Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Ponmocup.AA trojan - unable to clean


  • Please log in to reply
3 replies to this topic

#1 Ceechtay

Ceechtay

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 12 September 2012 - 09:58 PM

This is a WinXP Professional w/SP3 laptop. Search results from Google and Bing are redirected in both IE and Firefox. The redirects also occur in Safe Mode. Often, but not always, the redirecting website is "get-amazing-results.com".

The AV is ESET NOD32 Antivirus 4 (with out of date definitions). An ESET scan reports: "Operating Memory >> rundll32[176] - probably a variant of Win32/Ponmocup.AA trojan - unable to clean".

I have also run MalwareBytes in Safe Mode and it finds nothing.

I have booted the laptop from an Ubuntu USB drive and scanned the hard drive using Avast for Linux with up-to-date definitions and it found three infected Java classes and quarantined them. It also found "C:\Windows\Install\43465e.msp\PCW_CAB_H15" as infected, but was unable to quarantine it.

If I run rkill in Safe Mode, there are no redirects, but things run very slowly.

ESET finds the infection every time the laptop boots up, regardless of what I try.

Thanks in advance for your help.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:06 AM

Posted 12 September 2012 - 09:59 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Ceechtay

Ceechtay
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 12 September 2012 - 11:09 PM

Here are the logs (all three scans were run in normal mode, not Safe Mode).

TDSSKiller log:

22:12:59.0437 3748 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
22:12:59.0937 3748 ============================================================
22:12:59.0953 3748 Current date / time: 2012/09/12 22:12:59.0937
22:12:59.0953 3748 SystemInfo:
22:12:59.0953 3748
22:12:59.0953 3748 OS Version: 5.1.2600 ServicePack: 3.0
22:12:59.0953 3748 Product type: Workstation
22:12:59.0953 3748 ComputerName: LAPTOP-BMIC-1
22:12:59.0953 3748 UserName: Darrin
22:12:59.0953 3748 Windows directory: C:\WINDOWS
22:12:59.0953 3748 System windows directory: C:\WINDOWS
22:12:59.0953 3748 Processor architecture: Intel x86
22:12:59.0953 3748 Number of processors: 2
22:12:59.0953 3748 Page size: 0x1000
22:12:59.0953 3748 Boot type: Normal boot
22:12:59.0953 3748 ============================================================
22:13:00.0500 3748 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:13:00.0500 3748 Drive \Device\Harddisk1\DR5 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:13:00.0500 3748 ============================================================
22:13:00.0500 3748 \Device\Harddisk0\DR0:
22:13:00.0515 3748 MBR partitions:
22:13:00.0515 3748 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x2541A8EB
22:13:00.0515 3748 \Device\Harddisk1\DR5:
22:13:00.0515 3748 MBR partitions:
22:13:00.0515 3748 \Device\Harddisk1\DR5\Partition1: MBR, Type 0xC, StartLBA 0x34, BlocksNum 0x777FCC
22:13:00.0515 3748 ============================================================
22:13:00.0531 3748 C: <-> \Device\Harddisk0\DR0\Partition1
22:13:00.0531 3748 ============================================================
22:13:00.0531 3748 Initialize success
22:13:00.0531 3748 ============================================================
22:13:27.0703 6120 ============================================================
22:13:27.0703 6120 Scan started
22:13:27.0703 6120 Mode: Manual; TDLFS;
22:13:27.0703 6120 ============================================================
22:13:29.0234 6120 ================ Scan system memory ========================
22:13:29.0234 6120 System memory - ok
22:13:29.0234 6120 ================ Scan services =============================
22:13:29.0406 6120 Abiosdsk - ok
22:13:29.0484 6120 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:13:29.0500 6120 abp480n5 - ok
22:13:29.0531 6120 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:13:29.0531 6120 ACPI - ok
22:13:29.0531 6120 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:13:29.0546 6120 ACPIEC - ok
22:13:29.0609 6120 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:13:29.0609 6120 AdobeFlashPlayerUpdateSvc - ok
22:13:29.0640 6120 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:13:29.0656 6120 adpu160m - ok
22:13:29.0687 6120 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:13:29.0718 6120 aec - ok
22:13:29.0734 6120 [ 5F980524742BBDEFEE4AC28C228B1B56 ] AESTAud C:\WINDOWS\system32\drivers\AESTAud.sys
22:13:29.0734 6120 AESTAud - ok
22:13:29.0781 6120 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys
22:13:29.0812 6120 Afc - ok
22:13:29.0828 6120 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:13:29.0828 6120 AFD - ok
22:13:29.0859 6120 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
22:13:29.0906 6120 agp440 - ok
22:13:29.0906 6120 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:13:29.0921 6120 agpCPQ - ok
22:13:29.0937 6120 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:13:29.0937 6120 Aha154x - ok
22:13:29.0968 6120 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:13:29.0984 6120 aic78u2 - ok
22:13:30.0000 6120 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:13:30.0031 6120 aic78xx - ok
22:13:30.0031 6120 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:13:30.0046 6120 Alerter - ok
22:13:30.0062 6120 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
22:13:30.0062 6120 ALG - ok
22:13:30.0093 6120 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
22:13:30.0093 6120 AliIde - ok
22:13:30.0125 6120 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:13:30.0125 6120 alim1541 - ok
22:13:30.0187 6120 [ 5B285895100D285A61285DEEFC124132 ] AMBFilt C:\WINDOWS\system32\drivers\AMBFilt.sys
22:13:30.0203 6120 AMBFilt - ok
22:13:30.0203 6120 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:13:30.0218 6120 amdagp - ok
22:13:30.0218 6120 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
22:13:30.0234 6120 amsint - ok
22:13:30.0250 6120 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
22:13:30.0265 6120 APPDRV - ok
22:13:30.0390 6120 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:13:30.0390 6120 Apple Mobile Device - ok
22:13:30.0406 6120 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:13:30.0406 6120 AppMgmt - ok
22:13:30.0421 6120 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:13:30.0421 6120 Arp1394 - ok
22:13:30.0437 6120 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
22:13:30.0453 6120 asc - ok
22:13:30.0453 6120 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:13:30.0468 6120 asc3350p - ok
22:13:30.0484 6120 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:13:30.0500 6120 asc3550 - ok
22:13:30.0593 6120 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:13:30.0593 6120 aspnet_state - ok
22:13:30.0593 6120 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:13:30.0609 6120 AsyncMac - ok
22:13:30.0625 6120 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:13:30.0640 6120 atapi - ok
22:13:30.0656 6120 Atdisk - ok
22:13:30.0703 6120 [ 9967166608694DC884D69CBB612BA3A3 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
22:13:30.0718 6120 Ati HotKey Poller - ok
22:13:30.0828 6120 [ 79E69E18960E8013840AF2681C5E77AB ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:13:30.0906 6120 ati2mtag - ok
22:13:30.0953 6120 [ D9BC8892B9440A2551B8148C57AA039E ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
22:13:30.0953 6120 AtiHdmiService - ok
22:13:30.0968 6120 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:13:30.0984 6120 Atmarpc - ok
22:13:30.0984 6120 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:13:30.0984 6120 AudioSrv - ok
22:13:31.0000 6120 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:13:31.0000 6120 audstub - ok
22:13:31.0015 6120 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:13:31.0031 6120 Beep - ok
22:13:31.0078 6120 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
22:13:31.0093 6120 BITS - ok
22:13:31.0140 6120 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:13:31.0140 6120 Bonjour Service - ok
22:13:31.0187 6120 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
22:13:31.0203 6120 Browser - ok
22:13:31.0250 6120 [ F688BBBE8E3E7E03E35CAABD66616DDB ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
22:13:31.0250 6120 btaudio - ok
22:13:31.0312 6120 [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
22:13:31.0328 6120 BTDriver - ok
22:13:31.0390 6120 [ 38A3331E2F690D4CDC9DE0604B9416E5 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
22:13:31.0406 6120 BTKRNL - ok
22:13:31.0484 6120 [ D48148110AE078CB7221D0FCF20ADFEC ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
22:13:31.0500 6120 btwdins - ok
22:13:31.0531 6120 [ 80F61DE965C116051614AC2F04222FF7 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
22:13:31.0546 6120 BTWDNDIS - ok
22:13:31.0578 6120 [ 5922BAE0CD84924B9CD7E6BB515EE070 ] btwmodem C:\WINDOWS\system32\DRIVERS\btwmodem.sys
22:13:31.0578 6120 btwmodem - ok
22:13:31.0625 6120 [ D5AF663711660D32EC230C6AAF7B6B83 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
22:13:31.0640 6120 BTWUSB - ok
22:13:31.0796 6120 catchme - ok
22:13:31.0828 6120 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:13:31.0875 6120 cbidf - ok
22:13:31.0875 6120 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:13:31.0875 6120 cbidf2k - ok
22:13:31.0906 6120 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:13:31.0953 6120 CCDECODE - ok
22:13:32.0000 6120 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:13:32.0046 6120 cd20xrnt - ok
22:13:32.0046 6120 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:13:32.0093 6120 Cdaudio - ok
22:13:32.0109 6120 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:13:32.0156 6120 Cdfs - ok
22:13:32.0203 6120 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:13:32.0203 6120 Cdrom - ok
22:13:32.0218 6120 Changer - ok
22:13:32.0250 6120 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:13:32.0250 6120 CiSvc - ok
22:13:32.0250 6120 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:13:32.0250 6120 ClipSrv - ok
22:13:32.0281 6120 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:13:32.0281 6120 clr_optimization_v2.0.50727_32 - ok
22:13:32.0359 6120 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:13:32.0359 6120 clr_optimization_v4.0.30319_32 - ok
22:13:32.0390 6120 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:13:32.0390 6120 CmBatt - ok
22:13:32.0406 6120 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:13:32.0421 6120 CmdIde - ok
22:13:32.0421 6120 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:13:32.0437 6120 Compbatt - ok
22:13:32.0437 6120 COMSysApp - ok
22:13:32.0453 6120 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:13:32.0468 6120 Cpqarray - ok
22:13:32.0500 6120 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:13:32.0515 6120 CryptSvc - ok
22:13:32.0562 6120 [ B27D15C551A6678137C6B751B160756D ] CtClsFlt C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys
22:13:32.0593 6120 CtClsFlt - ok
22:13:32.0609 6120 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:13:32.0625 6120 dac2w2k - ok
22:13:32.0625 6120 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:13:32.0640 6120 dac960nt - ok
22:13:32.0687 6120 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:13:32.0687 6120 DcomLaunch - ok
22:13:32.0750 6120 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:13:32.0750 6120 Dhcp - ok
22:13:32.0765 6120 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:13:32.0796 6120 Disk - ok
22:13:32.0796 6120 dmadmin - ok
22:13:32.0828 6120 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:13:32.0875 6120 dmboot - ok
22:13:32.0875 6120 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:13:32.0906 6120 dmio - ok
22:13:32.0906 6120 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:13:32.0937 6120 dmload - ok
22:13:32.0937 6120 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
22:13:32.0937 6120 dmserver - ok
22:13:32.0968 6120 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:13:32.0968 6120 DMusic - ok
22:13:32.0984 6120 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:13:32.0984 6120 Dnscache - ok
22:13:33.0062 6120 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
22:13:33.0062 6120 DockLoginService - ok
22:13:33.0078 6120 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:13:33.0093 6120 Dot3svc - ok
22:13:33.0093 6120 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:13:33.0109 6120 dpti2o - ok
22:13:33.0109 6120 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:13:33.0140 6120 drmkaud - ok
22:13:33.0171 6120 [ E31464CE787E3A0FFEA55BAA591897F0 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
22:13:33.0171 6120 eamon - ok
22:13:33.0187 6120 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:13:33.0187 6120 EapHost - ok
22:13:33.0218 6120 [ 2C95A7A87E4272C1FFF9BAF579677DB3 ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
22:13:33.0234 6120 ehdrv - ok
22:13:33.0265 6120 [ 5E245B6C66122614000ADDFCD41CEDCE ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
22:13:33.0281 6120 EhttpSrv - ok
22:13:33.0296 6120 [ A5F63285C1B6C4B396D9ACE0DFFC88EF ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
22:13:33.0328 6120 ekrn - ok
22:13:33.0359 6120 [ 4699A50183B792D994BE657C68F18E9E ] epfwtdir C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
22:13:33.0437 6120 epfwtdir - ok
22:13:33.0453 6120 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:13:33.0453 6120 ERSvc - ok
22:13:33.0500 6120 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
22:13:33.0500 6120 Eventlog - ok
22:13:33.0546 6120 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
22:13:33.0562 6120 EventSystem - ok
22:13:33.0562 6120 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:13:33.0562 6120 Fastfat - ok
22:13:33.0609 6120 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:13:33.0609 6120 FastUserSwitchingCompatibility - ok
22:13:33.0625 6120 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
22:13:33.0640 6120 Fax - ok
22:13:33.0640 6120 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
22:13:33.0671 6120 Fdc - ok
22:13:33.0671 6120 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:13:33.0687 6120 Fips - ok
22:13:33.0703 6120 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
22:13:33.0718 6120 Flpydisk - ok
22:13:33.0718 6120 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:13:33.0750 6120 FltMgr - ok
22:13:33.0812 6120 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:13:33.0828 6120 FontCache3.0.0.0 - ok
22:13:33.0828 6120 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:13:33.0843 6120 Fs_Rec - ok
22:13:33.0921 6120 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:13:33.0953 6120 Ftdisk - ok
22:13:34.0000 6120 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:13:34.0000 6120 GEARAspiWDM - ok
22:13:34.0015 6120 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:13:34.0031 6120 Gpc - ok
22:13:34.0093 6120 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:13:34.0093 6120 gupdate - ok
22:13:34.0093 6120 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:13:34.0093 6120 gupdatem - ok
22:13:34.0140 6120 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:13:34.0140 6120 gusvc - ok
22:13:34.0156 6120 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:13:34.0203 6120 HDAudBus - ok
22:13:34.0250 6120 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:13:34.0250 6120 helpsvc - ok
22:13:34.0265 6120 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
22:13:34.0265 6120 HidServ - ok
22:13:34.0281 6120 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:13:34.0296 6120 hidusb - ok
22:13:34.0312 6120 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:13:34.0312 6120 hkmsvc - ok
22:13:34.0343 6120 [ F90DD89E8A482AC976DD4E1029802E49 ] HP LaserJet Service C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
22:13:34.0343 6120 HP LaserJet Service - ok
22:13:34.0375 6120 [ 445F95D591E100D6F9B3B847354896B0 ] HP1210FAX C:\WINDOWS\system32\Drivers\HPM1210FAX.sys
22:13:34.0406 6120 HP1210FAX - ok
22:13:34.0453 6120 [ 9442228D256CE6C874CFB5DC39A20540 ] HPM1210RcvFaxSrvc C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
22:13:34.0468 6120 HPM1210RcvFaxSrvc - ok
22:13:34.0500 6120 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
22:13:34.0546 6120 hpn - ok
22:13:34.0562 6120 [ 61BFFBF840EB7285F630B5B4F1CCBC08 ] HPSIService C:\WINDOWS\system32\HPSIsvc.exe
22:13:34.0578 6120 HPSIService - ok
22:13:34.0625 6120 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:13:34.0640 6120 HTTP - ok
22:13:34.0671 6120 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:13:34.0687 6120 HTTPFilter - ok
22:13:34.0703 6120 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
22:13:34.0750 6120 i2omgmt - ok
22:13:34.0765 6120 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:13:34.0812 6120 i2omp - ok
22:13:34.0843 6120 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:13:34.0921 6120 i8042prt - ok
22:13:34.0984 6120 [ 707C1692214B1C290271067197F075F6 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
22:13:34.0984 6120 iaStor - ok
22:13:35.0093 6120 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:13:35.0125 6120 idsvc - ok
22:13:35.0140 6120 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:13:35.0187 6120 Imapi - ok
22:13:35.0203 6120 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
22:13:35.0203 6120 ImapiService - ok
22:13:35.0218 6120 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:13:35.0265 6120 ini910u - ok
22:13:35.0281 6120 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
22:13:35.0328 6120 IntelIde - ok
22:13:35.0343 6120 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:13:35.0359 6120 intelppm - ok
22:13:35.0421 6120 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
22:13:35.0421 6120 IntuitUpdateService - ok
22:13:35.0453 6120 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
22:13:35.0453 6120 IntuitUpdateServiceV4 - ok
22:13:35.0468 6120 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:13:35.0500 6120 Ip6Fw - ok
22:13:35.0500 6120 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:13:35.0531 6120 IpFilterDriver - ok
22:13:35.0531 6120 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:13:35.0546 6120 IpInIp - ok
22:13:35.0562 6120 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:13:35.0562 6120 IpNat - ok
22:13:35.0640 6120 [ 33642C17C232AA272C68E446A2619899 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:13:35.0656 6120 iPod Service - ok
22:13:35.0703 6120 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:13:35.0718 6120 IPSec - ok
22:13:35.0718 6120 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:13:35.0734 6120 IRENUM - ok
22:13:35.0765 6120 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:13:35.0765 6120 isapnp - ok
22:13:35.0843 6120 [ 11C3EFB4BAC41175D03B1595DB1A4A4F ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
22:13:35.0843 6120 JavaQuickStarterService - ok
22:13:35.0890 6120 [ CB46C36F55CDFE4D20D9833E0F267C84 ] k57w2k C:\WINDOWS\system32\DRIVERS\k57xp32.sys
22:13:35.0937 6120 k57w2k - ok
22:13:35.0953 6120 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:13:35.0968 6120 Kbdclass - ok
22:13:35.0984 6120 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:13:36.0000 6120 kbdhid - ok
22:13:36.0046 6120 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:13:36.0046 6120 kmixer - ok
22:13:36.0062 6120 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:13:36.0078 6120 KSecDD - ok
22:13:36.0109 6120 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
22:13:36.0109 6120 LanmanServer - ok
22:13:36.0125 6120 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:13:36.0125 6120 lanmanworkstation - ok
22:13:36.0125 6120 lbrtfdc - ok
22:13:36.0171 6120 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:13:36.0171 6120 LmHosts - ok
22:13:36.0203 6120 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
22:13:36.0218 6120 McciCMService - ok
22:13:36.0281 6120 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:13:36.0296 6120 MDM - ok
22:13:36.0328 6120 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:13:36.0328 6120 Messenger - ok
22:13:36.0343 6120 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:13:36.0359 6120 mnmdd - ok
22:13:36.0421 6120 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:13:36.0421 6120 mnmsrvc - ok
22:13:36.0437 6120 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:13:36.0484 6120 Modem - ok
22:13:36.0531 6120 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] MonFilt C:\WINDOWS\system32\drivers\MonFilt.sys
22:13:36.0562 6120 MonFilt - ok
22:13:36.0609 6120 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:13:36.0625 6120 Mouclass - ok
22:13:36.0671 6120 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:13:36.0687 6120 mouhid - ok
22:13:36.0687 6120 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:13:36.0703 6120 MountMgr - ok
22:13:36.0765 6120 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:13:36.0765 6120 MozillaMaintenance - ok
22:13:36.0781 6120 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:13:36.0796 6120 mraid35x - ok
22:13:36.0796 6120 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
22:13:36.0796 6120 MREMP50 - ok
22:13:36.0812 6120 MREMP50a64 - ok
22:13:36.0812 6120 MREMPR5 - ok
22:13:36.0812 6120 MRENDIS5 - ok
22:13:36.0812 6120 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
22:13:36.0812 6120 MRESP50 - ok
22:13:36.0812 6120 MRESP50a64 - ok
22:13:36.0828 6120 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:13:36.0859 6120 MRxDAV - ok
22:13:36.0890 6120 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:13:36.0890 6120 MRxSmb - ok
22:13:36.0906 6120 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:13:36.0921 6120 MSDTC - ok
22:13:36.0921 6120 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:13:36.0937 6120 Msfs - ok
22:13:36.0937 6120 MSIServer - ok
22:13:36.0968 6120 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:13:36.0984 6120 MSKSSRV - ok
22:13:36.0984 6120 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:13:37.0000 6120 MSPCLOCK - ok
22:13:37.0000 6120 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:13:37.0015 6120 MSPQM - ok
22:13:37.0062 6120 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:13:37.0062 6120 mssmbios - ok
22:13:37.0062 6120 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
22:13:37.0078 6120 MSTEE - ok
22:13:37.0093 6120 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:13:37.0093 6120 Mup - ok
22:13:37.0125 6120 [ F0CF56D0DD02D33A34998F87541B2A50 ] mvusbews C:\WINDOWS\system32\Drivers\mvusbews.sys
22:13:37.0140 6120 mvusbews - ok
22:13:37.0140 6120 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:13:37.0156 6120 NABTSFEC - ok
22:13:37.0203 6120 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
22:13:37.0203 6120 napagent - ok
22:13:37.0281 6120 NAVENG - ok
22:13:37.0281 6120 NAVEX15 - ok
22:13:37.0281 6120 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:13:37.0281 6120 NDIS - ok
22:13:37.0296 6120 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:13:37.0312 6120 NdisIP - ok
22:13:37.0328 6120 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:13:37.0328 6120 NdisTapi - ok
22:13:37.0343 6120 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:13:37.0359 6120 Ndisuio - ok
22:13:37.0359 6120 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:13:37.0375 6120 NdisWan - ok
22:13:37.0406 6120 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:13:37.0406 6120 NDProxy - ok
22:13:37.0406 6120 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:13:37.0421 6120 NetBIOS - ok
22:13:37.0453 6120 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:13:37.0468 6120 NetBT - ok
22:13:37.0515 6120 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
22:13:37.0531 6120 NetDDE - ok
22:13:37.0531 6120 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:13:37.0531 6120 NetDDEdsdm - ok
22:13:37.0578 6120 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:13:37.0578 6120 Netlogon - ok
22:13:37.0593 6120 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
22:13:37.0593 6120 Netman - ok
22:13:37.0609 6120 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:13:37.0609 6120 NetTcpPortSharing - ok
22:13:37.0734 6120 [ CFE1981A47A2F7650A1EF8917DC4D1C3 ] NETw5x32 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
22:13:37.0750 6120 NETw5x32 - ok
22:13:37.0781 6120 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:13:37.0812 6120 NIC1394 - ok
22:13:37.0828 6120 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
22:13:37.0828 6120 Nla - ok
22:13:37.0828 6120 Norton Internet Security - ok
22:13:37.0828 6120 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:13:37.0859 6120 Npfs - ok
22:13:37.0906 6120 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:13:37.0953 6120 Ntfs - ok
22:13:37.0953 6120 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:13:37.0953 6120 NtLmSsp - ok
22:13:38.0015 6120 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:13:38.0015 6120 NtmsSvc - ok
22:13:38.0031 6120 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:13:38.0046 6120 Null - ok
22:13:38.0062 6120 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:13:38.0093 6120 NwlnkFlt - ok
22:13:38.0093 6120 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:13:38.0125 6120 NwlnkFwd - ok
22:13:38.0171 6120 [ 0F538DF1673E5216F3BAACB6911D9D0F ] OA008Afx C:\WINDOWS\system32\Drivers\OA008Afx.sys
22:13:38.0187 6120 OA008Afx - ok
22:13:38.0203 6120 [ 2CF21D5F8F1B74BB1922135AC2B12DDB ] OA008Ufd C:\WINDOWS\system32\DRIVERS\OA008Ufd.sys
22:13:38.0203 6120 OA008Ufd - ok
22:13:38.0265 6120 [ 35879B8FE8CF062F6B83A94DF87152E7 ] OA008Vid C:\WINDOWS\system32\DRIVERS\OA008Vid.sys
22:13:38.0265 6120 OA008Vid - ok
22:13:38.0296 6120 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:13:38.0296 6120 ohci1394 - ok
22:13:38.0312 6120 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:13:38.0328 6120 ose - ok
22:13:38.0328 6120 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
22:13:38.0359 6120 Parport - ok
22:13:38.0359 6120 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:13:38.0375 6120 PartMgr - ok
22:13:38.0406 6120 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:13:38.0421 6120 ParVdm - ok
22:13:38.0437 6120 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:13:38.0468 6120 PCI - ok
22:13:38.0484 6120 PCIDump - ok
22:13:38.0500 6120 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:13:38.0515 6120 PCIIde - ok
22:13:38.0515 6120 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:13:38.0546 6120 Pcmcia - ok
22:13:38.0546 6120 PDCOMP - ok
22:13:38.0546 6120 PDFRAME - ok
22:13:38.0562 6120 PDRELI - ok
22:13:38.0562 6120 PDRFRAME - ok
22:13:38.0578 6120 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
22:13:38.0593 6120 perc2 - ok
22:13:38.0593 6120 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:13:38.0609 6120 perc2hib - ok
22:13:38.0656 6120 [ 6C1618A07B49E3873582B6449E744088 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
22:13:38.0656 6120 pfc - ok
22:13:38.0656 6120 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
22:13:38.0656 6120 PlugPlay - ok
22:13:38.0671 6120 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:13:38.0671 6120 PolicyAgent - ok
22:13:38.0671 6120 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:13:38.0687 6120 PptpMiniport - ok
22:13:38.0687 6120 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:13:38.0703 6120 ProtectedStorage - ok
22:13:38.0703 6120 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:13:38.0734 6120 PSched - ok
22:13:38.0734 6120 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:13:38.0750 6120 Ptilink - ok
22:13:38.0765 6120 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:13:38.0781 6120 PxHelp20 - ok
22:13:38.0781 6120 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:13:38.0812 6120 ql1080 - ok
22:13:38.0812 6120 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:13:38.0828 6120 Ql10wnt - ok
22:13:38.0828 6120 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:13:38.0843 6120 ql12160 - ok
22:13:38.0843 6120 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:13:38.0875 6120 ql1240 - ok
22:13:38.0875 6120 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:13:38.0890 6120 ql1280 - ok
22:13:38.0921 6120 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:13:38.0937 6120 RasAcd - ok
22:13:38.0953 6120 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:13:38.0953 6120 RasAuto - ok
22:13:38.0984 6120 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:13:39.0000 6120 Rasl2tp - ok
22:13:39.0046 6120 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:13:39.0046 6120 RasMan - ok
22:13:39.0046 6120 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:13:39.0078 6120 RasPppoe - ok
22:13:39.0078 6120 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:13:39.0078 6120 Raspti - ok
22:13:39.0093 6120 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:13:39.0156 6120 Rdbss - ok
22:13:39.0171 6120 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:13:39.0187 6120 RDPCDD - ok
22:13:39.0187 6120 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:13:39.0203 6120 rdpdr - ok
22:13:39.0250 6120 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:13:39.0250 6120 RDPWD - ok
22:13:39.0281 6120 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:13:39.0281 6120 RDSessMgr - ok
22:13:39.0281 6120 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:13:39.0296 6120 redbook - ok
22:13:39.0312 6120 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:13:39.0312 6120 RemoteAccess - ok
22:13:39.0343 6120 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:13:39.0343 6120 RemoteRegistry - ok
22:13:39.0359 6120 [ C2EF513BBE069F0D4EE0938A76F975D3 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
22:13:39.0359 6120 rimmptsk - ok
22:13:39.0375 6120 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
22:13:39.0390 6120 rimsptsk - ok
22:13:39.0390 6120 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
22:13:39.0406 6120 rismxdp - ok
22:13:39.0421 6120 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
22:13:39.0421 6120 RpcLocator - ok
22:13:39.0453 6120 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
22:13:39.0468 6120 RpcSs - ok
22:13:39.0468 6120 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
22:13:39.0468 6120 RSVP - ok
22:13:39.0468 6120 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
22:13:39.0468 6120 SamSs - ok
22:13:39.0468 6120 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:13:39.0484 6120 SCardSvr - ok
22:13:39.0500 6120 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:13:39.0500 6120 Schedule - ok
22:13:39.0500 6120 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
22:13:39.0546 6120 sdbus - ok
22:13:39.0562 6120 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:13:39.0578 6120 Secdrv - ok
22:13:39.0578 6120 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
22:13:39.0578 6120 seclogon - ok
22:13:39.0625 6120 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
22:13:39.0625 6120 SENS - ok
22:13:39.0640 6120 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
22:13:39.0671 6120 Serial - ok
22:13:39.0703 6120 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:13:39.0718 6120 Sfloppy - ok
22:13:39.0765 6120 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:13:39.0781 6120 SharedAccess - ok
22:13:39.0796 6120 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:13:39.0796 6120 ShellHWDetection - ok
22:13:39.0796 6120 Simbad - ok
22:13:39.0812 6120 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:13:39.0828 6120 sisagp - ok
22:13:39.0843 6120 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:13:39.0859 6120 SLIP - ok
22:13:39.0890 6120 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:13:39.0906 6120 Sparrow - ok
22:13:39.0937 6120 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:13:39.0937 6120 splitter - ok
22:13:39.0984 6120 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:13:40.0000 6120 Spooler - ok
22:13:40.0046 6120 [ 777115C9CC675BD98127660712D2F784 ] sprtsvc_DellSupportCenter C:\Program Files\Dell Support Center\bin\sprtsvc.exe
22:13:40.0046 6120 sprtsvc_DellSupportCenter - ok
22:13:40.0062 6120 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:13:40.0078 6120 sr - ok
22:13:40.0093 6120 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
22:13:40.0093 6120 srservice - ok
22:13:40.0093 6120 SRTSP - ok
22:13:40.0093 6120 SRTSPX - ok
22:13:40.0125 6120 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:13:40.0125 6120 Srv - ok
22:13:40.0156 6120 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:13:40.0156 6120 SSDPSRV - ok
22:13:40.0203 6120 [ 1A2C0618AC288C4119E416F90AF523A0 ] STacSV c:\drivers\audio\r214424\STacSV.exe
22:13:40.0203 6120 STacSV - ok
22:13:40.0250 6120 [ 3BA7A1CDD535AF51DAD742236AEA0741 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
22:13:40.0250 6120 STHDA - ok
22:13:40.0265 6120 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:13:40.0265 6120 stisvc - ok
22:13:40.0296 6120 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
22:13:40.0296 6120 stllssvr - ok
22:13:40.0312 6120 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:13:40.0328 6120 streamip - ok
22:13:40.0343 6120 [ FEDE45125802A2FF5517006803677A6C ] Sudowin C:\Program Files\Sudowin\Server\Sudowin.Server.exe
22:13:40.0343 6120 Sudowin - ok
22:13:40.0375 6120 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:13:40.0390 6120 swenum - ok
22:13:40.0390 6120 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:13:40.0421 6120 swmidi - ok
22:13:40.0421 6120 SwPrv - ok
22:13:40.0421 6120 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
22:13:40.0437 6120 symc810 - ok
22:13:40.0437 6120 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:13:40.0453 6120 symc8xx - ok
22:13:40.0468 6120 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:13:40.0484 6120 sym_hi - ok
22:13:40.0484 6120 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:13:40.0500 6120 sym_u3 - ok
22:13:40.0500 6120 [ FB86FDD993A6A0122A2F526221E5161F ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:13:40.0515 6120 SynTP - ok
22:13:40.0515 6120 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:13:40.0531 6120 sysaudio - ok
22:13:40.0531 6120 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:13:40.0531 6120 SysmonLog - ok
22:13:40.0546 6120 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:13:40.0546 6120 TapiSrv - ok
22:13:40.0562 6120 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:13:40.0625 6120 Tcpip - ok
22:13:40.0640 6120 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:13:40.0656 6120 TDPIPE - ok
22:13:40.0656 6120 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:13:40.0671 6120 TDTCP - ok
22:13:40.0703 6120 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:13:40.0734 6120 TermDD - ok
22:13:40.0781 6120 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
22:13:40.0781 6120 TermService - ok
22:13:40.0796 6120 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
22:13:40.0796 6120 Themes - ok
22:13:40.0812 6120 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
22:13:40.0812 6120 TlntSvr - ok
22:13:40.0828 6120 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
22:13:40.0843 6120 TosIde - ok
22:13:41.0000 6120 [ 783D17247D34370212B26097FBFBAD80 ] TracSrvWrapper C:\Program Files\CheckPoint\Endpoint Connect\TracSrvWrapper.exe
22:13:41.0093 6120 TracSrvWrapper - ok
22:13:41.0140 6120 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:13:41.0140 6120 TrkWks - ok
22:13:41.0156 6120 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:13:41.0171 6120 Udfs - ok
22:13:41.0218 6120 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
22:13:41.0265 6120 ultra - ok
22:13:41.0312 6120 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:13:41.0406 6120 Update - ok
22:13:41.0437 6120 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:13:41.0437 6120 upnphost - ok
22:13:41.0453 6120 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
22:13:41.0468 6120 UPS - ok
22:13:41.0515 6120 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
22:13:41.0562 6120 USBAAPL - ok
22:13:41.0609 6120 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:13:41.0656 6120 usbccgp - ok
22:13:41.0671 6120 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:13:41.0718 6120 usbehci - ok
22:13:41.0734 6120 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:13:41.0781 6120 usbhub - ok
22:13:41.0796 6120 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:13:41.0828 6120 usbprint - ok
22:13:41.0843 6120 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:13:41.0859 6120 usbscan - ok
22:13:41.0890 6120 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:13:41.0890 6120 USBSTOR - ok
22:13:41.0906 6120 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:13:41.0937 6120 usbuhci - ok
22:13:41.0968 6120 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
22:13:41.0984 6120 usbvideo - ok
22:13:42.0000 6120 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:13:42.0015 6120 VgaSave - ok
22:13:42.0046 6120 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:13:42.0078 6120 viaagp - ok
22:13:42.0093 6120 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
22:13:42.0125 6120 ViaIde - ok
22:13:42.0140 6120 [ 48007916B1D0DAB3E6C0D701DE7C4AFB ] VNA C:\WINDOWS\system32\DRIVERS\vna.sys
22:13:42.0187 6120 VNA - ok
22:13:42.0203 6120 [ 48007916B1D0DAB3E6C0D701DE7C4AFB ] vna_ap C:\WINDOWS\system32\DRIVERS\vnaap.sys
22:13:42.0250 6120 vna_ap - ok
22:13:42.0281 6120 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:13:42.0296 6120 VolSnap - ok
22:13:42.0312 6120 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
22:13:42.0312 6120 VSS - ok
22:13:42.0328 6120 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
22:13:42.0328 6120 w32time - ok
22:13:42.0343 6120 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:13:42.0359 6120 Wanarp - ok
22:13:42.0406 6120 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
22:13:42.0421 6120 Wdf01000 - ok
22:13:42.0421 6120 WDICA - ok
22:13:42.0437 6120 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:13:42.0453 6120 wdmaud - ok
22:13:42.0468 6120 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:13:42.0468 6120 WebClient - ok
22:13:42.0562 6120 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:13:42.0562 6120 winmgmt - ok
22:13:42.0609 6120 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
22:13:42.0609 6120 WinUSB - ok
22:13:42.0625 6120 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:13:42.0625 6120 WmdmPmSN - ok
22:13:42.0671 6120 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
22:13:42.0687 6120 Wmi - ok
22:13:42.0718 6120 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:13:42.0734 6120 WmiAcpi - ok
22:13:42.0734 6120 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:13:42.0750 6120 WmiApSrv - ok
22:13:42.0812 6120 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
22:13:42.0843 6120 WMPNetworkSvc - ok
22:13:42.0875 6120 [ 017695393AFFFED8DE58ABD1B085BE6D ] WMZuneComm c:\Program Files\Zune\WMZuneComm.exe
22:13:42.0875 6120 WMZuneComm - ok
22:13:42.0890 6120 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:13:42.0906 6120 WpdUsb - ok
22:13:43.0046 6120 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:13:43.0062 6120 WPFFontCache_v0400 - ok
22:13:43.0078 6120 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:13:43.0125 6120 WS2IFSL - ok
22:13:43.0140 6120 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:13:43.0156 6120 wscsvc - ok
22:13:43.0156 6120 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:13:43.0203 6120 WSTCODEC - ok
22:13:43.0234 6120 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:13:43.0234 6120 wuauserv - ok
22:13:43.0265 6120 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:13:43.0281 6120 WudfPf - ok
22:13:43.0281 6120 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:13:43.0281 6120 WudfRd - ok
22:13:43.0296 6120 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
22:13:43.0296 6120 WudfSvc - ok
22:13:43.0312 6120 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:13:43.0328 6120 WZCSVC - ok
22:13:43.0328 6120 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:13:43.0343 6120 xmlprov - ok
22:13:43.0343 6120 [ AE279CD76B38FC079EEC3CA6D65A5926 ] zumbus C:\WINDOWS\system32\DRIVERS\zumbus.sys
22:13:43.0359 6120 zumbus - ok
22:13:43.0375 6120 [ 37F339B64F19E2775284ED7161B96683 ] ZuneBusEnum c:\Program Files\Zune\ZuneBusEnum.exe
22:13:43.0375 6120 ZuneBusEnum - ok
22:13:43.0531 6120 [ 1076DF9ADE4E13EA3BF39D2165AEB903 ] ZuneNetworkSvc c:\Program Files\Zune\ZuneNss.exe
22:13:43.0765 6120 ZuneNetworkSvc - ok
22:13:43.0781 6120 [ DE1CDB333A402B279F04D627122FA08E ] ZuneWlanCfgSvc c:\Program Files\Zune\ZuneWlanCfgSvc.exe
22:13:43.0781 6120 ZuneWlanCfgSvc - ok
22:13:43.0796 6120 ================ Scan global ===============================
22:13:43.0843 6120 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
22:13:43.0890 6120 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:13:43.0906 6120 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
22:13:43.0906 6120 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
22:13:43.0921 6120 [Global] - ok
22:13:43.0921 6120 ================ Scan MBR ==================================
22:13:43.0937 6120 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
22:13:44.0250 6120 \Device\Harddisk0\DR0 - ok
22:13:44.0250 6120 [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk1\DR5
22:13:44.0421 6120 \Device\Harddisk1\DR5 - ok
22:13:44.0421 6120 ================ Scan VBR ==================================
22:13:44.0437 6120 [ CE720514B286512E316FD580012E6CD4 ] \Device\Harddisk0\DR0\Partition1
22:13:44.0437 6120 \Device\Harddisk0\DR0\Partition1 - ok
22:13:44.0437 6120 [ BC829F5542422F19D35A28B0F2260BE8 ] \Device\Harddisk1\DR5\Partition1
22:13:44.0437 6120 \Device\Harddisk1\DR5\Partition1 - ok
22:13:44.0437 6120 ============================================================
22:13:44.0437 6120 Scan finished
22:13:44.0437 6120 ============================================================
22:13:44.0453 1280 Detected object count: 0
22:13:44.0453 1280 Actual detected object count: 0
22:14:41.0953 4132 Deinitialize success



aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-12 22:14:46
-----------------------------
22:14:46.203 OS Version: Windows 5.1.2600 Service Pack 3
22:14:46.203 Number of processors: 2 586 0x170A
22:14:46.203 ComputerName: LAPTOP-BMIC-1 UserName: Darrin
22:14:47.109 Initialize success
22:14:58.125 AVAST engine defs: 12091101
22:15:11.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:15:11.156 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
22:15:11.171 Disk 0 MBR read successfully
22:15:11.171 Disk 0 MBR scan
22:15:11.203 Disk 0 Windows VISTA default MBR code
22:15:11.218 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
22:15:11.234 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 305205 MB offset 80325
22:15:11.234 Disk 0 scanning sectors +625140400
22:15:11.296 Disk 0 scanning C:\WINDOWS\system32\drivers
22:15:22.890 Service scanning
22:15:41.437 Modules scanning
22:15:46.703 Disk 0 trace - called modules:
22:15:46.718 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:15:46.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad269c0]
22:15:46.734 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8ad27028]
22:15:48.062 AVAST engine scan C:\WINDOWS
22:15:54.875 AVAST engine scan C:\WINDOWS\system32
22:18:23.859 AVAST engine scan C:\WINDOWS\system32\drivers
22:18:42.656 AVAST engine scan C:\Documents and Settings\Darrin
22:28:16.343 AVAST engine scan C:\Documents and Settings\All Users
22:30:23.359 Scan finished successfully
22:30:49.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Darrin\Desktop\MBR.dat"
22:30:49.640 The log file has been saved successfully to "C:\Documents and Settings\Darrin\Desktop\aswMBR-Log.txt"

ESET logs:

Operating memory probably a variant of Win32/Ponmocup.AA trojan


Thanks!

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:06 AM

Posted 12 September 2012 - 11:10 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users