Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W32.Virut.Gen.D


  • This topic is locked This topic is locked
21 replies to this topic

#1 corey8871

corey8871

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 06 November 2012 - 11:28 AM

A friend claims she got a virus on her XP SP3 laptop after opening an attached zip in an email claiming to be from the "Better Business Bureau." I haven't seen any unusual activity (no popups, crashes, etc.), FYI. I've run Malwarebytes anti-malware, Sophos Virus remover, and Clamwin. Only Clamwin found anything- a couple traces of W32.Virut.Gen.D-159 and W32.Virut.Gen.D-163 in the following locations:

C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.dll: W32.Virut.Gen.D-159
C:\Program Files\Microsoft Office\Office12\excelcnv.exe: W32.Virut.Gen.D-163
C:\Windows\Installer\2b01dfb.msp: W32.Virut.Gen.D-163
C:\Windows\Installer\2e8b4.msp: W32.Virut.Gen.D-159
C:\Windows\Installer\38d37b4.msp: W32.Virut.Gen.D-159
C:\Windows\Installer\3f85726.msp: W32.Virut.Gen.D-163
C:\Windows\Installer\ef3059.msp: W32.Virut.Gen.D-163

DDS (Ver_2012-11-05.02) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by Owner at 12:37:28 on 2012-10-28
#Option MBR scan is disabled.
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1561 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [NVRotateSysTray] rundll32.exe c:\windows\system32\nvsysrot.dll,Enable
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [LXBSCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBStime.dll,_RunDLLEntry@16
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: psfus - c:\windows\system32\psqlpwd.dll
LSA: Notification Packages = scecli psqlpwd
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\snvtxpoy.default\
FF - prefs.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 193552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2011-4-12 20160]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
ShellExec: Toolkit5.exe: open=c:\program files\naic software\toolkit5\Toolkit5 %1
.
=============== Created Last 30 ================
.
2012-10-28 17:53:34 6918632 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a1c9d56d-8560-42bf-9e8d-7427da9a4f59}\mpengine.dll
2012-10-28 17:45:08 98816 ----a-w- c:\windows\sed.exe
2012-10-28 17:45:08 256000 ----a-w- c:\windows\PEV.exe
2012-10-28 17:45:08 208896 ----a-w- c:\windows\MBR.exe
2012-10-28 17:44:53 6918632 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-10-28 17:40:55 2213464 ----a-w- C:\tdsskiller.exe
2012-10-28 17:40:29 4990780 ------r- C:\ComboFix.exe
2012-10-28 17:36:52 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2012-10-28 17:35:53 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-10-28 17:35:49 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-28 17:35:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-23 18:34:23 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2012-10-23 18:34:23 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
.
==================== Find3M ====================
.
2012-10-09 19:39:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 19:39:30 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-31 03:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 18:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 18:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 12:38:23.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:45 AM

Posted 07 November 2012 - 08:52 AM

hello corey8871 and welcome to BC.


Please go to http://virscan.org/
  • Navigate the following file path (one at a time only) into the "Suspicious files to scan" box on the top of the page:

    C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.dll
    C:\Program Files\Microsoft Office\Office12\excelcnv.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\svchost.exe

  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 corey8871

corey8871
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 07 November 2012 - 02:20 PM

Thanks so much for your help Sempai.

VirSCAN.org Scanned Report :
Scanned time : 2012/07/30 08:30:06 (MDT)
Scanner results: 3% Scanner(s) (1/36) found malware!
File Name : VBE6.DLL
File Size : 2594632 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : eafef8a6a14b024c5f97d00d0d501078
SHA1 : a40b2ca3daf18d237f0f2224cb89ac0a78ff5962
Online report : http://r.virscan.org/2f8473f3212fa83fdcfa8c4002c62259

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120730080119 2012-07-30 6.74 -
AhnLab V3 ... .. -- 0.20 -
AntiVir 8.2.10.80 7.11.32.106 2012-06-09 0.18 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.53 -
Arcavir 2011 201206041805 2012-06-04 4.44 -
Authentium 5.1.1 201207300757 2012-07-30 1.69 -
AVAST! 4.7.4 120730-0 2012-07-30 0.72 -
AVG 12.0.1787 2437/5164 2012-07-30 0.31 -
BitDefender 7.90123.7.90123 7.90123 2012-07-30 0.18 -
ClamAV 0.97.3 15190 2012-07-30 0.46 W32.Virut.Gen.D-159
Comodo 5.1 13092 2012-07-30 2.42 -
CP Secure 1.3.0.5 2012.07.30 2012-07-30 0.60 -
Dr.Web 7.0.2.4281 2012.07.30 2012-07-30 13.30 -
F-Prot 4.6.2.117 20120730 2012-07-30 1.24 -
F-Secure 7.02.73807 2012.07.29.05 2012-07-29 2.83 -
Fortinet 4.3.392 15.945 2012-07-30 0.42 -
GData 22.5681 20120730 2012-07-30 5.69 -
ViRobot 20120730 2012.07.30 2012-07-30 0.49 -
Ikarus T3.1.32.20.0 ..1.32.20.0. --1.32.20.0 0.25 -
JiangMin 13.0.900 2012.07.29 2012-07-29 3.30 -
Kaspersky 5.5.10 2012.07.30 2012-07-30 0.32 -
KingSoft 2009.2.5.15 2012.7.29.9 2012-07-29 0.98 -
McAfee 5400.1158 6787 2012-07-29 8.59 -
Microsoft 1.8601 2012.07.29 2012-07-29 3.49 -
NOD32 3.0.21 7339 2012-07-30 0.36 -
Panda 9.05.01 2012.07.30 2012-07-30 3.06 -
Trend Micro 9.500-1005 9.294.02 2012-07-29 0.23 -
Quick Heal 11.00 2012.07.29 2012-07-29 1.69 -
Rising 20.0 24.20.06.03 2012-07-29 5.47 -
Sophos 3.33.2 4.79 2012-07-30 5.08 -
Sunbelt 3.9.2542.2 12420 2012-07-29 2.18 -
Symantec 1.3.0.24 20120729.006 2012-07-29 0.76 -
nProtect 20120729.01 11632852 2012-07-29 1.68 -
The Hacker 6.8.0.0 v00069 2012-07-29 0.80 -
VBA32 3.12.18.1 20120730.0719 2012-07-30 5.53 -
VirusBuster 5.5.2.13 15.0.119.0/91676852012-07-30 0.29 -


VirSCAN.org Scanned Report :
Scanned time : 2012/05/19 01:50:20 (MDT)
Scanner results: 3% Scanner(s) (1/36) found malware!
File Name : excelcnv.exe
File Size : 15148136 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 2f73c0b5a7b88e0f16a50b1d63cccccd
SHA1 : 33cf7b031109dc40df61685b869113779409e5be
Online report : http://r.virscan.org/2cdddf9108078cf30aa491a46619f291

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120514090125 2012-05-14 1.30 -
AhnLab V3 2012.03.26.00 2012.03.26 2012-03-26 1.99 -
AntiVir 8.2.10.58 7.11.28.226 2012-04-27 0.18 -
Antiy 2.0.18 2.0.18. 0002-18-00 1.55 -
Arcavir 2011 201205081507 2012-05-08 4.30 -
Authentium 5.1.1 201205182310 2012-05-18 1.55 -
AVAST! 4.7.4 120518-1 2012-05-18 3.12 -
AVG 12.0.1782 2425/5008 2012-05-18 0.31 -
BitDefender 7.90123.7194490 7.42311 2012-05-19 3.80 -
ClamAV 0.97.3 14936 2012-05-19 0.88 W32.Virut.Gen.D-163
Comodo 5.1 12360 2012-05-18 2.72 -
CP Secure 1.3.0.5 2012.05.19 2012-05-19 1.55 -
Dr.Web 7.0.2.4281 2012.05.17 2012-05-17 14.14 -
F-Prot 4.6.2.117 20120518 2012-05-18 0.94 -
F-Secure 7.02.73807 2012.05.18.08 2012-05-18 2.48 -
Fortinet 4.3.392 15.560 2012-05-18 0.52 -
GData 22.5009 20120519 2012-05-19 5.29 -
ViRobot 20120518 2012.05.18 2012-05-18 1.94 -
Ikarus T3.1.32.20.0 2012.05.18.81234 2012-05-18 6.27 -
JiangMin 13.0.900 2012.05.19 2012-05-19 2.29 -
Kaspersky 5.5.10 2012.05.18 2012-05-18 0.29 -
KingSoft 2009.2.5.15 2012.5.18.9 2012-05-18 1.03 -
McAfee 5400.1158 6715 2012-05-18 8.62 -
Microsoft 1.8403 2012.05.19 2012-05-19 5.11 -
NOD32 3.0.21 7149 2012-05-18 1.19 -
Panda 9.05.01 2012.05.18 2012-05-18 2.39 -
Trend Micro 9.500-1005 9.120.08 2012-05-18 0.20 -
Quick Heal 11.00 2012.05.18 2012-05-18 4.89 -
Rising 20.0 24.10.04.01 2012-05-18 4.96 -
Sophos 3.31.1 4.77 2012-05-19 7.93 -
Sunbelt 3.9.2537.2 11935 2012-05-18 2.44 -
Symantec 1.3.0.24 20120518.006 2012-05-18 2.30 -
nProtect 20120518.01 11312609 2012-05-18 1.89 -
The Hacker 6.8.0.0 v00012 2012-05-16 2.44 -
VBA32 3.12.16.4 20120518.0912 2012-05-18 8.07 -
VirusBuster 5.5.0.2 14.2.79.0/8760207 2012-05-18 0.42 -


VirSCAN.org Scanned Report :
Scanned time : 2008/04/28 06:50:23 (MDT)
Scanner results: 3% Scanner(s) (1/36) found malware!
File Name : explorer.exe
File Size : 1033728 byte
File Type : MS-DOS executable (EXE), OS/2 or MS Windows
MD5 : 12896823fb95bfb3dc9b46bcaedc9923
SHA1 : 9d2bf84874abc5b6e9a2744b7865c193c08d362f
Online report : http://r.virscan.org/bc10cdd8fc1b56e4518b094b5da3a210

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.16 2008.04.27 2008-04-27 3.84 -
AhnLab V3 2008.04.28.00 2008.04.28 2008-04-28 1.13 -
AntiVir 7.8.0.10 7.0.3.220 2008-04-28 2.78 -
Arcavir 1.0.4 200804271350 2008-04-27 2.30 -
AVAST! 1.0.8 080428-0 2008-04-28 3.06 -
AVG 7.5.51.442 269.23.5/1401 2008-04-28 2.87 -
BitDefender 7.60825.1184481 7.18704 2008-04-28 4.08 -
CA (VET) 9.0.0.143 31.3.5741 2008-04-28 6.55 -
ClamAV 0.93 6863 2008-04-21 0.27 -
Comodo 2.11 2.0.0.509 2008-04-28 1.03 -
CP Secure 1.1.0.715 2008.04.28 2008-04-28 7.54 -
Dr.Web 4.44.0.9170 2008.04.28 2008-04-28 6.33 -
ewido 4.0.0.2 2008.04.28 2008-04-28 2.55 -
F-Prot 4.4.1.52 20080427 2008-04-27 1.60 -
F-Secure 5.51.6100 2008.04.28.01 2008-04-28 5.04 -
Fortinet 2.81-3.11 9.25 2008-04-28 2.31 -
ViRobot 20080428 2008.04.28 2008-04-28 0.39 -
Ikarus T3.1.01.26 2008.04.28.70668 2008-04-28 2.51 -
JiangMin 10.00.650 2008.04.28 2008-04-28 1.53 -
Kaspersky 5.5.10 2008.04.28 2008-04-28 10.89 -
KingSoft 2007.6.20.249 2008.4.28 2008-04-28 1.18 -
McAfee 5.2.00 5282 2008-04-25 6.31 -
Microsoft 1.3408 2008.04.24 2008-04-24 7.22 -
mks_vir 2.01 2008.04.28 2008-04-28 5.72 -
Norman 5.91.10 5.90 2008-04-22 16.99 -
Panda 9.04.03.0001 2008.04.27 2008-04-27 9.46 -
Trend Micro 8.500-1001 5.244.03 2008-04-28 0.04 -
Prevx V2 20080428 2008-04-28 8.40 TROJAN.DOWNLOADER.GEN
Quick Heal 9.00 2008.04.26 2008-04-26 6.32 -
Rising 20.0 20.42.01.00 2008-04-28 2.57 -
Sophos 2.72.0 4.28 2008-04-28 18.16 -
Symantec 1.3.0.24 20080427.009 2008-04-27 0.62 -
nProtect 2008-04-28.00 1437905 2008-04-28 13.80 -
The Hacker 6.2.92 v00294 2008-04-26 3.66 -
VBA32 3.12.6.5 20080428.0807 2008-04-28 5.85 -
VirusBuster 4.3.19:9 9.126.6/11.0 2008-04-27 6.81 -


VirSCAN.org Scanned Report :
Scanned time : 2012/06/21 00:09:19 (MDT)
Scanner results: Scanners did not find malware!
File Name : winlogon.exe
File Size : 507904 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : ed0ef0a136dec83df69f04118870003e
SHA1 : f77a7cd78877527023ebfb35e83b75ef59d3df07
Online report : http://r.virscan.org/9e9625a33ace094b58dc04dfc0ae3314

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120621111001 2012-06-21 0.33 -
AhnLab V3 ... .. -- 0.29 -
AntiVir 8.2.10.80 7.11.32.106 2012-06-09 0.19 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.37 -
Arcavir 2011 201206041805 2012-06-04 4.25 -
Authentium 5.1.1 201206202333 2012-06-20 1.72 -
AVAST! 4.7.4 120620-1 2012-06-20 0.26 -
AVG 12.0.1787 2433/5082 2012-06-20 0.28 -
BitDefender 7.90123.7313353 7.42672 2012-06-21 4.00 -
ClamAV 0.97.3 15065 2012-06-21 0.84 -
Comodo 5.1 12685 2012-06-21 2.48 -
CP Secure 1.3.0.5 2012.06.21 2012-06-21 0.25 -
Dr.Web 7.0.2.4281 2012.06.21 2012-06-21 13.73 -
F-Prot 4.6.2.117 20120620 2012-06-20 0.83 -
F-Secure 7.02.73807 2012.06.20.04 2012-06-20 2.46 -
Fortinet 4.3.392 15.724 2012-06-20 0.21 -
GData 22.5357 20120621 2012-06-21 5.21 -
ViRobot 20120620 2012.06.20 2012-06-20 0.36 -
Ikarus T3.1.32.20.0 2012.06.21.81551 2012-06-21 6.05 -
JiangMin 13.0.900 2012.06.21 2012-06-21 2.58 -
Kaspersky 5.5.10 2012.06.20 2012-06-20 0.43 -
KingSoft 2009.2.5.15 2012.6.21.9 2012-06-21 0.94 -
McAfee 5400.1158 6748 2012-06-20 8.85 -
Microsoft 1.8502 2012.06.20 2012-06-20 3.43 -
NOD32 3.0.21 7236 2012-06-20 0.25 -
Panda 9.05.01 2012.06.19 2012-06-19 0.78 -
Trend Micro 9.500-1005 9.206.08 2012-06-20 0.20 -
Quick Heal 11.00 2012.06.19 2012-06-19 1.20 -
Rising 20.0 24.15.02.01 2012-06-20 2.75 -
Sophos 3.32.0 4.78 2012-06-21 5.45 -
Sunbelt 3.9.2539.2 12085 2012-06-20 0.81 -
Symantec 1.3.0.24 20120620.005 2012-06-20 0.53 -
nProtect 20120620.02 11489558 2012-06-20 1.47 -
The Hacker 6.8.0.0 v00040 2012-06-20 0.62 -
VBA32 3.12.18.0 20120620.0811 2012-06-20 4.22 -
VirusBuster 5.5.1.3 15.0.62.2/8990547 2012-06-21 0.22 -


VirSCAN.org Scanned Report :
Scanned time : 2012/10/30 18:49:17 (MDT)
Scanner results: Scanners did not find malware!
File Name : svchost.exe
File Size : 14336 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 27c6d03bcdb8cfeb96b716f3d8be3e18
SHA1 : 49083ae3725a0488e0a8fbbe1335c745f70c4667
Online report : http://r.virscan.org/90c2ed6c0b9dfc9d79d46d6a66f0bb66

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20121029155812 2012-10-29 0.00 -
AhnLab V3 2012.10.29.03 2012.10.29 2012-10-29 0.00 -
AntiVir 8.2.10.150 7.11.41.132 2012-09-01 0.18 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.30 -
Arcavir 2011 201210291350 2012-10-29 2.85 -
Authentium 5.1.1 201209090949 2012-09-09 2.13 -
AVAST! 4.7.4 121030-0 2012-10-30 0.17 -
AVG 12.0.1794 2441/5363 2012-10-30 0.24 -
BitDefender 7.90123.7804606 7.43853 2012-10-31 4.13 -
ClamAV 0.97.5 15522 2012-10-31 0.22 -
Comodo 5.1 14017 2012-10-29 0.00 -
CP Secure 1.3.0.5 2012.10.31 2012-10-31 0.28 -
Dr.Web 7.0.4.9250 2012.10.29 2012-10-29 15.08 -
F-Prot 4.6.2.117 20121030 2012-10-30 0.83 -
F-Secure 7.02.73807 2012.10.30.06 2012-10-30 2.38 -
Fortinet 4.3.392 16.549 2012-10-17 0.00 -
GData 22.6542 20121029 2012-10-29 0.00 -
ViRobot 20121029 2012.10.29 2012-10-29 0.00 -
Ikarus T3.1.32.20.0 2012.10.30.82623 2012-10-30 6.12 -
JiangMin 13.0.900 2012.10.29 2012-10-29 0.00 -
Kaspersky 5.5.10 2012.10.16 2012-10-16 0.32 -
KingSoft 2009.2.5.15 2012.10.29.9 2012-10-29 0.00 -
McAfee 5400.1158 6881 2012-10-30 8.66 -
Microsoft 1.8904 2012.10.28 2012-10-28 0.00 -
NOD32 3.0.21 7644 2012-10-30 0.20 -
Norman 6.8.3 201208311030 2012-08-31 0.00 -
Panda 9.05.01 2012.10.29 2012-10-29 0.00 -
Trend Micro 9.500-1005 9.496.04 2012-10-30 0.20 -
Quick Heal 11.00 2012.10.28 2012-10-28 0.00 -
Rising 20.0 24.34.00.01 2012-10-29 0.00 -
Sophos 3.35.1 4.81 2012-10-31 5.88 -
Sunbelt 3.9.2551.2 13730 2012-10-28 0.00 -
Symantec 1.3.0.24 20121027.007 2012-10-27 1.17 -
nProtect 20121027.02 12360692 2012-10-27 0.00 -
The Hacker 6.8.0.0 v00121 2012-10-28 0.00 -
VBA32 3.12.18.3 20121030.1921 2012-10-30 3.93 -
VirusBuster 5.5.2.13 15.0.242.0/101846752012-10-30 0.18 -

#4 corey8871

corey8871
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 07 November 2012 - 02:21 PM

I just want to add that for a couple of these, I could not get virscan to re-scan. I tried IE, Firefox, and Safari and once I clicked the re-scan button, nothing would happen.

#5 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:45 AM

Posted 08 November 2012 - 02:36 AM

Hi,

You should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.



Please delete (do not uninstall) any copy of Combofix that you have and then download/run a new copy.

Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#6 corey8871

corey8871
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 08 November 2012 - 12:11 PM

JUST WANT TO NOTE THAT THE DATE ON THE MACHINE IS WRONG THAT'S WHY IT SAYS "10/28/2012" Thanks again for your help.

ComboFix 12-11-08.01 - Owner 10/28/2012 13:28:40.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1460 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-28 )))))))))))))))))))))))))))))))
.
.
2012-10-28 17:53 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A1C9D56D-8560-42BF-9E8D-7427DA9A4F59}\mpengine.dll
2012-10-28 17:44 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-28 17:36 . 2012-10-28 17:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2012-10-28 17:35 . 2012-10-28 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-28 17:35 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-28 17:35 . 2012-10-28 17:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 19:39 . 2012-04-01 10:37 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 19:39 . 2011-05-20 09:44 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-31 03:03 . 2010-10-25 02:25 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:14 . 2006-03-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2006-03-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2006-03-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2006-03-15 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2006-03-15 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 18:01 . 2011-04-14 14:56 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 18:01 . 2011-04-14 14:56 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 13:33 . 2006-03-15 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-23 18:34 . 2012-10-23 18:33 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-11-06 16:46 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-11-06 16:46 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 16206848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-04 7340032]
"nwiz"="nwiz.exe" [2005-12-04 1519616]
"NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2005-12-04 49152]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-11-06 49168]
"LXBSCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBStime.dll" [2004-03-17 65536]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-11-06 16:34 52224 ----a-w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [4/12/2011 4:51 PM 20160]
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 19:39]
.
2012-10-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 12:11]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 12:11]
.
2012-10-28 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 22:25]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.151 192.168.0.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\snvtxpoy.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-28 12:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBSCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\crypto.dll
.
- - - - - - - > 'lsass.exe'(964)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
- - - - - - - > 'explorer.exe'(4040)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\program files\Protector Suite QL\farchns.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\AGRSMMSG.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-10-28 12:37:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-28 17:37
ComboFix2.txt 2012-10-28 17:53
.
Pre-Run: 113,341,140,992 bytes free
Post-Run: 113,252,061,184 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - EEB52E02C409B2B780A6D6BC884B7CA0

#7 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:45 AM

Posted 08 November 2012 - 12:17 PM

We need to execute a ComboFix script.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy-paste the text in the code box below into it:

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-


4. Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

5. Refering to the picture above, drag CFScript into ComboFix.exe

6. When finished, it shall produce a log for you which I will require in your next reply.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#8 corey8871

corey8871
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 08 November 2012 - 12:48 PM

ComboFix 12-11-08.01 - Owner 11/08/2012 11:41:08.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1546 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-10-08 to 2012-11-08 )))))))))))))))))))))))))))))))
.
.
2012-10-28 17:44 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-28 17:41 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55172894-0701-442F-95CF-3C1432F94920}\mpengine.dll
2012-10-28 17:36 . 2012-10-28 17:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2012-10-28 17:35 . 2012-10-28 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-28 17:35 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-28 17:35 . 2012-10-28 17:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 19:39 . 2012-04-01 10:37 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 19:39 . 2011-05-20 09:44 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-31 03:03 . 2010-10-25 02:25 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:14 . 2006-03-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2006-03-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2006-03-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2006-03-15 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2006-03-15 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 18:01 . 2011-04-14 14:56 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 18:01 . 2011-04-14 14:56 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 13:33 . 2006-03-15 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-23 18:34 . 2012-10-23 18:33 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-11-06 16:46 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-11-06 16:46 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 16206848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-04 7340032]
"nwiz"="nwiz.exe" [2005-12-04 1519616]
"NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2005-12-04 49152]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-11-06 49168]
"LXBSCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBStime.dll" [2004-03-17 65536]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-11-06 16:34 52224 ----a-w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [4/12/2011 3:51 PM 20160]
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 19:39]
.
2012-10-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 12:11]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 12:11]
.
2012-10-28 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 22:25]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\snvtxpoy.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-08 11:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBSCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\crypto.dll
.
- - - - - - - > 'lsass.exe'(964)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
- - - - - - - > 'explorer.exe'(792)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\program files\Protector Suite QL\farchns.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-11-08 11:46:27
ComboFix-quarantined-files.txt 2012-11-08 17:46
ComboFix2.txt 2012-10-28 17:37
ComboFix3.txt 2012-10-28 17:53
.
Pre-Run: 113,214,939,136 bytes free
Post-Run: 113,206,636,544 bytes free
.
- - End Of File - - E9A8EDD7CCCD2E24DA0CD0791FA6F705

#9 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:45 AM

Posted 08 November 2012 - 01:05 PM

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" is Cure (Please click on it and change it to skip).
  • Click on Report to generate a log.
  • Please post that log when you reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#10 corey8871

corey8871
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 08 November 2012 - 01:24 PM

12:10:19.0687 2616 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:10:20.0281 2616 ============================================================
12:10:20.0281 2616 Current date / time: 2012/11/08 12:10:20.0281
12:10:20.0281 2616 SystemInfo:
12:10:20.0281 2616
12:10:20.0281 2616 OS Version: 5.1.2600 ServicePack: 3.0
12:10:20.0281 2616 Product type: Workstation
12:10:20.0281 2616 ComputerName: OWNER-152C47DB0
12:10:20.0281 2616 UserName: Owner
12:10:20.0281 2616 Windows directory: C:\WINDOWS
12:10:20.0281 2616 System windows directory: C:\WINDOWS
12:10:20.0281 2616 Processor architecture: Intel x86
12:10:20.0281 2616 Number of processors: 2
12:10:20.0281 2616 Page size: 0x1000
12:10:20.0281 2616 Boot type: Normal boot
12:10:20.0281 2616 ============================================================
12:10:22.0468 2616 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:10:22.0484 2616 ============================================================
12:10:22.0484 2616 \Device\Harddisk0\DR0:
12:10:22.0500 2616 MBR partitions:
12:10:22.0500 2616 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
12:10:22.0500 2616 ============================================================
12:10:22.0593 2616 C: <-> \Device\Harddisk0\DR0\Partition1
12:10:22.0593 2616 ============================================================
12:10:22.0593 2616 Initialize success
12:10:22.0593 2616 ============================================================
12:10:27.0156 1572 ============================================================
12:10:27.0156 1572 Scan started
12:10:27.0156 1572 Mode: Manual;
12:10:27.0156 1572 ============================================================
12:10:28.0765 1572 ================ Scan system memory ========================
12:10:28.0765 1572 System memory - ok
12:10:28.0765 1572 ================ Scan services =============================
12:10:29.0140 1572 Abiosdsk - ok
12:10:29.0156 1572 abp480n5 - ok
12:10:29.0203 1572 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:10:29.0203 1572 ACPI - ok
12:10:29.0281 1572 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:10:29.0281 1572 ACPIEC - ok
12:10:29.0359 1572 [ B05F2367F62552A2DE7E3C352B7B9885 ] ADM8511 C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
12:10:29.0359 1572 ADM8511 - ok
12:10:29.0640 1572 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:10:29.0640 1572 AdobeFlashPlayerUpdateSvc - ok
12:10:29.0640 1572 adpu160m - ok
12:10:29.0687 1572 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:10:29.0687 1572 aec - ok
12:10:29.0734 1572 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:10:29.0734 1572 AFD - ok
12:10:29.0906 1572 [ B3192376C7A3814B5341EFC2202022F8 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
12:10:29.0921 1572 AgereSoftModem - ok
12:10:29.0921 1572 Aha154x - ok
12:10:29.0921 1572 aic78u2 - ok
12:10:29.0937 1572 aic78xx - ok
12:10:29.0984 1572 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:10:29.0984 1572 Alerter - ok
12:10:30.0015 1572 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
12:10:30.0015 1572 ALG - ok
12:10:30.0015 1572 AliIde - ok
12:10:30.0031 1572 amsint - ok
12:10:30.0218 1572 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:10:30.0218 1572 Apple Mobile Device - ok
12:10:30.0343 1572 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:10:30.0343 1572 AppMgmt - ok
12:10:30.0390 1572 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:10:30.0390 1572 Arp1394 - ok
12:10:30.0406 1572 asc - ok
12:10:30.0406 1572 asc3350p - ok
12:10:30.0421 1572 asc3550 - ok
12:10:30.0609 1572 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:10:30.0609 1572 aspnet_state - ok
12:10:30.0656 1572 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:10:30.0671 1572 AsyncMac - ok
12:10:30.0718 1572 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:10:30.0718 1572 atapi - ok
12:10:30.0734 1572 Atdisk - ok
12:10:30.0843 1572 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:10:30.0843 1572 Atmarpc - ok
12:10:30.0953 1572 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:10:30.0953 1572 AudioSrv - ok
12:10:31.0000 1572 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:10:31.0000 1572 audstub - ok
12:10:31.0062 1572 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:10:31.0062 1572 Beep - ok
12:10:31.0125 1572 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
12:10:31.0125 1572 BITS - ok
12:10:31.0218 1572 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:10:31.0218 1572 Bonjour Service - ok
12:10:31.0265 1572 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
12:10:31.0265 1572 Browser - ok
12:10:31.0281 1572 catchme - ok
12:10:31.0312 1572 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:10:31.0312 1572 cbidf2k - ok
12:10:31.0328 1572 cd20xrnt - ok
12:10:31.0359 1572 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:10:31.0359 1572 Cdaudio - ok
12:10:31.0390 1572 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:10:31.0390 1572 Cdfs - ok
12:10:31.0406 1572 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:10:31.0406 1572 Cdrom - ok
12:10:31.0421 1572 Changer - ok
12:10:31.0453 1572 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:10:31.0453 1572 CiSvc - ok
12:10:31.0468 1572 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:10:31.0468 1572 ClipSrv - ok
12:10:31.0531 1572 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:10:31.0531 1572 clr_optimization_v4.0.30319_32 - ok
12:10:31.0546 1572 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:10:31.0546 1572 CmBatt - ok
12:10:31.0562 1572 CmdIde - ok
12:10:31.0578 1572 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:10:31.0578 1572 Compbatt - ok
12:10:31.0593 1572 COMSysApp - ok
12:10:31.0625 1572 Cpqarray - ok
12:10:31.0640 1572 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:10:31.0640 1572 CryptSvc - ok
12:10:31.0656 1572 dac2w2k - ok
12:10:31.0656 1572 dac960nt - ok
12:10:31.0718 1572 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:10:31.0718 1572 DcomLaunch - ok
12:10:31.0750 1572 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:10:31.0765 1572 Dhcp - ok
12:10:31.0781 1572 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:10:31.0781 1572 Disk - ok
12:10:31.0796 1572 dmadmin - ok
12:10:31.0968 1572 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:10:31.0984 1572 dmboot - ok
12:10:32.0015 1572 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:10:32.0015 1572 dmio - ok
12:10:32.0062 1572 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:10:32.0062 1572 dmload - ok
12:10:32.0125 1572 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:10:32.0125 1572 dmserver - ok
12:10:32.0203 1572 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:10:32.0203 1572 DMusic - ok
12:10:32.0312 1572 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:10:32.0312 1572 Dnscache - ok
12:10:32.0406 1572 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:10:32.0421 1572 Dot3svc - ok
12:10:32.0421 1572 dpti2o - ok
12:10:32.0453 1572 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:10:32.0453 1572 drmkaud - ok
12:10:32.0562 1572 [ E1FA10ED8F9F700C1BE1EAE05A80EF57 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
12:10:32.0562 1572 e1express - ok
12:10:32.0609 1572 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:10:32.0609 1572 EapHost - ok
12:10:32.0750 1572 [ 27434C42A13C11F92CA45840B720D671 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
12:10:32.0750 1572 ehRecvr - ok
12:10:32.0796 1572 [ 16910F8B482919BB6035ED053B691692 ] ehSched C:\WINDOWS\eHome\ehSched.exe
12:10:32.0796 1572 ehSched - ok
12:10:32.0859 1572 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:10:32.0859 1572 ERSvc - ok
12:10:32.0921 1572 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
12:10:32.0937 1572 Eventlog - ok
12:10:33.0046 1572 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
12:10:33.0046 1572 EventSystem - ok
12:10:33.0109 1572 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:10:33.0109 1572 Fastfat - ok
12:10:33.0171 1572 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:10:33.0171 1572 FastUserSwitchingCompatibility - ok
12:10:33.0265 1572 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
12:10:33.0265 1572 Fdc - ok
12:10:33.0312 1572 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:10:33.0312 1572 Fips - ok
12:10:33.0359 1572 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:10:33.0359 1572 Flpydisk - ok
12:10:33.0421 1572 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:10:33.0421 1572 FltMgr - ok
12:10:33.0437 1572 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:10:33.0437 1572 Fs_Rec - ok
12:10:33.0500 1572 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:10:33.0500 1572 Ftdisk - ok
12:10:33.0546 1572 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:10:33.0546 1572 GEARAspiWDM - ok
12:10:33.0593 1572 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:10:33.0593 1572 Gpc - ok
12:10:34.0718 1572 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:10:34.0734 1572 gupdate - ok
12:10:35.0078 1572 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:10:35.0093 1572 gupdatem - ok
12:10:35.0140 1572 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:10:35.0140 1572 HDAudBus - ok
12:10:35.0265 1572 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:10:35.0281 1572 helpsvc - ok
12:10:35.0328 1572 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
12:10:35.0328 1572 HidServ - ok
12:10:35.0406 1572 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:10:35.0406 1572 HidUsb - ok
12:10:35.0453 1572 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:10:35.0453 1572 hkmsvc - ok
12:10:35.0453 1572 hpn - ok
12:10:35.0593 1572 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:10:35.0593 1572 HTTP - ok
12:10:35.0671 1572 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:10:35.0687 1572 HTTPFilter - ok
12:10:35.0687 1572 i2omgmt - ok
12:10:35.0687 1572 i2omp - ok
12:10:35.0765 1572 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:10:35.0765 1572 i8042prt - ok
12:10:35.0796 1572 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:10:35.0812 1572 Imapi - ok
12:10:35.0890 1572 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:10:35.0890 1572 ImapiService - ok
12:10:35.0968 1572 [ 7BFC3EDA22190C0FE8C2CA19E5379DA5 ] InCDfs C:\WINDOWS\system32\drivers\InCDFs.sys
12:10:35.0968 1572 InCDfs - ok
12:10:36.0015 1572 [ FC4DBF18A4EB0D2FE3171471A3D0F9A8 ] InCDPass C:\WINDOWS\system32\drivers\InCDPass.sys
12:10:36.0015 1572 InCDPass - ok
12:10:36.0046 1572 [ F8E7C551DEF07FDC12CA5CC7AE5D975B ] InCDrec C:\WINDOWS\system32\drivers\InCDrec.sys
12:10:36.0046 1572 InCDrec - ok
12:10:36.0078 1572 [ 31A5A3809249A326EB0EF58D563A9654 ] incdrm C:\WINDOWS\system32\drivers\InCDRm.sys
12:10:36.0078 1572 incdrm - ok
12:10:36.0593 1572 [ C773D093D5C18765E71C7992AEE051A2 ] InCDsrv C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
12:10:36.0625 1572 InCDsrv - ok
12:10:36.0625 1572 ini910u - ok
12:10:37.0500 1572 [ 7C09D605FCAE64E3CB11EBF90FB1E3A1 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:10:37.0546 1572 IntcAzAudAddService - ok
12:10:37.0546 1572 IntelIde - ok
12:10:37.0593 1572 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:10:37.0593 1572 intelppm - ok
12:10:37.0625 1572 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:10:37.0625 1572 Ip6Fw - ok
12:10:37.0671 1572 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:10:37.0671 1572 IpFilterDriver - ok
12:10:37.0703 1572 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:10:37.0703 1572 IpInIp - ok
12:10:37.0765 1572 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:10:37.0765 1572 IpNat - ok
12:10:37.0953 1572 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:10:37.0968 1572 iPod Service - ok
12:10:38.0000 1572 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:10:38.0000 1572 IPSec - ok
12:10:38.0031 1572 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:10:38.0031 1572 IRENUM - ok
12:10:38.0109 1572 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:10:38.0109 1572 isapnp - ok
12:10:38.0312 1572 [ 5472D771C0197355C1D347F20392B982 ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
12:10:38.0328 1572 JavaQuickStarterService - ok
12:10:38.0375 1572 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:10:38.0375 1572 Kbdclass - ok
12:10:38.0421 1572 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:10:38.0421 1572 kbdhid - ok
12:10:38.0468 1572 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:10:38.0484 1572 kmixer - ok
12:10:38.0515 1572 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:10:38.0531 1572 KSecDD - ok
12:10:38.0578 1572 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:10:38.0578 1572 lanmanserver - ok
12:10:38.0640 1572 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:10:38.0640 1572 lanmanworkstation - ok
12:10:38.0640 1572 lbrtfdc - ok
12:10:38.0687 1572 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:10:38.0687 1572 LmHosts - ok
12:10:38.0687 1572 lxbs_device - ok
12:10:38.0828 1572 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
12:10:38.0843 1572 MDM - ok
12:10:38.0953 1572 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:10:38.0953 1572 Messenger - ok
12:10:39.0046 1572 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
12:10:39.0046 1572 MHN - ok
12:10:39.0078 1572 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
12:10:39.0078 1572 MHNDRV - ok
12:10:39.0171 1572 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:10:39.0171 1572 mnmdd - ok
12:10:39.0562 1572 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:10:39.0562 1572 mnmsrvc - ok
12:10:39.0625 1572 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:10:39.0640 1572 Modem - ok
12:10:39.0687 1572 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:10:39.0687 1572 Mouclass - ok
12:10:39.0859 1572 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:10:39.0859 1572 mouhid - ok
12:10:39.0890 1572 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:10:39.0890 1572 MountMgr - ok
12:10:40.0015 1572 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:10:40.0015 1572 MozillaMaintenance - ok
12:10:40.0046 1572 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
12:10:40.0046 1572 MpFilter - ok
12:10:40.0046 1572 mraid35x - ok
12:10:40.0078 1572 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:10:40.0078 1572 MRxDAV - ok
12:10:40.0140 1572 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:10:40.0140 1572 MRxSmb - ok
12:10:40.0187 1572 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:10:40.0187 1572 MSDTC - ok
12:10:40.0203 1572 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:10:40.0203 1572 Msfs - ok
12:10:40.0203 1572 MSIServer - ok
12:10:40.0250 1572 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:10:40.0250 1572 MSKSSRV - ok
12:10:40.0296 1572 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:10:40.0296 1572 MsMpSvc - ok
12:10:40.0296 1572 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:10:40.0296 1572 MSPCLOCK - ok
12:10:40.0312 1572 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:10:40.0312 1572 MSPQM - ok
12:10:40.0359 1572 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:10:40.0359 1572 mssmbios - ok
12:10:40.0390 1572 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:10:40.0390 1572 Mup - ok
12:10:40.0437 1572 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:10:40.0437 1572 napagent - ok
12:10:40.0546 1572 [ 6D8FCDD5BB3B676EF58FA234073492C6 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
12:10:40.0562 1572 NBService - ok
12:10:40.0593 1572 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:10:40.0593 1572 NDIS - ok
12:10:40.0625 1572 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:10:40.0625 1572 NdisTapi - ok
12:10:40.0640 1572 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:10:40.0640 1572 Ndisuio - ok
12:10:40.0640 1572 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:10:40.0656 1572 NdisWan - ok
12:10:40.0671 1572 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:10:40.0687 1572 NDProxy - ok
12:10:40.0687 1572 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:10:40.0687 1572 NetBIOS - ok
12:10:40.0703 1572 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:10:40.0703 1572 NetBT - ok
12:10:40.0750 1572 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
12:10:40.0750 1572 NetDDE - ok
12:10:40.0750 1572 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:10:40.0750 1572 NetDDEdsdm - ok
12:10:40.0796 1572 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:10:40.0796 1572 Netlogon - ok
12:10:40.0812 1572 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
12:10:40.0812 1572 Netman - ok
12:10:40.0906 1572 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:10:40.0906 1572 NetTcpPortSharing - ok
12:10:41.0000 1572 [ 50F5DE54E1D1646C02078F3EDDC15A8E ] NETw3x32 C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
12:10:41.0015 1572 NETw3x32 - ok
12:10:41.0046 1572 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:10:41.0046 1572 NIC1394 - ok
12:10:41.0078 1572 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
12:10:41.0078 1572 Nla - ok
12:10:41.0187 1572 [ E584D6668E6A3923FF32E026A5ED2A03 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
12:10:41.0187 1572 NMIndexingService - ok
12:10:41.0218 1572 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:10:41.0218 1572 Npfs - ok
12:10:41.0250 1572 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:10:41.0250 1572 Ntfs - ok
12:10:41.0265 1572 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:10:41.0265 1572 NtLmSsp - ok
12:10:41.0359 1572 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:10:41.0359 1572 NtmsSvc - ok
12:10:41.0390 1572 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:10:41.0390 1572 Null - ok
12:10:41.0562 1572 [ 7D504E6FD9A69EFD4BC8F8F4DB66A01B ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:10:41.0593 1572 nv - ok
12:10:41.0640 1572 [ 86FBFDA2D525ADFFAFDBF8668834F5A7 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
12:10:41.0640 1572 NVSvc - ok
12:10:41.0671 1572 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:10:41.0671 1572 NwlnkFlt - ok
12:10:41.0671 1572 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:10:41.0671 1572 NwlnkFwd - ok
12:10:41.0718 1572 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:10:41.0718 1572 ohci1394 - ok
12:10:41.0750 1572 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:10:41.0750 1572 ose - ok
12:10:41.0781 1572 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
12:10:41.0781 1572 Parport - ok
12:10:41.0781 1572 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:10:41.0781 1572 PartMgr - ok
12:10:41.0812 1572 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:10:41.0812 1572 ParVdm - ok
12:10:41.0828 1572 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:10:41.0843 1572 PCI - ok
12:10:41.0843 1572 PCIDump - ok
12:10:41.0843 1572 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:10:41.0843 1572 PCIIde - ok
12:10:41.0875 1572 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:10:41.0875 1572 Pcmcia - ok
12:10:41.0890 1572 PDCOMP - ok
12:10:41.0890 1572 PDFRAME - ok
12:10:41.0906 1572 PDRELI - ok
12:10:41.0906 1572 PDRFRAME - ok
12:10:41.0921 1572 perc2 - ok
12:10:41.0921 1572 perc2hib - ok
12:10:41.0953 1572 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
12:10:41.0968 1572 PlugPlay - ok
12:10:41.0968 1572 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:10:41.0968 1572 PolicyAgent - ok
12:10:42.0000 1572 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:10:42.0015 1572 PptpMiniport - ok
12:10:42.0015 1572 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:10:42.0015 1572 ProtectedStorage - ok
12:10:42.0015 1572 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:10:42.0031 1572 PSched - ok
12:10:42.0031 1572 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:10:42.0031 1572 Ptilink - ok
12:10:42.0046 1572 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:10:42.0046 1572 PxHelp20 - ok
12:10:42.0046 1572 ql1080 - ok
12:10:42.0062 1572 Ql10wnt - ok
12:10:42.0062 1572 ql12160 - ok
12:10:42.0078 1572 ql1240 - ok
12:10:42.0078 1572 ql1280 - ok
12:10:42.0093 1572 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:10:42.0093 1572 RasAcd - ok
12:10:42.0140 1572 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:10:42.0140 1572 RasAuto - ok
12:10:42.0171 1572 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:10:42.0171 1572 Rasl2tp - ok
12:10:42.0234 1572 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:10:42.0234 1572 RasMan - ok
12:10:42.0234 1572 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:10:42.0234 1572 RasPppoe - ok
12:10:42.0250 1572 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:10:42.0250 1572 Raspti - ok
12:10:42.0281 1572 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:10:42.0296 1572 Rdbss - ok
12:10:42.0296 1572 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:10:42.0296 1572 RDPCDD - ok
12:10:42.0312 1572 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:10:42.0328 1572 rdpdr - ok
12:10:42.0359 1572 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:10:42.0359 1572 RDPWD - ok
12:10:42.0390 1572 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:10:42.0390 1572 RDSessMgr - ok
12:10:42.0421 1572 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:10:42.0421 1572 redbook - ok
12:10:42.0453 1572 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:10:42.0453 1572 RemoteAccess - ok
12:10:42.0484 1572 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:10:42.0484 1572 RemoteRegistry - ok
12:10:42.0562 1572 [ BD517C7FB119997EFFBE39D5E4B37B05 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
12:10:42.0562 1572 RichVideo - ok
12:10:42.0578 1572 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
12:10:42.0578 1572 RpcLocator - ok
12:10:42.0609 1572 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:10:42.0625 1572 RpcSs - ok
12:10:42.0656 1572 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:10:42.0656 1572 RSVP - ok
12:10:42.0671 1572 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
12:10:42.0671 1572 SamSs - ok
12:10:42.0703 1572 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:10:42.0718 1572 SCardSvr - ok
12:10:42.0750 1572 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:10:42.0765 1572 Schedule - ok
12:10:42.0781 1572 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:10:42.0781 1572 sdbus - ok
12:10:42.0828 1572 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:10:42.0828 1572 Secdrv - ok
12:10:42.0859 1572 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:10:42.0859 1572 seclogon - ok
12:10:42.0875 1572 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
12:10:42.0875 1572 SENS - ok
12:10:42.0921 1572 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
12:10:42.0921 1572 Serial - ok
12:10:42.0953 1572 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
12:10:42.0953 1572 sffdisk - ok
12:10:43.0000 1572 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
12:10:43.0000 1572 sffp_sd - ok
12:10:43.0015 1572 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:10:43.0015 1572 Sfloppy - ok
12:10:43.0062 1572 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:10:43.0078 1572 SharedAccess - ok
12:10:43.0093 1572 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:10:43.0093 1572 ShellHWDetection - ok
12:10:43.0093 1572 Simbad - ok
12:10:43.0109 1572 Sparrow - ok
12:10:43.0140 1572 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:10:43.0140 1572 splitter - ok
12:10:43.0171 1572 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:10:43.0187 1572 Spooler - ok
12:10:43.0218 1572 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:10:43.0218 1572 sr - ok
12:10:43.0250 1572 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
12:10:43.0250 1572 srservice - ok
12:10:43.0296 1572 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:10:43.0296 1572 Srv - ok
12:10:43.0343 1572 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:10:43.0343 1572 SSDPSRV - ok
12:10:43.0390 1572 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:10:43.0406 1572 stisvc - ok
12:10:43.0421 1572 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:10:43.0421 1572 swenum - ok
12:10:43.0437 1572 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:10:43.0437 1572 swmidi - ok
12:10:43.0437 1572 SwPrv - ok
12:10:43.0453 1572 symc810 - ok
12:10:43.0453 1572 symc8xx - ok
12:10:43.0453 1572 sym_hi - ok
12:10:43.0468 1572 sym_u3 - ok
12:10:43.0500 1572 [ E295FFFFF3AAF9A6A40B29497901908F ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:10:43.0500 1572 SynTP - ok
12:10:43.0531 1572 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:10:43.0531 1572 sysaudio - ok
12:10:43.0562 1572 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:10:43.0562 1572 SysmonLog - ok
12:10:43.0609 1572 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:10:43.0625 1572 TapiSrv - ok
12:10:43.0671 1572 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:10:43.0671 1572 Tcpip - ok
12:10:43.0718 1572 [ 125F5ADC14839B4AFD31CC581629D2B3 ] TcUsb C:\WINDOWS\system32\Drivers\tcusb.sys
12:10:43.0718 1572 TcUsb - ok
12:10:43.0734 1572 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:10:43.0734 1572 TDPIPE - ok
12:10:43.0750 1572 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:10:43.0750 1572 TDTCP - ok
12:10:43.0781 1572 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:10:43.0781 1572 TermDD - ok
12:10:43.0812 1572 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
12:10:43.0812 1572 TermService - ok
12:10:43.0828 1572 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
12:10:43.0843 1572 Themes - ok
12:10:43.0875 1572 [ 244CFBFFDEFB77F3DF571A8CD108FC06 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
12:10:43.0875 1572 tifm21 - ok
12:10:43.0921 1572 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:10:43.0921 1572 TlntSvr - ok
12:10:43.0937 1572 TosIde - ok
12:10:43.0984 1572 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:10:43.0984 1572 TrkWks - ok
12:10:44.0015 1572 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:10:44.0015 1572 Udfs - ok
12:10:44.0031 1572 ultra - ok
12:10:44.0062 1572 [ 1977313E362C8732C1AF4D1BCB9C06B7 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
12:10:44.0062 1572 UMWdf - ok
12:10:44.0109 1572 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:10:44.0109 1572 Update - ok
12:10:44.0140 1572 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:10:44.0140 1572 upnphost - ok
12:10:44.0140 1572 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
12:10:44.0156 1572 UPS - ok
12:10:44.0187 1572 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
12:10:44.0187 1572 USBAAPL - ok
12:10:44.0218 1572 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
12:10:44.0218 1572 usbaudio - ok
12:10:44.0234 1572 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:10:44.0234 1572 usbccgp - ok
12:10:44.0265 1572 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:10:44.0265 1572 usbehci - ok
12:10:44.0312 1572 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:10:44.0312 1572 usbhub - ok
12:10:44.0312 1572 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:10:44.0312 1572 usbprint - ok
12:10:44.0328 1572 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:10:44.0328 1572 usbscan - ok
12:10:44.0359 1572 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:10:44.0359 1572 USBSTOR - ok
12:10:44.0375 1572 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:10:44.0375 1572 usbuhci - ok
12:10:44.0390 1572 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:10:44.0406 1572 VgaSave - ok
12:10:44.0406 1572 ViaIde - ok
12:10:44.0421 1572 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:10:44.0421 1572 VolSnap - ok
12:10:44.0500 1572 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
12:10:44.0500 1572 VSS - ok
12:10:44.0546 1572 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
12:10:44.0562 1572 W32Time - ok
12:10:44.0562 1572 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:10:44.0562 1572 Wanarp - ok
12:10:44.0578 1572 WDICA - ok
12:10:44.0593 1572 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:10:44.0593 1572 wdmaud - ok
12:10:44.0609 1572 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:10:44.0609 1572 WebClient - ok
12:10:44.0687 1572 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:10:44.0687 1572 winmgmt - ok
12:10:44.0734 1572 [ 6EAA72FD9EF993EC1FA9A06DE65105DA ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
12:10:44.0750 1572 WmdmPmSN - ok
12:10:44.0781 1572 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:10:44.0796 1572 Wmi - ok
12:10:44.0828 1572 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:10:44.0828 1572 WmiApSrv - ok
12:10:44.0937 1572 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:10:44.0953 1572 WPFFontCache_v0400 - ok
12:10:45.0015 1572 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:10:45.0015 1572 WS2IFSL - ok
12:10:45.0062 1572 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:10:45.0062 1572 wscsvc - ok
12:10:45.0062 1572 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:10:45.0078 1572 wuauserv - ok
12:10:45.0125 1572 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:10:45.0140 1572 WZCSVC - ok
12:10:45.0171 1572 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:10:45.0171 1572 xmlprov - ok
12:10:45.0187 1572 ================ Scan global ===============================
12:10:45.0218 1572 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:10:45.0265 1572 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:10:45.0281 1572 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:10:45.0296 1572 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
12:10:45.0296 1572 [Global] - ok
12:10:45.0296 1572 ================ Scan MBR ==================================
12:10:45.0312 1572 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
12:10:45.0500 1572 \Device\Harddisk0\DR0 - ok
12:10:45.0500 1572 ================ Scan VBR ==================================
12:10:45.0500 1572 [ 8B08A40641082212377EA2EC06582D26 ] \Device\Harddisk0\DR0\Partition1
12:10:45.0500 1572 \Device\Harddisk0\DR0\Partition1 - ok
12:10:45.0500 1572 ============================================================
12:10:45.0500 1572 Scan finished
12:10:45.0500 1572 ============================================================
12:10:45.0515 1736 Detected object count: 0
12:10:45.0515 1736 Actual detected object count: 0
12:11:03.0468 1500 ============================================================
12:11:03.0468 1500 Scan started
12:11:03.0468 1500 Mode: Manual;
12:11:03.0468 1500 ============================================================
12:11:03.0859 1500 ================ Scan system memory ========================
12:11:03.0859 1500 System memory - ok
12:11:03.0859 1500 ================ Scan services =============================
12:11:03.0937 1500 Abiosdsk - ok
12:11:03.0953 1500 abp480n5 - ok
12:11:04.0000 1500 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:11:04.0000 1500 ACPI - ok
12:11:04.0015 1500 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:11:04.0015 1500 ACPIEC - ok
12:11:04.0046 1500 [ B05F2367F62552A2DE7E3C352B7B9885 ] ADM8511 C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
12:11:04.0046 1500 ADM8511 - ok
12:11:04.0109 1500 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:11:04.0109 1500 AdobeFlashPlayerUpdateSvc - ok
12:11:04.0109 1500 adpu160m - ok
12:11:04.0140 1500 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:11:04.0140 1500 aec - ok
12:11:04.0187 1500 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:11:04.0187 1500 AFD - ok
12:11:04.0250 1500 [ B3192376C7A3814B5341EFC2202022F8 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
12:11:04.0250 1500 AgereSoftModem - ok
12:11:04.0265 1500 Aha154x - ok
12:11:04.0265 1500 aic78u2 - ok
12:11:04.0265 1500 aic78xx - ok
12:11:04.0312 1500 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:11:04.0312 1500 Alerter - ok
12:11:04.0328 1500 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
12:11:04.0343 1500 ALG - ok
12:11:04.0343 1500 AliIde - ok
12:11:04.0343 1500 amsint - ok
12:11:04.0421 1500 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:11:04.0421 1500 Apple Mobile Device - ok
12:11:04.0453 1500 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:11:04.0453 1500 AppMgmt - ok
12:11:04.0484 1500 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:11:04.0484 1500 Arp1394 - ok
12:11:04.0484 1500 asc - ok
12:11:04.0500 1500 asc3350p - ok
12:11:04.0500 1500 asc3550 - ok
12:11:04.0640 1500 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:11:04.0640 1500 aspnet_state - ok
12:11:04.0671 1500 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:11:04.0671 1500 AsyncMac - ok
12:11:04.0703 1500 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:11:04.0703 1500 atapi - ok
12:11:04.0703 1500 Atdisk - ok
12:11:04.0750 1500 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:11:04.0750 1500 Atmarpc - ok
12:11:04.0796 1500 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:11:04.0796 1500 AudioSrv - ok
12:11:04.0828 1500 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:11:04.0828 1500 audstub - ok
12:11:04.0875 1500 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:11:04.0875 1500 Beep - ok
12:11:04.0906 1500 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
12:11:04.0921 1500 BITS - ok
12:11:05.0000 1500 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:11:05.0000 1500 Bonjour Service - ok
12:11:05.0046 1500 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
12:11:05.0046 1500 Browser - ok
12:11:05.0046 1500 catchme - ok
12:11:05.0078 1500 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:11:05.0093 1500 cbidf2k - ok
12:11:05.0093 1500 cd20xrnt - ok
12:11:05.0125 1500 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:11:05.0125 1500 Cdaudio - ok
12:11:05.0156 1500 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:11:05.0156 1500 Cdfs - ok
12:11:05.0171 1500 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:11:05.0171 1500 Cdrom - ok
12:11:05.0187 1500 Changer - ok
12:11:05.0234 1500 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:11:05.0234 1500 CiSvc - ok
12:11:05.0234 1500 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:11:05.0234 1500 ClipSrv - ok
12:11:05.0281 1500 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:11:05.0296 1500 clr_optimization_v4.0.30319_32 - ok
12:11:05.0312 1500 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:11:05.0312 1500 CmBatt - ok
12:11:05.0312 1500 CmdIde - ok
12:11:05.0328 1500 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:11:05.0328 1500 Compbatt - ok
12:11:05.0328 1500 COMSysApp - ok
12:11:05.0343 1500 Cpqarray - ok
12:11:05.0359 1500 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:11:05.0359 1500 CryptSvc - ok
12:11:05.0359 1500 dac2w2k - ok
12:11:05.0375 1500 dac960nt - ok
12:11:05.0421 1500 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:11:05.0421 1500 DcomLaunch - ok
12:11:05.0453 1500 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:11:05.0468 1500 Dhcp - ok
12:11:05.0484 1500 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:11:05.0484 1500 Disk - ok
12:11:05.0484 1500 dmadmin - ok
12:11:05.0593 1500 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:11:05.0593 1500 dmboot - ok
12:11:05.0609 1500 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:11:05.0609 1500 dmio - ok
12:11:05.0625 1500 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:11:05.0625 1500 dmload - ok
12:11:05.0656 1500 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:11:05.0656 1500 dmserver - ok
12:11:05.0687 1500 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:11:05.0687 1500 DMusic - ok
12:11:05.0734 1500 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:11:05.0734 1500 Dnscache - ok
12:11:05.0765 1500 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:11:05.0765 1500 Dot3svc - ok
12:11:05.0781 1500 dpti2o - ok
12:11:05.0796 1500 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:11:05.0796 1500 drmkaud - ok
12:11:05.0843 1500 [ E1FA10ED8F9F700C1BE1EAE05A80EF57 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
12:11:05.0843 1500 e1express - ok
12:11:05.0859 1500 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:11:05.0875 1500 EapHost - ok
12:11:05.0937 1500 [ 27434C42A13C11F92CA45840B720D671 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
12:11:05.0937 1500 ehRecvr - ok
12:11:05.0984 1500 [ 16910F8B482919BB6035ED053B691692 ] ehSched C:\WINDOWS\eHome\ehSched.exe
12:11:05.0984 1500 ehSched - ok
12:11:06.0015 1500 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:11:06.0015 1500 ERSvc - ok
12:11:06.0062 1500 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
12:11:06.0062 1500 Eventlog - ok
12:11:06.0109 1500 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
12:11:06.0109 1500 EventSystem - ok
12:11:06.0140 1500 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:11:06.0140 1500 Fastfat - ok
12:11:06.0187 1500 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:11:06.0187 1500 FastUserSwitchingCompatibility - ok
12:11:06.0218 1500 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
12:11:06.0218 1500 Fdc - ok
12:11:06.0250 1500 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:11:06.0250 1500 Fips - ok
12:11:06.0250 1500 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:11:06.0250 1500 Flpydisk - ok
12:11:06.0296 1500 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:11:06.0296 1500 FltMgr - ok
12:11:06.0296 1500 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:11:06.0296 1500 Fs_Rec - ok
12:11:06.0328 1500 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:11:06.0328 1500 Ftdisk - ok
12:11:06.0343 1500 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:11:06.0343 1500 GEARAspiWDM - ok
12:11:06.0359 1500 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:11:06.0359 1500 Gpc - ok
12:11:06.0406 1500 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:11:06.0406 1500 gupdate - ok
12:11:06.0406 1500 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:11:06.0406 1500 gupdatem - ok
12:11:06.0421 1500 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:11:06.0437 1500 HDAudBus - ok
12:11:06.0484 1500 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:11:06.0484 1500 helpsvc - ok
12:11:06.0500 1500 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
12:11:06.0515 1500 HidServ - ok
12:11:06.0531 1500 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:11:06.0531 1500 HidUsb - ok
12:11:06.0546 1500 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:11:06.0562 1500 hkmsvc - ok
12:11:06.0562 1500 hpn - ok
12:11:06.0609 1500 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:11:06.0609 1500 HTTP - ok
12:11:06.0640 1500 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:11:06.0656 1500 HTTPFilter - ok
12:11:06.0656 1500 i2omgmt - ok
12:11:06.0656 1500 i2omp - ok
12:11:06.0703 1500 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:11:06.0703 1500 i8042prt - ok
12:11:06.0703 1500 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:11:06.0703 1500 Imapi - ok
12:11:06.0750 1500 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:11:06.0750 1500 ImapiService - ok
12:11:06.0781 1500 [ 7BFC3EDA22190C0FE8C2CA19E5379DA5 ] InCDfs C:\WINDOWS\system32\drivers\InCDFs.sys
12:11:06.0781 1500 InCDfs - ok
12:11:06.0781 1500 [ FC4DBF18A4EB0D2FE3171471A3D0F9A8 ] InCDPass C:\WINDOWS\system32\drivers\InCDPass.sys
12:11:06.0796 1500 InCDPass - ok
12:11:06.0796 1500 [ F8E7C551DEF07FDC12CA5CC7AE5D975B ] InCDrec C:\WINDOWS\system32\drivers\InCDrec.sys
12:11:06.0796 1500 InCDrec - ok
12:11:06.0812 1500 [ 31A5A3809249A326EB0EF58D563A9654 ] incdrm C:\WINDOWS\system32\drivers\InCDRm.sys
12:11:06.0812 1500 incdrm - ok
12:11:06.0906 1500 [ C773D093D5C18765E71C7992AEE051A2 ] InCDsrv C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
12:11:06.0921 1500 InCDsrv - ok
12:11:06.0937 1500 ini910u - ok
12:11:07.0125 1500 [ 7C09D605FCAE64E3CB11EBF90FB1E3A1 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:11:07.0171 1500 IntcAzAudAddService - ok
12:11:07.0187 1500 IntelIde - ok
12:11:07.0218 1500 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:11:07.0218 1500 intelppm - ok
12:11:07.0250 1500 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:11:07.0250 1500 Ip6Fw - ok
12:11:07.0281 1500 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:11:07.0281 1500 IpFilterDriver - ok
12:11:07.0312 1500 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:11:07.0312 1500 IpInIp - ok
12:11:07.0359 1500 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:11:07.0359 1500 IpNat - ok
12:11:07.0421 1500 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:11:07.0437 1500 iPod Service - ok
12:11:07.0453 1500 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:11:07.0453 1500 IPSec - ok
12:11:07.0468 1500 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:11:07.0468 1500 IRENUM - ok
12:11:07.0500 1500 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:11:07.0500 1500 isapnp - ok
12:11:07.0562 1500 [ 5472D771C0197355C1D347F20392B982 ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
12:11:07.0562 1500 JavaQuickStarterService - ok
12:11:07.0593 1500 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:11:07.0593 1500 Kbdclass - ok
12:11:07.0640 1500 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:11:07.0640 1500 kbdhid - ok
12:11:07.0656 1500 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:11:07.0656 1500 kmixer - ok
12:11:07.0687 1500 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:11:07.0687 1500 KSecDD - ok
12:11:07.0718 1500 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:11:07.0718 1500 lanmanserver - ok
12:11:07.0765 1500 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:11:07.0765 1500 lanmanworkstation - ok
12:11:07.0765 1500 lbrtfdc - ok
12:11:07.0796 1500 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:11:07.0796 1500 LmHosts - ok
12:11:07.0796 1500 lxbs_device - ok
12:11:07.0843 1500 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
12:11:07.0859 1500 MDM - ok
12:11:07.0890 1500 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:11:07.0890 1500 Messenger - ok
12:11:07.0937 1500 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
12:11:07.0937 1500 MHN - ok
12:11:07.0953 1500 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
12:11:07.0953 1500 MHNDRV - ok
12:11:07.0984 1500 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:11:07.0984 1500 mnmdd - ok
12:11:08.0015 1500 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:11:08.0015 1500 mnmsrvc - ok
12:11:08.0046 1500 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:11:08.0046 1500 Modem - ok
12:11:08.0046 1500 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:11:08.0046 1500 Mouclass - ok
12:11:08.0078 1500 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:11:08.0078 1500 mouhid - ok
12:11:08.0093 1500 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:11:08.0093 1500 MountMgr - ok
12:11:08.0140 1500 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:11:08.0140 1500 MozillaMaintenance - ok
12:11:08.0171 1500 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
12:11:08.0171 1500 MpFilter - ok
12:11:08.0171 1500 mraid35x - ok
12:11:08.0203 1500 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:11:08.0203 1500 MRxDAV - ok
12:11:08.0281 1500 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:11:08.0281 1500 MRxSmb - ok
12:11:08.0312 1500 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:11:08.0328 1500 MSDTC - ok
12:11:08.0328 1500 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:11:08.0328 1500 Msfs - ok
12:11:08.0343 1500 MSIServer - ok
12:11:08.0375 1500 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:11:08.0375 1500 MSKSSRV - ok
12:11:08.0421 1500 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:11:08.0421 1500 MsMpSvc - ok
12:11:08.0421 1500 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:11:08.0421 1500 MSPCLOCK - ok
12:11:08.0437 1500 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:11:08.0437 1500 MSPQM - ok
12:11:08.0468 1500 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:11:08.0468 1500 mssmbios - ok
12:11:08.0500 1500 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:11:08.0500 1500 Mup - ok
12:11:08.0531 1500 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:11:08.0546 1500 napagent - ok
12:11:08.0640 1500 [ 6D8FCDD5BB3B676EF58FA234073492C6 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
12:11:08.0656 1500 NBService - ok
12:11:08.0687 1500 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:11:08.0687 1500 NDIS - ok
12:11:08.0718 1500 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:11:08.0718 1500 NdisTapi - ok
12:11:08.0734 1500 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:11:08.0734 1500 Ndisuio - ok
12:11:08.0734 1500 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:11:08.0734 1500 NdisWan - ok
12:11:08.0765 1500 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:11:08.0765 1500 NDProxy - ok
12:11:08.0781 1500 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:11:08.0781 1500 NetBIOS - ok
12:11:08.0796 1500 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:11:08.0796 1500 NetBT - ok
12:11:08.0828 1500 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
12:11:08.0843 1500 NetDDE - ok
12:11:08.0843 1500 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:11:08.0843 1500 NetDDEdsdm - ok
12:11:08.0875 1500 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:11:08.0875 1500 Netlogon - ok
12:11:08.0921 1500 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
12:11:08.0921 1500 Netman - ok
12:11:09.0000 1500 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:11:09.0000 1500 NetTcpPortSharing - ok
12:11:09.0093 1500 [ 50F5DE54E1D1646C02078F3EDDC15A8E ] NETw3x32 C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
12:11:09.0109 1500 NETw3x32 - ok
12:11:09.0125 1500 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:11:09.0125 1500 NIC1394 - ok
12:11:09.0156 1500 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
12:11:09.0156 1500 Nla - ok
12:11:09.0265 1500 [ E584D6668E6A3923FF32E026A5ED2A03 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
12:11:09.0265 1500 NMIndexingService - ok
12:11:09.0296 1500 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:11:09.0296 1500 Npfs - ok
12:11:09.0312 1500 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:11:09.0328 1500 Ntfs - ok
12:11:09.0328 1500 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:11:09.0328 1500 NtLmSsp - ok
12:11:09.0421 1500 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:11:09.0437 1500 NtmsSvc - ok
12:11:09.0453 1500 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:11:09.0453 1500 Null - ok
12:11:09.0625 1500 [ 7D504E6FD9A69EFD4BC8F8F4DB66A01B ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:11:09.0671 1500 nv - ok
12:11:09.0703 1500 [ 86FBFDA2D525ADFFAFDBF8668834F5A7 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
12:11:09.0718 1500 NVSvc - ok
12:11:09.0734 1500 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:11:09.0734 1500 NwlnkFlt - ok
12:11:09.0750 1500 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:11:09.0750 1500 NwlnkFwd - ok
12:11:09.0781 1500 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:11:09.0781 1500 ohci1394 - ok
12:11:09.0828 1500 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:11:09.0828 1500 ose - ok
12:11:09.0843 1500 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
12:11:09.0843 1500 Parport - ok
12:11:09.0859 1500 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:11:09.0859 1500 PartMgr - ok
12:11:09.0890 1500 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:11:09.0890 1500 ParVdm - ok
12:11:09.0921 1500 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:11:09.0921 1500 PCI - ok
12:11:09.0937 1500 PCIDump - ok
12:11:09.0937 1500 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:11:09.0937 1500 PCIIde - ok
12:11:09.0968 1500 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:11:09.0968 1500 Pcmcia - ok
12:11:09.0968 1500 PDCOMP - ok
12:11:09.0968 1500 PDFRAME - ok
12:11:09.0984 1500 PDRELI - ok
12:11:09.0984 1500 PDRFRAME - ok
12:11:10.0000 1500 perc2 - ok
12:11:10.0000 1500 perc2hib - ok
12:11:10.0031 1500 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
12:11:10.0031 1500 PlugPlay - ok
12:11:10.0046 1500 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:11:10.0046 1500 PolicyAgent - ok
12:11:10.0078 1500 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:11:10.0078 1500 PptpMiniport - ok
12:11:10.0078 1500 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:11:10.0093 1500 ProtectedStorage - ok
12:11:10.0093 1500 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:11:10.0093 1500 PSched - ok
12:11:10.0093 1500 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:11:10.0109 1500 Ptilink - ok
12:11:10.0125 1500 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:11:10.0125 1500 PxHelp20 - ok
12:11:10.0125 1500 ql1080 - ok
12:11:10.0125 1500 Ql10wnt - ok
12:11:10.0140 1500 ql12160 - ok
12:11:10.0140 1500 ql1240 - ok
12:11:10.0156 1500 ql1280 - ok
12:11:10.0171 1500 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:11:10.0171 1500 RasAcd - ok
12:11:10.0203 1500 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:11:10.0218 1500 RasAuto - ok
12:11:10.0234 1500 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:11:10.0234 1500 Rasl2tp - ok
12:11:10.0296 1500 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:11:10.0296 1500 RasMan - ok
12:11:10.0312 1500 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:11:10.0312 1500 RasPppoe - ok
12:11:10.0312 1500 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:11:10.0312 1500 Raspti - ok
12:11:10.0359 1500 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:11:10.0359 1500 Rdbss - ok
12:11:10.0359 1500 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:11:10.0375 1500 RDPCDD - ok
12:11:10.0390 1500 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:11:10.0390 1500 rdpdr - ok
12:11:10.0421 1500 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:11:10.0421 1500 RDPWD - ok
12:11:10.0468 1500 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:11:10.0468 1500 RDSessMgr - ok
12:11:10.0484 1500 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:11:10.0484 1500 redbook - ok
12:11:10.0531 1500 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:11:10.0531 1500 RemoteAccess - ok
12:11:10.0546 1500 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:11:10.0546 1500 RemoteRegistry - ok
12:11:10.0640 1500 [ BD517C7FB119997EFFBE39D5E4B37B05 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
12:11:10.0640 1500 RichVideo - ok
12:11:10.0640 1500 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
12:11:10.0656 1500 RpcLocator - ok
12:11:10.0687 1500 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:11:10.0687 1500 RpcSs - ok
12:11:10.0718 1500 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:11:10.0718 1500 RSVP - ok
12:11:10.0750 1500 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
12:11:10.0750 1500 SamSs - ok
12:11:10.0781 1500 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:11:10.0781 1500 SCardSvr - ok
12:11:10.0828 1500 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:11:10.0828 1500 Schedule - ok
12:11:10.0859 1500 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:11:10.0859 1500 sdbus - ok
12:11:10.0890 1500 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:11:10.0890 1500 Secdrv - ok
12:11:10.0921 1500 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:11:10.0937 1500 seclogon - ok
12:11:10.0953 1500 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
12:11:10.0968 1500 SENS - ok
12:11:10.0984 1500 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
12:11:10.0984 1500 Serial - ok
12:11:11.0000 1500 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
12:11:11.0000 1500 sffdisk - ok
12:11:11.0015 1500 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
12:11:11.0015 1500 sffp_sd - ok
12:11:11.0031 1500 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:11:11.0031 1500 Sfloppy - ok
12:11:11.0078 1500 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:11:11.0093 1500 SharedAccess - ok
12:11:11.0109 1500 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:11:11.0109 1500 ShellHWDetection - ok
12:11:11.0109 1500 Simbad - ok
12:11:11.0125 1500 Sparrow - ok
12:11:11.0156 1500 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:11:11.0156 1500 splitter - ok
12:11:11.0187 1500 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:11:11.0203 1500 Spooler - ok
12:11:11.0234 1500 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:11:11.0234 1500 sr - ok
12:11:11.0281 1500 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
12:11:11.0281 1500 srservice - ok
12:11:11.0312 1500 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:11:11.0328 1500 Srv - ok
12:11:11.0343 1500 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:11:11.0343 1500 SSDPSRV - ok
12:11:11.0406 1500 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:11:11.0406 1500 stisvc - ok
12:11:11.0421 1500 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:11:11.0421 1500 swenum - ok
12:11:11.0437 1500 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:11:11.0437 1500 swmidi - ok
12:11:11.0437 1500 SwPrv - ok
12:11:11.0453 1500 symc810 - ok
12:11:11.0453 1500 symc8xx - ok
12:11:11.0468 1500 sym_hi - ok
12:11:11.0468 1500 sym_u3 - ok
12:11:11.0515 1500 [ E295FFFFF3AAF9A6A40B29497901908F ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:11:11.0515 1500 SynTP - ok
12:11:11.0531 1500 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:11:11.0531 1500 sysaudio - ok
12:11:11.0578 1500 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:11:11.0578 1500 SysmonLog - ok
12:11:11.0593 1500 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:11:11.0609 1500 TapiSrv - ok
12:11:11.0656 1500 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:11:11.0656 1500 Tcpip - ok
12:11:11.0703 1500 [ 125F5ADC14839B4AFD31CC581629D2B3 ] TcUsb C:\WINDOWS\system32\Drivers\tcusb.sys
12:11:11.0703 1500 TcUsb - ok
12:11:11.0718 1500 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:11:11.0718 1500 TDPIPE - ok
12:11:11.0734 1500 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:11:11.0734 1500 TDTCP - ok
12:11:11.0765 1500 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:11:11.0765 1500 TermDD - ok
12:11:11.0796 1500 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
12:11:11.0812 1500 TermService - ok
12:11:11.0828 1500 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
12:11:11.0828 1500 Themes - ok
12:11:11.0859 1500 [ 244CFBFFDEFB77F3DF571A8CD108FC06 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
12:11:11.0875 1500 tifm21 - ok
12:11:11.0906 1500 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:11:11.0906 1500 TlntSvr - ok
12:11:11.0921 1500 TosIde - ok
12:11:11.0937 1500 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:11:11.0937 1500 TrkWks - ok
12:11:11.0953 1500 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:11:11.0953 1500 Udfs - ok
12:11:11.0968 1500 ultra - ok
12:11:11.0984 1500 [ 1977313E362C8732C1AF4D1BCB9C06B7 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
12:11:12.0000 1500 UMWdf - ok
12:11:12.0031 1500 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:11:12.0031 1500 Update - ok
12:11:12.0093 1500 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:11:12.0093 1500 upnphost - ok
12:11:12.0093 1500 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
12:11:12.0093 1500 UPS - ok
12:11:12.0125 1500 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
12:11:12.0125 1500 USBAAPL - ok
12:11:12.0156 1500 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
12:11:12.0156 1500 usbaudio - ok
12:11:12.0171 1500 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:11:12.0171 1500 usbccgp - ok
12:11:12.0203 1500 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:11:12.0203 1500 usbehci - ok
12:11:12.0250 1500 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:11:12.0250 1500 usbhub - ok
12:11:12.0250 1500 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:11:12.0250 1500 usbprint - ok
12:11:12.0265 1500 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:11:12.0265 1500 usbscan - ok
12:11:12.0296 1500 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:11:12.0296 1500 USBSTOR - ok
12:11:12.0312 1500 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:11:12.0312 1500 usbuhci - ok
12:11:12.0328 1500 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:11:12.0343 1500 VgaSave - ok
12:11:12.0343 1500 ViaIde - ok
12:11:12.0359 1500 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:11:12.0359 1500 VolSnap - ok
12:11:12.0437 1500 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
12:11:12.0437 1500 VSS - ok
12:11:12.0484 1500 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
12:11:12.0500 1500 W32Time - ok
12:11:12.0500 1500 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:11:12.0500 1500 Wanarp - ok
12:11:12.0515 1500 WDICA - ok
12:11:12.0531 1500 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:11:12.0531 1500 wdmaud - ok
12:11:12.0562 1500 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:11:12.0562 1500 WebClient - ok
12:11:12.0640 1500 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:11:12.0640 1500 winmgmt - ok
12:11:12.0687 1500 [ 6EAA72FD9EF993EC1FA9A06DE65105DA ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
12:11:12.0687 1500 WmdmPmSN - ok
12:11:12.0734 1500 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:11:12.0734 1500 Wmi - ok
12:11:12.0765 1500 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:11:12.0765 1500 WmiApSrv - ok
12:11:12.0875 1500 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:11:12.0890 1500 WPFFontCache_v0400 - ok
12:11:12.0921 1500 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:11:12.0921 1500 WS2IFSL - ok
12:11:12.0968 1500 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:11:12.0968 1500 wscsvc - ok
12:11:12.0984 1500 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:11:12.0984 1500 wuauserv - ok
12:11:13.0046 1500 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:11:13.0046 1500 WZCSVC - ok
12:11:13.0078 1500 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:11:13.0078 1500 xmlprov - ok
12:11:13.0093 1500 ================ Scan global ===============================
12:11:13.0125 1500 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:11:13.0156 1500 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:11:13.0171 1500 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
12:11:13.0203 1500 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
12:11:13.0203 1500 [Global] - ok
12:11:13.0203 1500 ================ Scan MBR ==================================
12:11:13.0218 1500 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
12:11:13.0421 1500 \Device\Harddisk0\DR0 - ok
12:11:13.0421 1500 ================ Scan VBR ==================================
12:11:13.0421 1500 [ 8B08A40641082212377EA2EC06582D26 ] \Device\Harddisk0\DR0\Partition1
12:11:13.0421 1500 \Device\Harddisk0\DR0\Partition1 - ok
12:11:13.0421 1500 ============================================================
12:11:13.0421 1500 Scan finished
12:11:13.0421 1500 ============================================================
12:11:13.0437 2324 Detected object count: 0
12:11:13.0437 2324 Actual detected object count: 0

#11 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:45 AM

Posted 08 November 2012 - 01:35 PM

How's the computer running?


ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, but make sure you copy the logfile first.
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#12 corey8871

corey8871
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 08 November 2012 - 04:26 PM

I ran the ESET online scanner but selected "uninstall application on close" before I got to copy the log. Now when I try to run the tool again, it fails to download virus signature database saying "Can not get update. Is proxy configured?" which a proxy isn't configured. Same error in IE and Firefox. So it is either an issue with ESET's servers or the fact that it says on the site, it can only be run one time. I tried uninstalling from control panel and reinstalling and same error. Microsoft security essentials (the only anti-virus on the machine) is disabled.

On the first run of ESET, however, it did find something which I copied down:
C:\Documents and Settings\Owner\My Documents\Downloads\PDFReaderSetup.exe (a variant of Win32/InstallCore.AY application)

I also noticed that after running COmbofix the first time and after it rebooted my machine, Microsoft Security Essentials found 5 instances of PWS:Win32/Fareit in the following files:
file:C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 2 for Better-Business-Bureau-complaintID2ED3167C11506B417B38.pdf.zip\Better_Business_Bureau_complaint_ID_3222F456A234E565434E2345F234432C1344AA34543.pdf.exe
file:C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for Better-Business-Bureau-complaintID2ED3167C11506B417B38.pdf.zip\Better_Business_Bureau_complaint_ID_3222F456A234E565434E2345F234432C1344AA34543.pdf.exe

containerfile:C:\Documents and Settings\Owner\Local Settings\Temp\Better-Business-Bureau-complaintID2ED3167C11506B417B38.pdf.zip
file:C:\Documents and Settings\Owner\Local Settings\Temp\Better-Business-Bureau-complaintID2ED3167C11506B417B38.pdf.zip->Better_Business_Bureau_complaint_ID_3222F456A234E565434E2345F234432C1344AA34543.pdf.exe
file:C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for Better-Business-Bureau-complaintID2ED3167C11506B417B38.pdf.zip\Better_Business_Bureau_complaint_ID_3222F456A234E565434E2345F234432C1344AA34543.pdf.exe
file:C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for Better-Business-Bureau-complaintID2ED3167C11506B417B38.pdf.zip\Better_Business_Bureau_complaint_ID_3222F456A234E565434E2345F234432C1344AA34543.pdf.exe

containerfile:C:\Documents and Settings\Owner\Local Settings\Temp\Better-Business-Bureau-complaintID2ED3167C11506B417B38.pdf.zip
file:C:\Documents and Settings\Owner\Local Settings\Temp\Better-Business-Bureau-complaintID2ED3167C11506B417B38.pdf.zip->Better_Business_Bureau_complaint_ID_3222F456A234E565434E2345F234432C1344AA34543.pdf.exe

containerfile:C:\Documents and Settings\Owner\Local Settings\Temp\Better-Business-Bureau-complaintID2ED3167C11506B417B38.pdf.zip
file:C:\Documents and Settings\Owner\Local Settings\Temp\Better-Business-Bureau-complaintID2ED3167C11506B417B38.pdf.zip->Better_Business_Bureau_complaint_ID_3222F456A234E565434E2345F234432C1344AA34543.pdf.exe

file:C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for Better-Business-Bureau-complaintID2ED3167C11506B417B38.pdf.zip\Better_Business_Bureau_complaint_ID_3222F456A234E565434E2345F234432C1344AA34543.pdf.exe
file:C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for Better-Business-Bureau-complaintID2ED3167C11506B417B38.pdf.zip\Better_Business_Bureau_complaint_ID_3222F456A234E565434E2345F234432C1344AA34543.pdf.exe

#13 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:45 AM

Posted 08 November 2012 - 10:43 PM

Hi,

Please delete this file: C:\Documents and Settings\Owner\My Documents\Downloads\PDFReaderSetup.exe

Did you delete those files being detected by MSE?


:step1: Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".



:step2: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#14 corey8871

corey8871
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 09 November 2012 - 09:20 AM

Yes, I deleted the files being detected by MSE.


Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
M
i
c
r
o
s
o
f
t
ECHO is off.
S
e
c
u
r
i
t
y
ECHO is off.
E
s
e
n
t
i
a
l
s
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.0
Java™ 7 Update 4
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 10%
````````````````````End of Log``````````````````````

#15 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:45 AM

Posted 09 November 2012 - 09:29 AM

Hi,

How's the computer running? I do not see any sign of virut on your machine, only Clam AV detected it but I believed that it's a false alarm.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users