Computer Hope
Software => Computer viruses and spyware => Topic started by: MNMAN on November 07, 2013, 12:08:55 PM
-
Hi I have a problem and need help please:
Every time I connect to the internet a popup in a new browser opens with an address C:\Users\TOSHIBA\AppData\Local\Microsoft\Windows\Temporary Internet Files\web.html , I deleted the file Web.html manually several times and every time it creates itself again. I tried all popup blockers it didn’t work. I think it’s a virus. I followed your instructions and hereafter the logs needed to help me please:
- AdwCleaner
# AdwCleaner v3.011 - Report created 07/11/2013 at 20:29:57
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : TOSHIBA - MNMAN
# Running from : C:\Users\TOSHIBA\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : FilmFanaticService
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Program Files\FilmFanatic
Folder Deleted : C:\Users\TOSHIBA\AppData\Local\FilmFanatic
Folder Deleted : C:\Users\TOSHIBA\AppData\Local\PackageAware
Folder Deleted : C:\Users\TOSHIBA\AppData\LocalLow\FilmFanatic
Folder Deleted : C:\Users\TOSHIBA\AppData\LocalLow\iac
Folder Deleted : C:\Users\TOSHIBA\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\TOSHIBA\AppData\Roaming\ParetoLogic
File Deleted : C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\h6zrixsw.default\Extensions\[email protected]
File Deleted : C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\h6zrixsw.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.DynamicBarButton
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.DynamicBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.Radio
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.SkinLauncher
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.SkinLauncher.1
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.SkinLauncherSettings
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.SkinLauncherSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.UrlAlertButton
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.UrlAlertButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.XMLSessionPlugin
Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.XMLSessionPlugin.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@FilmFanatic.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07D09E63-294F-4AA3-AB44-E61331AEC6A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B84B4B4-8AF8-4F1F-91FE-074A666F6425}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{12659BAB-1B90-4FBB-97CF-DB2D3475DC38}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1DA22A28-324D-4DD4-B2DC-66A3CEBF447F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2F38D624-AC5D-4096-88CC-A58D2AC806E1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37A2255C-D173-4B54-A455-13DE1DDA9F44}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E9BE71D-A3FA-4224-AB29-2602ACD577FF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C2743F0-A2E2-41A0-9E65-798943109F42}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5CE76F81-AF51-4AAD-8D83-5A28E163530E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{631ACB68-57C3-48AF-9CC5-FCEC0837FFD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F4A94DC-2191-4EE3-9F0B-C8A12199D22C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F5AEBD9-3D48-43BE-ABCA-0AEFD286C4CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{93FC722B-AB04-4CE2-B1A5-5B6889A72830}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9549F17F-105D-4802-96CB-6113ACC2CB53}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99B340F7-76E0-44AB-9948-B95A1B475D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A876A1C1-D9F6-4562-8DBC-D98B61B3F281}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF51ACFA-1320-4087-A9F8-0ACE3F2BD0C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDE564F7-15C9-4C39-A5BA-6AD66A289997}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D5E9B421-C309-41DE-9014-800A2ADCDEB0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DBB38792-EDA6-4557-999B-1974290253A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EDEC5CDC-B714-4B45-9B66-C370451A74F9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EFBF47AA-3C29-4C00-9225-6001E6A0B1AC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1BE14FE1-3175-4324-A77B-33FE5CB7A6ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C990ECA-72D6-4E65-A35B-A08C1DF79E6E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC65300A-DC43-4D86-B153-E59CF6E74216}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1E617D6C-CAA2-4692-B350-C5B638422BDB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{335FDF69-47E2-4099-8B85-F743014942C5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E5B610B-F82D-42FD-AA36-10B0C103BDD5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{80154DB4-DC3D-41D7-A5DA-3B63549377A4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{83AFB8A1-DFD5-4103-B5F7-52F2F114D188}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{864D5A22-9C34-48F6-9385-2E1EAF5F8C33}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{95C0D70C-E5ED-4618-AECC-E11066F86960}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9F5FEDB2-90BB-43E9-BECD-69758C60B00A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B04A9E6A-C9C5-4A2F-ADF9-B69BAC127A14}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BF893C5B-8433-4209-8BEB-6584510FE686}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E9594C59-AA17-4E5B-B9A5-3B4B023B9A2E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{631ACB68-57C3-48AF-9CC5-FCEC0837FFD3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5E9B421-C309-41DE-9014-800A2ADCDEB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0B84B4B4-8AF8-4F1F-91FE-074A666F6425}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{631ACB68-57C3-48AF-9CC5-FCEC0837FFD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D5E9B421-C309-41DE-9014-800A2ADCDEB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0B84B4B4-8AF8-4F1F-91FE-074A666F6425}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{631ACB68-57C3-48AF-9CC5-FCEC0837FFD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D5E9B421-C309-41DE-9014-800A2ADCDEB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1DA22A28-324D-4DD4-B2DC-66A3CEBF447F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F38D624-AC5D-4096-88CC-A58D2AC806E1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37A2255C-D173-4B54-A455-13DE1DDA9F44}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E9BE71D-A3FA-4224-AB29-2602ACD577FF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4C2743F0-A2E2-41A0-9E65-798943109F42}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A876A1C1-D9F6-4562-8DBC-D98B61B3F281}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C990ECA-72D6-4E65-A35B-A08C1DF79E6E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99B340F7-76E0-44AB-9948-B95A1B475D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5CCB33F-6C0A-418A-8AF1-10C35BBD579A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F5BFAD3A-D783-4AD7-98AA-D8F082626F8D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC65300A-DC43-4D86-B153-E59CF6E74216}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23088CF8-EAF8-4BB3-A251-9BA61557AC75}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0B84B4B4-8AF8-4F1F-91FE-074A666F6425}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0B84B4B4-8AF8-4F1F-91FE-074A666F6425}]
Key Deleted : HKCU\Software\FilmFanatic
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\FilmFanatic
Key Deleted : HKCU\Software\AppDataLow\Software\LyricsSay-1
Key Deleted : HKLM\Software\FilmFanatic
Key Deleted : HKLM\Software\InstalledThirdPartyPrograms
Key Deleted : HKLM\Software\ParetoLogic
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16720
-\\ Mozilla Firefox v12.0 (en-US)
[ File : C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\h6zrixsw.default\prefs.js ]
-\\ Google Chrome v
[ File : C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [11040 octets] - [07/11/2013 20:26:38]
AdwCleaner[S0].txt - [11228 octets] - [07/11/2013 20:29:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11289 octets] ##########
- Malwarebytes' Anti-Malware
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.11.07.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16721
TOSHIBA :: MNMAN [administrator]
Protection: Disabled
07/11/2013 8:36:24 PM
mbam-log-2013-11-07 (20-36-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202685
Time elapsed: 14 minute(s), 38 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
- Security Check
Results of screen317's Security Check version 0.99.76
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
McAfee VirusScan Enterprise
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 25
Java version out of Date!
Adobe Flash Player 11.9.900.117
Adobe Reader 10.1.8 Adobe Reader out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
Google Chrome 18.0.1025.151
````````Process Check: objlist.exe by Laurent````````[/u]
McAfee VirusScan Enterprise VsTskMgr.exe
McAfee VirusScan Enterprise mfeann.exe
McAfee VirusScan Enterprise SHSTAT.EXE
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````[/u]
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
•Warning! Once the scan is complete JRT will shut down your browser with NO warning.
•Shut down your protection software now to avoid potential conflicts.
•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this (http://www.bleepingcomputer.com/forums/topic114351.html) link to see a list of security programs that should be disabled and how to disable them.
•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete depending on your system's specifications.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Copy and Paste the JRT.txt log into your next message.
***********************************************
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
**********************************************
Update your Adobe Reader. get.adobe.com/reader (http://get.adobe.com/reader/).
Be sure to uncheck the Free McAfee Security Scan so it isn't installed.
**************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications-4.html) for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
-
HI, thanks for your prompt reply. I did what you said word to word.
However I have a question with regards to JAVA. I have the latest version, do I still have to down load Sun Java Runtime Environment and/or JavaRa?
Here are the logs needed:
JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x86
Ran by TOSHIBA on 08/11/2013 at 8:47:00.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\paSkPlay_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\paSkPlay_RASMANCS
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Empty Folder] C:\Users\TOSHIBA\appdata\local\{4CA4DC98-88A9-4FDD-9DA5-F36ADD38AF6C}
Successfully deleted: [Empty Folder] C:\Users\TOSHIBA\appdata\local\{E9DAB58C-6490-4BC6-ACC1-751767BACC74}
Successfully deleted: [Empty Folder] C:\Users\TOSHIBA\appdata\local\{FDBCDC58-5980-468A-9768-5A1C844D3E29}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/11/2013 at 8:52:13.02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ComboFix log
ComboFix 13-11-07.01 - TOSHIBA 08/11/2013 9:12.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1907.923 [GMT 2:00]
Running from: c:\users\TOSHIBA\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\TOSHIBA\AppData\Local\Microsoft\Windows\Temporary Internet Files\web.html
c:\windows\file_3.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-10-08 to 2013-11-08 )))))))))))))))))))))))))))))))
.
.
2013-11-08 07:03 . 2013-11-08 07:03 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\Oracle
2013-11-08 06:59 . 2013-11-08 06:59 -------- d-----w- c:\programdata\Oracle
2013-11-08 06:59 . 2013-11-08 06:59 -------- d-----w- c:\program files\Common Files\Java
2013-11-08 06:58 . 2013-10-08 05:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-08 06:46 . 2013-11-08 06:46 -------- d-----w- c:\windows\ERUNT
2013-11-07 18:26 . 2013-11-07 18:30 -------- d-----w- C:\AdwCleaner
2013-11-07 18:18 . 2013-11-07 18:18 -------- d-----w- c:\program files\CCleaner
2013-11-07 16:43 . 2013-11-07 16:43 -------- d-----w- C:\TDSSKiller_Quarantine
2013-11-06 09:08 . 2013-11-06 09:08 -------- d-----w- c:\program files\VerbAce Research
2013-11-02 21:24 . 2004-03-09 04:00 224016 ------w- c:\windows\system32\tabctl32.ocx
2013-11-02 21:24 . 2013-03-08 01:46 94208 --sh--w- c:\windows\system32\SalaatTime.dll
2013-11-02 21:24 . 2013-11-02 21:24 -------- d-----w- c:\program files\Salaat Time
2013-11-02 21:24 . 2013-11-02 21:24 -------- d-----w- c:\programdata\InstallMate
2013-11-01 12:45 . 2013-11-07 13:19 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B5F0173-722E-4CE9-912B-7D2DA42F8122}\offreg.dll
2013-11-01 11:46 . 2013-11-01 11:47 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Svchost
2013-11-01 07:27 . 2013-11-07 16:50 -------- d-----w- c:\programdata\GlarySoft
2013-11-01 07:02 . 2013-11-07 16:50 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\GlarySoft
2013-11-01 07:01 . 2013-11-01 07:01 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\Glary_Utilities_Pro__3.9.4.144
2013-10-31 10:50 . 2013-10-31 10:50 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\Malwarebytes
2013-10-31 10:49 . 2013-10-31 10:49 -------- d-----w- c:\programdata\Malwarebytes
2013-10-31 10:49 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-31 10:49 . 2013-10-31 10:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-31 10:48 . 2013-11-01 07:01 158 ----a-w- c:\programdata\patch.dll
2013-10-31 10:47 . 2013-10-31 10:47 253440 ----a-w- c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\alga.exe
2013-10-31 10:47 . 2013-10-31 10:47 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\Malwarebytes Anti-Malware PRO v1.75.0.1300
2013-10-30 12:24 . 2013-10-30 12:24 -------- d-----w- c:\windows\system32\gs
2013-10-30 12:24 . 2013-10-30 12:27 -------- d-----w- c:\program files\GreetingCardStudio
2013-10-29 10:50 . 2013-10-14 06:39 7796464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B5F0173-722E-4CE9-912B-7D2DA42F8122}\mpengine.dll
2013-10-23 11:24 . 2011-09-22 17:55 487424 ----a-w- c:\windows\system32\msvcp70.dll
2013-10-23 11:24 . 2011-09-22 17:55 974848 ----a-w- c:\windows\system32\mfc70.dll
2013-10-23 11:24 . 2011-09-22 17:55 344064 ----a-w- c:\windows\system32\msvcr70.dll
2013-10-23 11:00 . 2013-10-23 13:37 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\Media Player Classic
2013-10-22 18:26 . 2013-10-22 18:26 77528 ----a-w- c:\windows\system32\RtNicProp32.dll
2013-10-22 18:26 . 2013-10-22 18:26 679128 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2013-10-22 10:06 . 2013-10-23 11:25 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\AVS4YOU
2013-10-22 10:04 . 2013-10-27 08:22 -------- d-----w- c:\program files\Common Files\AVSMedia
2013-10-22 10:04 . 2012-03-23 17:59 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2013-10-22 10:04 . 2013-10-27 08:22 -------- d-----w- c:\program files\AVS4YOU
2013-10-22 10:04 . 2013-10-22 10:06 -------- d-----w- c:\programdata\AVS4YOU
2013-10-22 10:04 . 2012-03-23 17:59 24576 ----a-w- c:\windows\system32\msxml3a.dll
2013-10-21 12:14 . 2013-10-21 12:14 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\SolidDocuments
2013-10-20 08:51 . 2013-04-17 18:20 23872 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-10-20 08:08 . 2013-10-20 08:08 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-10-20 08:08 . 2013-10-22 17:59 -------- d-----w- c:\programdata\IObit
2013-10-20 08:08 . 2013-10-22 18:01 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\IObit
2013-10-19 14:57 . 2013-10-19 14:57 -------- d-----w- c:\program files\Google
2013-10-19 14:46 . 2013-10-19 14:46 -------- d-----w- c:\users\TOSHIBA\AppData\Local\Programs
2013-10-19 14:41 . 2013-10-19 14:47 -------- d-----w- c:\program files\FotoSketcher
2013-10-19 14:37 . 2013-10-19 14:40 -------- d-----w- c:\program files\YouTube Downloader
2013-10-17 13:04 . 2013-10-17 13:04 108816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-10-16 04:53 . 2012-08-23 14:10 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-10-16 04:53 . 2012-08-23 14:44 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2013-10-16 04:52 . 2012-08-23 14:10 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-10-16 04:52 . 2012-08-23 13:52 12800 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2013-10-16 04:51 . 2012-08-23 14:40 49664 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2013-10-16 04:50 . 2012-08-23 13:18 37376 ----a-w- c:\windows\system32\tsgqec.dll
2013-10-16 04:50 . 2012-08-23 13:46 16896 ----a-w- c:\windows\system32\wksprtPS.dll
2013-10-16 04:50 . 2012-08-23 13:32 32768 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2013-10-16 04:50 . 2012-08-23 13:47 46592 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2013-10-16 04:50 . 2012-08-23 11:15 269312 ----a-w- c:\windows\system32\aaclient.dll
2013-10-16 04:50 . 2012-08-23 11:40 56320 ----a-w- c:\windows\system32\TSWbPrxy.exe
2013-10-16 04:50 . 2012-08-23 14:48 221184 ----a-w- c:\windows\system32\rdpudd.dll
2013-10-16 04:49 . 2012-08-23 11:12 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll
2013-10-16 04:49 . 2012-08-23 11:32 317440 ----a-w- c:\windows\system32\wksprt.exe
2013-10-16 04:49 . 2012-08-23 10:39 1048064 ----a-w- c:\windows\system32\mstsc.exe
2013-10-16 04:49 . 2012-08-23 10:08 2739712 ----a-w- c:\windows\system32\rdpcorets.dll
2013-10-16 04:49 . 2012-08-23 08:19 4916224 ----a-w- c:\windows\system32\mstscax.dll
2013-10-16 04:46 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2013-10-16 04:46 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2013-10-16 04:46 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-10-16 04:46 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2013-10-16 04:46 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2013-10-15 15:38 . 2013-10-15 15:41 -------- d-----w- c:\windows\system32\MRT
2013-10-15 15:35 . 2013-09-21 03:30 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-15 15:35 . 2013-09-22 23:28 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-10-15 15:35 . 2013-09-22 23:27 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-10-15 15:35 . 2013-09-22 23:27 108032 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-10-15 15:35 . 2013-09-22 23:27 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-10-15 15:35 . 2013-09-22 23:27 257536 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2013-10-15 15:25 . 2013-10-15 15:25 -------- d-----w- c:\program files\MSXML 4.0
2013-10-15 15:19 . 2013-06-25 22:56 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-15 15:19 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-10-15 15:18 . 2013-08-28 00:57 434688 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-15 15:18 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-10-15 15:18 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-10-15 15:18 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-10-15 15:18 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-10-15 15:17 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-10-15 15:16 . 2013-08-29 01:51 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-10-15 15:16 . 2013-08-29 01:51 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-10-15 15:16 . 2013-08-29 01:50 619520 ----a-w- c:\windows\system32\tdh.dll
2013-10-15 15:16 . 2013-08-29 01:50 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-10-15 15:16 . 2013-08-29 01:48 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-10-15 15:16 . 2013-09-08 02:07 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-10-15 15:14 . 2013-08-02 01:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-15 15:13 . 2013-07-04 11:57 205824 ----a-w- c:\windows\system32\WebClnt.dll
2013-10-15 15:13 . 2013-07-04 11:51 81920 ----a-w- c:\windows\system32\davclnt.dll
2013-10-15 15:13 . 2013-07-04 09:48 115712 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2013-10-15 15:13 . 2013-07-20 10:33 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-15 15:13 . 2013-08-05 01:56 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-10-15 15:12 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-10-15 08:52 . 2013-10-15 08:52 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\HTC Sync
2013-10-15 08:52 . 2013-10-19 17:36 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\HTC
2013-10-15 08:51 . 2013-11-08 07:23 -------- d-----w- c:\users\TOSHIBA\AppData\Local\HTC MediaHub
2013-10-15 08:51 . 2013-10-15 08:51 -------- d-----w- c:\users\TOSHIBA\.android
2013-10-15 08:51 . 2013-10-15 08:51 -------- d-----w- c:\programdata\Motorola
2013-10-15 08:49 . 2013-10-15 08:49 -------- d-----w- c:\program files\Spirent Communications
2013-10-15 08:33 . 2013-10-15 08:50 -------- d-----w- c:\program files\HTC
2013-10-15 08:32 . 2009-06-09 13:41 1122664 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-10-15 08:32 . 2009-10-26 15:54 25088 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys
2013-10-15 08:32 . 2013-10-15 08:32 -------- d-----w- c:\programdata\HTC
2013-10-15 08:32 . 2013-11-06 11:21 -------- d-----w- C:\Temp
2013-10-15 06:28 . 2013-09-03 12:35 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-10-09 12:11 . 2013-10-09 12:38 -------- d-----w- c:\program files\Wondershare
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-22 18:26 . 2012-04-07 15:18 102104 ----a-w- c:\windows\system32\RTNUninst32.dll
2013-10-09 17:28 . 2012-04-08 07:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 17:28 . 2012-04-08 07:53 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 07:32 . 2012-04-08 08:53 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2013-03-08 01:46 94208 --sh--w- c:\windows\System32\SalaatTime.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SalaatTime"="c:\program files\Salaat Time\SalaatTime.exe" [2013-03-10 17199104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 170520]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 171032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 136216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-08-06 280576]
.
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
alga.exe [2013-10-31 253440]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VerbAce-Pro Startup Agent.lnk - c:\program files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe AutoRun [2013-11-6 1667072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockFree\ODMenu.dll" [2010-10-04 511344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2013-05-11 10:37 3478600 ----a-w- c:\program files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-05-11 10:37 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-09-20 05:27 444904 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 18:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonQuickMenu]
2012-09-27 14:02 1279120 ----a-w- c:\program files\Canon\Quick Menu\CNQMMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\TOSHIBA\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2011-04-01 14:42 80840 ----a-w- c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-31 08:56 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
2010-08-15 16:54 34160 ----a-w- c:\program files\TOSHIBA\Utilities\KeNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-02-22 17:49 6591800 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
2011-03-29 05:48 408576 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2013-04-01 09:45 298616 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVBg]
2010-07-28 15:23 1493608 ------w- c:\program files\Realtek\Audio\HDA\RtHDVBg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-07-28 15:23 9398888 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-02-28 15:50 18642024 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-03-10 15:49 1697064 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-04-08 08:25 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 06:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-03-24 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-03-24 11136]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-03-24 85760]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-03-24 26496]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2011-03-24 168448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-04-08 85152]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 182304]
R3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-08 1343400]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-04-08 162928]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2013-10-17 108816]
S1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [2013-10-28 340432]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2013-10-17 157264]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2013-10-17 230448]
S2 HTCMonitorService;HTCMonitorService;c:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-09-02 87368]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-04-08 145936]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-10-17 1444120]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2012-04-08 17520]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2011-03-24 348160]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-03-24 72832]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 33616]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-10-22 679128]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 17:28]
.
2013-11-02 c:\windows\Tasks\ReclaimerUpdateFiles_TOSHIBA.job
- c:\users\TOSHIBA\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-10-19 08:43]
.
2013-11-02 c:\windows\Tasks\ReclaimerUpdateXML_TOSHIBA.job
- c:\users\TOSHIBA\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-10-19 08:43]
.
2013-11-08 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_TOSHIBA.job
- c:\users\TOSHIBA\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-10-19 08:43]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.co.za/?gws_rd=cr&ei=Wr97UpqJIMbAtQbaroGIDg
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 196.207.35.29 196.207.35.30
TCP: Interfaces\{02FE2E07-03F4-426B-9774-125C012BEC21}: NameServer = 163.121.128.134 212.103.160.18
TCP: Interfaces\{98513050-6C5D-44C0-A99E-45978941BB38}: NameServer = 163.121.128.134 212.103.160.18
TCP: Interfaces\{F93B3222-C7BF-4FBA-921D-D5D0CEBC092A}: NameServer = 163.121.128.134 212.103.160.18
FF - ProfilePath - c:\users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\h6zrixsw.default\
FF - ExtSQL: 2013-10-01 22:58; [email protected]; c:\users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\h6zrixsw.default\extensions\[email protected]
FF - ExtSQL: 2013-10-07 16:34; [email protected]; c:\program files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-39980888.sys
MSConfigStartUp-FilmFanatic Browser Plugin Loader - c:\progra~1\FILMFA~2\bar\1.bin\pabrmon.exe
MSConfigStartUp-FilmFanatic Search Scope Monitor - c:\progra~1\FILMFA~2\bar\1.bin\pasrchmn.exe
MSConfigStartUp-VideoDownloadConverter Search Scope Monitor - c:\progra~1\VIDEOD~2\bar\1.bin\4zsrchmn.exe
MSConfigStartUp-VideoDownloadConverter_4z Browser Plugin Loader - c:\progra~1\VIDEOD~2\bar\1.bin\4zbrmon.exe
MSConfigStartUp-VideoScavenger Search Scope Monitor - c:\progra~1\VIDEOS~2\bar\1.bin\1esrchmn.exe
MSConfigStartUp-VideoScavenger_1e Browser Plugin Loader - c:\progra~1\VIDEOS~2\bar\1.bin\1ebrmon.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3344)
c:\program files\Stardock\ObjectDockFree\DockShellHook.dll
c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll
c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
c:\program files\Stardock\ObjectDockFree\ODMenu.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\program files\HTC\HTC Sync Manager\HTC Sync\adb.exe
c:\windows\system32\conhost.exe
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\alga.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2013-11-08 09:28:13 - machine was rebooted
ComboFix-quarantined-files.txt 2013-11-08 07:28
.
Pre-Run: 69,544,628,224 bytes free
Post-Run: 69,461,553,152 bytes free
.
- - End Of File - - 6C8780FD6B111A6EB69D1F04FCD75B59
A36C5E4F47E84449FF07ED3517B43A31
-
HI, I know we are still working on solving my problem, however after doing all the scan and updates requested the problem still exist and the popup comes on every time I am connected to the internet as C:\Users\TOSHIBA\AppData\Local\Microsoft\Windows\Temporary Internet Files\web.html
and some times as
C:\Users\TOSHIBA\AppData\Local\Microsoft\Windows\Temporary Internet Files\html.html
P.S. Once I close the popup browser it doesn't popup again.
regards.
-
do I still have to down load Sun Java Runtime Environment and/or JavaRa?
The Security log shows that it's not the latest version which is I believe 45.
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.
(http://i424.photobucket.com/albums/pp322/digistar/diskcleanup2.jpg)
Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.
(http://i424.photobucket.com/albums/pp322/digistar/diskcleanup.jpg)
This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
*****************************************
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)
Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
- At the bottom of the page
- Hidden Objects Only << Selected
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
-
I had a problem with SysPort: Once I clicked on create log the following warning message popped up:
"Failed to start service, SysPort AntiRootkit needs to run with Admin privileges"
I have admin privileges on this PC.
After I clicked OK a new window appears as you descried above and the log was created as following:
P.S. I have tried several times and each time the same warning message popups.
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found
******************************************************************************************
******************************************************************************************
No SSDT Hooks found
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
No hidden files/folders found
-
I finally managed to rum SysPort as administrator.
After clicking Create Log button an Error message saying Error scanning SSDT HOOKS appeared, I clicked OK, the scanning process proceeded smoothly as described by you erlier and the log was created. Here is the log "sorry for inconvenience"
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 937A5000
Module End: 937B0000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_msahci.sys
Service Name: ---
Module Base: 937B0000
Module End: 937BA000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_dumpfve.sys
Service Name: ---
Module Base: 937BA000
Module End: 937CB000
Hidden: Yes
******************************************************************************************
******************************************************************************************
No SSDT Hooks found
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied
Object: C:\Users\TOSHIBA\Desktop\PC shakira\IGO\backup\igo8(??)???.lnk
Status: Hidden
Object: C:\Windows\CSC\v2.0.6\namespace
Status: Access denied
Object: C:\Windows\CSC\v2.0.6\pq
Status: Access denied
Object: C:\Windows\CSC\v2.0.6\sm
Status: Access denied
Object: C:\Windows\CSC\v2.0.6\temp
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
Status: Access denied
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
- Leave the check mark next to Remove found threats.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Hi, first of all I really appreciate your help ,
The result is No Threats Found
Here is the log:
ESETSmartInstaller@High as downloader log:
Can not extract cabC:\Program Files\ESET\ESET Online Scanner\OnlineScanner.cabErr:The handle is invalid.
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e1a2caa48ced7b4b9f5ba14798e6cf3f
# engine=15823
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-10 07:46:05
# local_time=2013-11-10 09:46:05 (+0200, Egypt Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 68635 135700756 0 0
# scanned=148513
# found=0
# cleaned=0
# scan_time=6849
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
-
That looks good. How's your computer running now? Any other issues before we clean up?
-
Apart of the popup problem which is still exists, It's running well.
-
Apart of the popup problem which is still exists, It's running well.
Could you please post a screenshot of that popup?
How to post screenshots or images (http://www.computerhope.com/forum/index.php/topic,61232.0.html)
-
Here are two screen prints the only different is the file pass on the top.
(http://imageshack.com/a/img856/7942/hyt6.png)
(http://imageshack.com/a/img17/213/rhmo.png)
-
Here are two tools that may fix that problem. Please let me know what browser you're using.
Download CCleaner Slim (http://www.ccleaner.com/download/builds/downloading-slim) and save it to your Desktop - Alternate download link (http://www.majorgeeks.com/CCleaner_Slim_No_Toolbar_d4191.html)
When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.
* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner
Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes.[/I] Exit CCleaner after it has completed it's process.
*************************************************
Please download and run MS Fix-it from here. (http://support.microsoft.com/mats/AudioPlayback/en-us?entrypoint=lightbox)
-
I am using IE 11
I ran both programs CCleaner and MS Fix It but the popup is still coming?!
-
I am using IE 11
I ran both programs CCleaner and MS Fix It but the popup is still coming?!
And the popups are always the same as the ones you posted for me?
Do you have any add-ons in IE?
-
And the popups are always the same as the ones you posted for me?
Yes it's always the same as the one I posted before.
Do you have any add-ons in IE?
YES , some are enabled and some are disabled.
-
Please try disabling all the add-ons and see if it makes and difference.
-
Please try disabling all the add-ons and see if it makes and difference.
I did but the problem persist.
However the popup doesn't show a web address (C:\Users\TOSHIBA\AppData\Local\Microsoft\Windows\Temporary Internet Files\web.html) , I managed to get the web address related to this popup ( http://newbase.sytes.net), I hope this may help.
I have red about something called onewebsearch , it's a virus that takes over the browser.
I am so dispirit :'(
-
- Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber1.png)
- If an infected file is detected, the default action will be Cure, click on Continue.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber2.png)
- If a suspicious file is detected, the default action will be Skip, click on Continue.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber3.png)
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillerlastone3.png)
- Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..
-
Here is the report:
22:57:31.0799 2188 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:57:31.0830 2188 ============================================================
22:57:31.0830 2188 Current date / time: 2013/11/15 22:57:31.0830
22:57:31.0830 2188 SystemInfo:
22:57:31.0830 2188
22:57:31.0830 2188 OS Version: 6.1.7601 ServicePack: 1.0
22:57:31.0830 2188 Product type: Workstation
22:57:31.0830 2188 ComputerName: MNMAN
22:57:31.0830 2188 UserName: TOSHIBA
22:57:31.0830 2188 Windows directory: C:\Windows
22:57:31.0830 2188 System windows directory: C:\Windows
22:57:31.0830 2188 Processor architecture: Intel x86
22:57:31.0830 2188 Number of processors: 4
22:57:31.0830 2188 Page size: 0x1000
22:57:31.0830 2188 Boot type: Normal boot
22:57:31.0830 2188 ============================================================
22:57:33.0281 2188 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:57:33.0312 2188 Drive \Device\Harddisk2\DR2 - Size: 0x1BF0FFB000 (111.77 Gb), SectorSize: 0x200, Cylinders: 0x38FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:57:33.0655 2188 ============================================================
22:57:33.0655 2188 \Device\Harddisk0\DR0:
22:57:33.0655 2188 MBR partitions:
22:57:33.0655 2188 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:57:33.0655 2188 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC7D9000
22:57:33.0655 2188 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC80B800, BlocksNum 0x18C22800
22:57:33.0655 2188 \Device\Harddisk2\DR2:
22:57:33.0671 2188 MBR partitions:
22:57:33.0671 2188 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x258, BlocksNum 0xDF87D80
22:57:33.0671 2188 ============================================================
22:57:33.0718 2188 C: <-> \Device\Harddisk0\DR0\Partition2
22:57:33.0749 2188 D: <-> \Device\Harddisk0\DR0\Partition3
22:57:33.0858 2188 J: <-> \Device\Harddisk2\DR2\Partition1
22:57:33.0858 2188 ============================================================
22:57:33.0858 2188 Initialize success
22:57:33.0858 2188 ============================================================
22:58:36.0711 5520 ============================================================
22:58:36.0711 5520 Scan started
22:58:36.0711 5520 Mode: Manual; SigCheck; TDLFS;
22:58:36.0711 5520 ============================================================
22:58:37.0834 5520 ================ Scan system memory ========================
22:58:37.0834 5520 System memory - ok
22:58:37.0834 5520 ================ Scan services =============================
22:58:38.0005 5520 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:58:38.0239 5520 1394ohci - ok
22:58:38.0317 5520 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:58:38.0333 5520 ACPI - ok
22:58:38.0380 5520 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:58:38.0489 5520 AcpiPmi - ok
22:58:38.0707 5520 AdobeARMservice - ok
22:58:38.0770 5520 [ 438F31336B3DC248ABC632F1C8F34A24 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:58:38.0801 5520 AdobeFlashPlayerUpdateSvc - ok
22:58:38.0848 5520 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:58:38.0879 5520 adp94xx - ok
22:58:38.0895 5520 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:58:38.0926 5520 adpahci - ok
22:58:38.0957 5520 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:58:38.0973 5520 adpu320 - ok
22:58:39.0004 5520 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:58:39.0082 5520 AeLookupSvc - ok
22:58:39.0113 5520 [ F81BB7E487EDCEAB630A7EE66CF23913 ] AFD C:\Windows\system32\drivers\afd.sys
22:58:39.0238 5520 AFD - ok
22:58:39.0285 5520 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
22:58:39.0300 5520 agp440 - ok
22:58:39.0347 5520 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
22:58:39.0363 5520 aic78xx - ok
22:58:39.0425 5520 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
22:58:39.0472 5520 ALG - ok
22:58:39.0503 5520 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
22:58:39.0534 5520 aliide - ok
22:58:39.0565 5520 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
22:58:39.0581 5520 amdagp - ok
22:58:39.0597 5520 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
22:58:39.0612 5520 amdide - ok
22:58:39.0643 5520 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:58:39.0721 5520 AmdK8 - ok
22:58:39.0753 5520 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:58:39.0815 5520 AmdPPM - ok
22:58:39.0846 5520 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:58:39.0877 5520 amdsata - ok
22:58:39.0909 5520 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:58:39.0924 5520 amdsbs - ok
22:58:39.0940 5520 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:58:39.0955 5520 amdxata - ok
22:58:40.0002 5520 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
22:58:40.0065 5520 AppID - ok
22:58:40.0111 5520 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:58:40.0174 5520 AppIDSvc - ok
22:58:40.0236 5520 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
22:58:40.0314 5520 Appinfo - ok
22:58:40.0408 5520 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:58:40.0423 5520 Apple Mobile Device - ok
22:58:40.0470 5520 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
22:58:40.0548 5520 AppMgmt - ok
22:58:40.0579 5520 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
22:58:40.0611 5520 arc - ok
22:58:40.0626 5520 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:58:40.0642 5520 arcsas - ok
22:58:40.0657 5520 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:58:40.0829 5520 AsyncMac - ok
22:58:40.0845 5520 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
22:58:40.0876 5520 atapi - ok
22:58:40.0923 5520 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:58:41.0001 5520 AudioEndpointBuilder - ok
22:58:41.0016 5520 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:58:41.0047 5520 Audiosrv - ok
22:58:41.0079 5520 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:58:41.0157 5520 AxInstSV - ok
22:58:41.0203 5520 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
22:58:41.0313 5520 b06bdrv - ok
22:58:41.0375 5520 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
22:58:41.0422 5520 b57nd60x - ok
22:58:41.0547 5520 [ CDA161020BF75B12728AE394196AD991 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
22:58:41.0656 5520 BCM43XX - ok
22:58:41.0687 5520 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
22:58:41.0781 5520 BDESVC - ok
22:58:41.0812 5520 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
22:58:41.0874 5520 Beep - ok
22:58:41.0921 5520 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
22:58:41.0983 5520 BFE - ok
22:58:42.0015 5520 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
22:58:42.0061 5520 BITS - ok
22:58:42.0093 5520 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:58:42.0124 5520 blbdrive - ok
22:58:42.0217 5520 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:58:42.0249 5520 Bonjour Service - ok
22:58:42.0295 5520 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:58:42.0373 5520 bowser - ok
22:58:42.0405 5520 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:58:42.0514 5520 BrFiltLo - ok
22:58:42.0529 5520 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:58:42.0576 5520 BrFiltUp - ok
22:58:42.0639 5520 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:58:42.0701 5520 BridgeMP - ok
22:58:42.0748 5520 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
22:58:42.0810 5520 Browser - ok
22:58:42.0826 5520 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:58:42.0919 5520 Brserid - ok
22:58:42.0935 5520 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:58:42.0997 5520 BrSerWdm - ok
22:58:43.0013 5520 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:58:43.0060 5520 BrUsbMdm - ok
22:58:43.0075 5520 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:58:43.0122 5520 BrUsbSer - ok
22:58:43.0153 5520 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:58:43.0200 5520 BTHMODEM - ok
22:58:43.0231 5520 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
22:58:43.0278 5520 bthserv - ok
22:58:43.0341 5520 catchme - ok
22:58:43.0372 5520 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:58:43.0481 5520 cdfs - ok
22:58:43.0528 5520 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:58:43.0575 5520 cdrom - ok
22:58:43.0621 5520 [ AECD6E980834D784DEA44456B2DC5164 ] CeKbFilter C:\Windows\system32\DRIVERS\CeKbFilter.sys
22:58:43.0653 5520 CeKbFilter - ok
22:58:43.0684 5520 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
22:58:43.0762 5520 CertPropSvc - ok
22:58:43.0793 5520 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:58:43.0824 5520 circlass - ok
22:58:43.0855 5520 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
22:58:43.0871 5520 CLFS - ok
22:58:43.0933 5520 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:58:43.0949 5520 clr_optimization_v2.0.50727_32 - ok
22:58:44.0027 5520 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:58:44.0089 5520 clr_optimization_v4.0.30319_32 - ok
22:58:44.0121 5520 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:58:44.0152 5520 CmBatt - ok
22:58:44.0183 5520 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:58:44.0199 5520 cmdide - ok
22:58:44.0230 5520 [ 85449EEBE8F8EBD6481EFBF0F352B4EB ] CNG C:\Windows\system32\Drivers\cng.sys
22:58:44.0261 5520 CNG - ok
22:58:44.0292 5520 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:58:44.0308 5520 Compbatt - ok
22:58:44.0339 5520 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:58:44.0386 5520 CompositeBus - ok
22:58:44.0401 5520 COMSysApp - ok
22:58:44.0433 5520 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:58:44.0448 5520 crcdisk - ok
22:58:44.0495 5520 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:58:44.0589 5520 CryptSvc - ok
22:58:44.0651 5520 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
22:58:44.0745 5520 CSC - ok
22:58:44.0807 5520 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
22:58:44.0838 5520 CscService - ok
22:58:44.0854 5520 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
22:58:44.0916 5520 DcomLaunch - ok
22:58:44.0947 5520 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
22:58:45.0010 5520 defragsvc - ok
22:58:45.0041 5520 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:58:45.0088 5520 DfsC - ok
22:58:45.0135 5520 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:58:45.0213 5520 Dhcp - ok
22:58:45.0291 5520 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
22:58:45.0447 5520 discache - ok
22:58:45.0540 5520 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:58:45.0571 5520 Disk - ok
22:58:45.0649 5520 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:58:45.0759 5520 Dnscache - ok
22:58:45.0790 5520 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
22:58:45.0852 5520 dot3svc - ok
22:58:45.0883 5520 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
22:58:45.0993 5520 DPS - ok
22:58:46.0039 5520 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:58:46.0071 5520 drmkaud - ok
22:58:46.0117 5520 [ 71BC35067CABC02C9453AEAA42B2E43E ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:58:46.0149 5520 DXGKrnl - ok
22:58:46.0180 5520 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
22:58:46.0258 5520 EapHost - ok
22:58:46.0383 5520 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
22:58:46.0523 5520 ebdrv - ok
22:58:46.0554 5520 [ 803B370865D907EA21DC0C2B6A8936B5 ] EFS C:\Windows\System32\lsass.exe
22:58:46.0648 5520 EFS - ok
22:58:46.0726 5520 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:58:46.0851 5520 ehRecvr - ok
22:58:46.0866 5520 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
22:58:46.0944 5520 ehSched - ok
22:58:46.0975 5520 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:58:47.0007 5520 elxstor - ok
22:58:47.0038 5520 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:58:47.0085 5520 ErrDev - ok
22:58:47.0147 5520 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
22:58:47.0194 5520 EventSystem - ok
22:58:47.0256 5520 [ B0B03560D4DB067B60789FC385762510 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
22:58:47.0381 5520 ewusbnet - ok
22:58:47.0412 5520 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
22:58:47.0490 5520 ew_hwusbdev - ok
22:58:47.0537 5520 [ 61A973F60E94A551BA7B15F3460444FB ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
22:58:47.0584 5520 ew_usbenumfilter - ok
22:58:47.0615 5520 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
22:58:47.0677 5520 exfat - ok
22:58:47.0693 5520 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:58:47.0755 5520 fastfat - ok
22:58:47.0802 5520 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
22:58:47.0911 5520 Fax - ok
22:58:47.0974 5520 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:58:48.0021 5520 fdc - ok
22:58:48.0052 5520 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
22:58:48.0114 5520 fdPHost - ok
22:58:48.0145 5520 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
22:58:48.0192 5520 FDResPub - ok
22:58:48.0208 5520 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:58:48.0223 5520 FileInfo - ok
22:58:48.0239 5520 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:58:48.0270 5520 Filetrace - ok
22:58:48.0301 5520 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:58:48.0348 5520 flpydisk - ok
22:58:48.0379 5520 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:58:48.0411 5520 FltMgr - ok
22:58:48.0457 5520 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
22:58:48.0551 5520 FontCache - ok
22:58:48.0613 5520 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:58:48.0645 5520 FontCache3.0.0.0 - ok
22:58:48.0691 5520 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:58:48.0723 5520 FsDepends - ok
22:58:48.0754 5520 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:58:48.0785 5520 Fs_Rec - ok
22:58:48.0832 5520 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:58:48.0863 5520 fvevol - ok
22:58:48.0910 5520 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:58:48.0925 5520 gagp30kx - ok
22:58:48.0988 5520 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:58:49.0003 5520 GEARAspiWDM - ok
22:58:49.0050 5520 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
22:58:49.0144 5520 gpsvc - ok
22:58:49.0253 5520 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:58:49.0284 5520 gupdate - ok
22:58:49.0315 5520 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:58:49.0331 5520 gupdatem - ok
22:58:49.0362 5520 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:58:49.0378 5520 gusvc - ok
22:58:49.0409 5520 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:58:49.0503 5520 hcw85cir - ok
22:58:49.0565 5520 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:58:49.0612 5520 HdAudAddService - ok
22:58:49.0643 5520 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:58:49.0690 5520 HDAudBus - ok
22:58:49.0737 5520 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\Windows\system32\DRIVERS\HECI.sys
22:58:49.0815 5520 HECI - ok
22:58:49.0846 5520 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:58:49.0893 5520 HidBatt - ok
22:58:49.0924 5520 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:58:49.0971 5520 HidBth - ok
22:58:50.0002 5520 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:58:50.0049 5520 HidIr - ok
22:58:50.0080 5520 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
22:58:50.0142 5520 hidserv - ok
22:58:50.0205 5520 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:58:50.0298 5520 HidUsb - ok
22:58:50.0329 5520 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:58:50.0392 5520 hkmsvc - ok
22:58:50.0439 5520 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:58:50.0532 5520 HomeGroupListener - ok
22:58:50.0579 5520 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:58:50.0657 5520 HomeGroupProvider - ok
22:58:50.0704 5520 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:58:50.0751 5520 HpSAMD - ok
22:58:50.0813 5520 [ 950CC1E6AE3A6CD23E0945CDE089B02C ] HTCAND32 C:\Windows\system32\Drivers\ANDROIDUSB.sys
22:58:50.0938 5520 HTCAND32 - ok
22:58:51.0031 5520 [ 5C8BC8A28798FD010E7ABC4E0D588CAA ] HTCMonitorService C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
22:58:51.0063 5520 HTCMonitorService - ok
22:58:51.0094 5520 [ 339ADEFAD60353F960E3CA67CE468C24 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
22:58:51.0141 5520 htcnprot - ok
22:58:51.0187 5520 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:58:51.0234 5520 HTTP - ok
22:58:51.0265 5520 [ FB572C3FC151C308D1DC3A99954D97B7 ] huawei_cdcacm C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
22:58:51.0359 5520 huawei_cdcacm - ok
22:58:51.0406 5520 [ 00B363D211909FB85BC6300A3214AC03 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
22:58:51.0453 5520 huawei_enumerator - ok
22:58:51.0515 5520 [ 7B1DED0BE9A4203857AB0DED695983E6 ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
22:58:51.0593 5520 huawei_ext_ctrl - ok
22:58:51.0640 5520 [ 189AC9CB8630FAEB1DCAE2F97B8FF98C ] huawei_wwanecm C:\Windows\system32\DRIVERS\ew_juwwanecm.sys
22:58:51.0702 5520 huawei_wwanecm - ok
22:58:51.0733 5520 [ 1C09309A3D793C57EF87AC60C6BBD739 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
22:58:51.0796 5520 hwdatacard - ok
22:58:51.0827 5520 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:58:51.0843 5520 hwpolicy - ok
22:58:51.0889 5520 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:58:51.0921 5520 i8042prt - ok
22:58:51.0983 5520 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:58:51.0999 5520 iaStorV - ok
22:58:52.0092 5520 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:58:52.0155 5520 idsvc - ok
22:58:52.0201 5520 IEEtwCollectorService - ok
22:58:52.0513 5520 [ DB7413CF09D74231720F78737DCF4188 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
22:58:52.0841 5520 igfx - ok
22:58:52.0872 5520 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:58:52.0888 5520 iirsp - ok
22:58:52.0966 5520 [ EDCCC8C13B1EB882F77BA0ABB84566E7 ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
22:58:52.0981 5520 IJPLMSVC - ok
22:58:53.0028 5520 [ B9C54120F46392100478F58F374E5709 ] IKEEXT C:\Windows\System32\ikeext.dll
22:58:53.0075 5520 IKEEXT - ok
22:58:53.0137 5520 [ E3C36AC5AE87EC970AE8EA2A93D59AE1 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
22:58:53.0169 5520 Impcd - ok
22:58:53.0278 5520 [ AEE99ECF06CD1CEA95816CCB5BF73EC8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:58:53.0387 5520 IntcAzAudAddService - ok
22:58:53.0403 5520 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
22:58:53.0418 5520 intelide - ok
22:58:53.0465 5520 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:58:53.0496 5520 intelppm - ok
22:58:53.0543 5520 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:58:53.0574 5520 IPBusEnum - ok
22:58:53.0590 5520 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:58:53.0621 5520 IpFilterDriver - ok
22:58:53.0668 5520 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:58:53.0761 5520 iphlpsvc - ok
22:58:53.0793 5520 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:58:53.0824 5520 IPMIDRV - ok
22:58:53.0871 5520 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:58:53.0949 5520 IPNAT - ok
22:58:54.0027 5520 [ FE56897B27ED266F9C4E7D90A0B5DA47 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:58:54.0058 5520 iPod Service - ok
22:58:54.0089 5520 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:58:54.0136 5520 IRENUM - ok
22:58:54.0151 5520 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:58:54.0167 5520 isapnp - ok
22:58:54.0198 5520 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:58:54.0214 5520 iScsiPrt - ok
22:58:54.0245 5520 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
22:58:54.0261 5520 kbdclass - ok
22:58:54.0292 5520 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:58:54.0323 5520 kbdhid - ok
22:58:54.0339 5520 [ 803B370865D907EA21DC0C2B6A8936B5 ] KeyIso C:\Windows\system32\lsass.exe
22:58:54.0354 5520 KeyIso - ok
22:58:54.0385 5520 [ F286830298323272260332D6ABC905C1 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:58:54.0401 5520 KSecDD - ok
22:58:54.0417 5520 [ D7C760D57B1656DD748B9E4AB6CB5A51 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:58:54.0432 5520 KSecPkg - ok
22:58:54.0463 5520 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
22:58:54.0526 5520 KtmRm - ok
22:58:54.0573 5520 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
22:58:54.0619 5520 LanmanServer - ok
22:58:54.0666 5520 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:58:54.0760 5520 LanmanWorkstation - ok
22:58:54.0994 5520 [ 6DAAFFE9807B65E7CFA729974F844D1C ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
22:58:55.0259 5520 LeapFrog Connect Device Service - ok
22:58:55.0306 5520 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:58:55.0399 5520 lltdio - ok
22:58:55.0446 5520 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:58:55.0509 5520 lltdsvc - ok
22:58:55.0509 5520 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
22:58:55.0555 5520 lmhosts - ok
22:58:55.0618 5520 [ 6ADAB14D7AD12B35BDC665B35278099B ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
22:58:55.0649 5520 LPCFilter - ok
22:58:55.0680 5520 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:58:55.0711 5520 LSI_FC - ok
22:58:55.0727 5520 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:58:55.0743 5520 LSI_SAS - ok
22:58:55.0774 5520 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:58:55.0789 5520 LSI_SAS2 - ok
22:58:55.0821 5520 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:58:55.0836 5520 LSI_SCSI - ok
22:58:55.0867 5520 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
22:58:55.0914 5520 luafv - ok
22:58:55.0977 5520 [ 062D80F13D762F7BC2F38430D60F5048 ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
22:58:56.0008 5520 McAfeeFramework - ok
22:58:56.0070 5520 [ 50182E471B44C7A0F63B46E2DEF08B0F ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
22:58:56.0101 5520 McShield - ok
22:58:56.0133 5520 [ 113C20EB4982C5670F49718441BEE76D ] McTaskManager C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
22:58:56.0164 5520 McTaskManager - ok
22:58:56.0195 5520 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:58:56.0226 5520 Mcx2Svc - ok
22:58:56.0257 5520 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:58:56.0273 5520 megasas - ok
22:58:56.0289 5520 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:58:56.0304 5520 MegaSR - ok
22:58:56.0351 5520 [ C0D975D64C1AF8057F2D75B1297A6979 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
22:58:56.0367 5520 mfeapfk - ok
22:58:56.0398 5520 [ C169326049A8A03D5F905B34F5A65F8C ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
22:58:56.0413 5520 mfeavfk - ok
22:58:56.0445 5520 mfeavfk01 - ok
22:58:56.0476 5520 [ 50B0253B2484A306A20D8695C5AE5858 ] mfebopk C:\Windows\system32\drivers\mfebopk.sys
22:58:56.0491 5520 mfebopk - ok
22:58:56.0538 5520 [ 188B40866DB2AB8EF262FEBC65291687 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
22:58:56.0569 5520 mfehidk - ok
22:58:56.0585 5520 [ C1B30AF2E18E69BF8CEB39B33F32D3C1 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
22:58:56.0616 5520 mferkdet - ok
22:58:56.0632 5520 [ 49C8E20D178BE981FF28523A942A570F ] mfevtp C:\Windows\system32\mfevtps.exe
22:58:56.0647 5520 mfevtp - ok
22:58:56.0663 5520 [ 451B49F0E10D6058CED5B56852D82C8B ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
22:58:56.0679 5520 mfewfpk - ok
22:58:56.0710 5520 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
22:58:56.0772 5520 MMCSS - ok
22:58:56.0772 5520 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
22:58:56.0819 5520 Modem - ok
22:58:56.0850 5520 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:58:56.0897 5520 monitor - ok
22:58:56.0928 5520 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:58:56.0944 5520 mouclass - ok
22:58:56.0991 5520 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:58:57.0037 5520 mouhid - ok
22:58:57.0069 5520 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:58:57.0084 5520 mountmgr - ok
22:58:57.0131 5520 [ 755A0900BA4B9FB59B4ED1F78341693A ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:58:57.0147 5520 MozillaMaintenance - ok
22:58:57.0162 5520 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
22:58:57.0193 5520 mpio - ok
22:58:57.0209 5520 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:58:57.0271 5520 mpsdrv - ok
22:58:57.0287 5520 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:58:57.0349 5520 MpsSvc - ok
22:58:57.0381 5520 [ 21F4B24ACFC79A483515BD986DD9043F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:58:57.0474 5520 MRxDAV - ok
22:58:57.0521 5520 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:58:57.0583 5520 mrxsmb - ok
22:58:57.0599 5520 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:58:57.0646 5520 mrxsmb10 - ok
22:58:57.0661 5520 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:58:57.0708 5520 mrxsmb20 - ok
22:58:57.0724 5520 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
22:58:57.0739 5520 msahci - ok
22:58:57.0771 5520 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:58:57.0786 5520 msdsm - ok
22:58:57.0817 5520 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
22:58:57.0864 5520 MSDTC - ok
22:58:57.0895 5520 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:58:57.0942 5520 Msfs - ok
22:58:57.0958 5520 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:58:58.0005 5520 mshidkmdf - ok
22:58:58.0036 5520 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:58:58.0051 5520 msisadrv - ok
22:58:58.0098 5520 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:58:58.0161 5520 MSiSCSI - ok
22:58:58.0161 5520 msiserver - ok
22:58:58.0207 5520 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:58:58.0239 5520 MSKSSRV - ok
22:58:58.0270 5520 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:58:58.0317 5520 MSPCLOCK - ok
22:58:58.0363 5520 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:58:58.0395 5520 MSPQM - ok
22:58:58.0426 5520 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:58:58.0441 5520 MsRPC - ok
22:58:58.0473 5520 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:58:58.0488 5520 mssmbios - ok
22:58:58.0519 5520 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:58:58.0566 5520 MSTEE - ok
22:58:58.0582 5520 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:58:58.0613 5520 MTConfig - ok
22:58:58.0644 5520 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
22:58:58.0660 5520 Mup - ok
22:58:58.0691 5520 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
22:58:58.0753 5520 napagent - ok
22:58:58.0800 5520 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:58:58.0847 5520 NativeWifiP - ok
22:58:58.0909 5520 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:58:58.0941 5520 NDIS - ok
22:58:58.0987 5520 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:58:59.0034 5520 NdisCap - ok
22:58:59.0065 5520 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:58:59.0112 5520 NdisTapi - ok
22:58:59.0159 5520 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:58:59.0221 5520 Ndisuio - ok
22:58:59.0253 5520 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:58:59.0284 5520 NdisWan - ok
22:58:59.0315 5520 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:58:59.0346 5520 NDProxy - ok
22:58:59.0393 5520 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:58:59.0455 5520 NetBIOS - ok
22:58:59.0502 5520 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:58:59.0533 5520 NetBT - ok
22:58:59.0565 5520 [ 803B370865D907EA21DC0C2B6A8936B5 ] Netlogon C:\Windows\system32\lsass.exe
22:58:59.0596 5520 Netlogon - ok
22:58:59.0627 5520 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
22:58:59.0689 5520 Netman - ok
22:58:59.0721 5520 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
22:58:59.0767 5520 netprofm - ok
22:58:59.0814 5520 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:58:59.0830 5520 NetTcpPortSharing - ok
22:58:59.0845 5520 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:58:59.0861 5520 nfrd960 - ok
22:58:59.0923 5520 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
22:59:00.0017 5520 NlaSvc - ok
22:59:00.0033 5520 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:59:00.0095 5520 Npfs - ok
22:59:00.0126 5520 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
22:59:00.0157 5520 nsi - ok
22:59:00.0189 5520 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:59:00.0235 5520 nsiproxy - ok
22:59:00.0423 5520 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:59:00.0501 5520 Ntfs - ok
22:59:00.0532 5520 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
22:59:00.0594 5520 Null - ok
22:59:00.0610 5520 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:59:00.0641 5520 nvraid - ok
22:59:00.0672 5520 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:59:00.0688 5520 nvstor - ok
22:59:00.0703 5520 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:59:00.0735 5520 nv_agp - ok
22:59:00.0797 5520 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:59:00.0844 5520 odserv - ok
22:59:00.0891 5520 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:59:00.0937 5520 ohci1394 - ok
22:59:00.0984 5520 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:59:01.0015 5520 ose - ok
22:59:01.0047 5520 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:59:01.0156 5520 p2pimsvc - ok
22:59:01.0171 5520 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
22:59:01.0218 5520 p2psvc - ok
22:59:01.0249 5520 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:59:01.0265 5520 Parport - ok
22:59:01.0296 5520 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:59:01.0312 5520 partmgr - ok
22:59:01.0327 5520 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
22:59:01.0374 5520 Parvdm - ok
22:59:01.0390 5520 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:59:01.0421 5520 PcaSvc - ok
22:59:01.0452 5520 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
22:59:01.0499 5520 pci - ok
22:59:01.0515 5520 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
22:59:01.0546 5520 pciide - ok
22:59:01.0561 5520 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:59:01.0593 5520 pcmcia - ok
22:59:01.0593 5520 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
22:59:01.0624 5520 pcw - ok
22:59:01.0671 5520 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:59:01.0749 5520 PEAUTH - ok
22:59:01.0795 5520 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:59:01.0905 5520 PeerDistSvc - ok
22:59:01.0951 5520 [ B4948E692AAB9091B45105706EC3F3EE ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
22:59:01.0967 5520 PGEffect - ok
22:59:02.0029 5520 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
22:59:02.0123 5520 pla - ok
22:59:02.0170 5520 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:59:02.0232 5520 PlugPlay - ok
22:59:02.0263 5520 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:59:02.0295 5520 PNRPAutoReg - ok
22:59:02.0326 5520 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:59:02.0357 5520 PNRPsvc - ok
22:59:02.0388 5520 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:59:02.0435 5520 PolicyAgent - ok
22:59:02.0466 5520 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
22:59:02.0513 5520 Power - ok
22:59:02.0560 5520 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:59:02.0622 5520 PptpMiniport - ok
22:59:02.0654 5520 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:59:02.0685 5520 Processor - ok
22:59:02.0700 5520 ProcObsrv - ok
22:59:02.0732 5520 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
22:59:02.0825 5520 ProfSvc - ok
22:59:02.0841 5520 [ 803B370865D907EA21DC0C2B6A8936B5 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:59:02.0872 5520 ProtectedStorage - ok
22:59:02.0888 5520 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:59:02.0950 5520 Psched - ok
22:59:03.0012 5520 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:59:03.0090 5520 ql2300 - ok
22:59:03.0106 5520 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:59:03.0122 5520 ql40xx - ok
22:59:03.0153 5520 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
22:59:03.0200 5520 QWAVE - ok
22:59:03.0231 5520 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:59:03.0262 5520 QWAVEdrv - ok
22:59:03.0324 5520 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
22:59:03.0340 5520 RapiMgr - ok
22:59:03.0465 5520 [ AB51E1F08C8E789D6C9E8B94D15BE9A9 ] RapportCerberus_59849 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys
22:59:03.0512 5520 RapportCerberus_59849 - ok
22:59:03.0590 5520 [ 9D52A4DEB9F28CC41EB61346E3808E4D ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
22:59:03.0621 5520 RapportEI - ok
22:59:03.0636 5520 [ 4136175FABB89CB493DF1D237DB50CF4 ] RapportKELL C:\Windows\system32\Drivers\RapportKELL.sys
22:59:03.0668 5520 RapportKELL - ok
22:59:03.0714 5520 [ 02396BD77121751A738444325E1F14E8 ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
22:59:03.0777 5520 RapportMgmtService - ok
22:59:03.0824 5520 [ A9B99416DE6CADEE2D3C369B634F20F1 ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
22:59:03.0855 5520 RapportPG - ok
22:59:03.0870 5520 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:59:03.0917 5520 RasAcd - ok
22:59:03.0964 5520 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:59:04.0026 5520 RasAgileVpn - ok
22:59:04.0058 5520 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
22:59:04.0089 5520 RasAuto - ok
22:59:04.0120 5520 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:59:04.0182 5520 Rasl2tp - ok
22:59:04.0214 5520 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
22:59:04.0260 5520 RasMan - ok
22:59:04.0292 5520 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:59:04.0338 5520 RasPppoe - ok
22:59:04.0354 5520 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:59:04.0401 5520 RasSstp - ok
22:59:04.0432 5520 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:59:04.0479 5520 rdbss - ok
22:59:04.0494 5520 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:59:04.0510 5520 rdpbus - ok
22:59:04.0541 5520 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:59:04.0572 5520 RDPCDD - ok
22:59:04.0604 5520 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:59:04.0666 5520 RDPDR - ok
22:59:04.0697 5520 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:59:04.0760 5520 RDPENCDD - ok
22:59:04.0775 5520 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:59:04.0838 5520 RDPREFMP - ok
22:59:04.0884 5520 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:59:04.0947 5520 RdpVideoMiniport - ok
22:59:04.0994 5520 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:59:05.0073 5520 RDPWD - ok
22:59:05.0119 5520 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:59:05.0151 5520 rdyboost - ok
22:59:05.0166 5520 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
22:59:05.0229 5520 RemoteAccess - ok
22:59:05.0260 5520 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:59:05.0307 5520 RemoteRegistry - ok
22:59:05.0338 5520 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:59:05.0400 5520 RpcEptMapper - ok
22:59:05.0431 5520 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
22:59:05.0463 5520 RpcLocator - ok
22:59:05.0478 5520 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
22:59:05.0509 5520 RpcSs - ok
22:59:05.0556 5520 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:59:05.0603 5520 rspndr - ok
22:59:05.0650 5520 [ B87F999E05DD9C0312C83A8752E8E66B ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
22:59:05.0665 5520 RSUSBSTOR - ok
22:59:05.0712 5520 [ 282C64DEE8300FA717844ECC9BA5B27A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
22:59:05.0759 5520 RTL8167 - ok
22:59:05.0790 5520 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:59:05.0884 5520 s3cap - ok
22:59:05.0899 5520 [ 803B370865D907EA21DC0C2B6A8936B5 ] SamSs C:\Windows\system32\lsass.exe
22:59:05.0931 5520 SamSs - ok
22:59:05.0977 5520 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:59:05.0993 5520 sbp2port - ok
22:59:06.0024 5520 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:59:06.0055 5520 SCardSvr - ok
22:59:06.0071 5520 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:59:06.0102 5520 scfilter - ok
22:59:06.0165 5520 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
22:59:06.0227 5520 Schedule - ok
22:59:06.0274 5520 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:59:06.0321 5520 SCPolicySvc - ok
22:59:06.0352 5520 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:59:06.0399 5520 SDRSVC - ok
22:59:06.0445 5520 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:59:06.0492 5520 secdrv - ok
22:59:06.0508 5520 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
22:59:06.0555 5520 seclogon - ok
22:59:06.0570 5520 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
22:59:06.0633 5520 SENS - ok
22:59:06.0664 5520 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:59:06.0773 5520 SensrSvc - ok
22:59:06.0789 5520 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:59:06.0835 5520 Serenum - ok
22:59:06.0867 5520 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:59:06.0929 5520 Serial - ok
22:59:06.0960 5520 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:59:07.0038 5520 sermouse - ok
22:59:07.0101 5520 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
22:59:07.0163 5520 SessionEnv - ok
22:59:07.0194 5520 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:59:07.0272 5520 sffdisk - ok
22:59:07.0288 5520 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:59:07.0381 5520 sffp_mmc - ok
22:59:07.0397 5520 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:59:07.0506 5520 sffp_sd - ok
22:59:07.0553 5520 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:59:07.0600 5520 sfloppy - ok
22:59:07.0647 5520 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:59:07.0693 5520 SharedAccess - ok
22:59:07.0709 5520 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:59:07.0756 5520 ShellHWDetection - ok
22:59:07.0787 5520 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
22:59:07.0803 5520 sisagp - ok
22:59:07.0834 5520 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:59:07.0849 5520 SiSRaid2 - ok
22:59:07.0865 5520 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:59:07.0896 5520 SiSRaid4 - ok
22:59:07.0943 5520 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
22:59:07.0959 5520 SkypeUpdate - ok
22:59:07.0990 5520 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:59:08.0021 5520 Smb - ok
22:59:08.0068 5520 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:59:08.0083 5520 SNMPTRAP - ok
22:59:08.0115 5520 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
22:59:08.0130 5520 spldr - ok
22:59:08.0177 5520 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
22:59:08.0271 5520 Spooler - ok
22:59:08.0380 5520 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
22:59:08.0505 5520 sppsvc - ok
22:59:08.0551 5520 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:59:08.0598 5520 sppuinotify - ok
22:59:08.0645 5520 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\D
-
That doesn't appear to be the full report. I need to see the bottom 10 lines. Is there any change?
-
For some reason I can't post the whole report in one reply, I will split it, Here is part 1 of 2:
12:00:26.0810 3780 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:00:28.0869 3780 ============================================================
12:00:28.0869 3780 Current date / time: 2013/11/17 12:00:28.0869
12:00:28.0869 3780 SystemInfo:
12:00:28.0869 3780
12:00:28.0869 3780 OS Version: 6.1.7601 ServicePack: 1.0
12:00:28.0869 3780 Product type: Workstation
12:00:28.0869 3780 ComputerName: MNMAN
12:00:28.0869 3780 UserName: TOSHIBA
12:00:28.0869 3780 Windows directory: C:\Windows
12:00:28.0869 3780 System windows directory: C:\Windows
12:00:28.0869 3780 Processor architecture: Intel x86
12:00:28.0869 3780 Number of processors: 4
12:00:28.0869 3780 Page size: 0x1000
12:00:28.0869 3780 Boot type: Normal boot
12:00:28.0869 3780 ============================================================
12:00:30.0335 3780 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:00:30.0398 3780 Drive \Device\Harddisk2\DR2 - Size: 0x1BF0FFB000 (111.77 Gb), SectorSize: 0x200, Cylinders: 0x38FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:00:30.0445 3780 ============================================================
12:00:30.0445 3780 \Device\Harddisk0\DR0:
12:00:30.0460 3780 MBR partitions:
12:00:30.0460 3780 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:00:30.0460 3780 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC7D9000
12:00:30.0460 3780 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC80B800, BlocksNum 0x18C22800
12:00:30.0460 3780 \Device\Harddisk2\DR2:
12:00:30.0460 3780 MBR partitions:
12:00:30.0460 3780 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x258, BlocksNum 0xDF87D80
12:00:30.0460 3780 ============================================================
12:00:30.0491 3780 C: <-> \Device\Harddisk0\DR0\Partition2
12:00:30.0523 3780 D: <-> \Device\Harddisk0\DR0\Partition3
12:00:30.0569 3780 I: <-> \Device\Harddisk2\DR2\Partition1
12:00:30.0569 3780 ============================================================
12:00:30.0569 3780 Initialize success
12:00:30.0569 3780 ============================================================
12:00:37.0574 5496 ============================================================
12:00:37.0574 5496 Scan started
12:00:37.0574 5496 Mode: Manual;
12:00:37.0574 5496 ============================================================
12:00:39.0165 5496 ================ Scan system memory ========================
12:00:39.0165 5496 System memory - ok
12:00:39.0165 5496 ================ Scan services =============================
12:00:39.0337 5496 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:00:39.0337 5496 1394ohci - ok
12:00:39.0383 5496 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:00:39.0383 5496 ACPI - ok
12:00:39.0446 5496 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:00:39.0446 5496 AcpiPmi - ok
12:00:39.0555 5496 AdobeARMservice - ok
12:00:39.0633 5496 [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:00:39.0633 5496 AdobeFlashPlayerUpdateSvc - ok
12:00:39.0727 5496 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:00:39.0727 5496 adp94xx - ok
12:00:39.0789 5496 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:00:39.0789 5496 adpahci - ok
12:00:39.0836 5496 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:00:39.0836 5496 adpu320 - ok
12:00:39.0851 5496 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:00:39.0851 5496 AeLookupSvc - ok
12:00:39.0929 5496 [ F81BB7E487EDCEAB630A7EE66CF23913 ] AFD C:\Windows\system32\drivers\afd.sys
12:00:39.0929 5496 AFD - ok
12:00:39.0945 5496 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
12:00:39.0961 5496 agp440 - ok
12:00:39.0992 5496 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
12:00:39.0992 5496 aic78xx - ok
12:00:40.0039 5496 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
12:00:40.0039 5496 ALG - ok
12:00:40.0070 5496 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
12:00:40.0070 5496 aliide - ok
12:00:40.0117 5496 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:00:40.0117 5496 amdagp - ok
12:00:40.0148 5496 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
12:00:40.0148 5496 amdide - ok
12:00:40.0195 5496 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:00:40.0195 5496 AmdK8 - ok
12:00:40.0210 5496 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:00:40.0210 5496 AmdPPM - ok
12:00:40.0257 5496 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:00:40.0257 5496 amdsata - ok
12:00:40.0288 5496 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:00:40.0288 5496 amdsbs - ok
12:00:40.0320 5496 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:00:40.0320 5496 amdxata - ok
12:00:40.0366 5496 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
12:00:40.0366 5496 AppID - ok
12:00:40.0398 5496 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:00:40.0398 5496 AppIDSvc - ok
12:00:40.0444 5496 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
12:00:40.0444 5496 Appinfo - ok
12:00:40.0522 5496 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:00:40.0522 5496 Apple Mobile Device - ok
12:00:40.0569 5496 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
12:00:40.0569 5496 AppMgmt - ok
12:00:40.0616 5496 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
12:00:40.0616 5496 arc - ok
12:00:40.0632 5496 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:00:40.0647 5496 arcsas - ok
12:00:40.0663 5496 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:00:40.0678 5496 AsyncMac - ok
12:00:40.0710 5496 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
12:00:40.0710 5496 atapi - ok
12:00:40.0756 5496 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:00:40.0756 5496 AudioEndpointBuilder - ok
12:00:40.0772 5496 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:00:40.0788 5496 Audiosrv - ok
12:00:40.0819 5496 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:00:40.0819 5496 AxInstSV - ok
12:00:40.0959 5496 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
12:00:41.0006 5496 b06bdrv - ok
12:00:41.0053 5496 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
12:00:41.0053 5496 b57nd60x - ok
12:00:41.0162 5496 [ CDA161020BF75B12728AE394196AD991 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
12:00:41.0193 5496 BCM43XX - ok
12:00:41.0224 5496 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
12:00:41.0224 5496 BDESVC - ok
12:00:41.0256 5496 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
12:00:41.0256 5496 Beep - ok
12:00:41.0302 5496 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
12:00:41.0318 5496 BFE - ok
12:00:41.0365 5496 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
12:00:41.0380 5496 BITS - ok
12:00:41.0396 5496 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:00:41.0396 5496 blbdrive - ok
12:00:41.0474 5496 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:00:41.0474 5496 Bonjour Service - ok
12:00:41.0552 5496 [ E53D8FD3AB2F291963C686C01F8208F8 ] BootDefragDriver C:\Windows\system32\drivers\BootDefragDriver.sys
12:00:41.0552 5496 BootDefragDriver - ok
12:00:41.0583 5496 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:00:41.0583 5496 bowser - ok
12:00:41.0614 5496 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:00:41.0614 5496 BrFiltLo - ok
12:00:41.0630 5496 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:00:41.0630 5496 BrFiltUp - ok
12:00:41.0677 5496 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
12:00:41.0677 5496 BridgeMP - ok
12:00:41.0724 5496 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
12:00:41.0724 5496 Browser - ok
12:00:41.0770 5496 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:00:41.0770 5496 Brserid - ok
12:00:41.0817 5496 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:00:41.0817 5496 BrSerWdm - ok
12:00:41.0848 5496 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:00:41.0848 5496 BrUsbMdm - ok
12:00:41.0848 5496 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:00:41.0848 5496 BrUsbSer - ok
12:00:41.0864 5496 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:00:41.0880 5496 BTHMODEM - ok
12:00:41.0911 5496 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
12:00:41.0911 5496 bthserv - ok
12:00:41.0942 5496 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:00:41.0942 5496 cdfs - ok
12:00:42.0004 5496 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:00:42.0004 5496 cdrom - ok
12:00:42.0051 5496 [ AECD6E980834D784DEA44456B2DC5164 ] CeKbFilter C:\Windows\system32\DRIVERS\CeKbFilter.sys
12:00:42.0067 5496 CeKbFilter - ok
12:00:42.0114 5496 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
12:00:42.0114 5496 CertPropSvc - ok
12:00:42.0145 5496 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:00:42.0145 5496 circlass - ok
12:00:42.0192 5496 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
12:00:42.0192 5496 CLFS - ok
12:00:42.0254 5496 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:00:42.0254 5496 clr_optimization_v2.0.50727_32 - ok
12:00:42.0332 5496 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:00:42.0363 5496 clr_optimization_v4.0.30319_32 - ok
12:00:42.0441 5496 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:00:42.0472 5496 CmBatt - ok
12:00:42.0504 5496 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:00:42.0504 5496 cmdide - ok
12:00:42.0535 5496 [ 85449EEBE8F8EBD6481EFBF0F352B4EB ] CNG C:\Windows\system32\Drivers\cng.sys
12:00:42.0535 5496 CNG - ok
12:00:42.0566 5496 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:00:42.0582 5496 Compbatt - ok
12:00:42.0628 5496 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:00:42.0628 5496 CompositeBus - ok
12:00:42.0660 5496 COMSysApp - ok
12:00:42.0706 5496 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:00:42.0706 5496 crcdisk - ok
12:00:42.0784 5496 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:00:42.0784 5496 CryptSvc - ok
12:00:42.0831 5496 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
12:00:42.0831 5496 CSC - ok
12:00:42.0925 5496 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
12:00:42.0925 5496 CscService - ok
12:00:42.0940 5496 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
12:00:42.0940 5496 DcomLaunch - ok
12:00:42.0972 5496 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
12:00:42.0972 5496 defragsvc - ok
12:00:43.0065 5496 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:00:43.0065 5496 DfsC - ok
12:00:43.0221 5496 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:00:43.0237 5496 Dhcp - ok
12:00:43.0268 5496 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
12:00:43.0268 5496 discache - ok
12:00:43.0299 5496 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:00:43.0299 5496 Disk - ok
12:00:43.0330 5496 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:00:43.0346 5496 Dnscache - ok
12:00:43.0393 5496 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
12:00:43.0393 5496 dot3svc - ok
12:00:43.0440 5496 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
12:00:43.0440 5496 DPS - ok
12:00:43.0486 5496 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:00:43.0486 5496 drmkaud - ok
12:00:43.0549 5496 [ 71BC35067CABC02C9453AEAA42B2E43E ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:00:43.0549 5496 DXGKrnl - ok
12:00:43.0596 5496 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
12:00:43.0611 5496 EapHost - ok
12:00:43.0705 5496 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
12:00:43.0767 5496 ebdrv - ok
12:00:43.0798 5496 [ 803B370865D907EA21DC0C2B6A8936B5 ] EFS C:\Windows\System32\lsass.exe
12:00:43.0798 5496 EFS - ok
12:00:44.0079 5496 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:00:44.0079 5496 ehRecvr - ok
12:00:44.0110 5496 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
12:00:44.0110 5496 ehSched - ok
12:00:44.0157 5496 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:00:44.0157 5496 elxstor - ok
12:00:44.0188 5496 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:00:44.0204 5496 ErrDev - ok
12:00:44.0235 5496 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
12:00:44.0251 5496 EventSystem - ok
12:00:44.0360 5496 [ B0B03560D4DB067B60789FC385762510 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
12:00:44.0376 5496 ewusbnet - ok
12:00:44.0422 5496 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
12:00:44.0422 5496 ew_hwusbdev - ok
12:00:44.0469 5496 [ 61A973F60E94A551BA7B15F3460444FB ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
12:00:44.0469 5496 ew_usbenumfilter - ok
12:00:44.0500 5496 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
12:00:44.0500 5496 exfat - ok
12:00:44.0516 5496 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:00:44.0532 5496 fastfat - ok
12:00:44.0594 5496 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
12:00:44.0594 5496 Fax - ok
12:00:44.0641 5496 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:00:44.0641 5496 fdc - ok
12:00:44.0672 5496 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
12:00:44.0688 5496 fdPHost - ok
12:00:44.0703 5496 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
12:00:44.0703 5496 FDResPub - ok
12:00:44.0734 5496 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:00:44.0734 5496 FileInfo - ok
12:00:44.0750 5496 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:00:44.0750 5496 Filetrace - ok
12:00:44.0828 5496 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:00:44.0859 5496 flpydisk - ok
12:00:44.0890 5496 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:00:44.0890 5496 FltMgr - ok
12:00:44.0984 5496 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
12:00:44.0984 5496 FontCache - ok
12:00:45.0062 5496 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:00:45.0062 5496 FontCache3.0.0.0 - ok
12:00:45.0093 5496 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:00:45.0093 5496 FsDepends - ok
12:00:45.0156 5496 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:00:45.0187 5496 Fs_Rec - ok
12:00:45.0265 5496 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:00:45.0265 5496 fvevol - ok
12:00:45.0296 5496 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:00:45.0312 5496 gagp30kx - ok
12:00:45.0358 5496 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:00:45.0374 5496 GEARAspiWDM - ok
12:00:45.0405 5496 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
12:00:45.0405 5496 gpsvc - ok
12:00:45.0436 5496 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:00:45.0452 5496 hcw85cir - ok
12:00:45.0499 5496 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:00:45.0514 5496 HdAudAddService - ok
12:00:45.0546 5496 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:00:45.0546 5496 HDAudBus - ok
12:00:45.0577 5496 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\Windows\system32\DRIVERS\HECI.sys
12:00:45.0577 5496 HECI - ok
12:00:45.0592 5496 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:00:45.0592 5496 HidBatt - ok
12:00:45.0608 5496 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:00:45.0624 5496 HidBth - ok
12:00:45.0655 5496 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:00:45.0655 5496 HidIr - ok
12:00:45.0702 5496 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
12:00:45.0702 5496 hidserv - ok
12:00:45.0748 5496 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:00:45.0748 5496 HidUsb - ok
12:00:45.0795 5496 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:00:45.0795 5496 hkmsvc - ok
12:00:45.0811 5496 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:00:45.0826 5496 HomeGroupListener - ok
12:00:45.0842 5496 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:00:45.0858 5496 HomeGroupProvider - ok
12:00:45.0904 5496 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:00:45.0904 5496 HpSAMD - ok
12:00:45.0951 5496 [ 950CC1E6AE3A6CD23E0945CDE089B02C ] HTCAND32 C:\Windows\system32\Drivers\ANDROIDUSB.sys
12:00:45.0951 5496 HTCAND32 - ok
12:00:46.0201 5496 [ 5C8BC8A28798FD010E7ABC4E0D588CAA ] HTCMonitorService C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
12:00:46.0201 5496 HTCMonitorService - ok
12:00:46.0248 5496 [ 339ADEFAD60353F960E3CA67CE468C24 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
12:00:46.0248 5496 htcnprot - ok
12:00:46.0326 5496 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:00:46.0341 5496 HTTP - ok
12:00:46.0388 5496 [ FB572C3FC151C308D1DC3A99954D97B7 ] huawei_cdcacm C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
12:00:46.0388 5496 huawei_cdcacm - ok
12:00:46.0450 5496 [ 00B363D211909FB85BC6300A3214AC03 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
12:00:46.0450 5496 huawei_enumerator - ok
12:00:46.0513 5496 [ 7B1DED0BE9A4203857AB0DED695983E6 ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
12:00:46.0513 5496 huawei_ext_ctrl - ok
12:00:46.0544 5496 [ 189AC9CB8630FAEB1DCAE2F97B8FF98C ] huawei_wwanecm C:\Windows\system32\DRIVERS\ew_juwwanecm.sys
12:00:46.0560 5496 huawei_wwanecm - ok
12:00:46.0591 5496 [ 1C09309A3D793C57EF87AC60C6BBD739 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
12:00:46.0591 5496 hwdatacard - ok
12:00:46.0622 5496 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:00:46.0622 5496 hwpolicy - ok
12:00:46.0669 5496 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:00:46.0669 5496 i8042prt - ok
12:00:46.0716 5496 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:00:46.0731 5496 iaStorV - ok
12:00:46.0809 5496 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:00:46.0809 5496 idsvc - ok
12:00:46.0996 5496 [ DB7413CF09D74231720F78737DCF4188 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
12:00:47.0152 5496 igfx - ok
12:00:47.0199 5496 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:00:47.0199 5496 iirsp - ok
12:00:47.0277 5496 [ EDCCC8C13B1EB882F77BA0ABB84566E7 ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
12:00:47.0277 5496 IJPLMSVC - ok
12:00:47.0324 5496 [ B9C54120F46392100478F58F374E5709 ] IKEEXT C:\Windows\System32\ikeext.dll
12:00:47.0324 5496 IKEEXT - ok
12:00:47.0402 5496 [ E3C36AC5AE87EC970AE8EA2A93D59AE1 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
12:00:47.0402 5496 Impcd - ok
12:00:47.0542 5496 [ AEE99ECF06CD1CEA95816CCB5BF73EC8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:00:47.0776 5496 IntcAzAudAddService - ok
12:00:47.0808 5496 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
12:00:47.0839 5496 intelide - ok
12:00:47.0886 5496 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:00:47.0886 5496 intelppm - ok
12:00:47.0917 5496 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:00:47.0917 5496 IPBusEnum - ok
12:00:47.0948 5496 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:00:47.0948 5496 IpFilterDriver - ok
12:00:47.0995 5496 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:00:47.0995 5496 iphlpsvc - ok
12:00:48.0026 5496 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:00:48.0026 5496 IPMIDRV - ok
12:00:48.0057 5496 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:00:48.0073 5496 IPNAT - ok
12:00:48.0135 5496 [ FE56897B27ED266F9C4E7D90A0B5DA47 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:00:48.0151 5496 iPod Service - ok
12:00:48.0166 5496 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:00:48.0166 5496 IRENUM - ok
12:00:48.0182 5496 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:00:48.0182 5496 isapnp - ok
12:00:48.0229 5496 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:00:48.0229 5496 iScsiPrt - ok
12:00:48.0260 5496 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
12:00:48.0260 5496 kbdclass - ok
12:00:48.0291 5496 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:00:48.0291 5496 kbdhid - ok
12:00:48.0307 5496 [ 803B370865D907EA21DC0C2B6A8936B5 ] KeyIso C:\Windows\system32\lsass.exe
12:00:48.0307 5496 KeyIso - ok
12:00:48.0338 5496 [ F286830298323272260332D6ABC905C1 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:00:48.0354 5496 KSecDD - ok
12:00:48.0369 5496 [ D7C760D57B1656DD748B9E4AB6CB5A51 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:00:48.0385 5496 KSecPkg - ok
12:00:48.0400 5496 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
12:00:48.0416 5496 KtmRm - ok
12:00:48.0447 5496 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
12:00:48.0447 5496 LanmanServer - ok
12:00:48.0478 5496 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:00:48.0494 5496 LanmanWorkstation - ok
12:00:48.0712 5496 [ 6DAAFFE9807B65E7CFA729974F844D1C ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
12:00:48.0759 5496 LeapFrog Connect Device Service - ok
12:00:48.0806 5496 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:00:48.0806 5496 lltdio - ok
12:00:48.0837 5496 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:00:48.0837 5496 lltdsvc - ok
12:00:48.0884 5496 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
12:00:48.0884 5496 lmhosts - ok
12:00:48.0931 5496 [ 6ADAB14D7AD12B35BDC665B35278099B ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
12:00:48.0931 5496 LPCFilter - ok
12:00:48.0962 5496 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:00:48.0962 5496 LSI_FC - ok
12:00:48.0993 5496 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:00:48.0993 5496 LSI_SAS - ok
12:00:49.0009 5496 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:00:49.0009 5496 LSI_SAS2 - ok
12:00:49.0024 5496 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:00:49.0040 5496 LSI_SCSI - ok
12:00:49.0071 5496 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
12:00:49.0071 5496 luafv - ok
12:00:49.0305 5496 [ 062D80F13D762F7BC2F38430D60F5048 ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
12:00:49.0305 5496 McAfeeFramework - ok
12:00:49.0446 5496 [ 50182E471B44C7A0F63B46E2DEF08B0F ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
12:00:49.0446 5496 McShield - ok
12:00:49.0586 5496 [ 113C20EB4982C5670F49718441BEE76D ] McTaskManager C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
12:00:49.0586 5496 McTaskManager - ok
12:00:49.0617 5496 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:00:49.0633 5496 Mcx2Svc - ok
12:00:49.0664 5496 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:00:49.0664 5496 megasas - ok
12:00:49.0695 5496 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:00:49.0695 5496 MegaSR - ok
12:00:49.0742 5496 [ C0D975D64C1AF8057F2D75B1297A6979 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
12:00:49.0742 5496 mfeapfk - ok
12:00:49.0773 5496 [ C169326049A8A03D5F905B34F5A65F8C ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
12:00:49.0804 5496 mfeavfk - ok
12:00:49.0914 5496 mfeavfk01 - ok
12:00:49.0960 5496 [ 50B0253B2484A306A20D8695C5AE5858 ] mfebopk C:\Windows\system32\drivers\mfebopk.sys
12:00:49.0960 5496 mfebopk - ok
12:00:49.0992 5496 [ 188B40866DB2AB8EF262FEBC65291687 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
12:00:50.0007 5496 mfehidk - ok
12:00:50.0023 5496 [ C1B30AF2E18E69BF8CEB39B33F32D3C1 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
12:00:50.0023 5496 mferkdet - ok
12:00:50.0038 5496 [ 49C8E20D178BE981FF28523A942A570F ] mfevtp C:\Windows\system32\mfevtps.exe
12:00:50.0054 5496 mfevtp - ok
12:00:50.0210 5496 [ 451B49F0E10D6058CED5B56852D82C8B ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
12:00:50.0210 5496 mfewfpk - ok
12:00:50.0397 5496 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
12:00:50.0397 5496 MMCSS - ok
12:00:50.0460 5496 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
12:00:50.0460 5496 Modem - ok
12:00:50.0522 5496 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:00:50.0522 5496 monitor - ok
12:00:50.0631 5496 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:00:50.0694 5496 mouclass - ok
12:00:50.0881 5496 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:00:50.0881 5496 mouhid - ok
12:00:50.0912 5496 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:00:50.0928 5496 mountmgr - ok
12:00:50.0974 5496 [ 755A0900BA4B9FB59B4ED1F78341693A ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:00:50.0974 5496 MozillaMaintenance - ok
12:00:50.0990 5496 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
12:00:50.0990 5496 mpio - ok
12:00:51.0021 5496 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:00:51.0021 5496 mpsdrv - ok
12:00:51.0052 5496 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:00:51.0068 5496 MpsSvc - ok
12:00:51.0099 5496 [ 21F4B24ACFC79A483515BD986DD9043F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:00:51.0099 5496 MRxDAV - ok
12:00:51.0162 5496 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:00:51.0162 5496 mrxsmb - ok
12:00:51.0177 5496 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:00:51.0193 5496 mrxsmb10 - ok
12:00:51.0271 5496 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:00:51.0318 5496 mrxsmb20 - ok
12:00:51.0552 5496 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
12:00:51.0552 5496 msahci - ok
12:00:51.0583 5496 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:00:51.0583 5496 msdsm - ok
12:00:51.0630 5496 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
12:00:51.0630 5496 MSDTC - ok
12:00:51.0661 5496 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:00:51.0661 5496 Msfs - ok
12:00:51.0676 5496 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:00:51.0676 5496 mshidkmdf - ok
12:00:51.0708 5496 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:00:51.0708 5496 msisadrv - ok
12:00:51.0754 5496 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:00:51.0754 5496 MSiSCSI - ok
12:00:51.0754 5496 msiserver - ok
12:00:51.0801 5496 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:00:51.0801 5496 MSKSSRV - ok
12:00:51.0817 5496 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:00:51.0817 5496 MSPCLOCK - ok
12:00:51.0832 5496 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:00:51.0832 5496 MSPQM - ok
12:00:51.0848 5496 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:00:51.0848 5496 MsRPC - ok
12:00:51.0910 5496 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:00:51.0910 5496 mssmbios - ok
12:00:51.0988 5496 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:00:52.0020 5496 MSTEE - ok
12:00:52.0035 5496 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:00:52.0035 5496 MTConfig - ok
12:00:52.0051 5496 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
12:00:52.0051 5496 Mup - ok
12:00:52.0082 5496 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
12:00:52.0082 5496 napagent - ok
12:00:52.0144 5496 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:00:52.0144 5496 NativeWifiP - ok
12:00:52.0191 5496 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:00:52.0207 5496 NDIS - ok
12:00:52.0238 5496 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:00:52.0238 5496 NdisCap - ok
12:00:52.0269 5496 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:00:52.0269 5496 NdisTapi - ok
12:00:52.0347 5496 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:00:52.0363 5496 Ndisuio - ok
12:00:52.0425 5496 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:00:52.0441 5496 NdisWan - ok
12:00:52.0472 5496 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:00:52.0472 5496 NDProxy - ok
12:00:52.0503 5496 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:00:52.0503 5496 NetBIOS - ok
12:00:52.0534 5496 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:00:52.0534 5496 NetBT - ok
12:00:52.0550 5496 [ 803B370865D907EA21DC0C2B6A8936B5 ] Netlogon C:\Windows\system32\lsass.exe
12:00:52.0550 5496 Netlogon - ok
12:00:52.0581 5496 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
12:00:52.0581 5496 Netman - ok
12:00:52.0597 5496 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
-
Here is Part 2 of 2
12:00:52.0597 5496 netprofm - ok
12:00:52.0644 5496 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:00:52.0644 5496 NetTcpPortSharing - ok
12:00:52.0675 5496 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:00:52.0675 5496 nfrd960 - ok
12:00:52.0706 5496 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
12:00:52.0722 5496 NlaSvc - ok
12:00:52.0737 5496 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:00:52.0737 5496 Npfs - ok
12:00:52.0753 5496 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
12:00:52.0768 5496 nsi - ok
12:00:52.0784 5496 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:00:52.0784 5496 nsiproxy - ok
12:00:52.0831 5496 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:00:52.0846 5496 Ntfs - ok
12:00:52.0878 5496 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
12:00:52.0893 5496 Null - ok
12:00:52.0909 5496 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:00:52.0909 5496 nvraid - ok
12:00:52.0940 5496 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:00:52.0956 5496 nvstor - ok
12:00:52.0971 5496 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:00:52.0971 5496 nv_agp - ok
12:00:53.0049 5496 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:00:53.0065 5496 odserv - ok
12:00:53.0096 5496 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:00:53.0096 5496 ohci1394 - ok
12:00:53.0127 5496 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:00:53.0127 5496 ose - ok
12:00:53.0158 5496 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:00:53.0158 5496 p2pimsvc - ok
12:00:53.0174 5496 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
12:00:53.0190 5496 p2psvc - ok
12:00:53.0221 5496 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:00:53.0236 5496 Parport - ok
12:00:53.0314 5496 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:00:53.0314 5496 partmgr - ok
12:00:53.0377 5496 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
12:00:53.0517 5496 Parvdm - ok
12:00:53.0580 5496 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:00:53.0580 5496 PcaSvc - ok
12:00:53.0611 5496 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
12:00:53.0626 5496 pci - ok
12:00:53.0642 5496 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
12:00:53.0658 5496 pciide - ok
12:00:53.0689 5496 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:00:53.0689 5496 pcmcia - ok
12:00:53.0704 5496 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
12:00:53.0704 5496 pcw - ok
12:00:53.0736 5496 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:00:53.0751 5496 PEAUTH - ok
12:00:53.0782 5496 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:00:53.0798 5496 PeerDistSvc - ok
12:00:53.0845 5496 [ B4948E692AAB9091B45105706EC3F3EE ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
12:00:53.0845 5496 PGEffect - ok
12:00:53.0923 5496 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
12:00:53.0938 5496 pla - ok
12:00:53.0985 5496 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:00:54.0001 5496 PlugPlay - ok
12:00:54.0032 5496 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:00:54.0032 5496 PNRPAutoReg - ok
12:00:54.0063 5496 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:00:54.0063 5496 PNRPsvc - ok
12:00:54.0094 5496 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:00:54.0094 5496 PolicyAgent - ok
12:00:54.0141 5496 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
12:00:54.0141 5496 Power - ok
12:00:54.0172 5496 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:00:54.0188 5496 PptpMiniport - ok
12:00:54.0204 5496 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:00:54.0204 5496 Processor - ok
12:00:54.0328 5496 [ ABA03A53F6929DDC84BA90CEAC1AE965 ] ProcObsrv C:\Program Files\Glary Utilities 3\ProcObsrv.sys
12:00:54.0328 5496 ProcObsrv - ok
12:00:54.0360 5496 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
12:00:54.0360 5496 ProfSvc - ok
12:00:54.0391 5496 [ 803B370865D907EA21DC0C2B6A8936B5 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:00:54.0391 5496 ProtectedStorage - ok
12:00:54.0422 5496 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:00:54.0422 5496 Psched - ok
12:00:54.0484 5496 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:00:54.0516 5496 ql2300 - ok
12:00:54.0531 5496 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:00:54.0531 5496 ql40xx - ok
12:00:54.0547 5496 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
12:00:54.0547 5496 QWAVE - ok
12:00:54.0578 5496 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:00:54.0578 5496 QWAVEdrv - ok
12:00:54.0703 5496 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
12:00:54.0718 5496 RapiMgr - ok
12:00:54.0859 5496 [ AB51E1F08C8E789D6C9E8B94D15BE9A9 ] RapportCerberus_59849 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys
12:00:54.0874 5496 RapportCerberus_59849 - ok
12:00:54.0952 5496 [ 9D52A4DEB9F28CC41EB61346E3808E4D ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
12:00:54.0952 5496 RapportEI - ok
12:00:54.0984 5496 [ 4136175FABB89CB493DF1D237DB50CF4 ] RapportKELL C:\Windows\system32\Drivers\RapportKELL.sys
12:00:54.0984 5496 RapportKELL - ok
12:00:55.0046 5496 [ 02396BD77121751A738444325E1F14E8 ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
12:00:55.0046 5496 RapportMgmtService - ok
12:00:55.0108 5496 [ A9B99416DE6CADEE2D3C369B634F20F1 ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
12:00:55.0108 5496 RapportPG - ok
12:00:55.0124 5496 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:00:55.0124 5496 RasAcd - ok
12:00:55.0171 5496 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:00:55.0171 5496 RasAgileVpn - ok
12:00:55.0218 5496 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
12:00:55.0233 5496 RasAuto - ok
12:00:55.0264 5496 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:00:55.0264 5496 Rasl2tp - ok
12:00:55.0296 5496 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
12:00:55.0311 5496 RasMan - ok
12:00:55.0342 5496 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:00:55.0342 5496 RasPppoe - ok
12:00:55.0374 5496 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:00:55.0374 5496 RasSstp - ok
12:00:55.0405 5496 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:00:55.0405 5496 rdbss - ok
12:00:55.0420 5496 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:00:55.0420 5496 rdpbus - ok
12:00:55.0452 5496 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:00:55.0452 5496 RDPCDD - ok
12:00:55.0498 5496 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:00:55.0498 5496 RDPDR - ok
12:00:55.0545 5496 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:00:55.0545 5496 RDPENCDD - ok
12:00:55.0561 5496 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:00:55.0561 5496 RDPREFMP - ok
12:00:55.0623 5496 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:00:55.0623 5496 RdpVideoMiniport - ok
12:00:55.0670 5496 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:00:55.0670 5496 RDPWD - ok
12:00:55.0732 5496 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:00:55.0732 5496 rdyboost - ok
12:00:55.0779 5496 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
12:00:55.0779 5496 RemoteAccess - ok
12:00:55.0810 5496 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:00:55.0826 5496 RemoteRegistry - ok
12:00:55.0842 5496 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:00:55.0842 5496 RpcEptMapper - ok
12:00:55.0873 5496 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
12:00:55.0873 5496 RpcLocator - ok
12:00:55.0888 5496 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
12:00:55.0888 5496 RpcSs - ok
12:00:55.0935 5496 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:00:55.0935 5496 rspndr - ok
12:00:55.0982 5496 [ B87F999E05DD9C0312C83A8752E8E66B ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
12:00:55.0982 5496 RSUSBSTOR - ok
12:00:56.0029 5496 [ 282C64DEE8300FA717844ECC9BA5B27A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
12:00:56.0044 5496 RTL8167 - ok
12:00:56.0060 5496 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
12:00:56.0060 5496 s3cap - ok
12:00:56.0076 5496 [ 803B370865D907EA21DC0C2B6A8936B5 ] SamSs C:\Windows\system32\lsass.exe
12:00:56.0076 5496 SamSs - ok
12:00:56.0122 5496 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:00:56.0122 5496 sbp2port - ok
12:00:56.0138 5496 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:00:56.0138 5496 SCardSvr - ok
12:00:56.0154 5496 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:00:56.0154 5496 scfilter - ok
12:00:56.0200 5496 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
12:00:56.0200 5496 Schedule - ok
12:00:56.0232 5496 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:00:56.0232 5496 SCPolicySvc - ok
12:00:56.0263 5496 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:00:56.0263 5496 SDRSVC - ok
12:00:56.0310 5496 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:00:56.0310 5496 secdrv - ok
12:00:56.0325 5496 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
12:00:56.0325 5496 seclogon - ok
12:00:56.0356 5496 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
12:00:56.0356 5496 SENS - ok
12:00:56.0388 5496 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:00:56.0388 5496 SensrSvc - ok
12:00:56.0403 5496 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:00:56.0403 5496 Serenum - ok
12:00:56.0450 5496 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:00:56.0450 5496 Serial - ok
12:00:56.0481 5496 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:00:56.0481 5496 sermouse - ok
12:00:56.0559 5496 [ 62CEDDAC546D59F9FC0ADD2E95A5EDF4 ] Service1 C:\Windows\system32\service.exe
12:00:56.0559 5496 Service1 - ok
12:00:56.0606 5496 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
12:00:56.0622 5496 SessionEnv - ok
12:00:56.0637 5496 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:00:56.0637 5496 sffdisk - ok
12:00:56.0653 5496 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:00:56.0653 5496 sffp_mmc - ok
12:00:56.0684 5496 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:00:56.0684 5496 sffp_sd - ok
12:00:56.0715 5496 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:00:56.0715 5496 sfloppy - ok
12:00:56.0731 5496 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:00:56.0746 5496 SharedAccess - ok
12:00:56.0762 5496 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:00:56.0778 5496 ShellHWDetection - ok
12:00:56.0793 5496 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:00:56.0793 5496 sisagp - ok
12:00:56.0840 5496 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:00:56.0840 5496 SiSRaid2 - ok
12:00:56.0856 5496 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:00:56.0856 5496 SiSRaid4 - ok
12:00:56.0918 5496 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
12:00:56.0918 5496 SkypeUpdate - ok
12:00:56.0949 5496 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:00:56.0949 5496 Smb - ok
12:00:56.0996 5496 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:00:56.0996 5496 SNMPTRAP - ok
12:00:57.0027 5496 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
12:00:57.0027 5496 spldr - ok
12:00:57.0074 5496 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
12:00:57.0074 5496 Spooler - ok
12:00:57.0168 5496 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
12:00:57.0183 5496 sppsvc - ok
12:00:57.0214 5496 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:00:57.0214 5496 sppuinotify - ok
12:00:57.0277 5496 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:00:57.0277 5496 srv - ok
12:00:57.0277 5496 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:00:57.0292 5496 srv2 - ok
12:00:57.0308 5496 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:00:57.0308 5496 srvnet - ok
12:00:57.0339 5496 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:00:57.0339 5496 SSDPSRV - ok
12:00:57.0370 5496 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:00:57.0370 5496 SstpSvc - ok
12:00:57.0417 5496 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:00:57.0417 5496 stexstor - ok
12:00:57.0464 5496 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
12:00:57.0480 5496 StiSvc - ok
12:00:57.0511 5496 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
12:00:57.0511 5496 storflt - ok
12:00:57.0526 5496 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
12:00:57.0526 5496 StorSvc - ok
12:00:57.0558 5496 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
12:00:57.0558 5496 storvsc - ok
12:00:57.0589 5496 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
12:00:57.0589 5496 swenum - ok
12:00:57.0604 5496 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
12:00:57.0620 5496 swprv - ok
12:00:57.0667 5496 [ 9A28F1C47CE0C8BBC02AAF5941AB44CD ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:00:57.0682 5496 SynTP - ok
12:00:57.0729 5496 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
12:00:57.0745 5496 SysMain - ok
12:00:57.0776 5496 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:00:57.0792 5496 TabletInputService - ok
12:00:57.0823 5496 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
12:00:57.0838 5496 TapiSrv - ok
12:00:57.0854 5496 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
12:00:57.0854 5496 TBS - ok
12:00:57.0901 5496 [ CA59F7C570AF70BC174F477CFE2D9EE3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:00:57.0932 5496 Tcpip - ok
12:00:57.0979 5496 [ CA59F7C570AF70BC174F477CFE2D9EE3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:00:57.0979 5496 TCPIP6 - ok
12:00:58.0026 5496 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:00:58.0026 5496 tcpipreg - ok
12:00:58.0057 5496 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:00:58.0057 5496 TDPIPE - ok
12:00:58.0088 5496 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:00:58.0088 5496 TDTCP - ok
12:00:58.0104 5496 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:00:58.0119 5496 tdx - ok
12:00:58.0119 5496 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:00:58.0119 5496 TermDD - ok
12:00:58.0166 5496 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
12:00:58.0182 5496 TermService - ok
12:00:58.0213 5496 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
12:00:58.0213 5496 Themes - ok
12:00:58.0228 5496 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
12:00:58.0228 5496 THREADORDER - ok
12:00:58.0291 5496 [ F95208D35A9667C58CF8122EE22805A6 ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
12:00:58.0291 5496 TOSHIBA Bluetooth Service - ok
12:00:58.0322 5496 [ 90AFA1A4451BBBEE87C9F18A665D8121 ] tosporte C:\Windows\system32\DRIVERS\tosporte.sys
12:00:58.0322 5496 tosporte - ok
12:00:58.0353 5496 [ 490A76AB428F34EA676A23E429DD6DA4 ] tosrfbd C:\Windows\system32\DRIVERS\tosrfbd.sys
12:00:58.0369 5496 tosrfbd - ok
12:00:58.0400 5496 [ 75CD3C238A0FFC66C4581C3870C09314 ] tosrfbnp C:\Windows\system32\Drivers\tosrfbnp.sys
12:00:58.0400 5496 tosrfbnp - ok
12:00:58.0416 5496 [ B551D3F266DDA311256F963E8CFD1E9B ] Tosrfcom C:\Windows\system32\Drivers\tosrfcom.sys
12:00:58.0431 5496 Tosrfcom - ok
12:00:58.0478 5496 [ 51BAA142744E236C3A886479CAD99A06 ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys
12:00:58.0478 5496 tosrfec - ok
12:00:58.0494 5496 [ F3E8762163EE87F3AC95537584CF5B4F ] Tosrfhid C:\Windows\system32\DRIVERS\Tosrfhid.sys
12:00:58.0509 5496 Tosrfhid - ok
12:00:58.0525 5496 [ B2A1A6538245FD69578224BBF2FD4677 ] tosrfnds C:\Windows\system32\DRIVERS\tosrfnds.sys
12:00:58.0525 5496 tosrfnds - ok
12:00:58.0556 5496 [ 3DE5CBB4F8EB64563CE08E8EC7458D03 ] TosRfSnd C:\Windows\system32\drivers\tosrfsnd.sys
12:00:58.0556 5496 TosRfSnd - ok
12:00:58.0618 5496 [ AF5126FB6E9ED41C99AB7A10E98729CD ] Tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys
12:00:58.0665 5496 Tosrfusb - ok
12:00:58.0743 5496 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
12:00:58.0743 5496 TrkWks - ok
12:00:58.0806 5496 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:00:58.0821 5496 TrustedInstaller - ok
12:00:58.0852 5496 [ B37B08F2E5EEB1A37E448E09BACE1101 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:00:58.0852 5496 tssecsrv - ok
12:00:58.0884 5496 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:00:58.0884 5496 TsUsbFlt - ok
12:00:58.0946 5496 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:00:58.0946 5496 tunnel - ok
12:00:59.0055 5496 [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
12:00:59.0086 5496 TVALZ - ok
12:00:59.0133 5496 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:00:59.0149 5496 uagp35 - ok
12:00:59.0164 5496 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:00:59.0164 5496 udfs - ok
12:00:59.0211 5496 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:00:59.0211 5496 UI0Detect - ok
12:00:59.0242 5496 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:00:59.0242 5496 uliagpkx - ok
12:00:59.0289 5496 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
12:00:59.0289 5496 umbus - ok
12:00:59.0320 5496 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:00:59.0320 5496 UmPass - ok
12:00:59.0523 5496 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
12:00:59.0539 5496 UmRdpService - ok
12:00:59.0601 5496 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
12:00:59.0601 5496 upnphost - ok
12:00:59.0632 5496 [ 71D97F1A3CC47A56728F7A400A3F8295 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:00:59.0632 5496 usbccgp - ok
12:00:59.0664 5496 [ 2352AB5F9F8F097BF9D41D5A4718A041 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:00:59.0664 5496 usbcir - ok
12:00:59.0679 5496 [ C4FB8E7ADEA9B5CEEA885A1B504B7E40 ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:00:59.0679 5496 usbehci - ok
12:00:59.0726 5496 [ 86AA95ACB611001E26CD2C0145F2225A ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:00:59.0742 5496 usbhub - ok
12:00:59.0742 5496 [ DCDF9855145A14DFCA0AB32308871961 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:00:59.0757 5496 usbohci - ok
12:00:59.0788 5496 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:00:59.0804 5496 usbprint - ok
12:00:59.0851 5496 [ FC6B21DB4B5B398AB93DBE59CBF11036 ] usbscan C:\Windows\system32\drivers\usbscan.sys
12:00:59.0851 5496 usbscan - ok
12:00:59.0866 5496 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:00:59.0866 5496 USBSTOR - ok
12:00:59.0882 5496 [ 8E51D04175BAA14C4F79AA5F6D248770 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:00:59.0882 5496 usbuhci - ok
12:00:59.0913 5496 [ DE014425522610BEDCA3821BB8C0F1D5 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
12:00:59.0913 5496 usbvideo - ok
12:00:59.0976 5496 [ AF77716205C97E902E6C5B78DECE2CCA ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
12:00:59.0976 5496 usb_rndisx - ok
12:01:00.0007 5496 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
12:01:00.0007 5496 UxSms - ok
12:01:00.0022 5496 [ 803B370865D907EA21DC0C2B6A8936B5 ] VaultSvc C:\Windows\system32\lsass.exe
12:01:00.0022 5496 VaultSvc - ok
12:01:00.0069 5496 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:01:00.0069 5496 vdrvroot - ok
12:01:00.0116 5496 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
12:01:00.0116 5496 vds - ok
12:01:00.0163 5496 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:01:00.0163 5496 vga - ok
12:01:00.0178 5496 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:01:00.0178 5496 VgaSave - ok
12:01:00.0210 5496 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:01:00.0225 5496 vhdmp - ok
12:01:00.0256 5496 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:01:00.0256 5496 viaagp - ok
12:01:00.0288 5496 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
12:01:00.0288 5496 ViaC7 - ok
12:01:00.0319 5496 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
12:01:00.0319 5496 viaide - ok
12:01:00.0366 5496 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
12:01:00.0366 5496 vmbus - ok
12:01:00.0397 5496 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
12:01:00.0397 5496 VMBusHID - ok
12:01:00.0428 5496 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:01:00.0428 5496 volmgr - ok
12:01:00.0459 5496 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:01:00.0459 5496 volmgrx - ok
12:01:00.0490 5496 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:01:00.0490 5496 volsnap - ok
12:01:00.0522 5496 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:01:00.0537 5496 vsmraid - ok
12:01:00.0584 5496 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
12:01:00.0584 5496 VSS - ok
12:01:00.0615 5496 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:01:00.0615 5496 vwifibus - ok
12:01:00.0646 5496 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:01:00.0646 5496 vwififlt - ok
12:01:00.0678 5496 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
12:01:00.0678 5496 W32Time - ok
12:01:00.0693 5496 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:01:00.0693 5496 WacomPen - ok
12:01:00.0740 5496 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:01:00.0740 5496 WANARP - ok
12:01:00.0740 5496 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:01:00.0756 5496 Wanarpv6 - ok
12:01:00.0818 5496 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:01:00.0834 5496 WatAdminSvc - ok
12:01:00.0896 5496 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
12:01:00.0912 5496 wbengine - ok
12:01:00.0943 5496 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:01:00.0943 5496 WbioSrvc - ok
12:01:01.0005 5496 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
12:01:01.0005 5496 WcesComm - ok
12:01:01.0052 5496 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:01:01.0052 5496 wcncsvc - ok
12:01:01.0083 5496 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:01:01.0083 5496 WcsPlugInService - ok
12:01:01.0099 5496 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:01:01.0099 5496 Wd - ok
12:01:01.0130 5496 [ 25944D2CC49E0A6C581D02A74B7D6645 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:01:01.0146 5496 Wdf01000 - ok
12:01:01.0161 5496 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:01:01.0177 5496 WdiServiceHost - ok
12:01:01.0177 5496 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:01:01.0177 5496 WdiSystemHost - ok
12:01:01.0208 5496 [ 75E8EBD7040CE238684333F97014762A ] WebClient C:\Windows\System32\webclnt.dll
12:01:01.0208 5496 WebClient - ok
12:01:01.0239 5496 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:01:01.0255 5496 Wecsvc - ok
12:01:01.0270 5496 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:01:01.0270 5496 wercplsupport - ok
12:01:01.0317 5496 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
12:01:01.0317 5496 WerSvc - ok
12:01:01.0380 5496 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:01:01.0380 5496 WfpLwf - ok
12:01:01.0411 5496 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:01:01.0411 5496 WIMMount - ok
12:01:01.0473 5496 [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:01:01.0489 5496 WinDefend - ok
12:01:01.0504 5496 WinHttpAutoProxySvc - ok
12:01:01.0551 5496 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:01:01.0551 5496 Winmgmt - ok
12:01:01.0629 5496 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
12:01:01.0629 5496 WinRM - ok
12:01:01.0676 5496 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:01:01.0692 5496 WinUsb - ok
12:01:01.0723 5496 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:01:01.0723 5496 Wlansvc - ok
12:01:01.0816 5496 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:01:01.0832 5496 wlidsvc - ok
12:01:01.0863 5496 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:01:01.0879 5496 WmiAcpi - ok
12:01:01.0894 5496 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:01:01.0910 5496 wmiApSrv - ok
12:01:01.0957 5496 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:01:01.0972 5496 WMPNetworkSvc - ok
12:01:02.0004 5496 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:01:02.0004 5496 WPCSvc - ok
12:01:02.0035 5496 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:01:02.0035 5496 WPDBusEnum - ok
12:01:02.0050 5496 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:01:02.0066 5496 ws2ifsl - ok
12:01:02.0082 5496 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
12:01:02.0097 5496 wscsvc - ok
12:01:02.0097 5496 WSearch - ok
12:01:02.0160 5496 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
12:01:02.0175 5496 wuauserv - ok
12:01:02.0191 5496 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:01:02.0206 5496 WudfPf - ok
12:01:02.0222 5496 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:01:02.0222 5496 WUDFRd - ok
12:01:02.0253 5496 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:01:02.0253 5496 wudfsvc - ok
12:01:02.0300 5496 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
12:01:02.0300 5496 WwanSvc - ok
12:01:02.0394 5496 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
12:01:02.0394 5496 YahooAUService - ok
12:01:02.0487 5496 ================ Scan global ===============================
12:01:02.0518 5496 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
12:01:02.0550 5496 [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
12:01:02.0565 5496 [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
12:01:02.0581 5496 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:01:02.0628 5496 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:01:02.0628 5496 [Global] - ok
12:01:02.0628 5496 ================ Scan MBR ==================================
12:01:02.0643 5496 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:01:03.0064 5496 \Device\Harddisk0\DR0 - ok
12:01:03.0064 5496 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk2\DR2
12:01:05.0030 5496 \Device\Harddisk2\DR2 - ok
12:01:05.0030 5496 ================ Scan VBR ==================================
12:01:05.0092 5496 [ F840048E3EB1FAECD27D5B14300B3110 ] \Device\Harddisk0\DR0\Partition1
12:01:05.0108 5496 \Device\Harddisk0\DR0\Partition1 - ok
12:01:05.0124 5496 [ F2FA2C4DD09D356A313E5DEC155033AC ] \Device\Harddisk0\DR0\Partition2
12:01:05.0124 5496 \Device\Harddisk0\DR0\Partition2 - ok
12:01:05.0139 5496 [ A528603B6678288682D02AFCF06AB09A ] \Device\Harddisk0\DR0\Partition3
12:01:05.0155 5496 \Device\Harddisk0\DR0\Partition3 - ok
12:01:05.0155 5496 [ D935D928FED99593EE260AE1E87CE67E ] \Device\Harddisk2\DR2\Partition1
12:01:05.0155 5496 \Device\Harddisk2\DR2\Partition1 - ok
12:01:05.0155 5496 ============================================================
12:01:05.0155 5496 Scan finished
12:01:05.0155 5496 ============================================================
12:01:05.0170 3076 Detected object count: 0
12:01:05.0170 3076 Actual detected object count: 0
-
Is there any change?
NO change the popup still there. :||x :'(
-
The only thing I think of doing is to try another browser such as Firefox to see if it still happens.
-
The only thing I think of doing is to try another browser such as Firefox to see if it still happens
I have tried both Google Chrome and FireFox , and YES it still happens.
Please don't give up on me :) , :'( :'(
-
Download Dr.Web CureIt to the desktop:
Dr WebCureIt (http://ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe)
- Double-click the launch.exe or cureit.exe file and Allow to run the express scan
- This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, chose the Complete Scan.
- Select all drives. A red dot shows which drives have been chosen.
- Click the green arrow
(http://i154.photobucket.com/albums/s258/evilfantasy69/drweb.jpg)
at the right, and the scan will start.
- Click 'Yes to all' if it asks if you want to cure/move the file.
- When the scan has finished, look and see if you can click the following icon next to the files found:
(http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif)
- If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
(http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif)
- This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
- After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
-
Download Dr.Web CureIt to the desktop:
Dr WebCureIt
I couldn't start the download from the link provided "Dr WebCureIt" , please provide another link for the program.
-
Download Dr.Web CureIt to the desktop:
DrWebCureIt (http://download.cnet.com/Dr-Web-CureIt/3000-2239_4-128071.html)
- Double-click the launch.exe or cureit.exe file and Allow to run the express scan
- This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, just let it cure whatever it finds...
o Now, go to Settings >> Change Settings
o Go to Actions tab >> under Objects section, change the settings to below
Infected objects - Cure
Incurable objects - Report
Suspicious objects - Report
o Don't change any other settings
- Start the scan again. This time, choose Complete Scan
- Click the green arrow button at the right, and the scan will start.
- After the scan finished, click Select all
- Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
- When the scan has finished, in the menu, click File and choose Save report list
- Save the report to your Desktop. The report will be called DrWeb.csv
- Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..
-
After downloading the program from the new link and clicking the exe file , a message popped up informing me that the license key is expired and I can download the latest free version of the program from their web site, in any case I had no options but to proceed and download Dr.Web CureIt latest version from DR.WEB web site. After running scan a report was created, the report is very very long. It's not possible to copy past it, so I uploaded it to 4shared :
http://www.4shared.com/file/ttHZEweQ/cureit.html (http://www.4shared.com/file/ttHZEweQ/cureit.html)
P.S. : 33 threats were detected and neutralized, however after restart the popup issue still persist :'( :'( :
And also to make it easy here are the first and last few lines from the report:
=============================================================================
Dr.Web Scanner SE for Windows v8.2.0.07100
(c) Doctor Web, Ltd., 1992-2013
Scan session started 2013/11/19 23:57:28
Module location : C:\Users\TOSHIBA\AppData\Local\Temp\D370FD3B-FC09E658-E8408E88-B5E0DB14\
=============================================================================
OPTION [Automatic Apply Actions] NO
OPTION [Turn Off Computer After Scan] NO
OPTION [Use Sound Alerts] NO
OPTION [Block Network] NO
OPTION [Protect Process] NO
OPTION [Protect Raw Disk] NO
Using language: "English"
Available instances: 6
Instances used: 6
Platform: Windows 7 Professional x86 (Build 7601), Service Pack 1
API Version: 2.2
Scanning Engine version: 8.1.0.7100
Virus Finding Engine version: 7.0.5.6250
Total 147 virus bases are loaded from C:\Users\TOSHIBA\AppData\Local\Temp\D370FD3B-FC09E658-E8408E88-B5E0DB14
6f08f53w 7.0 55598bcbc4f04f5eb354b118d7ca765f41ddaf5 4 2013/11/19 21:10:42 349 records - OK
qde8z28l 7.0 d07fc5cc240588c772457e7df580f3cec20d922 2 2011/07/25 16:20:03 2 records - OK
yp3wa1qf 7.0 53dc5069230b45079bce66c919ab9f17659511b b 2013/11/19 21:03:50 5586 records - OK
mj8gv3bp 7.0 8e677cc8b19dc0ad82c4b71202c0acd9e2e2582 7 2013/11/18 05:08:42 32245 records - OK
jffi01x8 7.0 bc2662842e39ed5dc010a39140fd82d7ad1b600 6 2013/11/11 05:09:43 33084 records - OK
u3zdya0q 7.0 8900859cec3affe1e5bbb086bdb2299d125acf7 c 2013/11/04 05:09:28 30356 records - OK
ku2uxr1s 7.0 0e9ca4f15f289ae826d213e6a1d672470a127b5 1 2013/10/28 05:09:43 18457 records - OK
dzzie9y3 7.0 eba0efa3e9d70063908fb5e41a704579c255ea3 3 2013/10/21 05:09:49 19594 records - OK
oeu8svqr 7.0 0f5e49d3e5b4c931d1f2de5e7b3551b3290cae2 6 2013/10/14 05:07:20 22924 records - OK
r65p2rv0 7.0 11c09a3ae7c80058711dd699aeb1ca4f5ba0f5a 5 2013/10/07 05:07:56 24694 records - OK
mcn23nt2 7.0 27f46d939a14e1a0605b9762db1de5a2aca20a5 8 2013/09/30 05:08:23 24253 records - OK
zk6ngi2q 7.0 e679853ff1af1082b1982cf226785128a26e109 9 2013/09/23 05:07:56 18453 records - OK
-
-
-
-
-
-
C:\Users\TOSHIBA\Documents\My Downloads\AVSDVDCopy.exe\{app}\About.rtf - Ok
C:\Users\TOSHIBA\Documents\My Downloads\AVSDVDCopy.exe\{app}\About.rtf - Ok
C:\Users\TOSHIBA\Documents\My Downloads\AVSDVDCopy.exe\{app}\About.rtf - Ok
C:\Users\TOSHIBA\Documents\My Downloads\AVSDVDCopy.exe\{app}\About.rtf - Ok
C:\Users\TOSHIBA\Documents\My Downloads\AVSDVDCopy.exe\{app}\About.rtf - Ok
C:\Users\TOSHIBA\Documents\My Downloads\AVSDVDCopy.exe\{app}\About.rtf - Ok
C:\Users\TOSHIBA\Documents\My Downloads\AVSDVDCopy.exe - Ok
C:\Users\TOSHIBA\Documents\My Downloads\AVSDVDCopy.exe - container
Total 41945208014 bytes in 159555 files scanned (343594 objects)
Total 159371 files (343406 objects) are clean
Total 33 files are infected
Total 99 files are raised error condition
Scan time is 01:49:47.743
-----------------------------------------------------------------------------
Start curing
-----------------------------------------------------------------------------
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\paauxstb.dll.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pabrmon.exe.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\padatact.dll.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pabrstub.dll.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\padlghk.dll.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\padyn.dll.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pahighin.exe.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pafeedmg.dll.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pahkstub.dll.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pabprtct.dll.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\paieovr.dll.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\paidle.dll.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pahttpct.dll.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\paimpipe.exe.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pahtmlmu.dll.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pamedint.exe.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pamlbtn.dll.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pamsg.dll.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\paradio.dll.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\paregfft.dll.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\paregiet.dll.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pareghk.dll.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pascript.dll.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\paskin.dll.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\paSrcAs.dll.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\paskplay.exe.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pasknlcr.dll.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\paSrchMn.exe.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\T8EXTEX.DLL.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\T8EXTPEX.DLL.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pauabtn.dll.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\T8TICKER.DLL.vir - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\T8HTML.DLL.vir - quarantined
Total 41945208014 bytes in 159555 files scanned (343594 objects)
Total 159371 files (343406 objects) are clean
Total 33 files are infected
Total 33 files are neutralized
Total 99 files are raised error condition
Scan time is 01:49:47.743
-
Let's try cleaning out the temp files.
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.
(http://i424.photobucket.com/albums/pp322/digistar/diskcleanup2.jpg)
Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.
(http://i424.photobucket.com/albums/pp322/digistar/diskcleanup.jpg)
This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
-
After Performing disk clean the problem still there!!!!! :||x :'( :'(
-
Did you try blocking that site?
-
Did you try blocking that site?
I blocked the two sites I believe the popup belongs too:
http://newbase.sytes.net (http://newbase.sytes.net)
http://newbase.sytes.net.ipaddress.com/ (http://newbase.sytes.net.ipaddress.com/)
However the popup still coming, I believe the catch is that the popup is not coming on as a website address it's a file location C:\Users\TOSHIBA\AppData\Local\Microsoft\Windows\Temporary Internet Files\web.html
-
I believe the catch is that the popup is not coming on as a website address it's a file location C:\Users\TOSHIBA\AppData\Local\Microsoft\Windows\Temporary Internet Files\web.html
I'm not sure I understand this statement. Could you please elaborate?
-
If you go to page 1 and see the two screen prints I posted for the popup, you will see on the top left instead of usual web site address a file location.
for example when you go to google you would see on the top left of the browser the web site address as https://www.google.com , in case of the popup I have it shows a file location C:\Users\TOSHIBA\AppData\Local\Microsoft\Windows\Temporary Internet Files\web.html
-
Please try this and let me know what you find. Open your browser,go to Tools, internet options and tell me what your home page address is.
-
tell me what your home page address is
https://www.google.co.za/
-
Please try changing your home page just to see what happens.
-
Please try changing your home page just to see what happens.
The popup still comes up.
-
Does it pop up in Safe Mode?
-
Does it pop up in Safe Mode?
I connect to the internet by USB modem , in the safe mode the PC does not detect the USB modem, it always shows "device modem not detected, please connect device modem".
So, I couldn't find out if the popup will continue in safe mode or not.
-
We'll I'm stumped.
-
NO solution to my problem :'( :'( :'( :'( :'( :'(
-
After searching the web for hours and hours , I found the solution :
It's alga.exe Trojan, the following link explains it all.
http://www.edwinraja.com/how-to-remove-alga-exe-trojan-pws.html
(http://www.edwinraja.com/how-to-remove-alga-exe-trojan-pws.html)
How To Remove alga.exe Trojan PWS
UnHackMe, Junk Removal Tool, HijackThis or Microsoft Security Essential, those antiviruses have failed to detect this alga.exe trojan virus.
alga.exe is a malware related executable file and runs in Task Manager as the process alga.exe. Most often it creates web page called web.html inside “C:\Users\<user>\AppData\Local\Microsoft\Windows\Temporary Internet Files”
folder and launches web browser to load (file:///C:/Users/<user>/AppData/Local/Microsoft/Windows/Temporary%20Internet%20Files/web.html) everytime there is internet connection available or at computer startup.
If your computer is having infected with this virus, there is a solution that might help with having to be done manually.
Steps Of How To Remove
1.Check to see if there is installed program named “setup” in your program lists and Uninstall with “Your Uninstaller!” with super mode (recommended) or go to Control Panel » Uninstall a program » right click “setup” name and Uninstall
2.Remove C:\Windows\System32\config\systemprofile\AppData\Local\Svchost folder which contains alga.exe or C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Svchost for x64 system.
3.Delete alga.exe from C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup folder
4.Delete patch.dll from C:\ProgramData folder
5.Restart computer
-
MBAM should have picked that up.
-
MBAM should have picked that up.
I really don't know why it didn't.
However the popup problem is over, I am afraid the symptoms are gone but there are still an infection of some kind.
Now and after following up the above procedures to remove the alga.exe, the popup is not coming (issue solved), however every time I delete the file Svchost that contains the file alga.exe (C:\Windows\System32\config\systemprofile\AppData\Local\Svchost) , it creates itself again in the same place (P.s. the computer running fine and no popup as I mentioned earlier), any ideas please?!!
-
Did you follow the instructions completely?
Please run MBAM again and see if it picks it up.This is a new infection (Nov./13)and I would like to see if it will remove it.
Also, please do a search for alga.exe and delete those you find.
-
Did you follow the instructions completely?
YES, word by word. And the popup is not an issue anymore.
Please run MBAM again and see if it picks it up. This is a new infection (Nov./13)and I would like to see if it will remove it
MBAM doesn't catch the alga.exe file
Also, please do a search for alga.exe and delete those you find.
Done, and deleted manually.
The only issue now is the file Svchost that contains alga.exe. I delete it and it keeps generating itself. I have noticed that it only generate itself when the internet is connected. I deleted all the temp internet files and tried again, same thing, it generated itself once the internet connection is on.
-
http://www.removespywaretips.com/exe-a/alga-exe.html (http://www.removespywaretips.com/exe-a/alga-exe.html)
Is this a safe program to try and see if it will solve the problem?
-
Is this a safe program to try and see if it will solve the problem?
Usually those programs that are downloaded to solve a problem end up making much more problems.
Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx (http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx)
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.
-
Please find attached the file requested : Procexp.txt
[recovering disk space, attachment deleted by admin]
-
I though it's better to run all common programs I use on daily bases and then run procexp.exe again while all these programs are running. Here attached the report Procexp2.txt
[recovering disk space, attachment deleted by admin]
-
I don't see it running in Taskmanager. Could you please look for these folderss below
delete folder svchost from C:\Windows\system32\config\systemprofile\AppData\Local or C:\Windows\SysWOW64\config\systemprofile\AppData\Local for x64 system and
patch.dll from c:\ProgramData folder
-
delete folder svchost from C:\Windows\system32\config\systemprofile\AppData\Local
I keep deleting svchost folder from C:\Windows\system32\config\systemprofile\AppData\Local but it generates itself every time I connect to the internet as I explained earlier.
and patch.dll from c:\ProgramData folder
Already deleted from before.
-
I sent a pm to my chum to see if he has any input. I'll be back.
-
I sent a pm to my chum to see if he has any input. I'll be back
Thanks for all the efforts, really appreciated.
-
My colleague has never seen anything like this but he did mention that Clarysoft (http://startups.glarysoft.com/alga.exe//137358/) says it's safe. That's about all the help I can give you.
-
Thanks a lot for all the help provided and your patience.
A friend of mine advised me to delete svchost file and then to run ESET Online scanner, but this time under setting check unwanted programs and check unsafe programs.
I did that and three threats are founds as following (last few lines of the created log):
# scanned=151511
# found=3
# cleaned=3
# scan_time=6310
sh=4EDB200FD0A27552F099453D3F5B6098A36E56FD ft=0 fh=0000000000000000 vn="a variant of MSIL/Adware.Agent.AB application (deleted - quarantined)" ac=C fn="C:\Windows\Installer\21c1102.msi"
sh=B84A20BD42C6B0BB9C5BB033BF07F0FC47CADF20 ft=1 fh=b8a4cc1cd24ab5b0 vn="a variant of MSIL/Adware.Agent.AB application (cleaned by deleting (after the next restart) - quarantined)" ac=C fn="C:\Windows\System32\service.exe"
sh=4EDB200FD0A27552F099453D3F5B6098A36E56FD ft=0 fh=0000000000000000 vn="a variant of MSIL/Adware.Agent.AB application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Update.msi"
And since these three threats are quarantined the svchost file stopped creating itself and the computer looks fine.
I hope this is the end of my misery :) :) :) , and again thanks for your help.
-
Ok, let's do some cleanup.
To uninstall ComboFix
- Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
- In the field, type in ComboFix /uninstall
(http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg)
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
- Then, press Enter, or click OK.
- This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
******************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.
(http://i424.photobucket.com/albums/pp322/digistar/diskcleanup2.jpg)
Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.
(http://i424.photobucket.com/albums/pp322/digistar/diskcleanup.jpg)
This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
*****************************************
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
-
Thanks, I don't think we used comboFix?!
I performed disk cleanup as you suggested, thanks.
-
Thanks, I don't think we used comboFix?!
I performed disk cleanup as you suggested, thanks.
Yup, there is a CF log in Reply # 2
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.