Author Topic: Ponmocup. AA Trojan referred from GW CHF  (Read 9978 times)

0 Members and 1 Guest are viewing this topic.

Offline goldedger1

  • Full Member
  • ***
  • Posts: 38
    • View Profile
Ponmocup. AA Trojan referred from GW CHF
« on: January 08, 2013, 07:11:59 PM »

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15978
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Ponmocup. AA Trojan referred from GW CHF
« Reply #1 on: January 08, 2013, 07:54:00 PM »
Hi, June.  Welcome to LandzDown Forum.

We will do our best to assist you.  However, in order to do so, please follow all instructions provided in the sequence given.  Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use.  This may cause conflicts with the tools being used in the cleanup process.   

If you have questions regarding any of the instructions or problems running any tools, please let us know.

Based on the information that you provided at GW, please do the following:

Please follow these instructions carefully.

Download ComboFix from here.

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications.

Now, please run ComboFix:
  • Note:  If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click "Yes" to continue scanning for malware.
  • When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline goldedger1

  • Full Member
  • ***
  • Posts: 38
    • View Profile
Re: Ponmocup. AA Trojan referred from GW CHF
« Reply #2 on: January 09, 2013, 01:49:46 AM »
Hi Corrine

I downloaded and ran the combo fix tool, it downloaded and installed the Microsoft Windows Recovery Console, I clicked Yes to continue scanning for malware, it went through a bunch of steps, step 1 through to step 25 (I think) and then the screen flashed and rebooted.

 [I don't know how to copy the boxes so I've reprinted them as best possible]

After the reboot an info box came up with the following: Microsoft Windows - the system has recovered from a serious error. A log of this error has been created. For more information about this error. click here . I clicked there and another window opened, again headed with Microsoft Windows and containing the following: Error signature - BCCode:ca BCP1:00000004 BCP2: 8935B908 BCP3: 00000000 BCP4: 00000000 OSVer:5_1_2600 SP:3_0 Product:256_1
To view technical information  about the error report. click here That click resulted in another box headed "Error Report Contents - The following files will be included in this error report: C:\DOCUME~1\June\LOCALS~1\Temp\WER68ba.dir00\Mini010813.01.dmp
C:\DOCUME~1\JUNE\LOCALS~1\Temp\WER68ba.dir00\sysdata.xml

I don't see any log report from ComboFix. Did I do something wrong? 


Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15978
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Ponmocup. AA Trojan referred from GW CHF
« Reply #3 on: January 09, 2013, 12:53:22 PM »


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline goldedger1

  • Full Member
  • ***
  • Posts: 38
    • View Profile
Re: Ponmocup. AA Trojan referred from GW CHF
« Reply #4 on: January 09, 2013, 08:15:03 PM »
Okay I did as you requested - "automatically restart" box unticked.
Ran ComboFix again. It currently has a blue info box sitting on my laptop screen, apparently doing nothing.
This is how far it seems to have gotten:
autoscan ran - completed Stage 1 - 50, then it said
Deleting files: [a bunch of files titled c:\documents and settings\All Users\Application Data\Temp\ ending with a combo of 8 digits and #'s and then .TMP] the last file was titled c:\WINDOWS\system32\URTTemp\regtlib.exe
then
Deleting folders:
c:\Documents and Settings\All Users\Application Data\TEMP
_ Cursor is flashing here and has been since 4:45pm (30 minutes ago at this point.

This isn't normal, is it???


 :wasntme:

Offline goldedger1

  • Full Member
  • ***
  • Posts: 38
    • View Profile
Re: Ponmocup. AA Trojan referred from GW CHF
« Reply #5 on: January 09, 2013, 08:57:20 PM »
Blue screen still there, not moving, not doing anything. Do I close it???

 :sos:

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15978
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Ponmocup. AA Trojan referred from GW CHF
« Reply #6 on: January 09, 2013, 09:12:11 PM »
Yes, close it and restart your computer.  See if a ComboFix.txt log is created on your desktop or in C:\Qoobox\ .

If there is no ComboFix log, try running ComboFix in Safe Mode.  To do so, restart your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline goldedger1

  • Full Member
  • ***
  • Posts: 38
    • View Profile
Re: Ponmocup. AA Trojan referred from GW CHF
« Reply #7 on: January 10, 2013, 02:49:17 AM »
Hi Corrine

The internet has been down for several hours so I couldn't post till now. Anyways;

No ComboFix.txt log on my desktop or in C:\/Qoobox\

I restarted the computer and ran windows in safe mode (Auto-System recovery in still unchecked as previously requested)
Ran ComboFix and ended up with the same thing as before - Blue Screen with the following info on it
AutoScan
Completed Stage 1-50
Deleting Folders:

C:\Documents and Settings\All Users\Application Data\TEMP
_ (Cursor flashing here. )
I ran ComboFix at 6:40PM, it's now 11:47PM and the screen is still the same.

Not having a lot of luck here.    :(
Please advise.  Thanks, June


Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15978
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Ponmocup. AA Trojan referred from GW CHF
« Reply #8 on: January 10, 2013, 02:40:58 PM »
Hi, June. Let's go from a different angle.  The logs will be long so will likely require more than one reply to complete them.

First, Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see:  How to change the file extension.
  • Click the Start Scan button.  Do not use the computer during the scan!
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the "Scan results - Select action for found objects[/b]" and offer 3 options.
    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
Next, Please download OTL ...  by Old TimerSave it to your Desktop.
  • Right click on OTL.exe select "Run As Administrator" to run it.  If prompted by UAC, please allow it.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  • Please post the contents of both OTL.txt and Extras.txt files in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline goldedger1

  • Full Member
  • ***
  • Posts: 38
    • View Profile
Re: Ponmocup. AA Trojan referred from GW CHF
« Reply #9 on: January 10, 2013, 06:09:48 PM »
Okay, that different angle got some results.
I ran the TDSSKiller tool - it didn't find anything. Here's the log:

14:13:37.0578 3976  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:13:38.0062 3976  ============================================================
14:13:38.0062 3976  Current date / time: 2013/01/10 14:13:38.0062
14:13:38.0062 3976  SystemInfo:
14:13:38.0062 3976 
14:13:38.0062 3976  OS Version: 5.1.2600 ServicePack: 3.0
14:13:38.0062 3976  Product type: Workstation
14:13:38.0062 3976  ComputerName: CHRISTMAS
14:13:38.0062 3976  UserName: June
14:13:38.0062 3976  Windows directory: C:\WINDOWS
14:13:38.0062 3976  System windows directory: C:\WINDOWS
14:13:38.0062 3976  Processor architecture: Intel x86
14:13:38.0062 3976  Number of processors: 2
14:13:38.0062 3976  Page size: 0x1000
14:13:38.0062 3976  Boot type: Normal boot
14:13:38.0062 3976  ============================================================
14:13:39.0578 3976  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:13:39.0578 3976  ============================================================
14:13:39.0578 3976  \Device\Harddisk0\DR0:
14:13:39.0578 3976  MBR partitions:
14:13:39.0578 3976  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x9C263D, BlocksNum 0x4528722
14:13:39.0578 3976  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x4EEAD5F, BlocksNum 0x4623762
14:13:39.0578 3976  ============================================================
14:13:39.0609 3976  C: <-> \Device\Harddisk0\DR0\Partition1
14:13:39.0625 3976  D: <-> \Device\Harddisk0\DR0\Partition2
14:13:39.0625 3976  ============================================================
14:13:39.0625 3976  Initialize success
14:13:39.0625 3976  ============================================================
14:14:13.0796 2700  ============================================================
14:14:13.0796 2700  Scan started
14:14:13.0796 2700  Mode: Manual;
14:14:13.0796 2700  ============================================================
14:14:13.0937 2700  ================ Scan system memory ========================
14:14:13.0937 2700  System memory - ok
14:14:13.0937 2700  ================ Scan services =============================
14:14:14.0062 2700  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
14:14:14.0062 2700  !SASCORE - ok
14:14:14.0125 2700  Abiosdsk - ok
14:14:14.0171 2700  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:14:14.0171 2700  abp480n5 - ok
14:14:14.0171 2700  AcerMemUsageCheckService - ok
14:14:14.0234 2700  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:14:14.0234 2700  ACPI - ok
14:14:14.0250 2700  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:14:14.0250 2700  ACPIEC - ok
14:14:14.0328 2700  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:14:14.0343 2700  AdobeFlashPlayerUpdateSvc - ok
14:14:14.0359 2700  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:14:14.0359 2700  adpu160m - ok
14:14:14.0406 2700  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
14:14:14.0406 2700  aec - ok
14:14:14.0453 2700  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
14:14:14.0468 2700  AFD - ok
14:14:14.0484 2700  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
14:14:14.0500 2700  agp440 - ok
14:14:14.0515 2700  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:14:14.0515 2700  agpCPQ - ok
14:14:14.0515 2700  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:14:14.0531 2700  Aha154x - ok
14:14:14.0531 2700  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:14:14.0546 2700  aic78u2 - ok
14:14:14.0562 2700  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:14:14.0562 2700  aic78xx - ok
14:14:14.0609 2700  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
14:14:14.0609 2700  Alerter - ok
14:14:14.0671 2700  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
14:14:14.0671 2700  ALG - ok
14:14:14.0671 2700  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
14:14:14.0671 2700  AliIde - ok
14:14:14.0687 2700  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:14:14.0687 2700  alim1541 - ok
14:14:14.0703 2700  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:14:14.0703 2700  amdagp - ok
14:14:14.0750 2700  [ 0A4D13B388C814560BD69C3A496ECFA8 ] AmdK8           C:\WINDOWS\system32\DRIVERS\AmdK8.sys
14:14:14.0750 2700  AmdK8 - ok
14:14:14.0765 2700  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
14:14:14.0765 2700  amsint - ok
14:14:14.0843 2700  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:14:14.0843 2700  Apple Mobile Device - ok
14:14:14.0921 2700  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
14:14:14.0921 2700  AppMgmt - ok
14:14:14.0953 2700  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
14:14:14.0953 2700  asc - ok
14:14:14.0968 2700  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:14:14.0968 2700  asc3350p - ok
14:14:14.0984 2700  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:14:14.0984 2700  asc3550 - ok
14:14:15.0078 2700  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:14:15.0078 2700  aspnet_state - ok
14:14:15.0093 2700  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:14:15.0093 2700  AsyncMac - ok
14:14:15.0109 2700  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
14:14:15.0109 2700  atapi - ok
14:14:15.0125 2700  Atdisk - ok
14:14:15.0218 2700  [ DEA649BC17D6F16CE6B1389D9CE9EA69 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
14:14:15.0234 2700  Ati HotKey Poller - ok
14:14:15.0328 2700  [ B1FA8F1DC0A49618E544287A92AC266E ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:14:15.0343 2700  ati2mtag - ok
14:14:15.0375 2700  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:14:15.0375 2700  Atmarpc - ok
14:14:15.0500 2700  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:14:15.0500 2700  AudioSrv - ok
14:14:15.0531 2700  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
14:14:15.0531 2700  audstub - ok
14:14:15.0578 2700  [ 30D20FC98BCFD52E1DA778CF19B223D4 ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
14:14:15.0578 2700  BCM43XX - ok
14:14:15.0609 2700  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:14:15.0609 2700  Beep - ok
14:14:15.0671 2700  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
14:14:15.0687 2700  BITS - ok
14:14:15.0796 2700  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:14:15.0812 2700  Bonjour Service - ok
14:14:15.0875 2700  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
14:14:15.0875 2700  Browser - ok
14:14:15.0906 2700  [ B279426E3C0C344893ED78A613A73BDE ] BthEnum         C:\WINDOWS\system32\DRIVERS\BthEnum.sys
14:14:15.0906 2700  BthEnum - ok
14:14:15.0937 2700  [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan          C:\WINDOWS\system32\DRIVERS\bthpan.sys
14:14:15.0937 2700  BthPan - ok
14:14:15.0984 2700  [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT         C:\WINDOWS\system32\Drivers\BTHport.sys
14:14:16.0000 2700  BTHPORT - ok
14:14:16.0046 2700  [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ         C:\WINDOWS\System32\bthserv.dll
14:14:16.0046 2700  BthServ - ok
14:14:16.0078 2700  [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB          C:\WINDOWS\system32\Drivers\BTHUSB.sys
14:14:16.0078 2700  BTHUSB - ok
14:14:16.0125 2700  catchme - ok
14:14:16.0171 2700  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:14:16.0171 2700  cbidf - ok
14:14:16.0187 2700  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
14:14:16.0187 2700  cbidf2k - ok
14:14:16.0265 2700  [ 8EF654045E518AC00E52E7A1E2D3AD70 ] CCALib8         C:\Program Files\Canon\CAL\CALMAIN.exe
14:14:16.0265 2700  CCALib8 - ok
14:14:16.0281 2700  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:14:16.0281 2700  cd20xrnt - ok
14:14:16.0312 2700  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
14:14:16.0312 2700  Cdaudio - ok
14:14:16.0328 2700  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
14:14:16.0328 2700  Cdfs - ok
14:14:16.0359 2700  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:14:16.0359 2700  Cdrom - ok
14:14:16.0375 2700  Changer - ok
14:14:16.0437 2700  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
14:14:16.0453 2700  CiSvc - ok
14:14:16.0515 2700  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
14:14:16.0515 2700  ClipSrv - ok
14:14:16.0593 2700  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:14:16.0593 2700  clr_optimization_v2.0.50727_32 - ok
14:14:16.0625 2700  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:14:16.0625 2700  CmBatt - ok
14:14:16.0656 2700  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:14:16.0656 2700  CmdIde - ok
14:14:16.0671 2700  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:14:16.0671 2700  Compbatt - ok
14:14:16.0734 2700  COMSysApp - ok
14:14:16.0750 2700  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:14:16.0750 2700  Cpqarray - ok
14:14:16.0796 2700  [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv          C:\Program Files\SystemRequirementsLab\cpudrv.sys
14:14:16.0796 2700  cpudrv - ok
14:14:16.0890 2700  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
14:14:16.0890 2700  CryptSvc - ok
14:14:16.0906 2700  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:14:16.0921 2700  dac2w2k - ok
14:14:16.0921 2700  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:14:16.0921 2700  dac960nt - ok
14:14:17.0000 2700  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:14:17.0000 2700  DcomLaunch - ok
14:14:17.0062 2700  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
14:14:17.0062 2700  Dhcp - ok
14:14:17.0078 2700  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
14:14:17.0078 2700  Disk - ok
14:14:17.0109 2700  [ 08D30AF92C270F2E76787C81589DBAD6 ] DKbFltr         C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
14:14:17.0109 2700  DKbFltr - ok
14:14:17.0171 2700  dmadmin - ok
14:14:17.0250 2700  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
14:14:17.0265 2700  dmboot - ok
14:14:17.0296 2700  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
14:14:17.0296 2700  dmio - ok
14:14:17.0312 2700  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
14:14:17.0312 2700  dmload - ok
14:14:17.0343 2700  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
14:14:17.0343 2700  dmserver - ok
14:14:17.0390 2700  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
14:14:17.0390 2700  DMusic - ok
14:14:17.0453 2700  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:14:17.0468 2700  Dnscache - ok
14:14:17.0546 2700  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
14:14:17.0562 2700  Dot3svc - ok
14:14:17.0562 2700  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:14:17.0562 2700  dpti2o - ok
14:14:17.0578 2700  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
14:14:17.0578 2700  drmkaud - ok
14:14:17.0625 2700  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
14:14:17.0625 2700  EapHost - ok
14:14:17.0687 2700  [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr         C:\WINDOWS\eHome\ehRecvr.exe
14:14:17.0687 2700  ehRecvr - ok
14:14:17.0718 2700  [ A53243709439AC2A4C216B817F8D7411 ] ehSched         C:\WINDOWS\eHome\ehSched.exe
14:14:17.0718 2700  ehSched - ok
14:14:17.0718 2700  eLockService - ok
14:14:17.0765 2700  [ 12133FD03D4B34CFAFFFA9A19C953812 ] EMSCR           C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
14:14:17.0765 2700  EMSCR - ok
14:14:17.0859 2700  [ 8FE6AB59CAB8F2C038FEA9522A5EEBA7 ] EPSON_PM_RPCV4_01 C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
14:14:17.0859 2700  EPSON_PM_RPCV4_01 - ok
14:14:17.0921 2700  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
14:14:17.0921 2700  ERSvc - ok
14:14:17.0953 2700  [ 9F0FA60836E1D1148CC0C1B6E67AA6F7 ] ESDCR           C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
14:14:17.0953 2700  ESDCR - ok
14:14:17.0984 2700  [ D9DA881BE71B74B328471CCF28B5F0A9 ] ESMCR           C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
14:14:17.0984 2700  ESMCR - ok
14:14:18.0062 2700  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
14:14:18.0078 2700  Eventlog - ok
14:14:18.0109 2700  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
14:14:18.0125 2700  EventSystem - ok
14:14:18.0140 2700  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
14:14:18.0140 2700  Fastfat - ok
14:14:18.0187 2700  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:14:18.0187 2700  FastUserSwitchingCompatibility - ok
14:14:18.0296 2700  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
14:14:18.0359 2700  Fax - ok
14:14:18.0390 2700  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
14:14:18.0390 2700  Fdc - ok
14:14:18.0406 2700  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
14:14:18.0406 2700  Fips - ok
14:14:18.0421 2700  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
14:14:18.0421 2700  Flpydisk - ok
14:14:18.0437 2700  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
14:14:18.0437 2700  FltMgr - ok
14:14:18.0562 2700  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:14:18.0562 2700  FontCache3.0.0.0 - ok
14:14:18.0625 2700  [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk     C:\WINDOWS\system32\FsUsbExDisk.SYS
14:14:18.0640 2700  FsUsbExDisk - ok
14:14:18.0656 2700  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:14:18.0656 2700  Fs_Rec - ok
14:14:18.0687 2700  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:14:18.0703 2700  Ftdisk - ok
14:14:18.0765 2700  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:14:18.0765 2700  GEARAspiWDM - ok
14:14:18.0796 2700  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:14:18.0812 2700  Gpc - ok
14:14:18.0921 2700  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:14:18.0937 2700  gusvc - ok
14:14:18.0984 2700  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:14:18.0984 2700  HDAudBus - ok
14:14:19.0062 2700  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:14:19.0062 2700  helpsvc - ok
14:14:19.0171 2700  HidServ - ok
14:14:19.0312 2700  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
14:14:19.0312 2700  hkmsvc - ok
14:14:19.0359 2700  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
14:14:19.0359 2700  hpn - ok
14:14:19.0421 2700  [ 448C0FD272FE1B80046F4767DB21EB8D ] HSFHWAZL        C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
14:14:19.0437 2700  HSFHWAZL - ok
14:14:19.0515 2700  [ 2715A27DE9C17BDBAF6D6C79989A7B12 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
14:14:19.0546 2700  HSF_DPV - ok
14:14:19.0625 2700  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
14:14:19.0625 2700  HTTP - ok
14:14:19.0734 2700  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
14:14:19.0734 2700  HTTPFilter - ok
14:14:19.0765 2700  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
14:14:19.0781 2700  i2omgmt - ok
14:14:19.0796 2700  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:14:19.0796 2700  i2omp - ok
14:14:19.0828 2700  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:14:19.0828 2700  i8042prt - ok
14:14:19.0906 2700  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:14:19.0906 2700  IDriverT - ok
14:14:20.0062 2700  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:14:20.0093 2700  idsvc - ok
14:14:20.0125 2700  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
14:14:20.0125 2700  Imapi - ok
14:14:20.0281 2700  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
14:14:20.0281 2700  ImapiService - ok
14:14:20.0312 2700  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:14:20.0312 2700  ini910u - ok
14:14:20.0343 2700  [ 4D8D5B1C895EA0F2A721B98A7CE198F1 ] int15           C:\WINDOWS\system32\drivers\int15.sys
14:14:20.0359 2700  int15 - ok
14:14:20.0593 2700  [ 909D03B3B7FB7C830B74F74F4D0EA7CE ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:14:20.0625 2700  IntcAzAudAddService - ok
14:14:20.0734 2700  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
14:14:20.0734 2700  IntelIde - ok
14:14:20.0765 2700  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
14:14:20.0765 2700  Ip6Fw - ok
14:14:20.0796 2700  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:14:20.0796 2700  IpFilterDriver - ok
14:14:20.0828 2700  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:14:20.0828 2700  IpInIp - ok
14:14:20.0859 2700  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:14:20.0859 2700  IpNat - ok
14:14:21.0000 2700  [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:14:21.0015 2700  iPod Service - ok
14:14:21.0015 2700  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:14:21.0031 2700  IPSec - ok
14:14:21.0031 2700  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
14:14:21.0031 2700  IRENUM - ok
14:14:21.0062 2700  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:14:21.0078 2700  isapnp - ok
14:14:21.0187 2700  [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
14:14:21.0187 2700  JavaQuickStarterService - ok
14:14:21.0203 2700  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:14:21.0218 2700  Kbdclass - ok
14:14:21.0250 2700  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
14:14:21.0265 2700  kmixer - ok
14:14:21.0265 2700  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
14:14:21.0281 2700  KSecDD - ok
14:14:21.0328 2700  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
14:14:21.0328 2700  lanmanserver - ok
14:14:21.0484 2700  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:14:21.0484 2700  lanmanworkstation - ok
14:14:21.0515 2700  lbrtfdc - ok
14:14:21.0625 2700  [ 86E8BCAA91FC2ACFACD99CF2BF9F1F47 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:14:21.0625 2700  LightScribeService - ok
14:14:21.0703 2700  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
14:14:21.0703 2700  LmHosts - ok
14:14:21.0765 2700  [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc         C:\WINDOWS\ehome\mcrdsvc.exe
14:14:21.0765 2700  McrdSvc - ok
14:14:21.0859 2700  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
14:14:21.0859 2700  MDM - ok
14:14:21.0906 2700  [ 74F4372AF97A587ECEC527EC34955712 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:14:21.0906 2700  mdmxsdk - ok
14:14:21.0984 2700  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
14:14:21.0984 2700  Messenger - ok
14:14:22.0093 2700  [ B7521F69C0A9B29D356157229376FB21 ] MHN             C:\WINDOWS\System32\mhn.dll
14:14:22.0109 2700  MHN - ok
14:14:22.0140 2700  [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV          C:\WINDOWS\system32\DRIVERS\mhndrv.sys
14:14:22.0140 2700  MHNDRV - ok
14:14:22.0171 2700  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
14:14:22.0171 2700  mnmdd - ok
14:14:22.0250 2700  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
14:14:22.0250 2700  mnmsrvc - ok
14:14:22.0281 2700  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
14:14:22.0281 2700  Modem - ok
14:14:22.0312 2700  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:14:22.0312 2700  Mouclass - ok
14:14:22.0343 2700  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
14:14:22.0359 2700  MountMgr - ok
14:14:22.0421 2700  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:14:22.0421 2700  MozillaMaintenance - ok
14:14:22.0500 2700  [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
14:14:22.0500 2700  MpFilter - ok
14:14:22.0531 2700  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:14:22.0531 2700  mraid35x - ok
14:14:22.0593 2700  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:14:22.0609 2700  MRxDAV - ok
14:14:22.0656 2700  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:14:22.0671 2700  MRxSmb - ok
14:14:22.0843 2700  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
14:14:22.0843 2700  MSDTC - ok
14:14:22.0875 2700  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:14:22.0875 2700  Msfs - ok
14:14:22.0984 2700  MSIServer - ok
14:14:23.0062 2700  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:14:23.0062 2700  MSKSSRV - ok
14:14:23.0125 2700  [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:14:23.0125 2700  MsMpSvc - ok
14:14:23.0125 2700  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:14:23.0125 2700  MSPCLOCK - ok
14:14:23.0140 2700  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
14:14:23.0140 2700  MSPQM - ok
14:14:23.0171 2700  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:14:23.0171 2700  mssmbios - ok
14:14:23.0203 2700  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
14:14:23.0203 2700  Mup - ok
14:14:23.0312 2700  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
14:14:23.0328 2700  napagent - ok
14:14:23.0359 2700  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
14:14:23.0406 2700  NDIS - ok
14:14:23.0453 2700  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:14:23.0453 2700  NdisTapi - ok
14:14:23.0468 2700  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:14:23.0484 2700  Ndisuio - ok
14:14:23.0484 2700  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:14:23.0484 2700  NdisWan - ok
14:14:23.0546 2700  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
14:14:23.0546 2700  NDProxy - ok
14:14:23.0562 2700  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
14:14:23.0562 2700  NetBIOS - ok
14:14:23.0593 2700  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
14:14:23.0609 2700  NetBT - ok
14:14:23.0656 2700  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
14:14:23.0656 2700  NetDDE - ok
14:14:23.0656 2700  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
14:14:23.0671 2700  NetDDEdsdm - ok
14:14:23.0734 2700  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
14:14:23.0734 2700  Netlogon - ok
14:14:23.0812 2700  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
14:14:23.0812 2700  Netman - ok
14:14:24.0046 2700  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:14:24.0046 2700  NetTcpPortSharing - ok
14:14:24.0125 2700  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
14:14:24.0125 2700  Nla - ok
14:14:24.0156 2700  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:14:24.0156 2700  Npfs - ok
14:14:24.0187 2700  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:14:24.0203 2700  Ntfs - ok
14:14:24.0218 2700  [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr         C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
14:14:24.0234 2700  NTIDrvr - ok
14:14:24.0250 2700  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
14:14:24.0265 2700  NtLmSsp - ok
14:14:24.0359 2700  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
14:14:24.0375 2700  NtmsSvc - ok
14:14:24.0390 2700  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:14:24.0390 2700  Null - ok
14:14:24.0437 2700  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:14:24.0437 2700  NwlnkFlt - ok
14:14:24.0437 2700  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:14:24.0437 2700  NwlnkFwd - ok
14:14:24.0531 2700  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:14:24.0531 2700  ose - ok
14:14:24.0578 2700  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
14:14:24.0578 2700  Parport - ok
14:14:24.0609 2700  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
14:14:24.0609 2700  PartMgr - ok
14:14:24.0625 2700  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
14:14:24.0625 2700  ParVdm - ok
14:14:24.0671 2700  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
14:14:24.0671 2700  PCI - ok
14:14:24.0687 2700  PCIDump - ok
14:14:24.0687 2700  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
14:14:24.0687 2700  PCIIde - ok
14:14:24.0703 2700  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:14:24.0703 2700  Pcmcia - ok
14:14:24.0718 2700  PDCOMP - ok
14:14:24.0734 2700  PDFRAME - ok
14:14:24.0750 2700  PDRELI - ok
14:14:24.0765 2700  PDRFRAME - ok
14:14:24.0781 2700  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
14:14:24.0781 2700  perc2 - ok
14:14:24.0781 2700  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:14:24.0781 2700  perc2hib - ok
14:14:24.0859 2700  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
14:14:24.0875 2700  PlugPlay - ok
14:14:24.0906 2700  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
14:14:24.0906 2700  PolicyAgent - ok
14:14:24.0921 2700  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:14:24.0921 2700  PptpMiniport - ok
14:14:24.0953 2700  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
14:14:24.0953 2700  Processor - ok
14:14:24.0984 2700  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:14:24.0984 2700  ProtectedStorage - ok
14:14:25.0000 2700  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
14:14:25.0000 2700  PSched - ok
14:14:25.0046 2700  [ 00B670D8A36C7134CFC66B446A18CC92 ] psdfilter       C:\WINDOWS\system32\Drivers\psdfilter.sys
14:14:25.0046 2700  psdfilter - ok
14:14:25.0078 2700  [ E9A60343CB7C39090638B1DD574F26EB ] psdvdisk        C:\WINDOWS\system32\Drivers\psdvdisk.sys
14:14:25.0078 2700  psdvdisk - ok
14:14:25.0093 2700  [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI             C:\WINDOWS\system32\DRIVERS\psi_mf.sys
14:14:25.0093 2700  PSI - ok
14:14:25.0125 2700  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:14:25.0125 2700  Ptilink - ok
14:14:25.0140 2700  [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:14:25.0140 2700  PxHelp20 - ok
14:14:25.0156 2700  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:14:25.0156 2700  ql1080 - ok
14:14:25.0171 2700  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:14:25.0171 2700  Ql10wnt - ok
14:14:25.0187 2700  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:14:25.0187 2700  ql12160 - ok
14:14:25.0203 2700  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:14:25.0203 2700  ql1240 - ok
14:14:25.0234 2700  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:14:25.0234 2700  ql1280 - ok
14:14:25.0281 2700  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:14:25.0281 2700  RasAcd - ok
14:14:25.0343 2700  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
14:14:25.0343 2700  RasAuto - ok
14:14:25.0359 2700  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:14:25.0359 2700  Rasl2tp - ok
14:14:25.0437 2700  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:14:25.0437 2700  RasMan - ok
14:14:25.0453 2700  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:14:25.0453 2700  RasPppoe - ok
14:14:25.0468 2700  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
14:14:25.0484 2700  Raspti - ok
14:14:25.0515 2700  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:14:25.0515 2700  Rdbss - ok
14:14:25.0546 2700  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:14:25.0546 2700  RDPCDD - ok
14:14:25.0562 2700  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:14:25.0562 2700  rdpdr - ok
14:14:25.0625 2700  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
14:14:25.0625 2700  RDPWD - ok
14:14:25.0656 2700  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
14:14:25.0671 2700  RDSessMgr - ok
14:14:25.0687 2700  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
14:14:25.0687 2700  redbook - ok
14:14:25.0796 2700  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:14:25.0812 2700  RemoteAccess - ok
14:14:25.0843 2700  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
14:14:25.0843 2700  RemoteRegistry - ok
14:14:25.0859 2700  [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM          C:\WINDOWS\system32\DRIVERS\rfcomm.sys
14:14:25.0859 2700  RFCOMM - ok
14:14:25.0906 2700  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
14:14:25.0906 2700  RpcLocator - ok
14:14:25.0984 2700  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
14:14:25.0984 2700  RpcSs - ok
14:14:26.0000 2700  RPSKT - ok
14:14:26.0062 2700  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
14:14:26.0062 2700  RSVP - ok
14:14:26.0093 2700  [ CF84B1F0E8B14D4120AAF9CF35CBB265 ] RTL8023xp       C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
14:14:26.0109 2700  RTL8023xp - ok
14:14:26.0156 2700  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
14:14:26.0156 2700  SamSs - ok
14:14:26.0250 2700  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:14:26.0250 2700  SASDIFSV - ok
14:14:26.0281 2700  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:14:26.0281 2700  SASKUTIL - ok
14:14:26.0312 2700  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
14:14:26.0328 2700  SCardSvr - ok
14:14:26.0390 2700  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:14:26.0390 2700  Schedule - ok
14:14:26.0421 2700  [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
14:14:26.0421 2700  sdbus - ok
14:14:26.0453 2700  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:14:26.0453 2700  Secdrv - ok
14:14:26.0515 2700  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
14:14:26.0515 2700  seclogon - ok
14:14:26.0640 2700  [ 1CE8490E8919EF5C72275952C202E749 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
14:14:26.0656 2700  Secunia PSI Agent - ok
14:14:26.0703 2700  [ 9337C7C45392A32CAC5E59DDAC0D0342 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
14:14:26.0703 2700  Secunia Update Agent - ok
14:14:26.0750 2700  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
14:14:26.0765 2700  SENS - ok
14:14:26.0781 2700  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
14:14:26.0781 2700  Serial - ok
14:14:26.0828 2700  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
14:14:26.0828 2700  Sfloppy - ok
14:14:26.0890 2700  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
14:14:26.0890 2700  SharedAccess - ok
14:14:26.0953 2700  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:14:26.0953 2700  ShellHWDetection - ok
14:14:26.0968 2700  Simbad - ok
14:14:27.0015 2700  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:14:27.0015 2700  sisagp - ok
14:14:27.0031 2700  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:14:27.0031 2700  Sparrow - ok
14:14:27.0046 2700  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
14:14:27.0046 2700  splitter - ok
14:14:27.0078 2700  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
14:14:27.0093 2700  Spooler - ok
14:14:27.0109 2700  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:14:27.0109 2700  sr - ok
14:14:27.0156 2700  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
14:14:27.0171 2700  srservice - ok
14:14:27.0187 2700  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
14:14:27.0203 2700  Srv - ok
14:14:27.0265 2700  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
14:14:27.0265 2700  SSDPSRV - ok
14:14:27.0343 2700  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
14:14:27.0359 2700  stisvc - ok
14:14:27.0375 2700  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
14:14:27.0375 2700  swenum - ok
14:14:27.0390 2700  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
14:14:27.0390 2700  swmidi - ok
14:14:27.0437 2700  SwPrv - ok
14:14:27.0484 2700  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
14:14:27.0484 2700  symc810 - ok
14:14:27.0500 2700  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:14:27.0500 2700  symc8xx - ok
14:14:27.0515 2700  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:14:27.0515 2700  sym_hi - ok
14:14:27.0531 2700  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:14:27.0531 2700  sym_u3 - ok
14:14:27.0578 2700  [ 9D3611FA3BCCA8090FDD1A45BD1EA586 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:14:27.0578 2700  SynTP - ok
14:14:27.0593 2700  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
14:14:27.0593 2700  sysaudio - ok
14:14:27.0640 2700  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
14:14:27.0656 2700  SysmonLog - ok
14:14:27.0671 2700  [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss          C:\WINDOWS\system32\DRIVERS\taphss.sys
14:14:27.0671 2700  taphss - ok
14:14:27.0750 2700  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
14:14:27.0750 2700  TapiSrv - ok
14:14:27.0812 2700  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:14:27.0812 2700  Tcpip - ok
14:14:27.0843 2700  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
14:14:27.0843 2700  TDPIPE - ok
14:14:27.0859 2700  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
14:14:27.0859 2700  TDTCP - ok
14:14:27.0875 2700  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
14:14:27.0875 2700  TermDD - ok
14:14:27.0937 2700  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
14:14:27.0953 2700  TermService - ok
14:14:28.0000 2700  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
14:14:28.0015 2700  Themes - ok
14:14:28.0078 2700  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
14:14:28.0078 2700  TlntSvr - ok
14:14:28.0109 2700  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
14:14:28.0109 2700  TosIde - ok
14:14:28.0187 2700  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
14:14:28.0187 2700  TrkWks - ok
14:14:28.0218 2700  [ 97DD70FECA64FB4F63DE7BB7E66A80B1 ] tvicport        C:\WINDOWS\system32\drivers\tvicport.sys
14:14:28.0218 2700  tvicport - ok
14:14:28.0234 2700  [ E0C67BE430C6DE490D6CCAECFA071F9E ] UBHelper        C:\WINDOWS\system32\drivers\UBHelper.sys
14:14:28.0234 2700  UBHelper - ok
14:14:28.0265 2700  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
14:14:28.0281 2700  Udfs - ok
14:14:28.0281 2700  UIUSys - ok
14:14:28.0296 2700  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
14:14:28.0296 2700  ultra - ok
14:14:28.0343 2700  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
14:14:28.0359 2700  Update - ok
14:14:28.0406 2700  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
14:14:28.0468 2700  upnphost - ok
14:14:28.0546 2700  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
14:14:28.0546 2700  UPS - ok
14:14:28.0609 2700  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
14:14:28.0609 2700  USBAAPL - ok
14:14:28.0671 2700  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:14:28.0671 2700  usbehci - ok
14:14:28.0703 2700  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:14:28.0703 2700  usbhub - ok
14:14:28.0750 2700  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:14:28.0750 2700  usbohci - ok
14:14:28.0750 2700  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:14:28.0750 2700  usbscan - ok
14:14:28.0765 2700  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:14:28.0765 2700  USBSTOR - ok
14:14:28.0812 2700  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
14:14:28.0812 2700  VgaSave - ok
14:14:28.0843 2700  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:14:28.0843 2700  viaagp - ok
14:14:28.0859 2700  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
14:14:28.0859 2700  ViaIde - ok
14:14:28.0859 2700  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
14:14:28.0875 2700  VolSnap - ok
14:14:28.0937 2700  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
14:14:28.0953 2700  VSS - ok
14:14:29.0015 2700  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
14:14:29.0031 2700  W32Time - ok
14:14:29.0046 2700  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:14:29.0046 2700  Wanarp - ok
14:14:29.0062 2700  WDC_SAM - ok
14:14:29.0078 2700  WDICA - ok
14:14:29.0109 2700  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
14:14:29.0109 2700  wdmaud - ok
14:14:29.0171 2700  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
14:14:29.0171 2700  WebClient - ok
14:14:29.0234 2700  [ 7FE372B1AB60736CC67E8EB6F1FB1F5B ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:14:29.0250 2700  winachsf - ok
14:14:29.0312 2700  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
14:14:29.0312 2700  winmgmt - ok
14:14:29.0437 2700  [ 18F347402DA544A780949B8FDF83351B ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
14:14:29.0453 2700  WinRM - ok
14:14:29.0531 2700  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
14:14:29.0546 2700  WmdmPmSN - ok
14:14:29.0656 2700  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
14:14:29.0656 2700  Wmi - ok
14:14:29.0687 2700  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:14:29.0703 2700  WmiAcpi - ok
14:14:29.0765 2700  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:14:29.0765 2700  WmiApSrv - ok
14:14:29.0906 2700  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
14:14:29.0921 2700  WMPNetworkSvc - ok
14:14:29.0937 2700  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:14:29.0953 2700  WS2IFSL - ok
14:14:30.0000 2700  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
14:14:30.0000 2700  wscsvc - ok
14:14:30.0093 2700  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
14:14:30.0093 2700  wuauserv - ok
14:14:30.0140 2700  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:14:30.0140 2700  WudfPf - ok
14:14:30.0203 2700  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
14:14:30.0203 2700  WudfSvc - ok
14:14:30.0296 2700  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
14:14:30.0312 2700  WZCSVC - ok
14:14:30.0390 2700  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
14:14:30.0390 2700  xmlprov - ok
14:14:30.0437 2700  [ 40AC8590CC9006DBB99FFCB37879D4C6 ] zntport         C:\WINDOWS\system32\drivers\zntport.sys
14:14:30.0437 2700  zntport - ok
14:14:30.0453 2700  ================ Scan global ===============================
14:14:30.0640 2700  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:14:30.0781 2700  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:14:30.0875 2700  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:14:30.0953 2700  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:14:30.0953 2700  [Global] - ok
14:14:30.0953 2700  ================ Scan MBR ==================================
14:14:30.0984 2700  [ 99852D5C3A78447C3D6D82B6155FE848 ] \Device\Harddisk0\DR0
14:14:34.0937 2700  \Device\Harddisk0\DR0 - ok
14:14:34.0953 2700  ================ Scan VBR ==================================
14:14:34.0984 2700  [ 9D85633DC6DAE11C55ED3D95CEC683C0 ] \Device\Harddisk0\DR0\Partition1
14:14:34.0984 2700  \Device\Harddisk0\DR0\Partition1 - ok
14:14:35.0015 2700  [ 9290C52D4C8B59D71640D81442B3C1E3 ] \Device\Harddisk0\DR0\Partition2
14:14:35.0015 2700  \Device\Harddisk0\DR0\Partition2 - ok
14:14:35.0015 2700  ============================================================
14:14:35.0015 2700  Scan finished
14:14:35.0015 2700  ============================================================
14:14:35.0031 3336  Detected object count: 0
14:14:35.0031 3336  Actual detected object count: 0
14:15:48.0578 2864  Deinitialize success

Here's the OTL log:
OTL logfile created on: 1/10/2013 2:23:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\June\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.62 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 82.96% Memory free
3.78 Gb Paging File | 3.40 Gb Available in Paging File | 89.93% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.57 Gb Total Space | 9.81 Gb Free Space | 28.38% Space Free | Partition Type: FAT32
Drive D: | 35.06 Gb Total Space | 4.08 Gb Free Space | 11.64% Space Free | Partition Type: FAT32
 
Computer Name: CHRISTMAS | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/01/10 14:16:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\June\Desktop\OTL.exe
PRC - [2012/09/24 23:13:00 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/09/18 00:08:24 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/12/21 07:04:30 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2010/12/21 07:04:30 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006/09/07 19:52:52 | 000,479,232 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2006/08/30 09:57:34 | 000,442,368 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2006/08/29 17:56:22 | 000,020,480 | ---- | M] ( ) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2006/08/10 15:00:50 | 000,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2006/08/03 15:34:04 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
PRC - [2006/07/31 21:02:46 | 000,346,112 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2006/06/01 14:40:54 | 000,413,696 | ---- | M] (Acer I

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15978
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Ponmocup. AA Trojan referred from GW CHF
« Reply #10 on: January 10, 2013, 07:23:58 PM »
Hi, June.

Good news that TDSSKiller didn't find anything.  Now I need you to copy/paste the two OTL logs again as the forum software only allows so many characters before cutting off the post.

Thank you.



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline goldedger1

  • Full Member
  • ***
  • Posts: 38
    • View Profile
Re: Ponmocup. AA Trojan referred from GW CHF
« Reply #11 on: January 10, 2013, 07:28:58 PM »

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15978
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Ponmocup. AA Trojan referred from GW CHF
« Reply #12 on: January 11, 2013, 01:31:31 AM »
Hi, June. 

I'm just getting back here and haven't had a chance to look at the log yet.  I'll be out much of tomorrow morning but will try to have instructions for you at some point tomorrow.  It will, as you can imagine, take me a bit to get through the log.  :)


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline goldedger1

  • Full Member
  • ***
  • Posts: 38
    • View Profile
Re: Ponmocup. AA Trojan referred from GW CHF
« Reply #13 on: January 11, 2013, 03:14:06 AM »
Hi Corrine,

No worries, I don't envy you analyzing those logs - I do appreciate all of your help though.
Thanks so much for letting me know (saves me checking my email all the time).

June



Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15978
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Ponmocup. AA Trojan referred from GW CHF
« Reply #14 on: January 11, 2013, 10:50:27 PM »
Hi, June.  Are you ready?  Ok, then let's see if this will do the job.

  • Double click OTL.exe to launch the program.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: [Select]
:OTL
IE - HKU\S-1-5-21-390141898-700289164-1800116202-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-390141898-700289164-1800116202-1005\..\SearchScopes,DefaultScope = {210C75B2-2430-4242-9462-AE5CC5867EE5}
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
[2013/01/02 04:05:58 | 000,710,504 | ---- | C] () -- C:\WINDOWS\is-E9HA8.exe

:Files
ipconfig /flushdns /c

:Commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]
[CREATERESTOREPOINT]
  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.
Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

After the reboot, please post the new OTL log.  After you have done that, please delete the copy of ComboFix from your desktop and download a new copy, following the same instructions as provided here see if you can run ComboFix to completion and post that log.

Thank you!


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.