkill will not run also still getting mbam blocks of ip address, now its 67.29.139.153 as opposed to the earlier 206.161.121.(1-4) - DDS will not finish; sops at what looks like 2/3 way through (waited additional 30-35 minutes to finish) and GMER log included though it doesn't say much - I appreciate the help!

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-03 14:37:48
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\CLAIRE~1\LOCALS~1\Temp\kwddapod.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----

What else can i do?

BC AdBot (Login to Remove)

 


#2 darindw

darindw
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 03 May 2012 - 11:05 PM

don't know if it will help, but did manage to pull some root repeal reports


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2012/05/03 22:36
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 00000034
Image Path: \Driver\00000034
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: 00000081
Image Path: \Driver\00000081
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: A3AB.sys
Image Path: C:\WINDOWS\system32\DRIVERS\A3AB.sys
Address: 0xB6BF2000 Size: 547744 File Visible: - Signed: -
Status: -

Name: Aavmker4.SYS
Image Path: C:\WINDOWS\System32\Drivers\Aavmker4.SYS
Address: 0xB0056000 Size: 45056 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xB7F79000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2154496 File Visible: - Signed: -
Status: -

Name: AegisP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Address: 0xAA575000 Size: 19296 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xAEB77000 Size: 138496 File Visible: - Signed: -
Status: -

Name: AGRSM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AGRSM.sys
Address: 0xB6A8A000 Size: 1163328 File Visible: - Signed: -
Status: -

Name: aswFsBlk.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswFsBlk.SYS
Address: 0xB7D63000 Size: 12160 File Visible: - Signed: -
Status: -

Name: aswMon2.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswMon2.SYS
Address: 0xA7ECF000 Size: 87168 File Visible: - Signed: -
Status: -

Name: aswRdr.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswRdr.SYS
Address: 0xB8488000 Size: 27136 File Visible: - Signed: -
Status: -

Name: aswSnx.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswSnx.SYS
Address: 0xAEA61000 Size: 630784 File Visible: - Signed: -
Status: -

Name: aswSP.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswSP.SYS
Address: 0xAEAFB000 Size: 329344 File Visible: - Signed: -
Status: -

Name: aswTdi.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswTdi.SYS
Address: 0xB0D60000 Size: 45312 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xB7F0B000 Size: 96512 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xB7F0B000 Size: 96512 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBD5B8000 Size: 290816 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xB876B000 Size: 3072 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xB85DE000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xB84B8000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xA9354000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xB8148000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xB80E8000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xB80D8000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xB7F23000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xB85AC000 Size: 5888 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xB0DD0000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_diskdump.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_diskdump.sys
Address: 0xAF224000 Size: 16384 File Visible: No Signed: -
Status: -

Name: dump_nvgts.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_nvgts.sys
Address: 0xA906C000 Size: 176128 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xAF208000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBD000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xB0ABC000 Size: 4096 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xB030F000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xB7EA8000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xB85D6000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xB7F49000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
Address: 0xB8400000 Size: 21120 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E5000 Size: 134400 File Visible: - Signed: -
Status: -

Name: hamachi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hamachi.sys
Address: 0xB8430000 Size: 19456 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB6BCA000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xB02DF000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xB8460000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xAF150000 Size: 10368 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA5684000 Size: 265728 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xB8318000 Size: 52480 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xB8138000 Size: 42112 File Visible: - Signed: -
Status: -

Name: ipfltdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Address: 0xA583B000 Size: 32896 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xAEBC1000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xAEC40000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xB80A8000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xB83E0000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xB85A8000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA5343000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB6BA7000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xB7E7F000 Size: 92928 File Visible: - Signed: -
Status: -

Name: lmimirr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\lmimirr.sys
Address: 0xB876A000 Size: 3200 File Visible: - Signed: -
Status: -

Name: LMIRfsDriver.sys
Image Path: C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
Address: 0xA73A4000 Size: 40960 File Visible: - Signed: -
Status: -

Name: mbam.sys
Image Path: C:\WINDOWS\system32\drivers\mbam.sys
Address: 0xB0339000 Size: 14336 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xB85E0000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xB8408000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xB8438000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xAF0F4000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xB80B8000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA7E52000 Size: 180608 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xB8478000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xB8198000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xB8570000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xB7DAB000 Size: 105472 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xB7DC5000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xB8554000 Size: 10496 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xAF144000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB62C5000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xB8288000 Size: 40960 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xB031F000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xAEB99000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xB8480000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xB7DF2000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2154496 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xB07DF000 Size: 2944 File Visible: - Signed: -
Status: -

Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBD012000 Size: 5922816 File Visible: - Signed: -
Status: -

Name: nv4_mini.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xB62F0000 Size: 7967712 File Visible: - Signed: -
Status: -

Name: NVENETFD.sys
Image Path: C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
Address: 0xB0CDA000 Size: 66688 File Visible: - Signed: -
Status: -

Name: nvgts.sys
Image Path: nvgts.sys
Address: 0xB7EE0000 Size: 176128 File Visible: - Signed: -
Status: -

Name: nvnetbus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
Address: 0xB83F8000 Size: 32768 File Visible: - Signed: -
Status: -

Name: NVNRM.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\NVNRM.SYS
Address: 0xB0CA7000 Size: 208896 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xB8330000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xB7F68000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xB8670000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xB8328000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2154496 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xAF821000 Size: 147456 File Visible: - Signed: -
Status: -

Name: processr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\processr.sys
Address: 0xB8308000 Size: 35840 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB62B4000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xB8420000 Size: 17792 File Visible: - Signed: -
Status: -

Name: RaInfo.sys
Image Path: C:\Program Files\LogMeIn\x86\RaInfo.sys
Address: 0xB8644000 Size: 6144 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xAF1C8000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xB8168000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xB8178000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xB8188000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xB8428000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2154496 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xAEB4C000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xB85E2000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xB6284000 Size: 196224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xB8158000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA6C2C000 Size: 49152 File Visible: No Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xAF845000 Size: 5206016 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Address: 0xB7EC8000 Size: 98304 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xB7E96000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA72F4000 Size: 357888 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xB866C000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB74F3000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xAEBE7000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xB8418000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xB81A8000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB6226000 Size: 384768 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xB8668000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xB83F0000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xB7503000 Size: 59520 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Address: 0xB83E8000 Size: 17152 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB6C78000 Size: 147456 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xB8380000 Size: 26368 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xB8468000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB62DC000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xB80C8000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xB81F8000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xA90D7000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA7DED000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1863680 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1863680 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xB85AA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2154496 File Visible: - Signed: -
Status: -

Name: ws2ifsl.sys
Image Path: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0xAF164000 Size: 12032 File Visible: - Signed: -
Status: -



ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2012/05/03 22:54
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Processes
-------------------
Path: System
PID: 4 Status: -

Path: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PID: 212 Status: -

Path: C:\WINDOWS\system32\spoolsv.exe
PID: 444 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 584 Status: -

Path: C:\WINDOWS\system32\alg.exe
PID: 648 Status: -

Path: C:\WINDOWS\system32\searchprotocolhost.exe
PID: 768 Status: -

Path: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PID: 788 Status: -

Path: C:\WINDOWS\system32\smss.exe
PID: 796 Status: -

Path: C:\Program Files\LSI SoftModem\agrsmsvc.exe
PID: 836 Status: -

Path: C:\WINDOWS\system32\csrss.exe
PID: 844 Status: -

Path: C:\WINDOWS\system32\winlogon.exe
PID: 868 Status: -

Path: C:\WINDOWS\system32\services.exe
PID: 912 Status: -

Path: C:\WINDOWS\system32\lsass.exe
PID: 924 Status: -

Path: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PID: 928 Status: -

Path: C:\WINDOWS\system32\nvsvc32.exe
PID: 1100 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1136 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1184 Status: -

Path: C:\WINDOWS\explorer.exe
PID: 1236 Status: -

Path: C:\WINDOWS\system32\inetsrv\inetinfo.exe
PID: 1272 Status: -

Path: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PID: 1328 Status: -

Path: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 1392 Status: -

Path: C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PID: 1416 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1536 Status: -

Path: C:\WINDOWS\system32\ctfmon.exe
PID: 1612 Status: -

Path: C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PID: 1652 Status: -

Path: C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PID: 1676 Status: -

Path: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 1696 Status: -

Path: C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PID: 1724 Status: -

Path: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PID: 1732 Status: -

Path: C:\Program Files\Cobian Backup 11\cbVSCService11.exe
PID: 1784 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1836 Status: -

Path: C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
PID: 1920 Status: -

Path: C:\WINDOWS\RTHDCPL.EXE
PID: 1960 Status: -

Path: C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
PID: 2080 Status: -

Path: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PID: 2176 Status: -

Path: C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PID: 2208 Status: -

Path: C:\USBStorage\USBDetector.exe
PID: 2336 Status: -

Path: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PID: 2356 Status: -

Path: C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PID: 2404 Status: -

Path: C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PID: 2552 Status: -

Path: C:\Program Files\Citrix\GoToMeeting\880\g2mstart.exe
PID: 2636 Status: -

Path: C:\Program Files\Citrix\GoToMeeting\880\g2mcomm.exe
PID: 2832 Status: -

Path: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PID: 2928 Status: -

Path: C:\Program Files\ACT\Act for Windows\Act.Outlook.Sync.exe
PID: 2968 Status: -

Path: C:\WINDOWS\system32\searchfilterhost.exe
PID: 3064 Status: -

Path: C:\WINDOWS\system32\rundll32.exe
PID: 3084 Status: -

Path: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PID: 3092 Status: -

Path: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PID: 3120 Status: -

Path: C:\Program Files\iPod\bin\iPodService.exe
PID: 3212 Status: -

Path: C:\Program Files\iTunes\iTunesHelper.exe
PID: 3240 Status: -

Path: C:\Program Files\Common Files\Java\Java Update\jusched.exe
PID: 3304 Status: -

Path: C:\WINDOWS\system32\snmp.exe
PID: 3384 Status: -

Path: C:\Program Files\Citrix\GoToMeeting\880\g2mlauncher.exe
PID: 3404 Status: -

Path: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PID: 3568 Status: -

Path: C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PID: 3648 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 3700 Status: -

Path: C:\Program Files\SUPERAntiSpyware\SASCore.exe
PID: 3724 Status: -

Path: C:\WINDOWS\system32\searchindexer.exe
PID: 4000 Status: -

Path: C:\Documents and Settings\Claire Murad\Desktop\RootRepeal.exe
PID: 4632 Status: -

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:24 PM

Posted 03 May 2012 - 11:37 PM

TDDSKiller, aswMBR, rkill will not run

Download

FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot click on repair

Run TDSSkiller and aswmbr ,post the logs

good luck

#4 darindw

darindw
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 04 May 2012 - 01:20 AM

That worked! it said there was one, repaired successfully on reboot - here is the aswMBR and TDDSKiller (reported no infection) reports


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-04 00:55:28
-----------------------------
00:55:28.781 OS Version: Windows 5.1.2600 Service Pack 3
00:55:28.781 Number of processors: 2 586 0x203
00:55:28.781 ComputerName: CLAIREMAG UserName:
00:58:35.062 Initialize success
00:58:49.687 AVAST engine defs: 12050301
01:05:49.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port0Path0Target0Lun0
01:05:49.843 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
01:05:49.875 Disk 0 MBR read successfully
01:05:49.875 Disk 0 MBR scan
01:05:49.875 Disk 0 Windows XP default MBR code
01:05:49.875 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305242 MB offset 63
01:05:49.875 Disk 0 scanning sectors +625142432
01:05:49.953 Disk 0 scanning C:\WINDOWS\system32\drivers
01:05:58.765 Service scanning
01:06:15.203 Modules scanning
01:06:20.218 Disk 0 trace - called modules:
01:06:20.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys
01:06:20.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8addc030]
01:06:20.234 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000067[0x8ad88920]
01:06:20.234 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port0Path0Target0Lun0[0x8ad88030]
01:06:21.265 AVAST engine scan C:\
01:17:24.593 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
01:17:24.609 The log file has been saved successfully to "E:\aswMBR.txt"

-------------------------------------------------------------------------------------------------------------------------

01:00:37.0203 4936 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
01:00:37.0890 4936 ============================================================
01:00:37.0890 4936 Current date / time: 2012/05/04 01:00:37.0890
01:00:37.0890 4936 SystemInfo:
01:00:37.0890 4936
01:00:37.0890 4936 OS Version: 5.1.2600 ServicePack: 3.0
01:00:37.0890 4936 Product type: Workstation
01:00:37.0890 4936 ComputerName: CLAIREMAG
01:00:37.0890 4936 UserName: Claire Murad
01:00:37.0890 4936 Windows directory: C:\WINDOWS
01:00:37.0890 4936 System windows directory: C:\WINDOWS
01:00:37.0890 4936 Processor architecture: Intel x86
01:00:37.0890 4936 Number of processors: 2
01:00:37.0890 4936 Page size: 0x1000
01:00:37.0890 4936 Boot type: Normal boot
01:00:37.0890 4936 ============================================================
01:00:52.0609 4936 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
01:00:52.0656 4936 Drive \Device\Harddisk1\DR3 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:00:52.0656 4936 Drive \Device\Harddisk2\DR4 - Size: 0x1F6400000 (7.85 Gb), SectorSize: 0x200, Cylinders: 0x400, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:00:52.0671 4936 ============================================================
01:00:52.0671 4936 \Device\Harddisk0\DR0:
01:00:52.0718 4936 MBR partitions:
01:00:52.0718 4936 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
01:00:52.0718 4936 \Device\Harddisk1\DR3:
01:00:52.0718 4936 MBR partitions:
01:00:52.0718 4936 \Device\Harddisk1\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAEA86702
01:00:52.0718 4936 \Device\Harddisk2\DR4:
01:00:52.0718 4936 MBR partitions:
01:00:52.0718 4936 \Device\Harddisk2\DR4\Partition0: MBR, Type 0x7, StartLBA 0x280, BlocksNum 0xFB1D80
01:00:52.0718 4936 ============================================================
01:00:52.0906 4936 C: <-> \Device\Harddisk0\DR0\Partition0
01:00:52.0937 4936 F: <-> \Device\Harddisk1\DR3\Partition0
01:00:52.0937 4936 ============================================================
01:00:52.0937 4936 Initialize success
01:00:52.0937 4936 ============================================================
01:00:55.0921 5792 ============================================================
01:00:55.0921 5792 Scan started
01:00:55.0921 5792 Mode: Manual;
01:00:55.0921 5792 ============================================================
01:00:58.0890 5792 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
01:00:58.0890 5792 !SASCORE - ok
01:01:04.0531 5792 a016mgmt - ok
01:01:09.0843 5792 A3AB (21af8e9c727c6d7643ad497268f55bf1) C:\WINDOWS\system32\DRIVERS\A3AB.sys
01:01:10.0359 5792 A3AB - ok
01:01:10.0687 5792 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
01:01:10.0812 5792 Aavmker4 - ok
01:01:10.0812 5792 Abiosdsk - ok
01:01:10.0812 5792 abp480n5 - ok
01:01:10.0828 5792 acedrv07 - ok
01:01:12.0468 5792 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:01:12.0531 5792 ACPI - ok
01:01:12.0718 5792 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
01:01:12.0734 5792 ACPIEC - ok
01:01:12.0734 5792 AcronisOSSReinstallSvc - ok
01:01:14.0796 5792 ACT! Scheduler (630d2c9d36dad22829c95c55d36ba5cc) C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe
01:01:15.0703 5792 ACT! Scheduler - ok
01:01:15.0703 5792 adihdaudaddservice - ok
01:01:15.0703 5792 adiusbaw - ok
01:01:18.0187 5792 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
01:01:18.0296 5792 AdobeFlashPlayerUpdateSvc - ok
01:01:18.0296 5792 adpu160m - ok
01:01:18.0312 5792 aeaudio - ok
01:01:19.0093 5792 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
01:01:19.0312 5792 aec - ok
01:01:19.0640 5792 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
01:01:19.0640 5792 AegisP - ok
01:01:20.0906 5792 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
01:01:21.0015 5792 AFD - ok
01:01:21.0015 5792 AFGSp50 - ok
01:01:21.0390 5792 AgereModemAudio (48091a2374a69f473273c44951195452) C:\Program Files\LSI SoftModem\agrsmsvc.exe
01:01:21.0390 5792 AgereModemAudio - ok
01:01:31.0781 5792 AgereSoftModem (c6fa08a8cca9001f3197525b07331715) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
01:01:32.0343 5792 AgereSoftModem - ok
01:01:32.0343 5792 agnfilt - ok
01:01:32.0359 5792 agrsrvce - ok
01:01:32.0359 5792 Aha154x - ok
01:01:32.0359 5792 aic78u2 - ok
01:01:32.0359 5792 aic78xx - ok
01:01:32.0734 5792 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
01:01:32.0734 5792 Alerter - ok
01:01:32.0734 5792 alertservice - ok
01:01:33.0109 5792 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
01:01:33.0109 5792 ALG - ok
01:01:33.0109 5792 AliIde - ok
01:01:33.0125 5792 Alpham2 - ok
01:01:33.0125 5792 AmeLanPc - ok
01:01:33.0125 5792 amsint - ok
01:01:33.0125 5792 Angel2 - ok
01:01:33.0125 5792 antivirscheduler - ok
01:01:33.0140 5792 Anydlc - ok
01:01:33.0140 5792 aolservice - ok
01:01:33.0140 5792 appdrv - ok
01:01:33.0140 5792 apphostsvc - ok
01:01:33.0812 5792 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:01:33.0859 5792 Apple Mobile Device - ok
01:01:35.0484 5792 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
01:01:35.0812 5792 AppMgmt - ok
01:01:35.0812 5792 AR5416 - ok
01:01:35.0812 5792 aracpi - ok
01:01:35.0812 5792 artourservice - ok
01:01:35.0828 5792 asc - ok
01:01:35.0828 5792 asc3350p - ok
01:01:35.0828 5792 asc3550 - ok
01:01:36.0968 5792 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
01:01:37.0718 5792 aspnet_state - ok
01:01:37.0734 5792 AsuhfivrO - ok
01:01:37.0734 5792 asuskbnt - ok
01:01:37.0750 5792 ASUSVRC - ok
01:01:37.0968 5792 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
01:01:37.0968 5792 aswFsBlk - ok
01:01:38.0875 5792 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
01:01:38.0875 5792 aswMon2 - ok
01:01:39.0234 5792 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
01:01:39.0234 5792 aswRdr - ok
01:01:44.0250 5792 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
01:01:44.0562 5792 aswSnx - ok
01:01:47.0000 5792 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
01:01:47.0015 5792 aswSP - ok
01:01:47.0515 5792 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
01:01:47.0515 5792 aswTdi - ok
01:01:47.0515 5792 aswupdsv - ok
01:01:47.0687 5792 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:01:47.0687 5792 AsyncMac - ok
01:01:48.0328 5792 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
01:01:48.0343 5792 atapi - ok
01:01:48.0343 5792 Atdisk - ok
01:01:48.0343 5792 AtiPcie - ok
01:01:48.0343 5792 ativraxx - ok
01:01:48.0609 5792 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:01:48.0609 5792 Atmarpc - ok
01:01:48.0609 5792 ATSWPDRV - ok
01:01:48.0906 5792 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
01:01:48.0906 5792 AudioSrv - ok
01:01:49.0015 5792 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
01:01:49.0015 5792 audstub - ok
01:01:49.0953 5792 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
01:01:49.0953 5792 avast! Antivirus - ok
01:01:49.0953 5792 AVCamUSB20 - ok
01:01:49.0968 5792 avg7rsxp - ok
01:01:49.0968 5792 avidstartup - ok
01:01:49.0968 5792 AVWLP_USB - ok
01:01:49.0968 5792 awlegacy - ok
01:01:49.0968 5792 awservice - ok
01:01:49.0984 5792 AX88772 - ok
01:01:49.0984 5792 AYDrvNT_ALYAC - ok
01:01:49.0984 5792 b57w2k - ok
01:01:49.0984 5792 backupexecalertserver - ok
01:01:49.0984 5792 backupexecnotificationserver - ok
01:01:50.0000 5792 bb-run - ok
01:01:50.0000 5792 bcm43xx - ok
01:01:50.0000 5792 BCMModem - ok
01:01:50.0000 5792 BCMWLNPF - ok
01:01:50.0000 5792 bcserver - ok
01:01:50.0015 5792 bc_prt_f - ok
01:01:50.0015 5792 bdfsdrv - ok
01:01:50.0140 5792 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
01:01:50.0203 5792 Beep - ok
01:01:50.0203 5792 belgium_id_card_service - ok
01:01:50.0203 5792 bgmainsvc - ok
01:01:50.0203 5792 bh611 - ok
01:01:52.0140 5792 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
01:01:52.0156 5792 BITS - ok
01:01:52.0187 5792 blueletscoaudio - ok
01:01:54.0437 5792 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
01:01:54.0828 5792 Bonjour Service - ok
01:01:54.0828 5792 bridge - ok
01:01:54.0828 5792 brmfrmps - ok
01:01:55.0375 5792 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
01:01:55.0437 5792 Browser - ok
01:01:55.0453 5792 bufserv - ok
01:01:55.0453 5792 caccprovsp - ok
01:01:55.0453 5792 CADlink - ok
01:01:55.0453 5792 caili - ok
01:01:55.0453 5792 caisafe - ok
01:01:55.0468 5792 camdrl - ok
01:01:57.0062 5792 catchme - ok
01:01:57.0234 5792 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
01:01:57.0250 5792 cbidf2k - ok
01:01:57.0781 5792 cbVSCService11 (58bf7714a312698108a96d0de2bb6825) C:\Program Files\Cobian Backup 11\cbVSCService11.exe
01:01:57.0781 5792 cbVSCService11 - ok
01:01:57.0796 5792 ccflic0 - ok
01:01:57.0796 5792 ccispwdsvc - ok
01:01:57.0796 5792 cd20xrnt - ok
01:01:58.0000 5792 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
01:01:58.0000 5792 Cdaudio - ok
01:01:58.0468 5792 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
01:01:58.0468 5792 Cdfs - ok
01:01:59.0062 5792 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:01:59.0062 5792 Cdrom - ok
01:01:59.0062 5792 cebdaldr - ok
01:01:59.0062 5792 ceepwrsvc - ok
01:01:59.0062 5792 Changer - ok
01:01:59.0078 5792 Cinemsup - ok
01:01:59.0187 5792 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
01:01:59.0250 5792 CiSvc - ok
01:01:59.0250 5792 citrixxteserver - ok
01:01:59.0250 5792 clientservice - ok
01:01:59.0500 5792 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
01:01:59.0718 5792 ClipSrv - ok
01:02:00.0390 5792 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:02:01.0546 5792 clr_optimization_v2.0.50727_32 - ok
01:02:02.0953 5792 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:02:04.0468 5792 clr_optimization_v4.0.30319_32 - ok
01:02:04.0484 5792 clsched - ok
01:02:04.0484 5792 CmdIde - ok
01:02:04.0484 5792 cmigameport - ok
01:02:04.0515 5792 compbatt - ok
01:02:04.0515 5792 COMSysApp - ok
01:02:04.0531 5792 Cpqarray - ok
01:02:04.0531 5792 crauto - ok
01:02:04.0921 5792 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
01:02:04.0968 5792 CryptSvc - ok
01:02:04.0984 5792 CTDevice_Srv - ok
01:02:05.0000 5792 CTEDSPFX.DLL - ok
01:02:05.0000 5792 ctljystk - ok
01:02:05.0000 5792 ctprxy2k - ok
01:02:05.0015 5792 CTSBLFX.DLL - ok
01:02:05.0015 5792 ctxcpusched - ok
01:02:05.0015 5792 cvslock - ok
01:02:05.0031 5792 cwcpsvc20 - ok
01:02:05.0031 5792 CX88AUD - ok
01:02:05.0031 5792 cygserver - ok
01:02:05.0046 5792 cypresslink - ok
01:02:05.0046 5792 dac2w2k - ok
01:02:05.0046 5792 dac960nt - ok
01:02:05.0062 5792 db2 - ok
01:02:05.0062 5792 dbmang - ok
01:02:05.0062 5792 DC21x4 - ok
01:02:05.0078 5792 DcFpoint - ok
01:02:07.0765 5792 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
01:02:07.0765 5792 DcomLaunch - ok
01:02:07.0765 5792 ddxgb - ok
01:02:07.0765 5792 DELTA - ok
01:02:07.0765 5792 DeviceScanner - ok
01:02:07.0781 5792 DevUpper - ok
01:02:08.0906 5792 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
01:02:09.0109 5792 Dhcp - ok
01:02:09.0109 5792 dimension4 - ok
01:02:09.0515 5792 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
01:02:09.0578 5792 Disk - ok
01:02:09.0578 5792 djsnetcn - ok
01:02:09.0578 5792 DKbFltr - ok
01:02:09.0578 5792 dlaudfam - ok
01:02:09.0593 5792 dmadmin - ok
01:02:13.0312 5792 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
01:02:13.0500 5792 dmboot - ok
01:02:13.0625 5792 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
01:02:13.0656 5792 dmio - ok
01:02:13.0687 5792 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
01:02:13.0687 5792 dmload - ok
01:02:13.0703 5792 dmprimer - ok
01:02:13.0843 5792 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
01:02:13.0875 5792 dmserver - ok
01:02:14.0093 5792 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
01:02:14.0093 5792 DMusic - ok
01:02:14.0312 5792 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
01:02:14.0359 5792 Dnscache - ok
01:02:15.0343 5792 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
01:02:15.0546 5792 Dot3svc - ok
01:02:15.0562 5792 dot4usb - ok
01:02:15.0562 5792 dpti2o - ok
01:02:15.0640 5792 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
01:02:15.0640 5792 drmkaud - ok
01:02:15.0656 5792 ds1 - ok
01:02:15.0656 5792 DSI_SiUSBXp_3_1 - ok
01:02:15.0656 5792 dsproct - ok
01:02:15.0656 5792 DVDRC - ok
01:02:15.0671 5792 dvd_2K - ok
01:02:15.0671 5792 dwusbdnt - ok
01:02:15.0671 5792 DXEC02 - ok
01:02:15.0984 5792 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
01:02:16.0062 5792 EapHost - ok
01:02:16.0062 5792 eeyeevnt - ok
01:02:16.0062 5792 egathdrv - ok
01:02:16.0078 5792 EhttpSrv - ok
01:02:16.0078 5792 ELmon - ok
01:02:16.0078 5792 elnkservice - ok
01:02:16.0078 5792 EMCFILT - ok
01:02:16.0078 5792 emproxy - ok
01:02:16.0093 5792 enodpl - ok
01:02:16.0093 5792 enxpsvc - ok
01:02:16.0093 5792 enxpsvr - ok
01:02:16.0093 5792 epson_pm_rpcv2_01 - ok
01:02:16.0109 5792 epstnt01 - ok
01:02:16.0281 5792 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
01:02:16.0312 5792 ERSvc - ok
01:02:16.0953 5792 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
01:02:17.0046 5792 Eventlog - ok
01:02:19.0171 5792 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
01:02:19.0250 5792 EventSystem - ok
01:02:19.0250 5792 Exportit - ok
01:02:19.0265 5792 fah@c:+fah+fah-service+fah502-console.exe - ok
01:02:20.0296 5792 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
01:02:20.0453 5792 Fastfat - ok
01:02:21.0171 5792 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:02:21.0281 5792 FastUserSwitchingCompatibility - ok
01:02:21.0281 5792 Fd16_700 - ok
01:02:21.0484 5792 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
01:02:21.0546 5792 Fdc - ok
01:02:21.0546 5792 fgdxbus - ok
01:02:22.0031 5792 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
01:02:22.0031 5792 Fips - ok
01:02:22.0031 5792 flashpnt - ok
01:02:22.0234 5792 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
01:02:22.0234 5792 Flpydisk - ok
01:02:23.0390 5792 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
01:02:23.0406 5792 FltMgr - ok
01:02:24.0046 5792 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
01:02:24.0187 5792 FontCache3.0.0.0 - ok
01:02:27.0781 5792 ForceWare Intelligent Application Manager (IAM) (b53d64a7ba4bc661b0baf6453f6fc743) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
01:02:27.0781 5792 ForceWare Intelligent Application Manager (IAM) - ok
01:02:27.0781 5792 Freedom - ok
01:02:27.0781 5792 fsaa - ok
01:02:27.0781 5792 fsks - ok
01:02:27.0921 5792 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:02:27.0937 5792 Fs_Rec - ok
01:02:28.0968 5792 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:02:29.0031 5792 Ftdisk - ok
01:02:29.0031 5792 G400DH - ok
01:02:29.0031 5792 gameenum - ok
01:02:29.0234 5792 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
01:02:29.0265 5792 GEARAspiWDM - ok
01:02:29.0265 5792 generichidservice - ok
01:02:29.0265 5792 ggsemc - ok
01:02:29.0281 5792 govsrv - ok
01:02:29.0656 5792 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:02:29.0656 5792 Gpc - ok
01:02:29.0671 5792 guardian2 - ok
01:02:30.0968 5792 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
01:02:30.0968 5792 gupdate - ok
01:02:30.0968 5792 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
01:02:30.0968 5792 gupdatem - ok
01:02:32.0046 5792 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
01:02:32.0296 5792 gusvc - ok
01:02:32.0296 5792 gv3 - ok
01:02:32.0515 5792 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
01:02:32.0515 5792 hamachi - ok
01:02:40.0781 5792 Hamachi2Svc (fa89c0429821c7c429eec7a0ce1c02d3) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
01:02:40.0796 5792 Hamachi2Svc - ok
01:02:44.0468 5792 Hardlock - ok
01:02:44.0468 5792 hcwPP2 - ok
01:02:45.0890 5792 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
01:02:45.0890 5792 HDAudBus - ok
01:02:46.0109 5792 helpsvc - ok
01:02:46.0312 5792 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
01:02:46.0375 5792 HidServ - ok
01:02:46.0375 5792 HIDSwvd - ok
01:02:46.0500 5792 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:02:46.0500 5792 hidusb - ok
01:02:47.0015 5792 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
01:02:47.0078 5792 hkmsvc - ok
01:02:47.0078 5792 houdinilicenseserver - ok
01:02:47.0078 5792 hpn - ok
01:02:47.0078 5792 hpqcxs08 - ok
01:02:47.0093 5792 hsfhwbs2 - ok
01:02:47.0093 5792 hsf_dp - ok
01:02:47.0093 5792 hsvcmod - ok
01:02:47.0296 5792 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
01:02:47.0296 5792 HTCAND32 - ok
01:02:47.0531 5792 htcnprot (04e3b3554076b8192a668efe88a682a1) C:\WINDOWS\system32\DRIVERS\htcnprot.sys
01:02:47.0531 5792 htcnprot - ok
01:02:49.0031 5792 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
01:02:49.0218 5792 HTTP - ok
01:02:49.0375 5792 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
01:02:49.0406 5792 HTTPFilter - ok
01:02:49.0406 5792 i2omgmt - ok
01:02:49.0406 5792 i2omp - ok
01:02:49.0812 5792 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:02:49.0812 5792 i8042prt - ok
01:02:49.0812 5792 iaimfp0 - ok
01:02:49.0812 5792 iastor - ok
01:02:49.0828 5792 IBMTPCHK - ok
01:02:49.0828 5792 ICM10USB - ok
01:02:49.0828 5792 icraplus - ok
01:02:52.0109 5792 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:02:52.0515 5792 idsvc - ok
01:02:52.0515 5792 iftpsvc - ok
01:02:52.0718 5792 IISADMIN (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe
01:02:52.0750 5792 IISADMIN - ok
01:02:53.0671 5792 IJPLMSVC (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
01:02:53.0671 5792 IJPLMSVC - ok
01:02:53.0671 5792 imagesrv - ok
01:02:53.0718 5792 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
01:02:53.0718 5792 Imapi - ok
01:02:53.0921 5792 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
01:02:53.0968 5792 ImapiService - ok
01:02:53.0984 5792 imaservice - ok
01:02:53.0984 5792 ini910u - ok
01:02:58.0500 5792 IntcAzAudAddService (14b48553be78472d2bd3a518658a1710) C:\WINDOWS\system32\drivers\RtkHDAud.sys
01:02:58.0531 5792 IntcAzAudAddService - ok
01:02:58.0859 5792 IntelIde - ok
01:02:58.0875 5792 InterBaseGuardian - ok
01:02:58.0875 5792 iomdisk - ok
01:02:58.0953 5792 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
01:02:58.0953 5792 Ip6Fw - ok
01:02:59.0046 5792 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:02:59.0046 5792 IpFilterDriver - ok
01:02:59.0109 5792 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:02:59.0109 5792 IpInIp - ok
01:02:59.0937 5792 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:02:59.0984 5792 IpNat - ok
01:03:01.0078 5792 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
01:03:01.0281 5792 iPod Service - ok
01:03:01.0546 5792 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:03:01.0593 5792 IPSec - ok
01:03:01.0656 5792 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
01:03:01.0656 5792 IRENUM - ok
01:03:01.0781 5792 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:03:01.0781 5792 isapnp - ok
01:03:01.0796 5792 isdrv122 - ok
01:03:01.0796 5792 itmrtsvc - ok
01:03:01.0796 5792 iviVD - ok
01:03:01.0812 5792 ivtgvli - ok
01:03:01.0812 5792 jaguar - ok
01:03:02.0140 5792 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
01:03:02.0140 5792 JavaQuickStarterService - ok
01:03:02.0140 5792 JGOGO - ok
01:03:02.0156 5792 JiaoCap - ok
01:03:02.0156 5792 jtagserver - ok
01:03:02.0156 5792 k56 - ok
01:03:02.0234 5792 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:03:02.0234 5792 Kbdclass - ok
01:03:02.0343 5792 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
01:03:02.0343 5792 kbdhid - ok
01:03:02.0359 5792 keriomailserver - ok
01:03:02.0359 5792 KLOGNT - ok
01:03:02.0531 5792 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
01:03:02.0531 5792 kmixer - ok
01:03:02.0671 5792 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
01:03:02.0671 5792 KSecDD - ok
01:03:02.0671 5792 Ktp - ok
01:03:02.0828 5792 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
01:03:02.0828 5792 lanmanserver - ok
01:03:03.0140 5792 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
01:03:03.0156 5792 lanmanworkstation - ok
01:03:03.0156 5792 lbrtfdc - ok
01:03:03.0250 5792 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
01:03:03.0250 5792 LmHosts - ok
01:03:03.0515 5792 LMIGuardianSvc (2375e7e01635fbccde2f796a9e078e07) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
01:03:03.0515 5792 LMIGuardianSvc - ok
01:03:03.0531 5792 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
01:03:03.0531 5792 LMIInfo - ok
01:03:03.0546 5792 LMIMaint (b9c127273eaba403311854a8dcb6d0aa) C:\Program Files\LogMeIn\x86\RaMaint.exe
01:03:03.0546 5792 LMIMaint - ok
01:03:03.0625 5792 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
01:03:03.0625 5792 lmimirr - ok
01:03:03.0625 5792 LMIRfsClientNP - ok
01:03:03.0718 5792 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
01:03:03.0718 5792 LMIRfsDriver - ok
01:03:03.0734 5792 LMS - ok
01:03:04.0593 5792 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
01:03:04.0593 5792 LogMeIn - ok
01:03:04.0609 5792 lpds - ok
01:03:04.0609 5792 LUsbKbd - ok
01:03:04.0609 5792 LVPrcMon - ok
01:03:04.0609 5792 lvprcsrv - ok
01:03:04.0625 5792 LVRS - ok
01:03:04.0625 5792 lvusbsta - ok
01:03:04.0625 5792 LXARScan - ok
01:03:04.0625 5792 lxbt_device - ok
01:03:04.0640 5792 lxrsii1s - ok
01:03:04.0640 5792 lyncusbserv - ok
01:03:04.0640 5792 MA8032C - ok
01:03:04.0640 5792 mafwboot - ok
01:03:04.0640 5792 MaRdPnp - ok
01:03:04.0656 5792 marvinbus - ok
01:03:04.0656 5792 MaxtorFrontPanel1 - ok
01:03:04.0656 5792 maya70docserver - ok
01:03:04.0750 5792 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
01:03:04.0750 5792 MBAMProtector - ok
01:03:05.0562 5792 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
01:03:05.0562 5792 MBAMService - ok
01:03:05.0562 5792 mbmiodrvr - ok
01:03:05.0562 5792 mcdbus - ok
01:03:05.0578 5792 mcdetect.exe - ok
01:03:05.0578 5792 mclserviceatl - ok
01:03:05.0578 5792 mcp - ok
01:03:05.0578 5792 mcupdmgr.exe - ok
01:03:05.0578 5792 mcusrmgr - ok
01:03:05.0593 5792 mcvsrte - ok
01:03:05.0593 5792 merakpop3 - ok
01:03:05.0593 5792 meraksmtp - ok
01:03:05.0671 5792 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
01:03:05.0687 5792 Messenger - ok
01:03:05.0687 5792 mfehidk - ok
01:03:05.0687 5792 mhn - ok
01:03:05.0984 5792 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
01:03:06.0000 5792 Microsoft Office Groove Audit Service - ok
01:03:06.0000 5792 mksupdateint - ok
01:03:06.0000 5792 mlkkbdntdriver - ok
01:03:06.0093 5792 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
01:03:06.0093 5792 mnmdd - ok
01:03:06.0218 5792 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
01:03:06.0218 5792 mnmsrvc - ok
01:03:06.0218 5792 MobilePreInstallerService - ok
01:03:06.0359 5792 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
01:03:06.0359 5792 Modem - ok
01:03:06.0359 5792 modemcsa - ok
01:03:06.0359 5792 monfilt - ok
01:03:06.0437 5792 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:03:06.0437 5792 Mouclass - ok
01:03:06.0500 5792 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:03:06.0500 5792 mouhid - ok
01:03:06.0593 5792 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
01:03:06.0609 5792 MountMgr - ok
01:03:06.0609 5792 MpFilter - ok
01:03:06.0609 5792 mraid35x - ok
01:03:06.0609 5792 MREMP50a64 - ok
01:03:06.0625 5792 MRENDIS5 - ok
01:03:06.0765 5792 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:03:06.0765 5792 MRxDAV - ok
01:03:06.0781 5792 MRxSmb - ok
01:03:06.0890 5792 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
01:03:06.0890 5792 MSDTC - ok
01:03:07.0109 5792 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
01:03:07.0109 5792 Msfs - ok
01:03:07.0109 5792 MSIServer - ok
01:03:07.0125 5792 msi_wlan_service - ok
01:03:07.0234 5792 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:03:07.0234 5792 MSKSSRV - ok
01:03:07.0296 5792 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:03:07.0296 5792 MSPCLOCK - ok
01:03:07.0312 5792 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
01:03:07.0312 5792 MSPQM - ok
01:03:07.0390 5792 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:03:07.0390 5792 mssmbios - ok
01:03:07.0593 5792 MSSQL$ACT7 - ok
01:03:07.0593 5792 MSSQL$AUTODESKVAULT - ok
01:03:07.0593 5792 MSSQL$MSSMLBIZ - ok
01:03:07.0984 5792 MSSQLServerADHelper100 (8e8e74c953eb0c4f8828d99d6f27fd6f) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
01:03:07.0984 5792 MSSQLServerADHelper100 - ok
01:03:07.0984 5792 MSTAPE - ok
01:03:08.0000 5792 MSW_USB - ok
01:03:08.0187 5792 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
01:03:08.0187 5792 Mup - ok
01:03:08.0187 5792 mwspollserver - ok
01:03:08.0203 5792 mwssched - ok
01:03:08.0203 5792 mwstick - ok
01:03:08.0203 5792 mysql - ok
01:03:08.0921 5792 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
01:03:09.0015 5792 napagent - ok
01:03:09.0015 5792 navapel - ok
01:03:09.0031 5792 nbf - ok
01:03:09.0750 5792 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
01:03:09.0750 5792 NDIS - ok
01:03:09.0843 5792 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:03:09.0859 5792 NdisTapi - ok
01:03:09.0984 5792 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:03:09.0984 5792 Ndisuio - ok
01:03:10.0062 5792 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:03:10.0078 5792 NdisWan - ok
01:03:10.0218 5792 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
01:03:10.0218 5792 NDProxy - ok
01:03:10.0218 5792 neokdss - ok
01:03:10.0359 5792 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
01:03:10.0359 5792 NetBIOS - ok
01:03:10.0968 5792 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
01:03:10.0968 5792 NetBT - ok
01:03:11.0156 5792 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
01:03:11.0218 5792 NetDDE - ok
01:03:11.0218 5792 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
01:03:11.0218 5792 NetDDEdsdm - ok
01:03:11.0312 5792 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:03:11.0312 5792 Netlogon - ok
01:03:11.0734 5792 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
01:03:11.0734 5792 Netman - ok
01:03:11.0734 5792 netmdsb - ok
01:03:12.0078 5792 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
01:03:12.0250 5792 NetTcpPortSharing - ok
01:03:12.0250 5792 netw4x32 - ok
01:03:12.0281 5792 NETw5x32 - ok
01:03:12.0281 5792 netwg311 - ok
01:03:12.0296 5792 nHancer - ok
01:03:12.0296 5792 nicconfigsvc - ok
01:03:12.0296 5792 NICSer_WPC54G - ok
01:03:12.0296 5792 nim32 - ok
01:03:12.0312 5792 nimcdfxk - ok
01:03:12.0312 5792 nipsvc - ok
01:03:12.0937 5792 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
01:03:12.0937 5792 Nla - ok
01:03:12.0937 5792 nmindexingservice - ok
01:03:12.0937 5792 nmwcdcm - ok
01:03:12.0937 5792 nnsvc - ok
01:03:12.0953 5792 NPDriver - ok
01:03:12.0953 5792 npfmntor - ok
01:03:13.0031 5792 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
01:03:13.0031 5792 Npfs - ok
01:03:13.0718 5792 nSvcIp (168437a522d178df6a372f09782b084f) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
01:03:13.0718 5792 nSvcIp - ok
01:03:14.0203 5792 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
01:03:14.0296 5792 Ntfs - ok
01:03:14.0421 5792 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:03:14.0421 5792 NtLmSsp - ok
01:03:15.0109 5792 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
01:03:15.0734 5792 NtmsSvc - ok
01:03:15.0734 5792 NtMtlFax - ok
01:03:15.0734 5792 ntsecure - ok
01:03:15.0734 5792 ntuneservice - ok
01:03:15.0812 5792 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
01:03:15.0812 5792 Null - ok
01:03:30.0890 5792 nv (da8c5723ad3a73f57ffd4dd64aba2c77) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
01:03:33.0453 5792 nv - ok
01:03:34.0625 5792 nvedavt - ok
01:03:35.0031 5792 NVENETFD (a12ec731bb00adad2d016d41c1f18fa4) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
01:03:35.0031 5792 NVENETFD - ok
01:03:35.0265 5792 nvgts (619d8943725402d1179941fd58574cc8) C:\WINDOWS\system32\DRIVERS\nvgts.sys
01:03:35.0265 5792 nvgts - ok
01:03:35.0265 5792 NvNdis - ok
01:03:35.0312 5792 nvnetbus (5dc6a149897820de315916b6ec984ec9) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
01:03:35.0312 5792 nvnetbus - ok
01:03:35.0890 5792 nvsvc (ed0a578227b9fb97ad3babc7fa6cd756) C:\WINDOWS\system32\nvsvc32.exe
01:03:35.0968 5792 nvsvc - ok
01:03:35.0968 5792 NWDNS - ok
01:03:36.0156 5792 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:03:36.0171 5792 NwlnkFlt - ok
01:03:36.0203 5792 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:03:36.0234 5792 NwlnkFwd - ok
01:03:36.0234 5792 NWSLP - ok
01:03:36.0234 5792 NxSysMon - ok
01:03:36.0875 5792 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:03:36.0890 5792 odserv - ok
01:03:36.0890 5792 omniserv - ok
01:03:36.0906 5792 omniusb - ok
01:03:36.0906 5792 oracle%oracle_home_service%clientcache80 - ok
01:03:36.0921 5792 oracleorahome92pagingserver - ok
01:03:36.0921 5792 oracleorahomeclientcache - ok
01:03:36.0921 5792 oracle_load_balancer_60_client-forms6i - ok
01:03:36.0937 5792 osanbm - ok
01:03:37.0437 5792 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:03:37.0703 5792 ose - ok
01:03:37.0703 5792 ossrv - ok
01:03:37.0718 5792 OVT511Plus - ok
01:03:37.0718 5792 p1110vid - ok
01:03:37.0718 5792 p2k - ok
01:03:37.0734 5792 p2pgasvc - ok
01:03:38.0156 5792 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
01:03:38.0421 5792 Parport - ok
01:03:38.0468 5792 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
01:03:38.0468 5792 PartMgr - ok
01:03:38.0640 5792 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
01:03:38.0640 5792 ParVdm - ok
01:03:39.0437 5792 PassThru Service (5fbcc9eeefaca3019d5bd5979618f298) C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
01:03:39.0437 5792 PassThru Service - ok
01:03:39.0453 5792 pavsrv - ok
01:03:39.0453 5792 pcctlcom - ok
01:03:39.0453 5792 PCDRSRVC - ok
01:03:39.0843 5792 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
01:03:39.0843 5792 PCI - ok
01:03:39.0843 5792 PCIDump - ok
01:03:40.0125 5792 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
01:03:40.0125 5792 PCIIde - ok
01:03:40.0125 5792 PCISys - ok
01:03:40.0796 5792 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
01:03:40.0843 5792 Pcmcia - ok
01:03:40.0843 5792 pctoolsfirewallplus - ok
01:03:40.0843 5792 PDCOMP - ok
01:03:40.0843 5792 PDExchange - ok
01:03:40.0859 5792 PDFRAME - ok
01:03:40.0859 5792 pdlnemsg - ok
01:03:40.0859 5792 pdlnsx25 - ok
01:03:40.0859 5792 PDRELI - ok
01:03:40.0875 5792 PDRFRAME - ok
01:03:40.0875 5792 pelusblf - ok
01:03:40.0875 5792 perc2 - ok
01:03:40.0875 5792 perc2hib - ok
01:03:40.0921 5792 PEVSystemStart - ok
01:03:40.0921 5792 pgpsdkservice - ok
01:03:40.0937 5792 pgsql-8.0 - ok
01:03:40.0937 5792 PhilCam8116_XP - ok
01:03:40.0937 5792 phnxvcdservice - ok
01:03:40.0937 5792 pimsgss - ok
01:03:41.0343 5792 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
01:03:41.0343 5792 PlugPlay - ok
01:03:41.0359 5792 pmj151la - ok
01:03:41.0437 5792 Pnp680r - ok
01:03:41.0531 5792 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:03:41.0531 5792 PolicyAgent - ok
01:03:41.0531 5792 portio - ok
01:03:41.0968 5792 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:03:41.0968 5792 PptpMiniport - ok
01:03:42.0031 5792 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
01:03:42.0031 5792 Processor - ok
01:03:42.0031 5792 procexp100 - ok
01:03:42.0031 5792 procexp90 - ok
01:03:42.0031 5792 ProcObsrv - ok
01:03:42.0046 5792 prodrv06 - ok
01:03:42.0046 5792 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:03:42.0046 5792 ProtectedStorage - ok
01:03:42.0062 5792 protectionservice - ok
01:03:42.0062 5792 proxyhostdriver - ok
01:03:42.0062 5792 proxyhostmirrordisplay - ok
01:03:42.0078 5792 proxyserverservice - ok
01:03:42.0140 5792 psasrv - ok
01:03:42.0296 5792 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
01:03:42.0296 5792 PSched - ok
01:03:42.0296 5792 pshost - ok
01:03:43.0093 5792 PSI_SVC_2 (e0d0cb09aa07b22be984e4f7ec0326f5) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
01:03:43.0093 5792 PSI_SVC_2 - ok
01:03:43.0093 5792 ptbsync - ok
01:03:43.0218 5792 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:03:43.0218 5792 Ptilink - ok
01:03:43.0218 5792 ptserial - ok
01:03:43.0234 5792 Ptserlp - ok
01:03:43.0234 5792 purgeieservice - ok
01:03:43.0234 5792 pxfhmdfl - ok
01:03:43.0234 5792 ql1080 - ok
01:03:43.0250 5792 Ql10wnt - ok
01:03:43.0250 5792 ql12160 - ok
01:03:43.0250 5792 ql1240 - ok
01:03:43.0250 5792 ql1280 - ok
01:03:43.0265 5792 QPCapSvc - ok
01:03:43.0265 5792 QWAVEDRV - ok
01:03:43.0312 5792 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:03:43.0312 5792 RasAcd - ok
01:03:43.0375 5792 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
01:03:43.0406 5792 RasAuto - ok
01:03:43.0718 5792 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:03:43.0718 5792 Rasl2tp - ok
01:03:44.0796 5792 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
01:03:44.0812 5792 RasMan - ok
01:03:44.0968 5792 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:03:44.0984 5792 RasPppoe - ok
01:03:45.0156 5792 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
01:03:45.0203 5792 Raspti - ok
01:03:45.0218 5792 rchost - ok
01:03:46.0078 5792 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:03:46.0078 5792 Rdbss - ok
01:03:46.0093 5792 rdnaoflsvc - ok
01:03:46.0156 5792 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:03:46.0156 5792 RDPCDD - ok
01:03:47.0156 5792 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:03:47.0203 5792 rdpdr - ok
01:03:47.0828 5792 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
01:03:47.0875 5792 RDPWD - ok
01:03:48.0937 5792 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
01:03:49.0265 5792 RDSessMgr - ok
01:03:49.0421 5792 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
01:03:49.0437 5792 redbook - ok
01:03:49.0984 5792 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
01:03:50.0046 5792 RemoteAccess - ok
01:03:50.0687 5792 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
01:03:50.0765 5792 RemoteRegistry - ok
01:03:50.0765 5792 revudfservice - ok
01:03:50.0781 5792 rimvserport - ok
01:03:50.0781 5792 RMCAST - ok
01:03:50.0781 5792 ROB_V - ok
01:03:50.0781 5792 rollbackclientservice - ok
01:03:50.0796 5792 roxupnprenderer - ok
01:03:51.0421 5792 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
01:03:51.0609 5792 RpcLocator - ok
01:03:54.0359 5792 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
01:03:54.0875 5792 RpcSs - ok
01:03:55.0203 5792 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\WINDOWS\system32\DRIVERS\RsFx0150.sys
01:03:55.0359 5792 RsFx0150 - ok
01:03:55.0843 5792 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
01:03:55.0953 5792 RSVP - ok
01:03:55.0968 5792 RT25USBAP - ok
01:03:55.0968 5792 rt2870 - ok
01:03:55.0968 5792 RTHDMIAzAudService - ok
01:03:55.0968 5792 RTLE8023xp - ok
01:03:55.0968 5792 rtport - ok
01:03:55.0984 5792 rvscc - ok
01:03:55.0984 5792 s116mdfl - ok
01:03:55.0984 5792 s125bus - ok
01:03:55.0984 5792 s125mdfl - ok
01:03:56.0000 5792 s125mgmt - ok
01:03:56.0000 5792 s616mdm - ok
01:03:56.0000 5792 sagefserver - ok
01:03:56.0125 5792 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:03:56.0125 5792 SamSs - ok
01:03:56.0140 5792 savrt - ok
01:03:56.0140 5792 sbiesvc - ok
01:03:56.0140 5792 sbservice - ok
01:03:56.0593 5792 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
01:03:56.0703 5792 SCardSvr - ok
01:03:56.0703 5792 ScFBPNT2 - ok
01:03:57.0796 5792 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
01:03:57.0906 5792 Schedule - ok
01:03:57.0906 5792 schscnt - ok
01:03:57.0921 5792 SE26bus - ok
01:03:57.0921 5792 SE27obex - ok
01:03:57.0921 5792 SE2Cbus - ok
01:03:57.0921 5792 se2Cnd5 - ok
01:03:57.0937 5792 SE2Emgmt - ok
01:03:57.0937 5792 se45mdfl - ok
01:03:57.0968 5792 se45nd5 - ok
01:03:57.0968 5792 se58nd5 - ok
01:03:57.0968 5792 se59mdfl - ok
01:03:58.0125 5792 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:03:58.0156 5792 Secdrv - ok
01:03:58.0296 5792 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
01:03:58.0390 5792 seclogon - ok
01:03:58.0390 5792 SecureStorageService - ok
01:03:58.0625 5792 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll
01:03:58.0687 5792 SENS - ok
01:03:58.0984 5792 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
01:03:58.0984 5792 Serial - ok
01:03:58.0984 5792 serialkeys - ok
01:03:59.0015 5792 SetupNT - ok
01:03:59.0015 5792 SetupSys - ok
01:03:59.0015 5792 sffp_sd - ok
01:03:59.0218 5792 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
01:03:59.0218 5792 Sfloppy - ok
01:03:59.0218 5792 sfusvc - ok
01:03:59.0656 5792 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
01:03:59.0796 5792 SharedAccess - ok
01:03:59.0812 5792 shdserv - ok
01:04:00.0109 5792 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:04:00.0125 5792 ShellHWDetection - ok
01:04:00.0125 5792 Si3114r5 - ok
01:04:00.0125 5792 Simbad - ok
01:04:00.0125 5792 sisidex - ok
01:04:00.0125 5792 sisnic - ok
01:04:00.0140 5792 SiSRaid - ok
01:04:00.0140 5792 slservice - ok
01:04:00.0140 5792 smbios - ok
01:04:00.0156 5792 smstsmgr - ok
01:04:00.0328 5792 SMTPSVC (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe
01:04:00.0328 5792 SMTPSVC - ok
01:04:00.0343 5792 SNC - ok
01:04:00.0718 5792 SNMP (60c377be6b3cc83f6a8584934b181d2e) C:\WINDOWS\System32\snmp.exe
01:04:00.0734 5792 SNMP - ok
01:04:00.0796 5792 SNMPTRAP (80a050795a107a76c2b1cd4cfbe010e6) C:\WINDOWS\System32\snmptrap.exe
01:04:00.0812 5792 SNMPTRAP - ok
01:04:00.0812 5792 SNP2UVC - ok
01:04:00.0828 5792 Sparrow - ok
01:04:00.0828 5792 spkrmon - ok
01:04:01.0093 5792 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
01:04:01.0093 5792 splitter - ok
01:04:01.0109 5792 spmgr - ok
01:04:01.0343 5792 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
01:04:01.0390 5792 Spooler - ok
01:04:01.0390 5792 spsslm - ok
01:04:02.0453 5792 SQLAgent$ACT7 (37761f6be2ebaed72cc0d43bd4c8c2a6) C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE
01:04:02.0578 5792 SQLAgent$ACT7 - ok
01:04:02.0593 5792 sqlagent$sony_mediamgr - ok
01:04:03.0234 5792 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
01:04:03.0343 5792 SQLBrowser - ok
01:04:03.0687 5792 SQLWriter (8e6e5cfa06769a417b03fd6faa29e010) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
01:04:03.0718 5792 SQLWriter - ok
01:04:03.0937 5792 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
01:04:03.0937 5792 sr - ok
01:04:04.0250 5792 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
01:04:04.0250 5792 srservice - ok
01:04:04.0781 5792 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
01:04:04.0843 5792 Srv - ok
01:04:04.0859 5792 sscdbus - ok
01:04:05.0000 5792 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
01:04:05.0000 5792 SSDPSRV - ok
01:04:05.0015 5792 ssoftservice - ok
01:04:05.0015 5792 starwindservice - ok
01:04:05.0015 5792 statusagent - ok
01:04:05.0031 5792 stcagent - ok
01:04:05.0031 5792 StickyMesger - ok
01:04:05.0640 5792 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
01:04:05.0828 5792 stisvc - ok
01:04:05.0828 5792 streamloadservice - ok
01:04:05.0828 5792 Sunkfiltp - ok
01:04:05.0890 5792 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
01:04:05.0890 5792 swenum - ok
01:04:06.0125 5792 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
01:04:06.0125 5792 swmidi - ok
01:04:06.0140 5792 SWMX00 - ok
01:04:06.0140 5792 SwPrv - ok
01:04:06.0140 5792 swupdtmr - ok
01:04:06.0140 5792 symantecantibotwatcher - ok
01:04:06.0156 5792 symc810 - ok
01:04:06.0156 5792 symc8xx - ok
01:04:06.0156 5792 symids - ok
01:04:06.0156 5792 symidsco - ok
01:04:06.0171 5792 symmpi - ok
01:04:06.0171 5792 symtdi - ok
01:04:06.0171 5792 sym_hi - ok
01:04:06.0187 5792 sym_u3 - ok
01:04:06.0343 5792 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
01:04:06.0343 5792 sysaudio - ok
01:04:06.0359 5792 sysdown - ok
01:04:06.0593 5792 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
01:04:06.0640 5792 SysmonLog - ok
01:04:06.0640 5792 sysplant - ok
01:04:06.0656 5792 szserver - ok
01:04:06.0656 5792 T6963C - ok
01:04:06.0656 5792 tapeware - ok
01:04:07.0203 5792 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
01:04:07.0203 5792 TapiSrv - ok
01:04:07.0953 5792 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:04:08.0000 5792 Tcpip - ok
01:04:08.0000 5792 TCtrlIO - ok
01:04:08.0156 5792 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
01:04:08.0156 5792 TDPIPE - ok
01:04:08.0250 5792 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
01:04:08.0250 5792 TDTCP - ok
01:04:08.0250 5792 teefer - ok
01:04:08.0265 5792 teefer2 - ok
01:04:08.0375 5792 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
01:04:08.0375 5792 TermDD - ok
01:04:08.0875 5792 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
01:04:08.0953 5792 TermService - ok
01:04:08.0953 5792 tfsncofs - ok
01:04:08.0953 5792 tfsnpool - ok
01:04:08.0968 5792 tga - ok
01:04:09.0296 5792 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:04:09.0296 5792 Themes - ok
01:04:09.0312 5792 TIEHDUSB - ok
01:04:09.0312 5792 timounter - ok
01:04:09.0312 5792 tiwlnsvc - ok
01:04:09.0437 5792 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
01:04:09.0437 5792 TlntSvr - ok
01:04:09.0453 5792 tmxpflt - ok
01:04:09.0453 5792 tng-doba - ok
01:04:09.0453 5792 tomcatcws3 - ok
01:04:09.0468 5792 TosIde - ok
01:04:09.0468 5792 tosporte - ok
01:04:09.0468 5792 tossmbnt - ok
01:04:09.0468 5792 tpkd - ok
01:04:09.0937 5792 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
01:04:09.0937 5792 TrkWks - ok
01:04:09.0953 5792 tsscoreservice - ok
01:04:09.0953 5792 tvald - ok
01:04:09.0968 5792 uagp35 - ok
01:04:09.0968 5792 UBHelper - ok
01:04:09.0984 5792 UCTblHid - ok
01:04:10.0062 5792 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
01:04:10.0062 5792 Udfs - ok
01:04:10.0062 5792 ufdsvc - ok
01:04:10.0078 5792 ultra - ok
01:04:10.0078 5792 umpusbxp - ok
01:04:10.0093 5792 umwdf - ok
01:04:10.0578 5792 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
01:04:10.0609 5792 Update - ok
01:04:10.0953 5792 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
01:04:10.0968 5792 upnphost - ok
01:04:11.0125 5792 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
01:04:11.0140 5792 UPS - ok
01:04:11.0156 5792 us30sys - ok
01:04:11.0156 5792 usb20l - ok
01:04:11.0156 5792 USB28xxBGA - ok
01:04:11.0281 5792 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
01:04:11.0281 5792 USBAAPL - ok
01:04:11.0406 5792 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:04:11.0406 5792 usbccgp - ok
01:04:11.0531 5792 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:04:11.0531 5792 usbehci - ok
01:04:11.0765 5792 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:04:11.0765 5792 usbhub - ok
01:04:11.0765 5792 USBModem - ok
01:04:11.0843 5792 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
01:04:11.0890 5792 usbohci - ok
01:04:11.0906 5792 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
01:04:11.0906 5792 usbprint - ok
01:04:12.0000 5792 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:04:12.0000 5792 usbscan - ok
01:04:12.0109 5792 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:04:12.0109 5792 USBSTOR - ok
01:04:12.0250 5792 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
01:04:12.0250 5792 usb_rndisx - ok
01:04:12.0453 5792 v2imount - ok
01:04:12.0468 5792 vaiomediaplatform-integratedserver-http - ok
01:04:12.0468 5792 vaiomediaplatform-musicserver-appserver - ok
01:04:12.0468 5792 VAIOMediaPlatform-MusicServer-HTTP - ok
01:04:12.0484 5792 vaiomediaplatform-photoserver-appserver - ok
01:04:12.0484 5792 VAIOMediaPlatform-PhotoServer-UPnP - ok
01:04:12.0500 5792 VCAM - ok
01:04:12.0500 5792 VCIDRV - ok
01:04:12.0515 5792 vcommmgr - ok
01:04:12.0515 5792 vds - ok
01:04:12.0531 5792 vetfddnt - ok
01:04:12.0640 5792 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
01:04:12.0640 5792 VgaSave - ok
01:04:12.0703 5792 ViaIde - ok
01:04:12.0953 5792 vmount2 - ok
01:04:12.0968 5792 vnxservice - ok
01:04:13.0265 5792 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
01:04:13.0281 5792 VolSnap - ok
01:04:13.0609 5792 vpcnfltr - ok
01:04:13.0609 5792 VRcore - ok
01:04:13.0609 5792 vrfwsvc - ok
01:04:13.0625 5792 vrservice - ok
01:04:14.0171 5792 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
01:04:14.0218 5792 VSS - ok
01:04:14.0234 5792 vstor2-ws60 - ok
01:04:14.0234 5792 vulfntrs - ok
01:04:14.0281 5792 vvoice - ok
01:04:14.0281 5792 vwlogger - ok
01:04:14.0281 5792 w200obex - ok
01:04:14.0296 5792 w29n51 - ok
01:04:14.0515 5792 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
01:04:14.0593 5792 W32Time - ok
01:04:14.0828 5792 W3SVC (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe
01:04:14.0828 5792 W3SVC - ok
01:04:14.0828 5792 w550mdm - ok
01:04:14.0843 5792 wampapache - ok
01:04:15.0062 5792 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:04:15.0062 5792 Wanarp - ok
01:04:15.0062 5792 WaveFDE - ok
01:04:15.0875 5792 Wdf01000 (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\Drivers\wdf01000.sys
01:04:15.0921 5792 Wdf01000 - ok
01:04:15.0921 5792 WDICA - ok
01:04:16.0187 5792 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
01:04:16.0234 5792 wdmaud - ok
01:04:16.0390 5792 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
01:04:16.0406 5792 WebClient - ok
01:04:16.0406 5792 webrootcommagentservice - ok
01:04:16.0406 5792 websensecommunicationagent - ok
01:04:16.0421 5792 websensecpmcommunicationagent - ok
01:04:16.0437 5792 websenseuserservice - ok
01:04:16.0437 5792 wencrservice - ok
01:04:16.0437 5792 wg4n - ok
01:04:16.0437 5792 WGX - ok
01:04:16.0453 5792 whoisd32 - ok
01:04:16.0453 5792 windowblinds - ok
01:04:16.0453 5792 WinHttpAutoProxySvc - ok
01:04:16.0812 5792 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
01:04:16.0812 5792 winmgmt - ok
01:04:16.0812 5792 winmtsrv - ok
01:04:16.0812 5792 winpppoverethernet - ok
01:04:16.0828 5792 winvnc4 - ok
01:04:16.0828 5792 wmccdsls - ok
01:04:16.0953 5792 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
01:04:16.0953 5792 WmdmPmSN - ok
01:04:18.0031 5792 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
01:04:18.0031 5792 Wmi - ok
01:04:18.0265 5792 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
01:04:18.0281 5792 WmiApSrv - ok
01:04:18.0281 5792 WMIService - ok
01:04:18.0281 5792 WmVirHid - ok
01:04:18.0281 5792 WNIPROT5 - ok
01:04:19.0875 5792 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
01:04:20.0140 5792 WPFFontCache_v0400 - ok
01:04:20.0140 5792 wps - ok
01:04:20.0328 5792 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
01:04:20.0328 5792 WS2IFSL - ok
01:04:20.0718 5792 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
01:04:20.0734 5792 wscsvc - ok
01:04:20.0734 5792 WSearch - ok
01:04:20.0843 5792 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
01:04:20.0843 5792 wuauserv - ok
01:04:21.0687 5792 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
01:04:21.0828 5792 WZCSVC - ok
01:04:21.0828 5792 XBCD - ok
01:04:22.0031 5792 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
01:04:22.0031 5792 xmlprov - ok
01:04:22.0031 5792 xnacc - ok
01:04:22.0046 5792 Xponaut_WBD - ok
01:04:22.0046 5792 yats32 - ok
01:04:22.0046 5792 z800mgmt - ok
01:04:22.0046 5792 ZD1211BU(ZyDAS) - ok
01:04:22.0062 5792 ZDPSp50 - ok
01:04:22.0062 5792 zmxpzip - ok
01:04:22.0062 5792 zpaction - ok
01:04:22.0078 5792 zpmysql - ok
01:04:22.0078 5792 ZuneWlanCfgSvc - ok
01:04:22.0093 5792 {85ccb53b-23d8-4e73-b1b7-9ddb71827d9b} - ok
01:04:22.0093 5792 {eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc} - ok
01:04:22.0140 5792 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
01:04:24.0140 5792 \Device\Harddisk0\DR0 - ok
01:04:24.0156 5792 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
01:04:24.0171 5792 \Device\Harddisk1\DR3 - ok
01:04:24.0171 5792 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk2\DR4
01:04:24.0171 5792 \Device\Harddisk2\DR4 - ok
01:04:24.0218 5792 Boot (0x1200) (e240fb2dae189f124fb4068037dc6f51) \Device\Harddisk0\DR0\Partition0
01:04:24.0312 5792 \Device\Harddisk0\DR0\Partition0 - ok
01:04:24.0328 5792 Boot (0x1200) (81913eac424d44dae57fb9e90b3f2272) \Device\Harddisk1\DR3\Partition0
01:04:24.0328 5792 \Device\Harddisk1\DR3\Partition0 - ok
01:04:24.0328 5792 Boot (0x1200) (5dc510977d750fecc7ce277ed4b79093) \Device\Harddisk2\DR4\Partition0
01:04:24.0328 5792 \Device\Harddisk2\DR4\Partition0 - ok
01:04:24.0328 5792 ============================================================
01:04:24.0328 5792 Scan finished
01:04:24.0328 5792 ============================================================
01:04:24.0343 5784 Detected object count: 0
01:04:24.0343 5784 Actual detected object count: 0

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:24 PM

Posted 04 May 2012 - 10:03 AM

good

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#6 darindw

darindw
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 04 May 2012 - 11:46 AM

ESET found and cleaned 1 file -

C:\Documents and Settings\Claire Murad\My Documents\Downloads\gtk2116-setup.exe a variant of Win32/1AntiVirus application deleted - quarantined


MiniToolBox Run and report below -

MiniToolBox by Farbar Version: 18-01-2012
Ran by Claire Murad (administrator) on 04-05-2012 at 11:41:04
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "*.local"
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Hamachi Network Interface = Hamachi (Connected)
NVIDIA nForce 10/100 Mbps Ethernet = Local Area Connection (Connected)
D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.B) = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Hamachi"

set address name="Hamachi" source=dhcp
set dns name="Hamachi" source=dhcp register=NONE
set wins name="Hamachi" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 3"

set address name="Wireless Network Connection 3" source=dhcp
set dns name="Wireless Network Connection 3" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 3" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : clairemag

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Hamachi:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Hamachi Network Interface

Physical Address. . . . . . . . . : 7A-79-05-D9-50-6F

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : No

IP Address. . . . . . . . . . . . : 5.217.80.111

Subnet Mask . . . . . . . . . . . : 255.0.0.0

Default Gateway . . . . . . . . . :

DHCP Server . . . . . . . . . . . : 5.0.0.1

Lease Obtained. . . . . . . . . . : Friday, May 04, 2012 1:21:46 AM

Lease Expires . . . . . . . . . . : Saturday, May 04, 2013 1:21:46 AM



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet

Physical Address. . . . . . . . . : 00-26-18-29-87-52

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.84

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : Friday, May 04, 2012 1:18:50 AM

Lease Expires . . . . . . . . . . : Saturday, May 05, 2012 1:18:50 AM



Ethernet adapter Wireless Network Connection 3:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.B)

Physical Address. . . . . . . . . : 00-15-E9-2C-A4-7F

Server: homeportal
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.227.35, 74.125.227.36, 74.125.227.37, 74.125.227.38
74.125.227.39, 74.125.227.40, 74.125.227.41, 74.125.227.46, 74.125.227.32
74.125.227.33, 74.125.227.34



Pinging google.com [74.125.227.34] with 32 bytes of data:



Reply from 74.125.227.34: bytes=32 time=9ms TTL=52

Reply from 74.125.227.34: bytes=32 time=7ms TTL=52



Ping statistics for 74.125.227.34:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 7ms, Maximum = 9ms, Average = 8ms

Server: homeportal
Address: 192.168.1.254

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=283ms TTL=43

Reply from 98.139.183.24: bytes=32 time=298ms TTL=43



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 283ms, Maximum = 298ms, Average = 290ms

Server: homeportal
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...7a 79 05 d9 50 6f ...... Hamachi Network Interface
0x3 ...00 26 18 29 87 52 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
0x4 ...00 15 e9 2c a4 7f ...... D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.B) - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.84 20
5.0.0.0 255.0.0.0 5.217.80.111 5.217.80.111 20
5.217.80.111 255.255.255.255 127.0.0.1 127.0.0.1 20
5.255.255.255 255.255.255.255 5.217.80.111 5.217.80.111 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 5.217.80.111 5.217.80.111 1
169.254.0.0 255.255.0.0 192.168.1.84 192.168.1.84 20
192.168.1.0 255.255.255.0 192.168.1.84 192.168.1.84 20
192.168.1.84 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.84 192.168.1.84 20
224.0.0.0 240.0.0.0 5.217.80.111 5.217.80.111 20
224.0.0.0 240.0.0.0 192.168.1.84 192.168.1.84 20
255.255.255.255 255.255.255.255 5.217.80.111 5.217.80.111 1
255.255.255.255 255.255.255.255 5.217.80.111 4 1
255.255.255.255 255.255.255.255 192.168.1.84 192.168.1.84 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/04/2012 01:18:59 AM) (Source: ACT! Scheduler) (User: )
Description: Service cannot be started. System.Exception: Unable to start scheduler service. ScheduledItems count is less than or equal to 0.
at Act.Scheduler.SchedulerService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (05/04/2012 00:51:38 AM) (Source: ACT! Scheduler) (User: )
Description: Service cannot be started. System.Exception: Unable to start scheduler service. ScheduledItems count is less than or equal to 0.
at Act.Scheduler.SchedulerService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (05/03/2012 10:31:47 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000269a9.
Processing media-specific event for [svchost.exe!ws!]

Error: (05/03/2012 10:29:00 PM) (Source: ACT! Scheduler) (User: )
Description: Service cannot be started. System.Exception: Unable to start scheduler service. ScheduledItems count is less than or equal to 0.
at Act.Scheduler.SchedulerService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (05/03/2012 09:49:05 PM) (Source: Application Error) (User: )
Description: Faulting application avastui.exe, version 7.0.1426.0, faulting module avastui.exe, version 7.0.1426.0, fault address 0x000d0b7c.
Processing media-specific event for [avastui.exe!ws!]

Error: (05/03/2012 09:34:36 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/03/2012 09:26:01 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000269a9.
Processing media-specific event for [svchost.exe!ws!]

Error: (05/03/2012 09:23:38 PM) (Source: ACT! Scheduler) (User: )
Description: Service cannot be started. System.Exception: Unable to start scheduler service. ScheduledItems count is less than or equal to 0.
at Act.Scheduler.SchedulerService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (05/03/2012 01:32:08 PM) (Source: Application Error) (User: )
Description: Fault bucket -1961143371.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (05/03/2012 01:07:49 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000269a9.
Processing media-specific event for [svchost.exe!ws!]


System errors:
=============
Error: (05/04/2012 11:00:00 AM) (Source: Schedule) (User: )
Description: The At36.job command failed to start due to the following error:
%%2147942402

Error: (05/04/2012 11:00:00 AM) (Source: Schedule) (User: )
Description: The At12.job command failed to start due to the following error:
%%2147942402

Error: (05/04/2012 10:00:00 AM) (Source: Schedule) (User: )
Description: The At11.job command failed to start due to the following error:
%%2147942402

Error: (05/04/2012 08:00:00 AM) (Source: Schedule) (User: )
Description: The At9.job command failed to start due to the following error:
%%2147942402

Error: (05/04/2012 08:00:00 AM) (Source: Schedule) (User: )
Description: The At33.job command failed to start due to the following error:
%%2147942402

Error: (05/04/2012 07:00:00 AM) (Source: Schedule) (User: )
Description: The At8.job command failed to start due to the following error:
%%2147942402

Error: (05/04/2012 07:00:00 AM) (Source: Schedule) (User: )
Description: The At32.job command failed to start due to the following error:
%%2147942402

Error: (05/04/2012 06:00:00 AM) (Source: Schedule) (User: )
Description: The At7.job command failed to start due to the following error:
%%2147942402

Error: (05/04/2012 06:00:00 AM) (Source: Schedule) (User: )
Description: The At31.job command failed to start due to the following error:
%%2147942402

Error: (05/04/2012 04:00:00 AM) (Source: Schedule) (User: )
Description: The At29.job command failed to start due to the following error:
%%2147942402


Microsoft Office Sessions:
=========================
Error: (04/15/2012 10:59:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 375090 seconds with 12540 seconds of active time. This session ended with a crash.

Error: (04/06/2012 09:39:00 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 85528 seconds with 6000 seconds of active time. This session ended with a crash.

Error: (04/05/2012 09:53:19 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 187296 seconds with 15720 seconds of active time. This session ended with a crash.

Error: (03/01/2012 08:14:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 262381 seconds with 17280 seconds of active time. This session ended with a crash.

Error: (11/22/2011 00:00:04 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 255996 seconds with 4920 seconds of active time. This session ended with a crash.

Error: (10/03/2011 07:20:45 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 91 seconds with 60 seconds of active time. This session ended with a crash.

Error: (09/15/2011 11:53:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2939 seconds with 120 seconds of active time. This session ended with a crash.

Error: (06/24/2011 01:52:37 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 176078 seconds with 4920 seconds of active time. This session ended with a crash.

Error: (06/07/2011 07:53:02 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 83095 seconds with 9120 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Adobe AIR (Version: 2.6.0.19140)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.228)
Adobe Flash Player 11 Plugin (Version: 11.0.1.152)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Android SDK Tools (Version: 0.7)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.13.1.0)
avast! Free Antivirus (Version: 7.0.1426.0)
Avery Template (Version: 2.0.0.0)
Bonjour (Version: 3.0.0.10)
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 4.0
Canon MP495 series MP Drivers
Canon MP495 series User Registration
Canon My Printer
Canon Solution Menu EX
CCleaner (Version: 3.17)
Color LaserJet 2600n
CutePDF Writer 2.8
Driver Detective (Version: 8.0.1)
Dropbox (Version: 1.4.0)
ESET Online Scanner v3
Google Chrome (Version: 18.0.1025.168)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
Greater Giving Event Software 5.0.2 (Version: 5.0.2.28301)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HP Product Detection (Version: 11.14.0001)
HTC BMP USB Driver (Version: 1.0.5375)
HTC Driver Installer (Version: 3.0.0.005)
HTC Sync (Version: 3.0.5517)
iTunes (Version: 10.5.0.142)
Java Auto Updater (Version: 2.0.6.1)
Java DB 10.6.2.1 (Version: 10.6.2.1)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ SE Development Kit 6 Update 25 (Version: 1.6.0.250)
LogMeIn (Version: 4.1.1586)
LogMeIn Hamachi (Version: 2.1.0.166)
LSI PCI-SV92EX Soft Modem (Version: 2.2.100)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Native Client (Version: 10.50.1600.1)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.50.1600.1)
Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.50.1600.1)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2731.0)
Microsoft SQL Server Browser (Version: 10.50.1600.1)
Microsoft SQL Server VSS Writer (Version: 10.50.1600.1)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 7.0.1 (x86 en-US) (Version: 7.0.1)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
NVIDIA Drivers (Version: 1.5)
NVIDIA ForceWare Network Access Manager (Version: 1.00.7313)
QuickTime (Version: 7.71.80.42)
Realtek High Definition Audio Driver
Safari (Version: 5.34.51.22)
Sage ACT! Internet Sync Service (Version: 13.00.0000)
Sage ACT! Premium 2011 (Version: 13.0.0.0)
SQL Server 2008 R2 Common Files (Version: 10.50.1600.1)
SQL Server 2008 R2 Database Engine Services (Version: 10.50.1600.1)
SQL Server 2008 R2 Database Engine Shared (Version: 10.50.1600.1)
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
WebEx
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
WinRAR 4.00 (32-bit) (Version: 4.00.0)

========================= Memory info: ===================================

Percentage of memory in use: 30%
Total physical RAM: 2942.42 MB
Available physical RAM: 2054.11 MB
Total Pagefile: 4829.13 MB
Available Pagefile: 3976.51 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.96 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:298.09 GB) (Free:224.86 GB) NTFS
3 Drive e: () (Removable) (Total:7.85 GB) (Free:6.39 GB) NTFS
4 Drive f: () (Removable) (Total:7.81 GB) (Free:7.78 GB) FAT32

========================= Users: ========================================

User accounts for \\

Administrator ASPNET Claire Murad
Guest HelpAssistant IUSR_CLAIREMAG
IWAM_CLAIREMAG LogMeInRemoteUser SUPPORT_388945a0


**** End of log ****

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:24 PM

Posted 04 May 2012 - 12:34 PM

Please download GMER from here

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users