Author Topic: Computer virus that controlls my mouse. (Read 27159 times)

Tunni · « **on:** April 02, 2013, 07:19:10 AM »

Hello!
Since February, I've accidentally downloaded a virus, which controlls my mouse,clicking things.
I've tried to search for weird-looking files, and here's my list:
wmsyspr9.prx
etilqs_yjgwpWcwNWJga62 (0 bytes file)
etilqs_EkUj5aSWNQybphp(0 bytes file)
etilqs_EkUj5aSWNQybphp(0 bytes file)
GDIPFONTCACHEV1 (Video CD Movie file, opens with nero showtime)
brndlog (Text document)
index C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
EpfwUser ( is in C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus)
8db84eb2-0934-4407-ad38-5c1b68483739 (XML doument)
8C95PU9F(C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5)
CPMV8D2B(C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5)
FTPECWZK(C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5)
W1E3SLYV (C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5)
540228824_810007( in Corel Messages)
_default.CW_(CW_file)
1033 (Empty folder)
manifest.json (JSON file)
qmgr0 and qmgr1 (Nero Show time files)
OPA12.BAK
opa12 (Nero Show time file)
28KH2EYF(C:\Documents and Settings\My Pc\Application Data\Adobe\Flash Player\AssetCache)
and here C:\Documents and Settings\My Pc\Application Data\Microsoft\CryptnetUrlCache\Content are files with lots of numbers and letters
7ee401672c98b8c41cde857a37d843f6-le32d8.cache-3 (CACHE-3 File)
6d14e4b1d8ca773bab785d1be032546e_5dafa7 39-502f-40a1-a3d6-21b29a9e169d
9921d43dc7a746715c0c2d40741ccd3c_5dafa7 39-502f-40a1-a3d6-21b29a9e169d
d42cc0c3858a58db2db37658219e6400_5dafa7 39-502f-40a1-a3d6-21b29a9e169d
What I want to know: are these malicious files?
Thanks!

SuperDave · « **Reply #1 on:** April 02, 2013, 10:55:29 AM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
We had better run some scans to see what's good and what's not good.

Please download AdwCleaner by Xplode onto your Desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Search.
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

*********************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Tunni · « **Reply #2 on:** April 03, 2013, 06:30:19 AM »

Hello Dave! Here's the log of Malwarebytes Anti Malware:
(Note! My mother language isn't english, so I translated it with Google translate)
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.04.03.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
My PC :: PC [administrator]

3/4/2013 3:26:42 PM
mbam-log-2013-04-03 (15-26-42). txt

Scan Mode: Full Scan (C: \ | E: \ |)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics / Extra | Heuristics / Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254370
Elapsed time: 22 minutes, 19 seconds

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files detected: 4
E: \ kits \ Ahead.Nero.Burning.ROM.v6.6.0.16 \ CORE10k.EXE (PUP.Keygen.Intro) -> No action taken.
E: \ kits \ Ahead.Nero.Burning.ROM.v6.6.0.16 \ Ahead.NeroVision.Express.v3.1.0.16 \ CORE10k.EXE (PUP.Keygen.Intro) -> No action was taken.
E: \ kits \ Ahead.Nero.Burning.ROM.v6.6.0.16 \ KeyGen.exe (Malware.Packer.Gen) -> quarantined and removed successfully.
E: \ kits \ Ahead.Nero.Burning.ROM.v6.6.0.16 \ Ahead.NeroVision.Express.v3.1.0.16 \ KeyGen.exe (Malware.Packer.Gen) -> quarantined and removed successfully.

(end)
Please tell me if anything's wrong!

SuperDave · « **Reply #3 on:** April 03, 2013, 12:31:49 PM »

Please run MBAM again and remove those infections. I would also like to see the other two logs.

Tunni · « **Reply #4 on:** April 04, 2013, 01:40:19 AM »

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.04.03.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
My Pc :: PC [administrator]

4/4/2013 10:40:54 AM
mbam-log-2013-04-04 (10-40-54).txt

Scan type: Full scan (C:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254100
Time elapsed: 22 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
SuperDave, here's the log. I can't believe there are no malicious items!

SuperDave · « **Reply #5 on:** April 04, 2013, 12:03:52 PM »

Quote

here's the log. I can't believe there are no malicious items!

They were there the first time your ran MBAM.
Please run adwCleaner and Security Check and post the logs.

Tunni · « **Reply #6 on:** April 09, 2013, 02:05:34 AM »

Here is the log of system check ( link you gave me)
Results of screen317's Security Check version 0.99.62
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
ESET NOD32 Antivirus 4.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.70.0.1100
CCleaner
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.63 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (3.6.28) Firefox out of Date!
Google Chrome 25.0.1364.172
Google Chrome 26.0.1410.43
````````Process Check: objlist.exe by Laurent````````[/u]
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````[/u]

And here's the log for adwCleaner:

# AdwCleaner v2.200 - Logfile created 04/09/2013 at 11:31:57
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : My Pc - PC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\My Pc\My Documents\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\My Pc\Local Settings\Application Data\Conduit

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.28 (en-US)

File : C:\Documents and Settings\My Pc\Application Data\Mozilla\Firefox\Profiles\zo8gqx88.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.43

File : C:\Documents and Settings\My Pc\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2157 octets] - [09/04/2013 11:31:57]

########## EOF - C:\AdwCleaner[R1].txt - [2217 octets] ##########

SuperDave · « **Reply #7 on:** April 09, 2013, 12:19:42 PM »

Update your Adobe Reader. get.adobe.com/reader.

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

****************************************
Remove the Adware:

Please close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with OK
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

******************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Tunni · « **Reply #8 on:** April 10, 2013, 02:56:15 AM »

Hello! Here is the adwCleaner log. I'll post the other one later :

# AdwCleaner v2.200 - Logfile created 04/10/2013 at 12:02:16
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : My Pc - PC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\My Pc\My Documents\Downloads\adwcleaner (1).exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\My Pc\Local Settings\Application Data\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.28 (en-US)

File : C:\Documents and Settings\My Pc\Application Data\Mozilla\Firefox\Profiles\zo8gqx88.default\prefs.js

C:\Documents and Settings\My Pc\Application Data\Mozilla\Firefox\Profiles\zo8gqx88.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v26.0.1410.43

File : C:\Documents and Settings\My Pc\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2286 octets] - [09/04/2013 11:31:57]
AdwCleaner[S1].txt - [2367 octets] - [10/04/2013 12:02:16]

########## EOF - C:\AdwCleaner[S1].txt - [2427 octets] ##########

Tunni · « **Reply #9 on:** April 10, 2013, 03:13:40 AM »

And the Combo Fix.
ComboFix 13-04-10.01 - My Pc 04/10/2013 12:27:22.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1404 [GMT 3:00]
Running from: c:\documents and settings\My Pc\My Documents\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\CE325E3666.sys
C:\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2013-03-10 to 2013-04-10 )))))))))))))))))))))))))))))))
.
.
2013-04-10 09:22 . 2013-04-10 09:22   --------   d-----w-   c:\windows\LastGood
2013-04-06 06:59 . 2013-04-06 06:59   --------   d-----w-   c:\documents and settings\My Pc\Local Settings\Application Data\Adobe
2013-04-06 05:48 . 2013-04-06 05:48   --------   d-----w-   C:\_OTL
2013-04-05 20:49 . 2013-04-05 20:49   --------   d-sh--w-   c:\documents and settings\My Pc\IECompatCache
2013-04-05 11:06 . 2013-04-05 11:06   --------   d-----w-   c:\program files\Common Files\Adobe
2013-04-03 12:25 . 2013-04-03 12:25   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2013-04-03 12:25 . 2012-12-14 13:49   21104   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-03-23 18:00 . 2013-03-23 18:00   --------   d-----w-   c:\program files\CCleaner
2013-03-23 17:45 . 2013-03-23 17:45   --------   d-----w-   c:\documents and settings\My Pc\Application Data\Malwarebytes
2013-03-23 17:45 . 2013-04-03 12:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2013-03-22 08:52 . 2013-03-22 08:52   --------   d-----w-   c:\windows\system32\wbem\Repository
2013-03-22 08:50 . 2013-03-22 08:50   --------   d-----w-   c:\documents and settings\My Pc\Local Settings\Application Data\WMTools Downloaded Files
2013-03-22 08:50 . 2013-03-22 08:50   --------   d--h--w-   c:\windows\PIF
2013-03-22 08:50 . 2013-03-22 08:50   --------   d-----w-   c:\windows\PixArt
2013-03-22 08:50 . 2013-03-22 08:50   --------   d-----w-   c:\program files\Common Files\PCCamera
2013-03-22 08:50 . 2013-03-22 08:50   --------   d-----w-   c:\windows\Downloaded Installations
2013-03-22 08:50 . 2013-03-22 08:50   --------   d-----w-   c:\program files\Trust
2013-03-22 08:47 . 2013-03-22 08:47   --------   d-----w-   c:\program files\MSXML 4.0
2013-03-22 08:45 . 2013-03-22 08:45   --------   d-----w-   c:\windows\system32\Lang
2013-03-22 08:45 . 2013-03-22 08:45   --------   d-----w-   c:\windows\system32\RTCOM
2013-03-22 08:45 . 2013-03-22 08:45   --------   d-----w-   c:\program files\Realtek
2013-03-22 08:45 . 2013-03-22 08:45   --------   d-----w-   c:\documents and settings\My Pc\Application Data\InstallShield
2013-03-22 08:44 . 2013-03-22 08:44   --------   d-----w-   c:\program files\Microsoft Works
2013-03-22 08:43 . 2013-03-22 08:43   --------   d-----w-   c:\documents and settings\My Pc\Local Settings\Application Data\Microsoft Help
2013-03-22 08:43 . 2013-03-22 08:43   --------   d-----w-   c:\documents and settings\My Pc\Local Settings\Application Data\Help
2013-03-18 15:30 . 2013-02-12 00:32   12928   -c----w-   c:\windows\system32\dllcache\usb8023x.sys
2013-03-18 15:27 . 2013-03-22 08:39   --------   d-s---w-   c:\documents and settings\Administrator
2013-03-18 15:20 . 2013-03-18 15:20   --------   d-----w-   c:\documents and settings\LocalService\IETldCache
2013-03-18 09:06 . 2013-03-18 09:06   --------   d-----w-   c:\documents and settings\My Pc\Local Settings\Application Data\visi_coupon
2013-03-16 22:47 . 2013-03-16 22:47   --------   d-----w-   c:\documents and settings\My Pc\Local Settings\Application Data\Nero
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-20 19:39 . 2013-02-20 19:39   419488   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-02-20 19:39 . 2013-02-20 19:30   70304   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-20 19:12 . 2013-02-20 19:07   2516   --sha-w-   c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2013-02-20 18:19 . 2013-02-20 18:19   315392   ----a-w-   c:\windows\HideWin.exe
2013-02-12 00:32 . 2008-04-14 14:00   12928   ----a-w-   c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:05 . 2008-04-14 14:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2008-04-14 14:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2013-02-05 20:05 . 2008-04-14 14:00   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2008-04-14 14:00   385024   ----a-w-   c:\windows\system32\html.iec
2013-01-26 03:55 . 2008-04-14 14:00   552448   ----a-w-   c:\windows\system32\oleaut32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/19/2009 12:44 PM 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/19/2009 12:45 PM 93848]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [3/19/2009 12:44 PM 731840]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [2/24/2005 1:29 PM 162176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-02 12:48   1642448   ----a-w-   c:\program files\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-20 19:39]
.
2013-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-21 08:43]
.
2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-21 08:43]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\My Pc\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\My Pc\Application Data\Mozilla\Firefox\Profiles\zo8gqx88.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-18 11:07; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\documents and settings\My Pc\Application Data\Mozilla\Firefox\Profiles\zo8gqx88.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-10 12:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3944)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2013-04-10 12:31:53
ComboFix-quarantined-files.txt 2013-04-10 09:31
.
Pre-Run: 1,892,757,504 bytes free
Post-Run: 1,883,181,056 bytes free
.
- - End Of File - - 2F6287257BCB8200C807791F2D38B99D
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Huh? When I ran ComboFix (and disabled my antivirus) my internet was disconected, and when I restarted , everything went back to normal.
And, it didn't ask me to restart it. Strange.
Anyway, the problem is still here

SuperDave · « **Reply #10 on:** April 10, 2013, 01:12:39 PM »

Quote

Anyway, the problem is still here

Did you try another mouse?

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Tunni · « **Reply #11 on:** April 11, 2013, 02:48:01 AM »

Look, I think you're right. It might be the mouse's problem.
If you don't mind, please wait until Saturday/Sunday, when I'll get another one.
I'm using:OS/2 Mouse / works with a ball/ from Addison.
Thanks for all the help done!

SuperDave · « **Reply #12 on:** April 11, 2013, 11:34:30 AM »

Ok, let me know how it turns out.

Tunni · « **Reply #13 on:** April 12, 2013, 04:20:50 AM »

Oh! I 've forgot to mention: I have the End.exe virus. I decided I shall give you the log.
The log for SysProt :
SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: B9415000
Module End: B942D000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BA5C6000
Module End: BA5C8000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAssignProcessToJobObject
Address: 893B0630
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcess
Address: 893AFA60
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: 893AFE80
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSuspendProcess
Address: 893B0460
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSuspendThread
Address: 893B0280
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: 893AFC90
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateThread
Address: 893B00B0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

SuperDave · « **Reply #14 on:** April 12, 2013, 12:19:18 PM »

Quote

Oh! I 've forgot to mention: I have the End.exe virus.

How do you know that?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.

Leave the check mark next to Remove found threats.

•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Tunni · « **Reply #15 on:** April 13, 2013, 06:16:46 AM »

When the problem started, I took a quick look in MyComputer , and found " END.EXE" and deleted it!
Now, here's the log for ESET Scan:
C:\System Volume Information\_restore{B15D3FE2-8045-4110-93B7-CD511AA54560}\RP36\A0033208.exe a variant of Win32/RegistryNuke application cleaned by deleting - quarantined

SuperDave · « **Reply #16 on:** April 13, 2013, 12:50:21 PM »

Quote from: Tunni on April 13, 2013, 06:16:46 AM

When the problem started, I took a quick look in MyComputer , and found " END.EXE" and deleted it!
Now, here's the log for ESET Scan:
C:\System Volume Information\_restore{B15D3FE2-8045-4110-93B7-CD511AA54560}\RP36\A0033208.exe a variant of Win32/RegistryNuke application cleaned by deleting - quarantined

Ok. How's your computer running now?

Tunni · « **Reply #17 on:** April 14, 2013, 08:44:58 AM »

The log for ESET Scan ( problem's still here) :
C:\System Volume Information\_restore{B15D3FE2-8045-4110-93B7-CD511AA54560}\RP36\A0033208.exe a variant of Win32/RegistryNuke application cleaned by deleting - quarantined

SuperDave · « **Reply #18 on:** April 14, 2013, 04:23:18 PM »

Quote from: Tunni on April 14, 2013, 08:44:58 AM

The log for ESET Scan ( problem's still here) :
C:\System Volume Information\_restore{B15D3FE2-8045-4110-93B7-CD511AA54560}\RP36\A0033208.exe a variant of Win32/RegistryNuke application cleaned by deleting - quarantined

Did you try another mouse? Infections do not usually affect the mouse.

Tunni · « **Reply #19 on:** April 15, 2013, 12:37:39 AM »

The log:
C:\System Volume Information\_restore{B15D3FE2-8045-4110-93B7-CD511AA54560}\RP36\A0033208.exe a variant of Win32/RegistryNuke application cleaned by deleting - quarantined

Unfortunately, the problem still didn't go away.

Tunni · « **Reply #20 on:** April 15, 2013, 08:05:34 AM »

And no, I didn't try another one.
I think it installed something on my computer that still affects it.

SuperDave · « **Reply #21 on:** April 15, 2013, 04:15:45 PM »

Quote from: Tunni on April 15, 2013, 08:05:34 AM

And no, I didn't try another one.
I think it installed something on my computer that still affects it.

At this point it would be fruitless to go further without trying another mouse.

Tunni · « **Reply #22 on:** April 16, 2013, 12:10:46 AM »

I think I found it!!!
In the E folder, I have this System Volume Information, but it doesn't let me acces it " Access denied" error.
Almost everybody thinks there are installed common viruses! Did a little search, found the link :
http://support.microsoft.com/kb/309531/en
But didn't help! Know any more solutions to gain access?
~Tunni

SuperDave · « **Reply #23 on:** April 16, 2013, 12:06:22 PM »

You could try this after you try another mouse.

1. Turn off Simple File Sharing:
1. Click Start, and then click My Computer.
2. On the Tools menu, click Folder Options, and then click the View tab.
3. Under Advanced Settings, click to clear the Use simple file sharing (Recommended) check box, and then click OK.
2. Right-click the folder that you want to take ownership of, and then click Properties.
3. Click the Security tab, and then click OK on the Security message, if one appears.
4. Click Advanced, and then click the Owner tab.
5. In the Name list, click your user name, Administrator if you are logged in as Administrator, or click the Administrators group.

If you want to take ownership of the contents of that folder, click to select the Replace owner on subcontainers and objects check box.
6. Click OK.

You may receive the following error message, where Folder is the name of the folder that you want to take ownership of:
You do not have permission to read the contents of directory Folder. Do you want to replace the directory permissions with permissions granting you Full Control? All permissions will be replaced if you press Yes.
7. Click Yes.
8. Click OK, and then reapply the permissions and security settings that you want for the folder and the folder contents.

Tunni · « **Reply #24 on:** April 17, 2013, 12:18:37 AM »

Yay! Thank you, now I can gladly access it!
To be sure, I ran another scan to that folder with Malwarebytes, and it didn't show anything infected there.
I checked the file myself , and looked for its strangest contents:

MountPointManagerRemoteDatabase.rar ( 0 bytes)

Also , I found a tutorial and it showed up like this:
"Click on "Start" -->Run --> type cmd and click on OK.
Here I assume your External hard drive as G:
Enter this command.
attrib -h -r -s /s /d g:\*.*
You can copy the above command --> Right-click in the Command Prompt and
paste it. "
Where g is the letter of my drive, ( ex. E)

Is it safe to use this?

SuperDave · « **Reply #25 on:** April 17, 2013, 12:29:47 PM »

Quote from: Tunni on April 17, 2013, 12:18:37 AM

Yay! Thank you, now I can gladly access it!
To be sure, I ran another scan to that folder with Malwarebytes, and it didn't show anything infected there.
I checked the file myself , and looked for its strangest contents:

MountPointManagerRemoteDatabase.rar ( 0 bytes)

Also , I found a tutorial and it showed up like this:
"Click on "Start" -->Run --> type cmd and click on OK.
Here I assume your External hard drive as G:
Enter this command.
attrib -h -r -s /s /d g:\*.*
You can copy the above command --> Right-click in the Command Prompt and
paste it. "
Where g is the letter of my drive, ( ex. E)

Is it safe to use this?

Why do you want to do this?

Tunni · « **Reply #26 on:** April 17, 2013, 11:22:43 PM »

I think it might be the Recycler Virus.
I can't still find enough information about that file with 0 bytes- Is it dangerous or not?
The writer of that document claimed that command can get rid of other autorun.inf viruses and this virus. Am I right?
~Tunni

SuperDave · « **Reply #27 on:** April 18, 2013, 12:24:45 PM »

I've never tried it but I seriously doubt it will help. Are you still having problems with the mouse?

Tunni · « **Reply #28 on:** April 18, 2013, 01:24:13 PM »

Yes, I still am.
Maybe a new mouse won't be that bad..
I'm sure it's a virus- then whom else locked the access to that file?
Before that , it never did things like this. It's not the mouse's problem.
Do you know any folders that might contain viruses, and I'll check them, or write a list with the unknown.

SuperDave · « **Reply #29 on:** April 20, 2013, 11:53:54 AM »

Quote from: Tunni on April 18, 2013, 01:24:13 PM

Yes, I still am.
Maybe a new mouse won't be that bad..
I'm sure it's a virus- then whom else locked the access to that file?
Before that , it never did things like this. It's not the mouse's problem.
Do you know any folders that might contain viruses, and I'll check them, or write a list with the unknown.

Infections do not usually affect the mouse.

Tunni · « **Reply #30 on:** May 05, 2013, 01:18:40 AM »

This is so annoying.
I don't know why, it stopped for a while, then it began now.
I even had a redirection chrome problem, but it stopped and the mouse moving by itself started.

SuperDave · « **Reply #31 on:** May 05, 2013, 10:38:38 AM »

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory..

Tunni · « **Reply #32 on:** May 09, 2013, 01:10:44 PM »

I noticed that it only affects the mouse.
I am thinking of re-downloading Windows, but I'm afraid it'll slip through.
I haven't told my parents yet that there's a virus.
The log:
22:43:09.0140 3596 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:43:09.0609 3596 ============================================================
22:43:09.0609 3596 Current date / time: 2013/05/09 22:43:09.0609
22:43:09.0609 3596 SystemInfo:
22:43:09.0609 3596
22:43:09.0609 3596 OS Version: 5.1.2600 ServicePack: 3.0
22:43:09.0609 3596 Product type: Workstation
22:43:09.0609 3596 ComputerName: PC
22:43:09.0609 3596 UserName: My Pc
22:43:09.0609 3596 Windows directory: C:\WINDOWS
22:43:09.0609 3596 System windows directory: C:\WINDOWS
22:43:09.0609 3596 Processor architecture: Intel x86
22:43:09.0609 3596 Number of processors: 2
22:43:09.0609 3596 Page size: 0x1000
22:43:09.0609 3596 Boot type: Normal boot
22:43:09.0609 3596 ============================================================
22:43:10.0828 3596 Drive \Device\Harddisk0\DR0 - Size: 0x25432CDE00 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:43:10.0828 3596 ============================================================
22:43:10.0828 3596 \Device\Harddisk0\DR0:
22:43:10.0828 3596 MBR partitions:
22:43:10.0828 3596 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1
22:43:10.0843 3596 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3A9632F, BlocksNum 0xEF7E8D1
22:43:10.0843 3596 ============================================================
22:43:10.0937 3596 E: <-> \Device\Harddisk0\DR0\Partition2
22:43:10.0968 3596 C: <-> \Device\Harddisk0\DR0\Partition1
22:43:10.0968 3596 ============================================================
22:43:10.0968 3596 Initialize success
22:43:10.0968 3596 ============================================================
22:43:22.0218 0276 ============================================================
22:43:22.0218 0276 Scan started
22:43:22.0218 0276 Mode: Manual;
22:43:22.0218 0276 ============================================================
22:43:22.0796 0276 ================ Scan system memory ========================
22:43:22.0796 0276 System memory - ok
22:43:22.0796 0276 ================ Scan services =============================
22:43:22.0859 0276 Abiosdsk - ok
22:43:22.0859 0276 abp480n5 - ok
22:43:22.0906 0276 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:43:22.0906 0276 ACPI - ok
22:43:22.0953 0276 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:43:22.0953 0276 ACPIEC - ok
22:43:22.0968 0276 adpu160m - ok
22:43:23.0031 0276 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:43:23.0031 0276 aec - ok
22:43:23.0062 0276 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:43:23.0078 0276 AFD - ok
22:43:23.0078 0276 Aha154x - ok
22:43:23.0109 0276 aic78u2 - ok
22:43:23.0125 0276 aic78xx - ok
22:43:23.0156 0276 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:43:23.0156 0276 Alerter - ok
22:43:23.0171 0276 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
22:43:23.0171 0276 ALG - ok
22:43:23.0187 0276 AliIde - ok
22:43:23.0203 0276 amsint - ok
22:43:23.0265 0276 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:43:23.0265 0276 AppMgmt - ok
22:43:23.0281 0276 asc - ok
22:43:23.0296 0276 asc3350p - ok
22:43:23.0312 0276 asc3550 - ok
22:43:23.0343 0276 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:43:23.0343 0276 AsyncMac - ok
22:43:23.0375 0276 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:43:23.0375 0276 atapi - ok
22:43:23.0375 0276 Atdisk - ok
22:43:23.0406 0276 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:43:23.0406 0276 Atmarpc - ok
22:43:23.0421 0276 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:43:23.0437 0276 AudioSrv - ok
22:43:23.0468 0276 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:43:23.0468 0276 audstub - ok
22:43:23.0515 0276 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:43:23.0531 0276 Beep - ok
22:43:23.0562 0276 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
22:43:23.0609 0276 BITS - ok
22:43:23.0640 0276 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
22:43:23.0640 0276 Browser - ok
22:43:23.0718 0276 catchme - ok
22:43:23.0750 0276 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:43:23.0750 0276 cbidf2k - ok
22:43:23.0765 0276 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:43:23.0781 0276 CCDECODE - ok
22:43:23.0781 0276 cd20xrnt - ok
22:43:23.0828 0276 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:43:23.0828 0276 Cdaudio - ok
22:43:23.0875 0276 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:43:23.0875 0276 Cdfs - ok
22:43:23.0921 0276 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:43:23.0921 0276 Cdrom - ok
22:43:23.0937 0276 Changer - ok
22:43:23.0968 0276 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:43:23.0968 0276 CiSvc - ok
22:43:24.0000 0276 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:43:24.0000 0276 ClipSrv - ok
22:43:24.0015 0276 CmdIde - ok
22:43:24.0031 0276 COMSysApp - ok
22:43:24.0078 0276 Cpqarray - ok
22:43:24.0109 0276 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:43:24.0109 0276 CryptSvc - ok
22:43:24.0125 0276 dac2w2k - ok
22:43:24.0140 0276 dac960nt - ok
22:43:24.0203 0276 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:43:24.0203 0276 DcomLaunch - ok
22:43:24.0234 0276 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:43:24.0234 0276 Dhcp - ok
22:43:24.0250 0276 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:43:24.0250 0276 Disk - ok
22:43:24.0265 0276 dmadmin - ok
22:43:24.0328 0276 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:43:24.0328 0276 dmboot - ok
22:43:24.0359 0276 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:43:24.0359 0276 dmio - ok
22:43:24.0375 0276 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:43:24.0375 0276 dmload - ok
22:43:24.0390 0276 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
22:43:24.0390 0276 dmserver - ok
22:43:24.0437 0276 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:43:24.0437 0276 DMusic - ok
22:43:24.0453 0276 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:43:24.0468 0276 Dnscache - ok
22:43:24.0484 0276 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:43:24.0484 0276 Dot3svc - ok
22:43:24.0500 0276 dpti2o - ok
22:43:24.0515 0276 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:43:24.0515 0276 drmkaud - ok
22:43:24.0546 0276 [ D4F94D45E25D764462A5B95BC426C8D0 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys
22:43:24.0546 0276 eamon - ok
22:43:24.0562 0276 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:43:24.0578 0276 EapHost - ok
22:43:24.0609 0276 [ 9456462C1425D2BBF1616EDABFABA5F4 ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
22:43:24.0609 0276 ehdrv - ok
22:43:24.0703 0276 [ 98B73963E8D2B89A9D5227FB6D245A00 ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
22:43:24.0703 0276 EhttpSrv - ok
22:43:24.0750 0276 [ 73B0195E0405051CC2B69E84EC3F64D1 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
22:43:24.0750 0276 ekrn - ok
22:43:24.0796 0276 [ 4B308624FADF5BB6490D8F8D7AEBF5DF ] epfwtdir C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
22:43:24.0796 0276 epfwtdir - ok
22:43:24.0828 0276 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:43:24.0828 0276 ERSvc - ok
22:43:24.0875 0276 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
22:43:24.0875 0276 Eventlog - ok
22:43:24.0921 0276 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
22:43:24.0921 0276 EventSystem - ok
22:43:24.0968 0276 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:43:24.0968 0276 Fastfat - ok
22:43:24.0984 0276 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:43:25.0000 0276 FastUserSwitchingCompatibility - ok
22:43:25.0031 0276 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
22:43:25.0031 0276 Fdc - ok
22:43:25.0046 0276 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:43:25.0046 0276 Fips - ok
22:43:25.0062 0276 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
22:43:25.0062 0276 Flpydisk - ok
22:43:25.0109 0276 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:43:25.0109 0276 FltMgr - ok
22:43:25.0125 0276 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:43:25.0125 0276 Fs_Rec - ok
22:43:25.0140 0276 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:43:25.0156 0276 Ftdisk - ok
22:43:25.0171 0276 gdrv - ok
22:43:25.0218 0276 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:43:25.0218 0276 Gpc - ok
22:43:25.0281 0276 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:43:25.0296 0276 gupdate - ok
22:43:25.0296 0276 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:43:25.0312 0276 gupdatem - ok
22:43:25.0359 0276 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:43:25.0359 0276 HDAudBus - ok
22:43:25.0421 0276 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:43:25.0421 0276 helpsvc - ok
22:43:25.0453 0276 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
22:43:25.0453 0276 HidServ - ok
22:43:25.0484 0276 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:43:25.0484 0276 hidusb - ok
22:43:25.0531 0276 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:43:25.0546 0276 hkmsvc - ok
22:43:25.0562 0276 hpn - ok
22:43:25.0593 0276 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:43:25.0593 0276 HTTP - ok
22:43:25.0625 0276 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:43:25.0640 0276 HTTPFilter - ok
22:43:25.0656 0276 i2omgmt - ok
22:43:25.0671 0276 i2omp - ok
22:43:25.0703 0276 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:43:25.0703 0276 i8042prt - ok
22:43:25.0718 0276 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:43:25.0718 0276 Imapi - ok
22:43:25.0781 0276 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
22:43:25.0781 0276 ImapiService - ok
22:43:25.0796 0276 ini910u - ok
22:43:25.0937 0276 [ 08BAF30F6DE95814F58AF9CE7BBC5614 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:43:25.0968 0276 IntcAzAudAddService - ok
22:43:25.0984 0276 IntelIde - ok
22:43:26.0031 0276 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:43:26.0031 0276 intelppm - ok
22:43:26.0062 0276 [ DF74775766FE0D833FF5A4D705E6B146 ] ioFakDrv C:\WINDOWS\system32\DRIVERS\ioFakDrv.sys
22:43:26.0062 0276 ioFakDrv - ok
22:43:26.0093 0276 [ F171522B16EF9AEB1C79179051302B6F ] ioFakMap C:\WINDOWS\system32\DRIVERS\ioFakMap.sys
22:43:26.0093 0276 ioFakMap - ok
22:43:26.0125 0276 [ D048C1E4D5908B2D042AAEF4F1AF82A4 ] ioTablet C:\WINDOWS\system32\DRIVERS\ioTablet.sys
22:43:26.0125 0276 ioTablet - ok
22:43:26.0140 0276 [ 5AE2A50C8A07FF30FA48388E3F28DC8A ] ioTblMap C:\WINDOWS\system32\DRIVERS\ioTblMap.sys
22:43:26.0156 0276 ioTblMap - ok
22:43:26.0171 0276 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:43:26.0171 0276 Ip6Fw - ok
22:43:26.0203 0276 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:43:26.0203 0276 IpFilterDriver - ok
22:43:26.0218 0276 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:43:26.0218 0276 IpInIp - ok
22:43:26.0281 0276 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:43:26.0281 0276 IpNat - ok
22:43:26.0312 0276 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:43:26.0312 0276 IPSec - ok
22:43:26.0343 0276 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:43:26.0343 0276 IRENUM - ok
22:43:26.0390 0276 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:43:26.0390 0276 isapnp - ok
22:43:26.0546 0276 [ 5739F2821D49975CEDE6BF0153D0CF01 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
22:43:26.0546 0276 JavaQuickStarterService - ok
22:43:26.0578 0276 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:43:26.0578 0276 Kbdclass - ok
22:43:26.0609 0276 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:43:26.0625 0276 kbdhid - ok
22:43:26.0656 0276 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:43:26.0656 0276 kmixer - ok
22:43:26.0718 0276 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:43:26.0718 0276 KSecDD - ok
22:43:26.0750 0276 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
22:43:26.0765 0276 LanmanServer - ok
22:43:26.0781 0276 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:43:26.0812 0276 lanmanworkstation - ok
22:43:26.0828 0276 lbrtfdc - ok
22:43:26.0890 0276 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:43:26.0890 0276 LmHosts - ok
22:43:26.0921 0276 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:43:26.0921 0276 Messenger - ok
22:43:26.0984 0276 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
22:43:26.0984 0276 Microsoft Office Groove Audit Service - ok
22:43:27.0031 0276 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:43:27.0031 0276 mnmdd - ok
22:43:27.0062 0276 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:43:27.0062 0276 mnmsrvc - ok
22:43:27.0093 0276 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:43:27.0093 0276 Modem - ok
22:43:27.0109 0276 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:43:27.0109 0276 Mouclass - ok
22:43:27.0140 0276 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:43:27.0140 0276 mouhid - ok
22:43:27.0171 0276 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:43:27.0171 0276 MountMgr - ok
22:43:27.0218 0276 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:43:27.0234 0276 MozillaMaintenance - ok
22:43:27.0234 0276 mraid35x - ok
22:43:27.0265 0276 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:43:27.0265 0276 MRxDAV - ok
22:43:27.0312 0276 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:43:27.0312 0276 MRxSmb - ok
22:43:27.0343 0276 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:43:27.0359 0276 MSDTC - ok
22:43:27.0359 0276 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:43:27.0359 0276 Msfs - ok
22:43:27.0406 0276 MSIServer - ok
22:43:27.0437 0276 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:43:27.0437 0276 MSKSSRV - ok
22:43:27.0453 0276 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:43:27.0453 0276 MSPCLOCK - ok
22:43:27.0484 0276 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:43:27.0484 0276 MSPQM - ok
22:43:27.0515 0276 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:43:27.0531 0276 mssmbios - ok
22:43:27.0562 0276 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
22:43:27.0562 0276 MSTEE - ok
22:43:27.0609 0276 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:43:27.0609 0276 Mup - ok
22:43:27.0625 0276 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:43:27.0640 0276 NABTSFEC - ok
22:43:27.0656 0276 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
22:43:27.0656 0276 napagent - ok
22:43:27.0687 0276 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:43:27.0703 0276 NDIS - ok
22:43:27.0734 0276 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:43:27.0734 0276 NdisIP - ok
22:43:27.0765 0276 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:43:27.0765 0276 NdisTapi - ok
22:43:27.0812 0276 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:43:27.0812 0276 Ndisuio - ok
22:43:27.0828 0276 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:43:27.0828 0276 NdisWan - ok
22:43:27.0875 0276 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:43:27.0875 0276 NDProxy - ok
22:43:27.0968 0276 [ 2AAE889742376EDC5C3203DFB74F28FD ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
22:43:27.0984 0276 Nero BackItUp Scheduler 3 - ok
22:43:28.0015 0276 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:43:28.0015 0276 NetBIOS - ok
22:43:28.0031 0276 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:43:28.0046 0276 NetBT - ok
22:43:28.0078 0276 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
22:43:28.0078 0276 NetDDE - ok
22:43:28.0093 0276 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:43:28.0093 0276 NetDDEdsdm - ok
22:43:28.0125 0276 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:43:28.0140 0276 Netlogon - ok
22:43:28.0156 0276 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
22:43:28.0156 0276 Netman - ok
22:43:28.0171 0276 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
22:43:28.0187 0276 Nla - ok
22:43:28.0250 0276 [ CB992AE1506985D9167E85883B4C3240 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
22:43:28.0265 0276 NMIndexingService - ok
22:43:28.0281 0276 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:43:28.0281 0276 Npfs - ok
22:43:28.0328 0276 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:43:28.0343 0276 Ntfs - ok
22:43:28.0359 0276 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:43:28.0359 0276 NtLmSsp - ok
22:43:28.0406 0276 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:43:28.0406 0276 NtmsSvc - ok
22:43:28.0437 0276 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:43:28.0437 0276 Null - ok
22:43:28.0468 0276 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:43:28.0468 0276 NwlnkFlt - ok
22:43:28.0500 0276 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:43:28.0500 0276 NwlnkFwd - ok
22:43:28.0578 0276 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:43:28.0593 0276 odserv - ok
22:43:28.0625 0276 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:43:28.0640 0276 ose - ok
22:43:28.0671 0276 [ 3F24EAEB165328E00D687BF3B60A448A ] PAC207 C:\WINDOWS\system32\DRIVERS\pfc027.sys
22:43:28.0671 0276 PAC207 - ok
22:43:28.0703 0276 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
22:43:28.0703 0276 Parport - ok
22:43:28.0718 0276 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:43:28.0734 0276 PartMgr - ok
22:43:28.0765 0276 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:43:28.0765 0276 ParVdm - ok
22:43:28.0781 0276 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:43:28.0781 0276 PCI - ok
22:43:28.0796 0276 PCIDump - ok
22:43:28.0812 0276 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:43:28.0812 0276 PCIIde - ok
22:43:28.0875 0276 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:43:28.0875 0276 Pcmcia - ok
22:43:28.0890 0276 PDCOMP - ok
22:43:28.0906 0276 PDFRAME - ok
22:43:28.0921 0276 PDRELI - ok
22:43:28.0937 0276 PDRFRAME - ok
22:43:28.0968 0276 perc2 - ok
22:43:28.0984 0276 perc2hib - ok
22:43:29.0078 0276 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\WINDOWS\system32\IoctlSvc.exe
22:43:29.0078 0276 PLFlash DeviceIoControl Service - ok
22:43:29.0093 0276 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
22:43:29.0093 0276 PlugPlay - ok
22:43:29.0109 0276 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:43:29.0109 0276 PolicyAgent - ok
22:43:29.0140 0276 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:43:29.0140 0276 PptpMiniport - ok
22:43:29.0156 0276 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:43:29.0156 0276 ProtectedStorage - ok
22:43:29.0171 0276 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:43:29.0171 0276 PSched - ok
22:43:29.0187 0276 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:43:29.0203 0276 Ptilink - ok
22:43:29.0218 0276 ql1080 - ok
22:43:29.0234 0276 Ql10wnt - ok
22:43:29.0250 0276 ql12160 - ok
22:43:29.0281 0276 ql1240 - ok
22:43:29.0296 0276 ql1280 - ok
22:43:29.0328 0276 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:43:29.0328 0276 RasAcd - ok
22:43:29.0343 0276 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:43:29.0359 0276 RasAuto - ok
22:43:29.0390 0276 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:43:29.0390 0276 Rasl2tp - ok
22:43:29.0406 0276 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:43:29.0406 0276 RasMan - ok
22:43:29.0421 0276 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:43:29.0421 0276 RasPppoe - ok
22:43:29.0437 0276 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:43:29.0437 0276 Raspti - ok
22:43:29.0468 0276 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:43:29.0484 0276 Rdbss - ok
22:43:29.0484 0276 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:43:29.0484 0276 RDPCDD - ok
22:43:29.0546 0276 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:43:29.0562 0276 rdpdr - ok
22:43:29.0625 0276 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:43:29.0625 0276 RDPWD - ok
22:43:29.0656 0276 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:43:29.0656 0276 RDSessMgr - ok
22:43:29.0671 0276 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:43:29.0671 0276 redbook - ok
22:43:29.0718 0276 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:43:29.0718 0276 RemoteAccess - ok
22:43:29.0750 0276 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:43:29.0750 0276 RemoteRegistry - ok
22:43:29.0781 0276 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
22:43:29.0796 0276 ROOTMODEM - ok
22:43:29.0812 0276 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
22:43:29.0828 0276 RpcLocator - ok
22:43:29.0859 0276 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
22:43:29.0859 0276 RpcSs - ok
22:43:29.0890 0276 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
22:43:29.0890 0276 RSVP - ok
22:43:29.0921 0276 [ 89619EF503F949FAE09252A8B883EE11 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
22:43:29.0921 0276 RTLE8023xp - ok
22:43:29.0937 0276 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
22:43:29.0937 0276 SamSs - ok
22:43:29.0984 0276 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:43:29.0984 0276 SCardSvr - ok
22:43:30.0031 0276 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:43:30.0031 0276 Schedule - ok
22:43:30.0046 0276 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:43:30.0046 0276 Secdrv - ok
22:43:30.0093 0276 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
22:43:30.0093 0276 seclogon - ok
22:43:30.0109 0276 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
22:43:30.0109 0276 SENS - ok
22:43:30.0125 0276 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
22:43:30.0125 0276 serenum - ok
22:43:30.0156 0276 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
22:43:30.0156 0276 Serial - ok
22:43:30.0171 0276 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:43:30.0187 0276 Sfloppy - ok
22:43:30.0203 0276 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:43:30.0218 0276 SharedAccess - ok
22:43:30.0234 0276 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:43:30.0234 0276 ShellHWDetection - ok
22:43:30.0250 0276 Simbad - ok
22:43:30.0281 0276 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:43:30.0281 0276 SLIP - ok
22:43:30.0296 0276 Sparrow - ok
22:43:30.0343 0276 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:43:30.0343 0276 splitter - ok
22:43:30.0375 0276 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:43:30.0375 0276 Spooler - ok
22:43:30.0421 0276 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:43:30.0421 0276 sr - ok
22:43:30.0437 0276 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
22:43:30.0453 0276 srservice - ok
22:43:30.0484 0276 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:43:30.0484 0276 Srv - ok
22:43:30.0531 0276 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:43:30.0531 0276 SSDPSRV - ok
22:43:30.0562 0276 [ ED78DFAD8EFCDFBC89500492C4D14645 ] STI Simulator C:\WINDOWS\System32\PAStiSvc.exe
22:43:30.0562 0276 STI Simulator - ok
22:43:30.0609 0276 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:43:30.0609 0276 stisvc - ok
22:43:30.0640 0276 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:43:30.0640 0276 streamip - ok
22:43:30.0671 0276 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:43:30.0671 0276 swenum - ok
22:43:30.0687 0276 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:43:30.0687 0276 swmidi - ok
22:43:30.0703 0276 SwPrv - ok
22:43:30.0718 0276 symc810 - ok
22:43:30.0750 0276 symc8xx - ok
22:43:30.0765 0276 sym_hi - ok
22:43:30.0781 0276 sym_u3 - ok
22:43:30.0812 0276 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:43:30.0812 0276 sysaudio - ok
22:43:30.0843 0276 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:43:30.0859 0276 SysmonLog - ok
22:43:30.0906 0276 [ E11E477B5E2B8CC52E528AE9F491C678 ] TabletService C:\Genius\ioTablet\TabletService.exe
22:43:30.0906 0276 TabletService - ok
22:43:30.0953 0276 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:43:30.0953 0276 TapiSrv - ok
22:43:31.0000 0276 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:43:31.0015 0276 Tcpip - ok
22:43:31.0046 0276 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:43:31.0046 0276 TDPIPE - ok
22:43:31.0062 0276 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:43:31.0062 0276 TDTCP - ok
22:43:31.0093 0276 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:43:31.0093 0276 TermDD - ok
22:43:31.0125 0276 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
22:43:31.0125 0276 TermService - ok
22:43:31.0156 0276 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
22:43:31.0156 0276 Themes - ok
22:43:31.0187 0276 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
22:43:31.0187 0276 TlntSvr - ok
22:43:31.0203 0276 TosIde - ok
22:43:31.0250 0276 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:43:31.0250 0276 TrkWks - ok
22:43:31.0281 0276 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:43:31.0281 0276 Udfs - ok
22:43:31.0296 0276 ultra - ok
22:43:31.0343 0276 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
22:43:31.0343 0276 UMWdf - ok
22:43:31.0390 0276 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:43:31.0390 0276 Update - ok
22:43:31.0453 0276 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:43:31.0453 0276 upnphost - ok
22:43:31.0468 0276 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
22:43:31.0484 0276 UPS - ok
22:43:31.0515 0276 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:43:31.0515 0276 usbehci - ok
22:43:31.0546 0276 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:43:31.0562 0276 usbhub - ok
22:43:31.0593 0276 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:43:31.0593 0276 usbstor - ok
22:43:31.0625 0276 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:43:31.0625 0276 usbuhci - ok
22:43:31.0656 0276 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:43:31.0656 0276 VgaSave - ok
22:43:31.0671 0276 ViaIde - ok
22:43:31.0687 0276 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:43:31.0687 0276 VolSnap - ok
22:43:31.0750 0276 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
22:43:31.0750 0276 VSS - ok
22:43:31.0796 0276 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
22:43:31.0796 0276 W32Time - ok
22:43:31.0828 0276 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:43:31.0828 0276 Wanarp - ok
22:43:31.0859 0276 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
22:43:31.0875 0276 Wdf01000 - ok
22:43:31.0875 0276 WDICA - ok
22:43:31.0921 0276 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:43:31.0921 0276 wdmaud - ok
22:43:31.0937 0276 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:43:31.0953 0276 WebClient - ok
22:43:32.0031 0276 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:43:32.0031 0276 winmgmt - ok
22:43:32.0093 0276 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:43:32.0093 0276 WmdmPmSN - ok
22:43:32.0140 0276 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
22:43:32.0156 0276 Wmi - ok
22:43:32.0203 0276 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:43:32.0203 0276 WmiApSrv - ok
22:43:32.0234 0276 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:43:32.0250 0276 WS2IFSL - ok
22:43:32.0281 0276 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:43:32.0281 0276 wscsvc - ok
22:43:32.0312 0276 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:43:32.0312 0276 WSTCODEC - ok
22:43:32.0343 0276 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:43:32.0343 0276 wuauserv - ok
22:43:32.0375 0276 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:43:32.0375 0276 WZCSVC - ok
22:43:32.0421 0276 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:43:32.0421 0276 xmlprov - ok
22:43:32.0515 0276 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
22:43:32.0531 0276 YahooAUService - ok
22:43:32.0546 0276 ================ Scan global ===============================
22:43:32.0562 0276 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
22:43:32.0593 0276 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
22:43:32.0593 0276 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
22:43:32.0625 0276 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
22:43:32.0625 0276 [Global] - ok
22:43:32.0625 0276 ================ Scan MBR ==================================
22:43:32.0656 0276 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:43:32.0796 0276 \Device\Harddisk0\DR0 - ok
22:43:32.0796 0276 ================ Scan VBR ==================================
22:43:32.0796 0276 [ 3F816EFEDF17BCA5617110FCDC7A2030 ] \Device\Harddisk0\DR0\Partition1
22:43:32.0812 0276 \Device\Harddisk0\DR0\Partition1 - ok
22:43:32.0843 0276 [ 4A6142DAFE4EC98DC6F02FEE851DAC2B ] \Device\Harddisk0\DR0\Partition2
22:43:32.0843 0276 \Device\Harddisk0\DR0\Partition2 - ok
22:43:32.0843 0276 ============================================================
22:43:32.0843 0276 Scan finished
22:43:32.0843 0276 ============================================================
22:43:32.0875 3904 Detected object count: 0
22:43:32.0875 3904 Actual detected object count: 0
22:43:41.0750 2552 Deinitialize success

SuperDave · « **Reply #33 on:** May 09, 2013, 03:36:53 PM »

I forgot. Did you try a new mouse?

Tunni · « **Reply #34 on:** May 09, 2013, 10:54:16 PM »

I borrowed one from my neighbour, but didn't work ( It didn't even move! )
Then I plugged my mouse back and the problem disappeared since I didn't write a reply in this forum!
Do you know any other effective malware/trojan removals?

SuperDave · « **Reply #35 on:** May 10, 2013, 04:08:34 PM »

Quote

Do you know any other effective malware/trojan removals?

I don't believe that your problem with the mouse if malware related.

Computer Hope Forum

News:

Author Topic: Computer virus that controlls my mouse. (Read 27159 times)

Tunni

SuperDave

Tunni

SuperDave

Tunni

SuperDave

Tunni

SuperDave

Tunni

Tunni

SuperDave

Tunni

SuperDave

Tunni

SuperDave

Tunni

SuperDave

Tunni

SuperDave

Tunni

Tunni

SuperDave

Tunni

SuperDave

Tunni

SuperDave

Tunni

SuperDave

Tunni

SuperDave

Tunni

SuperDave

Tunni

SuperDave

Tunni

SuperDave