Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Problem with Virus and/or spyware : please help  (Read 27830 times)

0 Members and 2 Guests are viewing this topic.

MNMAN

    Topic Starter


    Rookie

    • Experience: Beginner
    • OS: Windows 7
    Problem with Virus and/or spyware : please help
    « on: November 07, 2013, 12:08:55 PM »
    Hi I have a problem and need help please:

    Every time I connect to the internet a popup in a new browser opens with an address C:\Users\TOSHIBA\AppData\Local\Microsoft\Windows\Temporary Internet Files\web.html , I deleted the file Web.html manually several times and every time it creates itself again. I tried all popup blockers it didn’t work. I think it’s a virus. I followed your instructions and hereafter the logs needed to help me please:

    - AdwCleaner
    # AdwCleaner v3.011 - Report created 07/11/2013 at 20:29:57
    # Updated 03/11/2013 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (32 bits)
    # Username : TOSHIBA - MNMAN
    # Running from : C:\Users\TOSHIBA\Desktop\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : FilmFanaticService

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\ParetoLogic
    Folder Deleted : C:\Program Files\FilmFanatic
    Folder Deleted : C:\Users\TOSHIBA\AppData\Local\FilmFanatic
    Folder Deleted : C:\Users\TOSHIBA\AppData\Local\PackageAware
    Folder Deleted : C:\Users\TOSHIBA\AppData\LocalLow\FilmFanatic
    Folder Deleted : C:\Users\TOSHIBA\AppData\LocalLow\iac
    Folder Deleted : C:\Users\TOSHIBA\AppData\Roaming\DriverCure
    Folder Deleted : C:\Users\TOSHIBA\AppData\Roaming\ParetoLogic
    File Deleted : C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\h6zrixsw.default\Extensions\[email protected]
    File Deleted : C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\h6zrixsw.default\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.DynamicBarButton
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.DynamicBarButton.1
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.FeedManager
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.FeedManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.HTMLMenu
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.HTMLMenu.1
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.HTMLPanel
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.HTMLPanel.1
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.MultipleButton
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.MultipleButton.1
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.PseudoTransparentPlugin
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.PseudoTransparentPlugin.1
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.Radio
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.Radio.1
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.RadioSettings
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.RadioSettings.1
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.ScriptButton
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.ScriptButton.1
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.SettingsPlugin
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.SettingsPlugin.1
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.SkinLauncher
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.SkinLauncher.1
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.SkinLauncherSettings
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.SkinLauncherSettings.1
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.ThirdPartyInstaller
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.ThirdPartyInstaller.1
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.ToolbarProtector
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.ToolbarProtector.1
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.UrlAlertButton
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.UrlAlertButton.1
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.XMLSessionPlugin
    Key Deleted : HKLM\SOFTWARE\Classes\FilmFanatic.XMLSessionPlugin.1
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@FilmFanatic.com/Plugin
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07D09E63-294F-4AA3-AB44-E61331AEC6A3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B84B4B4-8AF8-4F1F-91FE-074A666F6425}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{12659BAB-1B90-4FBB-97CF-DB2D3475DC38}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1DA22A28-324D-4DD4-B2DC-66A3CEBF447F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2F38D624-AC5D-4096-88CC-A58D2AC806E1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37A2255C-D173-4B54-A455-13DE1DDA9F44}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E9BE71D-A3FA-4224-AB29-2602ACD577FF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C2743F0-A2E2-41A0-9E65-798943109F42}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5CE76F81-AF51-4AAD-8D83-5A28E163530E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{631ACB68-57C3-48AF-9CC5-FCEC0837FFD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F4A94DC-2191-4EE3-9F0B-C8A12199D22C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F5AEBD9-3D48-43BE-ABCA-0AEFD286C4CD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{93FC722B-AB04-4CE2-B1A5-5B6889A72830}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9549F17F-105D-4802-96CB-6113ACC2CB53}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99B340F7-76E0-44AB-9948-B95A1B475D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A876A1C1-D9F6-4562-8DBC-D98B61B3F281}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF51ACFA-1320-4087-A9F8-0ACE3F2BD0C8}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDE564F7-15C9-4C39-A5BA-6AD66A289997}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D5E9B421-C309-41DE-9014-800A2ADCDEB0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DBB38792-EDA6-4557-999B-1974290253A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EDEC5CDC-B714-4B45-9B66-C370451A74F9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EFBF47AA-3C29-4C00-9225-6001E6A0B1AC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1BE14FE1-3175-4324-A77B-33FE5CB7A6ED}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C990ECA-72D6-4E65-A35B-A08C1DF79E6E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC65300A-DC43-4D86-B153-E59CF6E74216}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1E617D6C-CAA2-4692-B350-C5B638422BDB}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{335FDF69-47E2-4099-8B85-F743014942C5}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E5B610B-F82D-42FD-AA36-10B0C103BDD5}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{80154DB4-DC3D-41D7-A5DA-3B63549377A4}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{83AFB8A1-DFD5-4103-B5F7-52F2F114D188}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{864D5A22-9C34-48F6-9385-2E1EAF5F8C33}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{95C0D70C-E5ED-4618-AECC-E11066F86960}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9F5FEDB2-90BB-43E9-BECD-69758C60B00A}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B04A9E6A-C9C5-4A2F-ADF9-B69BAC127A14}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BF893C5B-8433-4209-8BEB-6584510FE686}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E9594C59-AA17-4E5B-B9A5-3B4B023B9A2E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{631ACB68-57C3-48AF-9CC5-FCEC0837FFD3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5E9B421-C309-41DE-9014-800A2ADCDEB0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0B84B4B4-8AF8-4F1F-91FE-074A666F6425}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{631ACB68-57C3-48AF-9CC5-FCEC0837FFD3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D5E9B421-C309-41DE-9014-800A2ADCDEB0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0B84B4B4-8AF8-4F1F-91FE-074A666F6425}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{631ACB68-57C3-48AF-9CC5-FCEC0837FFD3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D5E9B421-C309-41DE-9014-800A2ADCDEB0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1DA22A28-324D-4DD4-B2DC-66A3CEBF447F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F38D624-AC5D-4096-88CC-A58D2AC806E1}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37A2255C-D173-4B54-A455-13DE1DDA9F44}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E9BE71D-A3FA-4224-AB29-2602ACD577FF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4C2743F0-A2E2-41A0-9E65-798943109F42}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A876A1C1-D9F6-4562-8DBC-D98B61B3F281}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C990ECA-72D6-4E65-A35B-A08C1DF79E6E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99B340F7-76E0-44AB-9948-B95A1B475D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5CCB33F-6C0A-418A-8AF1-10C35BBD579A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F5BFAD3A-D783-4AD7-98AA-D8F082626F8D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC65300A-DC43-4D86-B153-E59CF6E74216}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23088CF8-EAF8-4BB3-A251-9BA61557AC75}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0B84B4B4-8AF8-4F1F-91FE-074A666F6425}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0B84B4B4-8AF8-4F1F-91FE-074A666F6425}]
    Key Deleted : HKCU\Software\FilmFanatic
    Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
    Key Deleted : HKCU\Software\ParetoLogic
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\FilmFanatic
    Key Deleted : HKCU\Software\AppDataLow\Software\LyricsSay-1
    Key Deleted : HKLM\Software\FilmFanatic
    Key Deleted : HKLM\Software\InstalledThirdPartyPrograms
    Key Deleted : HKLM\Software\ParetoLogic

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16720


    -\\ Mozilla Firefox v12.0 (en-US)

    [ File : C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\h6zrixsw.default\prefs.js ]


    -\\ Google Chrome v

    [ File : C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [11040 octets] - [07/11/2013 20:26:38]
    AdwCleaner[S0].txt - [11228 octets] - [07/11/2013 20:29:57]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11289 octets] ##########

    - Malwarebytes' Anti-Malware
    Malwarebytes Anti-Malware (PRO) 1.75.0.1300
    www.malwarebytes.org
    Database version: v2013.11.07.03
    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 10.0.9200.16721
    TOSHIBA :: MNMAN [administrator]
    Protection: Disabled
    07/11/2013 8:36:24 PM
    mbam-log-2013-11-07 (20-36-24).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 202685
    Time elapsed: 14 minute(s), 38 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)


    - Security Check
    Results of screen317's Security Check version 0.99.76 
     Windows 7 Service Pack 1 x86 (UAC is enabled) 
     Internet Explorer 10 
    ``````````````Antivirus/Firewall Check:``````````````[/u]
     Windows Firewall Enabled! 
    McAfee VirusScan Enterprise   
     Antivirus up to date!   
    `````````Anti-malware/Other Utilities Check:`````````[/u]
     Malwarebytes Anti-Malware version 1.75.0.1300 
     CCleaner     
     Java 7 Update 25 
     Java version out of Date!
     Adobe Flash Player    11.9.900.117 
     Adobe Reader 10.1.8 Adobe Reader out of Date! 
     Mozilla Firefox 12.0 Firefox out of Date! 
     Google Chrome 18.0.1025.151 
    ````````Process Check: objlist.exe by Laurent````````[/u] 
     McAfee VirusScan Enterprise VsTskMgr.exe 
     McAfee VirusScan Enterprise mfeann.exe 
     McAfee VirusScan Enterprise SHSTAT.EXE 
    `````````````````System Health check`````````````````[/u]
     Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````[/u]

    SuperDave

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Problem with Virus and/or spyware : please help
    « Reply #1 on: November 07, 2013, 01:11:20 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Please download Junkware Removal Tool to your desktop.

    Warning! Once the scan is complete JRT will shut down your browser with NO warning.

    Shut down your protection software now to avoid potential conflicts.

    •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

    •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

    •The tool will open and start scanning your system.

    •Please be patient as this can take a while to complete depending on your system's specifications.

    •On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

    •Copy and Paste the JRT.txt log into your next message.
    ***********************************************
    Update Your Java (JRE)

    Old versions of Java have vulnerabilities that malware can use to infect your system.


    First Verify your Java Version

    If there are any other version(s) installed then update now.

    Get the new version (if needed)

    If your version is out of date install the newest version of the Sun Java Runtime Environment.

    Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Be sure to close ALL open web browsers before starting the installation.

    Remove any old versions

    1. Download JavaRa and unzip the file to your Desktop.
    2. Open JavaRA.exe and choose Remove Older Versions
    3. Once complete exit JavaRA.

    Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
    **********************************************
    Update your Adobe Reader. get.adobe.com/reader.

    Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

    **************************************************
    Download Combofix from any of the links below, and save it to your DESKTOP
    If your version of Windows defaults to you download folder you will need to copy it to your desktop.

    Link 1
    Link 2
    Link 3

    To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
    • Close any open windows and double click ComboFix.exe to run it.

      You will see the following image:


    Click I Agree to start the program.

    ComboFix will then extract the necessary files and you will see this:



    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

    It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

    If you did not have it installed, you will see the prompt below. Choose YES.



    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



    Click on Yes, to continue scanning for malware.

    When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

    Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
    Windows 8 and Windows 10 dual boot with two SSD's

    MNMAN

      Topic Starter


      Rookie

      • Experience: Beginner
      • OS: Windows 7
      Thanks alot, I did what you said word to word
      « Reply #2 on: November 08, 2013, 12:35:51 AM »
      HI, thanks for your prompt reply. I did what you said word to word.

      However I have a question with regards to JAVA. I have the latest version, do I still have to down load Sun Java Runtime Environment and/or JavaRa?

      Here are the logs needed:

      JRT log

      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Thisisu
      Version: 6.0.8 (11.05.2013:1)
      OS: Windows 7 Professional x86
      Ran by TOSHIBA on 08/11/2013 at  8:47:00.26
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      ~~~ Services



      ~~~ Registry Values



      ~~~ Registry Keys

      Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
      Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
      Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasapi32
      Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasmancs
      Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\paSkPlay_RASAPI32
      Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\paSkPlay_RASMANCS



      ~~~ Files



      ~~~ Folders

      Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
      Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
      Successfully deleted: [Empty Folder] C:\Users\TOSHIBA\appdata\local\{4CA4DC98-88A9-4FDD-9DA5-F36ADD38AF6C}
      Successfully deleted: [Empty Folder] C:\Users\TOSHIBA\appdata\local\{E9DAB58C-6490-4BC6-ACC1-751767BACC74}
      Successfully deleted: [Empty Folder] C:\Users\TOSHIBA\appdata\local\{FDBCDC58-5980-468A-9768-5A1C844D3E29}



      ~~~ Event Viewer Logs were cleared





      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on 08/11/2013 at  8:52:13.02
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      ComboFix log

      ComboFix 13-11-07.01 - TOSHIBA 08/11/2013   9:12.1.4 - x86
      Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.1907.923 [GMT 2:00]
      Running from: c:\users\TOSHIBA\Desktop\ComboFix.exe
      AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
      SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\users\TOSHIBA\AppData\Local\Microsoft\Windows\Temporary Internet Files\web.html
      c:\windows\file_3.exe
      .
      .
      (((((((((((((((((((((((((   Files Created from 2013-10-08 to 2013-11-08  )))))))))))))))))))))))))))))))
      .
      .
      2013-11-08 07:03 . 2013-11-08 07:03   --------   d-----w-   c:\users\TOSHIBA\AppData\Roaming\Oracle
      2013-11-08 06:59 . 2013-11-08 06:59   --------   d-----w-   c:\programdata\Oracle
      2013-11-08 06:59 . 2013-11-08 06:59   --------   d-----w-   c:\program files\Common Files\Java
      2013-11-08 06:58 . 2013-10-08 05:50   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
      2013-11-08 06:46 . 2013-11-08 06:46   --------   d-----w-   c:\windows\ERUNT
      2013-11-07 18:26 . 2013-11-07 18:30   --------   d-----w-   C:\AdwCleaner
      2013-11-07 18:18 . 2013-11-07 18:18   --------   d-----w-   c:\program files\CCleaner
      2013-11-07 16:43 . 2013-11-07 16:43   --------   d-----w-   C:\TDSSKiller_Quarantine
      2013-11-06 09:08 . 2013-11-06 09:08   --------   d-----w-   c:\program files\VerbAce Research
      2013-11-02 21:24 . 2004-03-09 04:00   224016   ------w-   c:\windows\system32\tabctl32.ocx
      2013-11-02 21:24 . 2013-03-08 01:46   94208   --sh--w-   c:\windows\system32\SalaatTime.dll
      2013-11-02 21:24 . 2013-11-02 21:24   --------   d-----w-   c:\program files\Salaat Time
      2013-11-02 21:24 . 2013-11-02 21:24   --------   d-----w-   c:\programdata\InstallMate
      2013-11-01 12:45 . 2013-11-07 13:19   62576   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B5F0173-722E-4CE9-912B-7D2DA42F8122}\offreg.dll
      2013-11-01 11:46 . 2013-11-01 11:47   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\Svchost
      2013-11-01 07:27 . 2013-11-07 16:50   --------   d-----w-   c:\programdata\GlarySoft
      2013-11-01 07:02 . 2013-11-07 16:50   --------   d-----w-   c:\users\TOSHIBA\AppData\Roaming\GlarySoft
      2013-11-01 07:01 . 2013-11-01 07:01   --------   d-----w-   c:\users\TOSHIBA\AppData\Roaming\Glary_Utilities_Pro__3.9.4.144
      2013-10-31 10:50 . 2013-10-31 10:50   --------   d-----w-   c:\users\TOSHIBA\AppData\Roaming\Malwarebytes
      2013-10-31 10:49 . 2013-10-31 10:49   --------   d-----w-   c:\programdata\Malwarebytes
      2013-10-31 10:49 . 2013-04-04 12:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
      2013-10-31 10:49 . 2013-10-31 10:49   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
      2013-10-31 10:48 . 2013-11-01 07:01   158   ----a-w-   c:\programdata\patch.dll
      2013-10-31 10:47 . 2013-10-31 10:47   253440   ----a-w-   c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\alga.exe
      2013-10-31 10:47 . 2013-10-31 10:47   --------   d-----w-   c:\users\TOSHIBA\AppData\Roaming\Malwarebytes Anti-Malware PRO v1.75.0.1300
      2013-10-30 12:24 . 2013-10-30 12:24   --------   d-----w-   c:\windows\system32\gs
      2013-10-30 12:24 . 2013-10-30 12:27   --------   d-----w-   c:\program files\GreetingCardStudio
      2013-10-29 10:50 . 2013-10-14 06:39   7796464   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B5F0173-722E-4CE9-912B-7D2DA42F8122}\mpengine.dll
      2013-10-23 11:24 . 2011-09-22 17:55   487424   ----a-w-   c:\windows\system32\msvcp70.dll
      2013-10-23 11:24 . 2011-09-22 17:55   974848   ----a-w-   c:\windows\system32\mfc70.dll
      2013-10-23 11:24 . 2011-09-22 17:55   344064   ----a-w-   c:\windows\system32\msvcr70.dll
      2013-10-23 11:00 . 2013-10-23 13:37   --------   d-----w-   c:\users\TOSHIBA\AppData\Roaming\Media Player Classic
      2013-10-22 18:26 . 2013-10-22 18:26   77528   ----a-w-   c:\windows\system32\RtNicProp32.dll
      2013-10-22 18:26 . 2013-10-22 18:26   679128   ----a-w-   c:\windows\system32\drivers\Rt86win7.sys
      2013-10-22 10:06 . 2013-10-23 11:25   --------   d-----w-   c:\users\TOSHIBA\AppData\Roaming\AVS4YOU
      2013-10-22 10:04 . 2013-10-27 08:22   --------   d-----w-   c:\program files\Common Files\AVSMedia
      2013-10-22 10:04 . 2012-03-23 17:59   1700352   ----a-w-   c:\windows\system32\GdiPlus.dll
      2013-10-22 10:04 . 2013-10-27 08:22   --------   d-----w-   c:\program files\AVS4YOU
      2013-10-22 10:04 . 2013-10-22 10:06   --------   d-----w-   c:\programdata\AVS4YOU
      2013-10-22 10:04 . 2012-03-23 17:59   24576   ----a-w-   c:\windows\system32\msxml3a.dll
      2013-10-21 12:14 . 2013-10-21 12:14   --------   d-----w-   c:\users\TOSHIBA\AppData\Roaming\SolidDocuments
      2013-10-20 08:51 . 2013-04-17 18:20   23872   ----a-w-   c:\windows\system32\RegistryDefragBootTime.exe
      2013-10-20 08:08 . 2013-10-20 08:08   --------   d-----w-   c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
      2013-10-20 08:08 . 2013-10-22 17:59   --------   d-----w-   c:\programdata\IObit
      2013-10-20 08:08 . 2013-10-22 18:01   --------   d-----w-   c:\users\TOSHIBA\AppData\Roaming\IObit
      2013-10-19 14:57 . 2013-10-19 14:57   --------   d-----w-   c:\program files\Google
      2013-10-19 14:46 . 2013-10-19 14:46   --------   d-----w-   c:\users\TOSHIBA\AppData\Local\Programs
      2013-10-19 14:41 . 2013-10-19 14:47   --------   d-----w-   c:\program files\FotoSketcher
      2013-10-19 14:37 . 2013-10-19 14:40   --------   d-----w-   c:\program files\YouTube Downloader
      2013-10-17 13:04 . 2013-10-17 13:04   108816   ----a-w-   c:\windows\system32\drivers\RapportKELL.sys
      2013-10-16 04:53 . 2012-08-23 14:10   12288   ----a-w-   c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
      2013-10-16 04:53 . 2012-08-23 14:44   14848   ----a-w-   c:\windows\system32\drivers\rdpvideominiport.sys
      2013-10-16 04:52 . 2012-08-23 14:10   13312   ----a-w-   c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
      2013-10-16 04:52 . 2012-08-23 13:52   12800   ----a-w-   c:\windows\system32\RdpGroupPolicyExtension.dll
      2013-10-16 04:51 . 2012-08-23 14:40   49664   ----a-w-   c:\windows\system32\drivers\TsUsbFlt.sys
      2013-10-16 04:50 . 2012-08-23 13:18   37376   ----a-w-   c:\windows\system32\tsgqec.dll
      2013-10-16 04:50 . 2012-08-23 13:46   16896   ----a-w-   c:\windows\system32\wksprtPS.dll
      2013-10-16 04:50 . 2012-08-23 13:32   32768   ----a-w-   c:\windows\system32\TsUsbGDCoInstaller.dll
      2013-10-16 04:50 . 2012-08-23 13:47   46592   ----a-w-   c:\windows\system32\MsRdpWebAccess.dll
      2013-10-16 04:50 . 2012-08-23 11:15   269312   ----a-w-   c:\windows\system32\aaclient.dll
      2013-10-16 04:50 . 2012-08-23 11:40   56320   ----a-w-   c:\windows\system32\TSWbPrxy.exe
      2013-10-16 04:50 . 2012-08-23 14:48   221184   ----a-w-   c:\windows\system32\rdpudd.dll
      2013-10-16 04:49 . 2012-08-23 11:12   192000   ----a-w-   c:\windows\system32\rdpendp_winip.dll
      2013-10-16 04:49 . 2012-08-23 11:32   317440   ----a-w-   c:\windows\system32\wksprt.exe
      2013-10-16 04:49 . 2012-08-23 10:39   1048064   ----a-w-   c:\windows\system32\mstsc.exe
      2013-10-16 04:49 . 2012-08-23 10:08   2739712   ----a-w-   c:\windows\system32\rdpcorets.dll
      2013-10-16 04:49 . 2012-08-23 08:19   4916224   ----a-w-   c:\windows\system32\mstscax.dll
      2013-10-16 04:46 . 2012-05-04 09:59   514560   ----a-w-   c:\windows\system32\qdvd.dll
      2013-10-16 04:46 . 2012-08-24 16:57   247808   ----a-w-   c:\windows\system32\schannel.dll
      2013-10-16 04:46 . 2012-08-24 17:05   136560   ----a-w-   c:\windows\system32\drivers\ksecpkg.sys
      2013-10-16 04:46 . 2012-08-24 17:02   369856   ----a-w-   c:\windows\system32\drivers\cng.sys
      2013-10-16 04:46 . 2012-08-24 16:56   1039360   ----a-w-   c:\windows\system32\lsasrv.dll
      2013-10-15 15:38 . 2013-10-15 15:41   --------   d-----w-   c:\windows\system32\MRT
      2013-10-15 15:35 . 2013-09-21 03:30   2706432   ----a-w-   c:\windows\system32\mshtml.tlb
      2013-10-15 15:35 . 2013-09-22 23:28   217600   ----a-w-   c:\program files\Internet Explorer\sqmapi.dll
      2013-10-15 15:35 . 2013-09-22 23:27   2876928   ----a-w-   c:\windows\system32\jscript9.dll
      2013-10-15 15:35 . 2013-09-22 23:27   108032   ----a-w-   c:\program files\Internet Explorer\jsdebuggeride.dll
      2013-10-15 15:35 . 2013-09-22 23:27   61440   ----a-w-   c:\windows\system32\iesetup.dll
      2013-10-15 15:35 . 2013-09-22 23:27   257536   ----a-w-   c:\program files\Internet Explorer\ieproxy.dll
      2013-10-15 15:25 . 2013-10-15 15:25   --------   d-----w-   c:\program files\MSXML 4.0
      2013-10-15 15:19 . 2013-06-25 22:56   527064   ----a-w-   c:\windows\system32\drivers\Wdf01000.sys
      2013-10-15 15:19 . 2013-07-19 01:41   2048   ----a-w-   c:\windows\system32\tzres.dll
      2013-10-15 15:18 . 2013-08-28 00:57   434688   ----a-w-   c:\windows\system32\scavengeui.dll
      2013-10-15 15:18 . 2013-07-09 04:46   1166848   ----a-w-   c:\windows\system32\crypt32.dll
      2013-10-15 15:18 . 2013-07-09 04:52   175104   ----a-w-   c:\windows\system32\wintrust.dll
      2013-10-15 15:18 . 2013-07-09 04:46   140288   ----a-w-   c:\windows\system32\cryptsvc.dll
      2013-10-15 15:18 . 2013-07-09 04:46   103936   ----a-w-   c:\windows\system32\cryptnet.dll
      2013-10-15 15:17 . 2013-07-09 04:50   652800   ----a-w-   c:\windows\system32\rpcrt4.dll
      2013-10-15 15:16 . 2013-08-29 01:51   3969472   ----a-w-   c:\windows\system32\ntkrnlpa.exe
      2013-10-15 15:16 . 2013-08-29 01:51   3914176   ----a-w-   c:\windows\system32\ntoskrnl.exe
      2013-10-15 15:16 . 2013-08-29 01:50   619520   ----a-w-   c:\windows\system32\tdh.dll
      2013-10-15 15:16 . 2013-08-29 01:50   1289096   ----a-w-   c:\windows\system32\ntdll.dll
      2013-10-15 15:16 . 2013-08-29 01:48   640512   ----a-w-   c:\windows\system32\advapi32.dll
      2013-10-15 15:16 . 2013-09-08 02:07   1294272   ----a-w-   c:\windows\system32\drivers\tcpip.sys
      2013-10-15 15:14 . 2013-08-02 01:48   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
      2013-10-15 15:13 . 2013-07-04 11:57   205824   ----a-w-   c:\windows\system32\WebClnt.dll
      2013-10-15 15:13 . 2013-07-04 11:51   81920   ----a-w-   c:\windows\system32\davclnt.dll
      2013-10-15 15:13 . 2013-07-04 09:48   115712   ----a-w-   c:\windows\system32\drivers\mrxdav.sys
      2013-10-15 15:13 . 2013-07-20 10:33   102608   ----a-w-   c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
      2013-10-15 15:13 . 2013-08-05 01:56   133056   ----a-w-   c:\windows\system32\drivers\ataport.sys
      2013-10-15 15:12 . 2013-06-15 03:38   31232   ----a-w-   c:\windows\system32\drivers\tssecsrv.sys
      2013-10-15 08:52 . 2013-10-15 08:52   --------   d-----w-   c:\users\TOSHIBA\AppData\Roaming\HTC Sync
      2013-10-15 08:52 . 2013-10-19 17:36   --------   d-----w-   c:\users\TOSHIBA\AppData\Roaming\HTC
      2013-10-15 08:51 . 2013-11-08 07:23   --------   d-----w-   c:\users\TOSHIBA\AppData\Local\HTC MediaHub
      2013-10-15 08:51 . 2013-10-15 08:51   --------   d-----w-   c:\users\TOSHIBA\.android
      2013-10-15 08:51 . 2013-10-15 08:51   --------   d-----w-   c:\programdata\Motorola
      2013-10-15 08:49 . 2013-10-15 08:49   --------   d-----w-   c:\program files\Spirent Communications
      2013-10-15 08:33 . 2013-10-15 08:50   --------   d-----w-   c:\program files\HTC
      2013-10-15 08:32 . 2009-06-09 13:41   1122664   ----a-w-   c:\windows\system32\WdfCoInstaller01007.dll
      2013-10-15 08:32 . 2009-10-26 15:54   25088   ----a-w-   c:\windows\system32\drivers\ANDROIDUSB.sys
      2013-10-15 08:32 . 2013-10-15 08:32   --------   d-----w-   c:\programdata\HTC
      2013-10-15 08:32 . 2013-11-06 11:21   --------   d-----w-   C:\Temp
      2013-10-15 06:28 . 2013-09-03 12:35   238872   ------w-   c:\windows\system32\MpSigStub.exe
      2013-10-09 12:11 . 2013-10-09 12:38   --------   d-----w-   c:\program files\Wondershare
      .
      .
      .
      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2013-10-22 18:26 . 2012-04-07 15:18   102104   ----a-w-   c:\windows\system32\RTNUninst32.dll
      2013-10-09 17:28 . 2012-04-08 07:53   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
      2013-10-09 17:28 . 2012-04-08 07:53   692616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
      2012-04-04 07:32 . 2012-04-08 08:53   97208   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
      2013-03-08 01:46   94208   --sh--w-   c:\windows\System32\SalaatTime.dll
      .
      .
      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SalaatTime"="c:\program files\Salaat Time\SalaatTime.exe" [2013-03-10 17199104]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360]
      "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 170520]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 171032]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 136216]
      "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-08-06 280576]
      .
      c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      alga.exe [2013-10-31 253440]
      Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]
      .
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      VerbAce-Pro Startup Agent.lnk - c:\program files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe AutoRun [2013-11-6 1667072]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 5 (0x5)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
      "{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockFree\ODMenu.dll" [2010-10-04 511344]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "mixer3"=wdmaud.drv
      .
      [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
      backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
      backupExtension=.CommonStartup
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
      2013-05-11 10:37   3478600   ----a-w-   c:\program files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
      2013-05-11 10:37   958576   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
      2012-09-20 05:27   444904   ----a-w-   c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
      2013-04-21 18:43   59720   ----a-w-   c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonQuickMenu]
      2012-09-27 14:02   1279120   ----a-w-   c:\program files\Canon\Quick Menu\CNQMMAIN.EXE
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
      2007-01-01 21:22   3739648   ----a-w-   c:\users\TOSHIBA\AppData\Roaming\Google\Google Talk\googletalk.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
      2011-04-01 14:42   80840   ----a-w-   c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      2013-05-31 08:56   152392   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
      2010-08-15 16:54   34160   ----a-w-   c:\program files\TOSHIBA\Utilities\KeNotify.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
      2012-02-22 17:49   6591800   ----a-w-   c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
      2011-03-29 05:48   408576   ----a-w-   c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
      2013-04-01 09:45   298616   ----a-w-   c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVBg]
      2010-07-28 15:23   1493608   ------w-   c:\program files\Realtek\Audio\HDA\RtHDVBg.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
      2010-07-28 15:23   9398888   ------w-   c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
      2013-02-28 15:50   18642024   ----a-r-   c:\program files\Skype\Phone\Skype.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      2013-07-02 07:16   254336   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
      2010-03-10 15:49   1697064   ----a-w-   c:\program files\Synaptics\SynTP\SynTPEnh.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
      2012-04-08 08:25   296056   ----a-w-   c:\program files\Real\RealPlayer\Update\realsched.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
      2007-05-31 06:21   648072   ----a-w-   c:\windows\WindowsMobile\wmdc.exe
      .
      R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-03-24 102784]
      R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-03-24 11136]
      R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
      R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
      R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-03-24 85760]
      R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-03-24 26496]
      R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2011-03-24 168448]
      R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
      R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-04-08 85152]
      R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
      R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 182304]
      R3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
      R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-08 1343400]
      S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-04-08 162928]
      S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2013-10-17 108816]
      S1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [2013-10-28 340432]
      S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2013-10-17 157264]
      S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2013-10-17 230448]
      S2 HTCMonitorService;HTCMonitorService;c:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-09-02 87368]
      S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-04-08 145936]
      S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-10-17 1444120]
      S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2012-04-08 17520]
      S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2011-03-24 348160]
      S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-03-24 72832]
      S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
      S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 33616]
      S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-10-22 679128]
      .
      .
      --- Other Services/Drivers In Memory ---
      .
      *NewlyCreated* - WS2IFSL
      *Deregistered* - mfeavfk01
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      WindowsMobile   REG_MULTI_SZ      wcescomm rapimgr
      LocalServiceRestricted   REG_MULTI_SZ      WcesComm RapiMgr
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2013-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 17:28]
      .
      2013-11-02 c:\windows\Tasks\ReclaimerUpdateFiles_TOSHIBA.job
      - c:\users\TOSHIBA\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-10-19 08:43]
      .
      2013-11-02 c:\windows\Tasks\ReclaimerUpdateXML_TOSHIBA.job
      - c:\users\TOSHIBA\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-10-19 08:43]
      .
      2013-11-08 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_TOSHIBA.job
      - c:\users\TOSHIBA\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-10-19 08:43]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = https://www.google.co.za/?gws_rd=cr&ei=Wr97UpqJIMbAtQbaroGIDg
      uInternet Settings,ProxyOverride = *.local
      TCP: DhcpNameServer = 196.207.35.29 196.207.35.30
      TCP: Interfaces\{02FE2E07-03F4-426B-9774-125C012BEC21}: NameServer = 163.121.128.134 212.103.160.18
      TCP: Interfaces\{98513050-6C5D-44C0-A99E-45978941BB38}: NameServer = 163.121.128.134 212.103.160.18
      TCP: Interfaces\{F93B3222-C7BF-4FBA-921D-D5D0CEBC092A}: NameServer = 163.121.128.134 212.103.160.18
      FF - ProfilePath - c:\users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\h6zrixsw.default\
      FF - ExtSQL: 2013-10-01 22:58; [email protected]; c:\users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\h6zrixsw.default\extensions\[email protected]
      FF - ExtSQL: 2013-10-07 16:34; [email protected]; c:\program files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
      .
      - - - - ORPHANS REMOVED - - - -
      .
      SafeBoot-39980888.sys
      MSConfigStartUp-FilmFanatic Browser Plugin Loader - c:\progra~1\FILMFA~2\bar\1.bin\pabrmon.exe
      MSConfigStartUp-FilmFanatic Search Scope Monitor - c:\progra~1\FILMFA~2\bar\1.bin\pasrchmn.exe
      MSConfigStartUp-VideoDownloadConverter Search Scope Monitor - c:\progra~1\VIDEOD~2\bar\1.bin\4zsrchmn.exe
      MSConfigStartUp-VideoDownloadConverter_4z Browser Plugin Loader - c:\progra~1\VIDEOD~2\bar\1.bin\4zbrmon.exe
      MSConfigStartUp-VideoScavenger Search Scope Monitor - c:\progra~1\VIDEOS~2\bar\1.bin\1esrchmn.exe
      MSConfigStartUp-VideoScavenger_1e Browser Plugin Loader - c:\progra~1\VIDEOS~2\bar\1.bin\1ebrmon.exe
      .
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'Explorer.exe'(3344)
      c:\program files\Stardock\ObjectDockFree\DockShellHook.dll
      c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
      c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll
      c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
      c:\program files\Stardock\ObjectDockFree\ODMenu.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\windows\system32\WLANExt.exe
      c:\windows\system32\conhost.exe
      c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
      c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      c:\program files\Bonjour\mDNSResponder.exe
      c:\program files\Canon\IJPLM\IJPLMSVC.EXE
      c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
      c:\program files\McAfee\Common Framework\FrameworkService.exe
      c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
      c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
      c:\windows\system32\conhost.exe
      c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      c:\program files\McAfee\Common Framework\naPrdMgr.exe
      c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
      c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
      c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
      c:\windows\System32\WUDFHost.exe
      c:\windows\system32\taskhost.exe
      c:\program files\HTC\HTC Sync Manager\HTC Sync\adb.exe
      c:\windows\system32\conhost.exe
      c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\alga.exe
      c:\program files\McAfee\Common Framework\McTray.exe
      c:\windows\system32\sppsvc.exe
      .
      **************************************************************************
      .
      Completion time: 2013-11-08  09:28:13 - machine was rebooted
      ComboFix-quarantined-files.txt  2013-11-08 07:28
      .
      Pre-Run: 69,544,628,224 bytes free
      Post-Run: 69,461,553,152 bytes free
      .
      - - End Of File - - 6C8780FD6B111A6EB69D1F04FCD75B59
      A36C5E4F47E84449FF07ED3517B43A31

      MNMAN

        Topic Starter


        Rookie

        • Experience: Beginner
        • OS: Windows 7
        UPDATE
        « Reply #3 on: November 08, 2013, 01:16:35 AM »
        HI, I know we are still working on solving my problem, however after doing all the scan and updates requested the problem still exist and the popup comes on every time I am connected to the internet as C:\Users\TOSHIBA\AppData\Local\Microsoft\Windows\Temporary Internet Files\web.html
        and some times as
        C:\Users\TOSHIBA\AppData\Local\Microsoft\Windows\Temporary Internet Files\html.html

        P.S. Once I close the popup browser it doesn't popup again.

        regards.

        SuperDave

        • Malware Removal Specialist
        • Moderator


        • Genius
        • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: Problem with Virus and/or spyware : please help
        « Reply #4 on: November 08, 2013, 07:00:03 PM »
        Quote
        do I still have to down load Sun Java Runtime Environment and/or JavaRa?
        The Security log shows that it's not the latest version which is I believe 45.

        Click Start> Computer> right click the C Drive and choose Properties> enter
        Click Disk Cleanup from there.



        Click OK on the Disk Cleanup Screen.
        Click Yes on the Confirmation screen.



        This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
        *****************************************
        SysProt Antirootkit

        Download
        SysProt Antirootkit from the link below (you will find it at the bottom
        of the page under attachments, or you can get it from one of the
        mirrors).

        http://sites.google.com/site/sysprotantirootkit/

        Unzip it into a folder on your desktop.
        • Double click Sysprot.exe to start the program.
        • Click on the Log tab.
        • In the Write to log box select the following items.
          • Process << Selected
          • Kernel Modules << Selected
          • SSDT << Selected
          • Kernel Hooks << Selected
          • IRP Hooks << NOT Selected
          • Ports << NOT Selected
          • Hidden Files << Selected
        • At the bottom of the page
          • Hidden Objects Only << Selected
        • Click on the Create Log button on the bottom right.
        • After a few seconds a new window should appear.
        • Select Scan Root Drive. Click on the Start button.
        • When it is complete a new window will appear to indicate that the scan is finished.
        • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
        Windows 8 and Windows 10 dual boot with two SSD's

        MNMAN

          Topic Starter


          Rookie

          • Experience: Beginner
          • OS: Windows 7
          Re: Problem with Virus and/or spyware : please help
          « Reply #5 on: November 08, 2013, 08:15:16 PM »
          I had a problem with SysPort: Once I clicked on create log the following warning message popped up:

          "Failed to start service, SysPort AntiRootkit needs to run with Admin privileges"

          I have admin privileges on this PC.

          After I clicked OK a new window appears as you descried above and the log was created as following:
          P.S. I have tried several times and each time the same warning message popups.

          SysProt AntiRootkit v1.0.1.0
          by swatkat

          ******************************************************************************************
          ******************************************************************************************

          No Hidden Processes found

          ******************************************************************************************
          ******************************************************************************************
          No Hidden Kernel Modules found

          ******************************************************************************************
          ******************************************************************************************
          No SSDT Hooks found

          ******************************************************************************************
          ******************************************************************************************
          No Kernel Hooks found

          ******************************************************************************************
          ******************************************************************************************
          No hidden files/folders found


          MNMAN

            Topic Starter


            Rookie

            • Experience: Beginner
            • OS: Windows 7
            Re: Problem with Virus and/or spyware : please help
            « Reply #6 on: November 09, 2013, 12:06:23 PM »
            I finally managed to rum SysPort as administrator.
            After clicking Create Log button an Error message saying Error scanning SSDT HOOKS appeared, I clicked OK, the scanning  process proceeded smoothly as described by you erlier and the log was created. Here is the log "sorry for inconvenience"


            SysProt AntiRootkit v1.0.1.0
            by swatkat

            ******************************************************************************************
            ******************************************************************************************

            No Hidden Processes found

            ******************************************************************************************
            ******************************************************************************************
            Kernel Modules:
            Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
            Service Name: ---
            Module Base: 937A5000
            Module End: 937B0000
            Hidden: Yes

            Module Name: \SystemRoot\System32\Drivers\dump_msahci.sys
            Service Name: ---
            Module Base: 937B0000
            Module End: 937BA000
            Hidden: Yes

            Module Name: \SystemRoot\System32\Drivers\dump_dumpfve.sys
            Service Name: ---
            Module Base: 937BA000
            Module End: 937CB000
            Hidden: Yes

            ******************************************************************************************
            ******************************************************************************************
            No SSDT Hooks found

            ******************************************************************************************
            ******************************************************************************************
            No Kernel Hooks found

            ******************************************************************************************
            ******************************************************************************************
            Hidden files/folders:
            Object: C:\Qoobox\BackEnv\AppData.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\Cache.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\Cookies.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\Desktop.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\Favorites.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\History.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\Music.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\NetHood.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\Personal.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\Pictures.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\Programs.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\Recent.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\SendTo.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\SetPath.bat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\StartUp.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\SysPath.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\Templates.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\VikPev00
            Status: Access denied

            Object: C:\Users\TOSHIBA\Desktop\PC shakira\IGO\backup\igo8(??)???.lnk
            Status: Hidden

            Object: C:\Windows\CSC\v2.0.6\namespace
            Status: Access denied

            Object: C:\Windows\CSC\v2.0.6\pq
            Status: Access denied

            Object: C:\Windows\CSC\v2.0.6\sm
            Status: Access denied

            Object: C:\Windows\CSC\v2.0.6\temp
            Status: Access denied

            Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
            Status: Access denied

            Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
            Status: Access denied

            Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
            Status: Access denied

            Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
            Status: Access denied

            Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl
            Status: Access denied

            Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
            Status: Access denied


            SuperDave

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            Re: Problem with Virus and/or spyware : please help
            « Reply #7 on: November 09, 2013, 01:28:14 PM »
            I'd like to scan your machine with ESET OnlineScan

            •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
            ESET OnlineScan

            •Click the button.
            •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
            • Click on to download the ESET Smart Installer. Save it to your desktop.
            • Double click on the icon on your desktop.
            •Check
            •Click the button.
            •Accept any security warnings from your browser.
            • Leave the check mark next to Remove found threats.
            •Check
            •Push the Start button.
            •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
            •When the scan completes, push
            •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
            •Push the button.
            •Push
            A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
            Windows 8 and Windows 10 dual boot with two SSD's

            MNMAN

              Topic Starter


              Rookie

              • Experience: Beginner
              • OS: Windows 7
              Re: Problem with Virus and/or spyware : please help
              « Reply #8 on: November 10, 2013, 02:05:40 AM »
              Hi, first of all I really appreciate your help ,

              The result is No Threats Found

              Here is the log:

              ESETSmartInstaller@High as downloader log:
              Can not extract cabC:\Program Files\ESET\ESET Online Scanner\OnlineScanner.cabErr:The handle is invalid.
              ESETSmartInstaller@High as downloader log:
              all ok
              # version=8
              # OnlineScannerApp.exe=1.0.0.1
              # OnlineScanner.ocx=1.0.0.6920
              # api_version=3.0.2
              # EOSSerial=e1a2caa48ced7b4b9f5ba14798e6cf3f
              # engine=15823
              # end=finished
              # remove_checked=false
              # archives_checked=true
              # unwanted_checked=false
              # unsafe_checked=false
              # antistealth_checked=true
              # utc_time=2013-11-10 07:46:05
              # local_time=2013-11-10 09:46:05 (+0200, Egypt Standard Time)
              # country="United States"
              # lang=1033
              # osver=6.1.7601 NT Service Pack 1
              # compatibility_mode=5893 16776573 100 94 68635 135700756 0 0
              # scanned=148513
              # found=0
              # cleaned=0
              # scan_time=6849
              ESETSmartInstaller@High as downloader log:
              Can not open internetESETSmartInstaller@High as downloader log:
              all ok

              SuperDave

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Thanked: 1020
              • Certifications: List
              • Experience: Expert
              • OS: Windows 10
              Re: Problem with Virus and/or spyware : please help
              « Reply #9 on: November 10, 2013, 01:05:48 PM »
              That looks good. How's your computer running now? Any other issues before we clean up?
              Windows 8 and Windows 10 dual boot with two SSD's

              MNMAN

                Topic Starter


                Rookie

                • Experience: Beginner
                • OS: Windows 7
                Re: Problem with Virus and/or spyware : please help
                « Reply #10 on: November 10, 2013, 01:30:56 PM »
                Apart of the popup problem which is still exists, It's running well.
                « Last Edit: November 10, 2013, 01:58:17 PM by MNMAN »

                SuperDave

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Thanked: 1020
                • Certifications: List
                • Experience: Expert
                • OS: Windows 10
                Re: Problem with Virus and/or spyware : please help
                « Reply #11 on: November 11, 2013, 04:59:29 PM »
                Apart of the popup problem which is still exists, It's running well.
                Could you please post a screenshot of that popup?

                How to post screenshots or images
                Windows 8 and Windows 10 dual boot with two SSD's

                MNMAN

                  Topic Starter


                  Rookie

                  • Experience: Beginner
                  • OS: Windows 7
                  Re: Problem with Virus and/or spyware : please help
                  « Reply #12 on: November 11, 2013, 11:57:40 PM »
                  Here are two screen prints the only different is the file pass on the top.




                  SuperDave

                  • Malware Removal Specialist
                  • Moderator


                  • Genius
                  • Thanked: 1020
                  • Certifications: List
                  • Experience: Expert
                  • OS: Windows 10
                  Re: Problem with Virus and/or spyware : please help
                  « Reply #13 on: November 12, 2013, 12:18:39 PM »
                  Here are two tools that may fix that problem. Please let me know what browser you're using.

                  Download CCleaner Slim and save it to your Desktop - Alternate download link

                  When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
                  Follow the prompts to install the program.

                  * Double-click the CCleaner shortcut on the desktop to start the program.
                  * Click on the Options block on the left, then choose Cookies.
                  * Under Cookies to Delete, highlight any cookies you would like to retain permanently
                  * Click the right arrow > to move them to the Cookies to Keep window.
                  * Go into Options > Advanced uncheck Only delete files in Windows Temp folders older than 48 hours
                  * Click Cleaner on the left then Run Cleaner on the right to run the program.
                  * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

                  Caution: Only use the Registry feature if you are very familiar with the registry.
                  Always back up your registry before making any changes.[/I] Exit CCleaner after it has completed it's process.
                  *************************************************
                  Please download and run MS Fix-it from here.
                  Windows 8 and Windows 10 dual boot with two SSD's

                  MNMAN

                    Topic Starter


                    Rookie

                    • Experience: Beginner
                    • OS: Windows 7
                    Re: Problem with Virus and/or spyware : please help
                    « Reply #14 on: November 13, 2013, 03:56:52 AM »
                    I am using IE 11

                    I ran both programs CCleaner and MS Fix It but the popup is still coming?!

                    SuperDave

                    • Malware Removal Specialist
                    • Moderator


                    • Genius
                    • Thanked: 1020
                    • Certifications: List
                    • Experience: Expert
                    • OS: Windows 10
                    Re: Problem with Virus and/or spyware : please help
                    « Reply #15 on: November 13, 2013, 01:14:28 PM »
                    I am using IE 11

                    I ran both programs CCleaner and MS Fix It but the popup is still coming?!
                    And the popups are always the same as the ones you posted for me?
                    Do you have any add-ons in IE?
                    Windows 8 and Windows 10 dual boot with two SSD's

                    MNMAN

                      Topic Starter


                      Rookie

                      • Experience: Beginner
                      • OS: Windows 7
                      Re: Problem with Virus and/or spyware : please help
                      « Reply #16 on: November 13, 2013, 01:32:35 PM »
                      Quote
                      And the popups are always the same as the ones you posted for me?

                      Yes it's always the same as the one I posted before.


                      Quote
                      Do you have any add-ons in IE?

                      YES , some are enabled and some are disabled.

                      SuperDave

                      • Malware Removal Specialist
                      • Moderator


                      • Genius
                      • Thanked: 1020
                      • Certifications: List
                      • Experience: Expert
                      • OS: Windows 10
                      Re: Problem with Virus and/or spyware : please help
                      « Reply #17 on: November 14, 2013, 04:33:27 PM »
                      Please try disabling all the add-ons and see if it makes and difference.
                      Windows 8 and Windows 10 dual boot with two SSD's

                      MNMAN

                        Topic Starter


                        Rookie

                        • Experience: Beginner
                        • OS: Windows 7
                        Re: Problem with Virus and/or spyware : please help
                        « Reply #18 on: November 15, 2013, 02:51:06 AM »
                        Quote
                        Please try disabling all the add-ons and see if it makes and difference.

                        I did but the problem persist.

                        However the popup doesn't show a web address (C:\Users\TOSHIBA\AppData\Local\Microsoft\Windows\Temporary Internet Files\web.html) , I managed to get the web address related to this popup ( http://newbase.sytes.net), I hope this may help.

                        I have red about something called onewebsearch , it's a virus that takes over the browser.

                        I am so dispirit  :'(

                        SuperDave

                        • Malware Removal Specialist
                        • Moderator


                        • Genius
                        • Thanked: 1020
                        • Certifications: List
                        • Experience: Expert
                        • OS: Windows 10
                        Re: Problem with Virus and/or spyware : please help
                        « Reply #19 on: November 15, 2013, 12:19:47 PM »
                        • Download TDSSKiller and save it to your Desktop.
                        • Extract its contents to your desktop.
                        • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.



                        • If an infected file is detected, the default action will be Cure, click on Continue.



                        • If a suspicious file is detected, the default action will be Skip, click on Continue.



                        • It may ask you to reboot the computer to complete the process. Click on Reboot Now.



                        • Click the Report button and copy/paste the contents of it into your next reply
                        Note:It will also create a log in the C:\ directory..
                        Windows 8 and Windows 10 dual boot with two SSD's

                        MNMAN

                          Topic Starter


                          Rookie

                          • Experience: Beginner
                          • OS: Windows 7
                          Re: Problem with Virus and/or spyware : please help
                          « Reply #20 on: November 15, 2013, 02:04:17 PM »
                          Here is the report:

                          22:57:31.0799 2188  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
                          22:57:31.0830 2188  ============================================================
                          22:57:31.0830 2188  Current date / time: 2013/11/15 22:57:31.0830
                          22:57:31.0830 2188  SystemInfo:
                          22:57:31.0830 2188 
                          22:57:31.0830 2188  OS Version: 6.1.7601 ServicePack: 1.0
                          22:57:31.0830 2188  Product type: Workstation
                          22:57:31.0830 2188  ComputerName: MNMAN
                          22:57:31.0830 2188  UserName: TOSHIBA
                          22:57:31.0830 2188  Windows directory: C:\Windows
                          22:57:31.0830 2188  System windows directory: C:\Windows
                          22:57:31.0830 2188  Processor architecture: Intel x86
                          22:57:31.0830 2188  Number of processors: 4
                          22:57:31.0830 2188  Page size: 0x1000
                          22:57:31.0830 2188  Boot type: Normal boot
                          22:57:31.0830 2188  ============================================================
                          22:57:33.0281 2188  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
                          22:57:33.0312 2188  Drive \Device\Harddisk2\DR2 - Size: 0x1BF0FFB000 (111.77 Gb), SectorSize: 0x200, Cylinders: 0x38FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
                          22:57:33.0655 2188  ============================================================
                          22:57:33.0655 2188  \Device\Harddisk0\DR0:
                          22:57:33.0655 2188  MBR partitions:
                          22:57:33.0655 2188  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
                          22:57:33.0655 2188  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC7D9000
                          22:57:33.0655 2188  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC80B800, BlocksNum 0x18C22800
                          22:57:33.0655 2188  \Device\Harddisk2\DR2:
                          22:57:33.0671 2188  MBR partitions:
                          22:57:33.0671 2188  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x258, BlocksNum 0xDF87D80
                          22:57:33.0671 2188  ============================================================
                          22:57:33.0718 2188  C: <-> \Device\Harddisk0\DR0\Partition2
                          22:57:33.0749 2188  D: <-> \Device\Harddisk0\DR0\Partition3
                          22:57:33.0858 2188  J: <-> \Device\Harddisk2\DR2\Partition1
                          22:57:33.0858 2188  ============================================================
                          22:57:33.0858 2188  Initialize success
                          22:57:33.0858 2188  ============================================================
                          22:58:36.0711 5520  ============================================================
                          22:58:36.0711 5520  Scan started
                          22:58:36.0711 5520  Mode: Manual; SigCheck; TDLFS;
                          22:58:36.0711 5520  ============================================================
                          22:58:37.0834 5520  ================ Scan system memory ========================
                          22:58:37.0834 5520  System memory - ok
                          22:58:37.0834 5520  ================ Scan services =============================
                          22:58:38.0005 5520  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
                          22:58:38.0239 5520  1394ohci - ok
                          22:58:38.0317 5520  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
                          22:58:38.0333 5520  ACPI - ok
                          22:58:38.0380 5520  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
                          22:58:38.0489 5520  AcpiPmi - ok
                          22:58:38.0707 5520  AdobeARMservice - ok
                          22:58:38.0770 5520  [ 438F31336B3DC248ABC632F1C8F34A24 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
                          22:58:38.0801 5520  AdobeFlashPlayerUpdateSvc - ok
                          22:58:38.0848 5520  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
                          22:58:38.0879 5520  adp94xx - ok
                          22:58:38.0895 5520  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
                          22:58:38.0926 5520  adpahci - ok
                          22:58:38.0957 5520  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
                          22:58:38.0973 5520  adpu320 - ok
                          22:58:39.0004 5520  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
                          22:58:39.0082 5520  AeLookupSvc - ok
                          22:58:39.0113 5520  [ F81BB7E487EDCEAB630A7EE66CF23913 ] AFD             C:\Windows\system32\drivers\afd.sys
                          22:58:39.0238 5520  AFD - ok
                          22:58:39.0285 5520  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
                          22:58:39.0300 5520  agp440 - ok
                          22:58:39.0347 5520  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
                          22:58:39.0363 5520  aic78xx - ok
                          22:58:39.0425 5520  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
                          22:58:39.0472 5520  ALG - ok
                          22:58:39.0503 5520  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
                          22:58:39.0534 5520  aliide - ok
                          22:58:39.0565 5520  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
                          22:58:39.0581 5520  amdagp - ok
                          22:58:39.0597 5520  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
                          22:58:39.0612 5520  amdide - ok
                          22:58:39.0643 5520  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
                          22:58:39.0721 5520  AmdK8 - ok
                          22:58:39.0753 5520  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
                          22:58:39.0815 5520  AmdPPM - ok
                          22:58:39.0846 5520  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
                          22:58:39.0877 5520  amdsata - ok
                          22:58:39.0909 5520  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
                          22:58:39.0924 5520  amdsbs - ok
                          22:58:39.0940 5520  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
                          22:58:39.0955 5520  amdxata - ok
                          22:58:40.0002 5520  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
                          22:58:40.0065 5520  AppID - ok
                          22:58:40.0111 5520  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
                          22:58:40.0174 5520  AppIDSvc - ok
                          22:58:40.0236 5520  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\Windows\System32\appinfo.dll
                          22:58:40.0314 5520  Appinfo - ok
                          22:58:40.0408 5520  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                          22:58:40.0423 5520  Apple Mobile Device - ok
                          22:58:40.0470 5520  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
                          22:58:40.0548 5520  AppMgmt - ok
                          22:58:40.0579 5520  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
                          22:58:40.0611 5520  arc - ok
                          22:58:40.0626 5520  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
                          22:58:40.0642 5520  arcsas - ok
                          22:58:40.0657 5520  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
                          22:58:40.0829 5520  AsyncMac - ok
                          22:58:40.0845 5520  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
                          22:58:40.0876 5520  atapi - ok
                          22:58:40.0923 5520  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
                          22:58:41.0001 5520  AudioEndpointBuilder - ok
                          22:58:41.0016 5520  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
                          22:58:41.0047 5520  Audiosrv - ok
                          22:58:41.0079 5520  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
                          22:58:41.0157 5520  AxInstSV - ok
                          22:58:41.0203 5520  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
                          22:58:41.0313 5520  b06bdrv - ok
                          22:58:41.0375 5520  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
                          22:58:41.0422 5520  b57nd60x - ok
                          22:58:41.0547 5520  [ CDA161020BF75B12728AE394196AD991 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
                          22:58:41.0656 5520  BCM43XX - ok
                          22:58:41.0687 5520  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
                          22:58:41.0781 5520  BDESVC - ok
                          22:58:41.0812 5520  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
                          22:58:41.0874 5520  Beep - ok
                          22:58:41.0921 5520  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
                          22:58:41.0983 5520  BFE - ok
                          22:58:42.0015 5520  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\system32\qmgr.dll
                          22:58:42.0061 5520  BITS - ok
                          22:58:42.0093 5520  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
                          22:58:42.0124 5520  blbdrive - ok
                          22:58:42.0217 5520  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
                          22:58:42.0249 5520  Bonjour Service - ok
                          22:58:42.0295 5520  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
                          22:58:42.0373 5520  bowser - ok
                          22:58:42.0405 5520  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
                          22:58:42.0514 5520  BrFiltLo - ok
                          22:58:42.0529 5520  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
                          22:58:42.0576 5520  BrFiltUp - ok
                          22:58:42.0639 5520  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
                          22:58:42.0701 5520  BridgeMP - ok
                          22:58:42.0748 5520  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
                          22:58:42.0810 5520  Browser - ok
                          22:58:42.0826 5520  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
                          22:58:42.0919 5520  Brserid - ok
                          22:58:42.0935 5520  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
                          22:58:42.0997 5520  BrSerWdm - ok
                          22:58:43.0013 5520  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
                          22:58:43.0060 5520  BrUsbMdm - ok
                          22:58:43.0075 5520  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
                          22:58:43.0122 5520  BrUsbSer - ok
                          22:58:43.0153 5520  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
                          22:58:43.0200 5520  BTHMODEM - ok
                          22:58:43.0231 5520  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
                          22:58:43.0278 5520  bthserv - ok
                          22:58:43.0341 5520  catchme - ok
                          22:58:43.0372 5520  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
                          22:58:43.0481 5520  cdfs - ok
                          22:58:43.0528 5520  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
                          22:58:43.0575 5520  cdrom - ok
                          22:58:43.0621 5520  [ AECD6E980834D784DEA44456B2DC5164 ] CeKbFilter      C:\Windows\system32\DRIVERS\CeKbFilter.sys
                          22:58:43.0653 5520  CeKbFilter - ok
                          22:58:43.0684 5520  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
                          22:58:43.0762 5520  CertPropSvc - ok
                          22:58:43.0793 5520  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
                          22:58:43.0824 5520  circlass - ok
                          22:58:43.0855 5520  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
                          22:58:43.0871 5520  CLFS - ok
                          22:58:43.0933 5520  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
                          22:58:43.0949 5520  clr_optimization_v2.0.50727_32 - ok
                          22:58:44.0027 5520  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
                          22:58:44.0089 5520  clr_optimization_v4.0.30319_32 - ok
                          22:58:44.0121 5520  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
                          22:58:44.0152 5520  CmBatt - ok
                          22:58:44.0183 5520  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
                          22:58:44.0199 5520  cmdide - ok
                          22:58:44.0230 5520  [ 85449EEBE8F8EBD6481EFBF0F352B4EB ] CNG             C:\Windows\system32\Drivers\cng.sys
                          22:58:44.0261 5520  CNG - ok
                          22:58:44.0292 5520  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
                          22:58:44.0308 5520  Compbatt - ok
                          22:58:44.0339 5520  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
                          22:58:44.0386 5520  CompositeBus - ok
                          22:58:44.0401 5520  COMSysApp - ok
                          22:58:44.0433 5520  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
                          22:58:44.0448 5520  crcdisk - ok
                          22:58:44.0495 5520  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
                          22:58:44.0589 5520  CryptSvc - ok
                          22:58:44.0651 5520  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
                          22:58:44.0745 5520  CSC - ok
                          22:58:44.0807 5520  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
                          22:58:44.0838 5520  CscService - ok
                          22:58:44.0854 5520  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
                          22:58:44.0916 5520  DcomLaunch - ok
                          22:58:44.0947 5520  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
                          22:58:45.0010 5520  defragsvc - ok
                          22:58:45.0041 5520  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
                          22:58:45.0088 5520  DfsC - ok
                          22:58:45.0135 5520  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
                          22:58:45.0213 5520  Dhcp - ok
                          22:58:45.0291 5520  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
                          22:58:45.0447 5520  discache - ok
                          22:58:45.0540 5520  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
                          22:58:45.0571 5520  Disk - ok
                          22:58:45.0649 5520  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
                          22:58:45.0759 5520  Dnscache - ok
                          22:58:45.0790 5520  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
                          22:58:45.0852 5520  dot3svc - ok
                          22:58:45.0883 5520  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
                          22:58:45.0993 5520  DPS - ok
                          22:58:46.0039 5520  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
                          22:58:46.0071 5520  drmkaud - ok
                          22:58:46.0117 5520  [ 71BC35067CABC02C9453AEAA42B2E43E ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
                          22:58:46.0149 5520  DXGKrnl - ok
                          22:58:46.0180 5520  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
                          22:58:46.0258 5520  EapHost - ok
                          22:58:46.0383 5520  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
                          22:58:46.0523 5520  ebdrv - ok
                          22:58:46.0554 5520  [ 803B370865D907EA21DC0C2B6A8936B5 ] EFS             C:\Windows\System32\lsass.exe
                          22:58:46.0648 5520  EFS - ok
                          22:58:46.0726 5520  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
                          22:58:46.0851 5520  ehRecvr - ok
                          22:58:46.0866 5520  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
                          22:58:46.0944 5520  ehSched - ok
                          22:58:46.0975 5520  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
                          22:58:47.0007 5520  elxstor - ok
                          22:58:47.0038 5520  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
                          22:58:47.0085 5520  ErrDev - ok
                          22:58:47.0147 5520  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
                          22:58:47.0194 5520  EventSystem - ok
                          22:58:47.0256 5520  [ B0B03560D4DB067B60789FC385762510 ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
                          22:58:47.0381 5520  ewusbnet - ok
                          22:58:47.0412 5520  [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
                          22:58:47.0490 5520  ew_hwusbdev - ok
                          22:58:47.0537 5520  [ 61A973F60E94A551BA7B15F3460444FB ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
                          22:58:47.0584 5520  ew_usbenumfilter - ok
                          22:58:47.0615 5520  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
                          22:58:47.0677 5520  exfat - ok
                          22:58:47.0693 5520  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
                          22:58:47.0755 5520  fastfat - ok
                          22:58:47.0802 5520  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
                          22:58:47.0911 5520  Fax - ok
                          22:58:47.0974 5520  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
                          22:58:48.0021 5520  fdc - ok
                          22:58:48.0052 5520  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
                          22:58:48.0114 5520  fdPHost - ok
                          22:58:48.0145 5520  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
                          22:58:48.0192 5520  FDResPub - ok
                          22:58:48.0208 5520  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
                          22:58:48.0223 5520  FileInfo - ok
                          22:58:48.0239 5520  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
                          22:58:48.0270 5520  Filetrace - ok
                          22:58:48.0301 5520  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
                          22:58:48.0348 5520  flpydisk - ok
                          22:58:48.0379 5520  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
                          22:58:48.0411 5520  FltMgr - ok
                          22:58:48.0457 5520  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
                          22:58:48.0551 5520  FontCache - ok
                          22:58:48.0613 5520  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
                          22:58:48.0645 5520  FontCache3.0.0.0 - ok
                          22:58:48.0691 5520  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
                          22:58:48.0723 5520  FsDepends - ok
                          22:58:48.0754 5520  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
                          22:58:48.0785 5520  Fs_Rec - ok
                          22:58:48.0832 5520  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
                          22:58:48.0863 5520  fvevol - ok
                          22:58:48.0910 5520  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
                          22:58:48.0925 5520  gagp30kx - ok
                          22:58:48.0988 5520  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
                          22:58:49.0003 5520  GEARAspiWDM - ok
                          22:58:49.0050 5520  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
                          22:58:49.0144 5520  gpsvc - ok
                          22:58:49.0253 5520  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
                          22:58:49.0284 5520  gupdate - ok
                          22:58:49.0315 5520  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
                          22:58:49.0331 5520  gupdatem - ok
                          22:58:49.0362 5520  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                          22:58:49.0378 5520  gusvc - ok
                          22:58:49.0409 5520  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
                          22:58:49.0503 5520  hcw85cir - ok
                          22:58:49.0565 5520  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
                          22:58:49.0612 5520  HdAudAddService - ok
                          22:58:49.0643 5520  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
                          22:58:49.0690 5520  HDAudBus - ok
                          22:58:49.0737 5520  [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI            C:\Windows\system32\DRIVERS\HECI.sys
                          22:58:49.0815 5520  HECI - ok
                          22:58:49.0846 5520  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
                          22:58:49.0893 5520  HidBatt - ok
                          22:58:49.0924 5520  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
                          22:58:49.0971 5520  HidBth - ok
                          22:58:50.0002 5520  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
                          22:58:50.0049 5520  HidIr - ok
                          22:58:50.0080 5520  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
                          22:58:50.0142 5520  hidserv - ok
                          22:58:50.0205 5520  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
                          22:58:50.0298 5520  HidUsb - ok
                          22:58:50.0329 5520  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
                          22:58:50.0392 5520  hkmsvc - ok
                          22:58:50.0439 5520  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
                          22:58:50.0532 5520  HomeGroupListener - ok
                          22:58:50.0579 5520  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
                          22:58:50.0657 5520  HomeGroupProvider - ok
                          22:58:50.0704 5520  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
                          22:58:50.0751 5520  HpSAMD - ok
                          22:58:50.0813 5520  [ 950CC1E6AE3A6CD23E0945CDE089B02C ] HTCAND32        C:\Windows\system32\Drivers\ANDROIDUSB.sys
                          22:58:50.0938 5520  HTCAND32 - ok
                          22:58:51.0031 5520  [ 5C8BC8A28798FD010E7ABC4E0D588CAA ] HTCMonitorService C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
                          22:58:51.0063 5520  HTCMonitorService - ok
                          22:58:51.0094 5520  [ 339ADEFAD60353F960E3CA67CE468C24 ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
                          22:58:51.0141 5520  htcnprot - ok
                          22:58:51.0187 5520  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
                          22:58:51.0234 5520  HTTP - ok
                          22:58:51.0265 5520  [ FB572C3FC151C308D1DC3A99954D97B7 ] huawei_cdcacm   C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
                          22:58:51.0359 5520  huawei_cdcacm - ok
                          22:58:51.0406 5520  [ 00B363D211909FB85BC6300A3214AC03 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
                          22:58:51.0453 5520  huawei_enumerator - ok
                          22:58:51.0515 5520  [ 7B1DED0BE9A4203857AB0DED695983E6 ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
                          22:58:51.0593 5520  huawei_ext_ctrl - ok
                          22:58:51.0640 5520  [ 189AC9CB8630FAEB1DCAE2F97B8FF98C ] huawei_wwanecm  C:\Windows\system32\DRIVERS\ew_juwwanecm.sys
                          22:58:51.0702 5520  huawei_wwanecm - ok
                          22:58:51.0733 5520  [ 1C09309A3D793C57EF87AC60C6BBD739 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
                          22:58:51.0796 5520  hwdatacard - ok
                          22:58:51.0827 5520  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
                          22:58:51.0843 5520  hwpolicy - ok
                          22:58:51.0889 5520  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
                          22:58:51.0921 5520  i8042prt - ok
                          22:58:51.0983 5520  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
                          22:58:51.0999 5520  iaStorV - ok
                          22:58:52.0092 5520  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
                          22:58:52.0155 5520  idsvc - ok
                          22:58:52.0201 5520  IEEtwCollectorService - ok
                          22:58:52.0513 5520  [ DB7413CF09D74231720F78737DCF4188 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
                          22:58:52.0841 5520  igfx - ok
                          22:58:52.0872 5520  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
                          22:58:52.0888 5520  iirsp - ok
                          22:58:52.0966 5520  [ EDCCC8C13B1EB882F77BA0ABB84566E7 ] IJPLMSVC        C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
                          22:58:52.0981 5520  IJPLMSVC - ok
                          22:58:53.0028 5520  [ B9C54120F46392100478F58F374E5709 ] IKEEXT          C:\Windows\System32\ikeext.dll
                          22:58:53.0075 5520  IKEEXT - ok
                          22:58:53.0137 5520  [ E3C36AC5AE87EC970AE8EA2A93D59AE1 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
                          22:58:53.0169 5520  Impcd - ok
                          22:58:53.0278 5520  [ AEE99ECF06CD1CEA95816CCB5BF73EC8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
                          22:58:53.0387 5520  IntcAzAudAddService - ok
                          22:58:53.0403 5520  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
                          22:58:53.0418 5520  intelide - ok
                          22:58:53.0465 5520  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
                          22:58:53.0496 5520  intelppm - ok
                          22:58:53.0543 5520  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
                          22:58:53.0574 5520  IPBusEnum - ok
                          22:58:53.0590 5520  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
                          22:58:53.0621 5520  IpFilterDriver - ok
                          22:58:53.0668 5520  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
                          22:58:53.0761 5520  iphlpsvc - ok
                          22:58:53.0793 5520  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
                          22:58:53.0824 5520  IPMIDRV - ok
                          22:58:53.0871 5520  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
                          22:58:53.0949 5520  IPNAT - ok
                          22:58:54.0027 5520  [ FE56897B27ED266F9C4E7D90A0B5DA47 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
                          22:58:54.0058 5520  iPod Service - ok
                          22:58:54.0089 5520  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
                          22:58:54.0136 5520  IRENUM - ok
                          22:58:54.0151 5520  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
                          22:58:54.0167 5520  isapnp - ok
                          22:58:54.0198 5520  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
                          22:58:54.0214 5520  iScsiPrt - ok
                          22:58:54.0245 5520  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
                          22:58:54.0261 5520  kbdclass - ok
                          22:58:54.0292 5520  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
                          22:58:54.0323 5520  kbdhid - ok
                          22:58:54.0339 5520  [ 803B370865D907EA21DC0C2B6A8936B5 ] KeyIso          C:\Windows\system32\lsass.exe
                          22:58:54.0354 5520  KeyIso - ok
                          22:58:54.0385 5520  [ F286830298323272260332D6ABC905C1 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
                          22:58:54.0401 5520  KSecDD - ok
                          22:58:54.0417 5520  [ D7C760D57B1656DD748B9E4AB6CB5A51 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
                          22:58:54.0432 5520  KSecPkg - ok
                          22:58:54.0463 5520  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
                          22:58:54.0526 5520  KtmRm - ok
                          22:58:54.0573 5520  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll
                          22:58:54.0619 5520  LanmanServer - ok
                          22:58:54.0666 5520  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
                          22:58:54.0760 5520  LanmanWorkstation - ok
                          22:58:54.0994 5520  [ 6DAAFFE9807B65E7CFA729974F844D1C ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
                          22:58:55.0259 5520  LeapFrog Connect Device Service - ok
                          22:58:55.0306 5520  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
                          22:58:55.0399 5520  lltdio - ok
                          22:58:55.0446 5520  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
                          22:58:55.0509 5520  lltdsvc - ok
                          22:58:55.0509 5520  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
                          22:58:55.0555 5520  lmhosts - ok
                          22:58:55.0618 5520  [ 6ADAB14D7AD12B35BDC665B35278099B ] LPCFilter       C:\Windows\system32\DRIVERS\LPCFilter.sys
                          22:58:55.0649 5520  LPCFilter - ok
                          22:58:55.0680 5520  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
                          22:58:55.0711 5520  LSI_FC - ok
                          22:58:55.0727 5520  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
                          22:58:55.0743 5520  LSI_SAS - ok
                          22:58:55.0774 5520  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
                          22:58:55.0789 5520  LSI_SAS2 - ok
                          22:58:55.0821 5520  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
                          22:58:55.0836 5520  LSI_SCSI - ok
                          22:58:55.0867 5520  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
                          22:58:55.0914 5520  luafv - ok
                          22:58:55.0977 5520  [ 062D80F13D762F7BC2F38430D60F5048 ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
                          22:58:56.0008 5520  McAfeeFramework - ok
                          22:58:56.0070 5520  [ 50182E471B44C7A0F63B46E2DEF08B0F ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
                          22:58:56.0101 5520  McShield - ok
                          22:58:56.0133 5520  [ 113C20EB4982C5670F49718441BEE76D ] McTaskManager   C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
                          22:58:56.0164 5520  McTaskManager - ok
                          22:58:56.0195 5520  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
                          22:58:56.0226 5520  Mcx2Svc - ok
                          22:58:56.0257 5520  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
                          22:58:56.0273 5520  megasas - ok
                          22:58:56.0289 5520  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
                          22:58:56.0304 5520  MegaSR - ok
                          22:58:56.0351 5520  [ C0D975D64C1AF8057F2D75B1297A6979 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
                          22:58:56.0367 5520  mfeapfk - ok
                          22:58:56.0398 5520  [ C169326049A8A03D5F905B34F5A65F8C ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
                          22:58:56.0413 5520  mfeavfk - ok
                          22:58:56.0445 5520  mfeavfk01 - ok
                          22:58:56.0476 5520  [ 50B0253B2484A306A20D8695C5AE5858 ] mfebopk         C:\Windows\system32\drivers\mfebopk.sys
                          22:58:56.0491 5520  mfebopk - ok
                          22:58:56.0538 5520  [ 188B40866DB2AB8EF262FEBC65291687 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
                          22:58:56.0569 5520  mfehidk - ok
                          22:58:56.0585 5520  [ C1B30AF2E18E69BF8CEB39B33F32D3C1 ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
                          22:58:56.0616 5520  mferkdet - ok
                          22:58:56.0632 5520  [ 49C8E20D178BE981FF28523A942A570F ] mfevtp          C:\Windows\system32\mfevtps.exe
                          22:58:56.0647 5520  mfevtp - ok
                          22:58:56.0663 5520  [ 451B49F0E10D6058CED5B56852D82C8B ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
                          22:58:56.0679 5520  mfewfpk - ok
                          22:58:56.0710 5520  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
                          22:58:56.0772 5520  MMCSS - ok
                          22:58:56.0772 5520  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
                          22:58:56.0819 5520  Modem - ok
                          22:58:56.0850 5520  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
                          22:58:56.0897 5520  monitor - ok
                          22:58:56.0928 5520  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
                          22:58:56.0944 5520  mouclass - ok
                          22:58:56.0991 5520  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
                          22:58:57.0037 5520  mouhid - ok
                          22:58:57.0069 5520  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
                          22:58:57.0084 5520  mountmgr - ok
                          22:58:57.0131 5520  [ 755A0900BA4B9FB59B4ED1F78341693A ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
                          22:58:57.0147 5520  MozillaMaintenance - ok
                          22:58:57.0162 5520  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
                          22:58:57.0193 5520  mpio - ok
                          22:58:57.0209 5520  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
                          22:58:57.0271 5520  mpsdrv - ok
                          22:58:57.0287 5520  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
                          22:58:57.0349 5520  MpsSvc - ok
                          22:58:57.0381 5520  [ 21F4B24ACFC79A483515BD986DD9043F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
                          22:58:57.0474 5520  MRxDAV - ok
                          22:58:57.0521 5520  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
                          22:58:57.0583 5520  mrxsmb - ok
                          22:58:57.0599 5520  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
                          22:58:57.0646 5520  mrxsmb10 - ok
                          22:58:57.0661 5520  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
                          22:58:57.0708 5520  mrxsmb20 - ok
                          22:58:57.0724 5520  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
                          22:58:57.0739 5520  msahci - ok
                          22:58:57.0771 5520  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
                          22:58:57.0786 5520  msdsm - ok
                          22:58:57.0817 5520  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
                          22:58:57.0864 5520  MSDTC - ok
                          22:58:57.0895 5520  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
                          22:58:57.0942 5520  Msfs - ok
                          22:58:57.0958 5520  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
                          22:58:58.0005 5520  mshidkmdf - ok
                          22:58:58.0036 5520  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
                          22:58:58.0051 5520  msisadrv - ok
                          22:58:58.0098 5520  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
                          22:58:58.0161 5520  MSiSCSI - ok
                          22:58:58.0161 5520  msiserver - ok
                          22:58:58.0207 5520  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
                          22:58:58.0239 5520  MSKSSRV - ok
                          22:58:58.0270 5520  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
                          22:58:58.0317 5520  MSPCLOCK - ok
                          22:58:58.0363 5520  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
                          22:58:58.0395 5520  MSPQM - ok
                          22:58:58.0426 5520  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
                          22:58:58.0441 5520  MsRPC - ok
                          22:58:58.0473 5520  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
                          22:58:58.0488 5520  mssmbios - ok
                          22:58:58.0519 5520  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
                          22:58:58.0566 5520  MSTEE - ok
                          22:58:58.0582 5520  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
                          22:58:58.0613 5520  MTConfig - ok
                          22:58:58.0644 5520  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
                          22:58:58.0660 5520  Mup - ok
                          22:58:58.0691 5520  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
                          22:58:58.0753 5520  napagent - ok
                          22:58:58.0800 5520  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
                          22:58:58.0847 5520  NativeWifiP - ok
                          22:58:58.0909 5520  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
                          22:58:58.0941 5520  NDIS - ok
                          22:58:58.0987 5520  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
                          22:58:59.0034 5520  NdisCap - ok
                          22:58:59.0065 5520  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
                          22:58:59.0112 5520  NdisTapi - ok
                          22:58:59.0159 5520  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
                          22:58:59.0221 5520  Ndisuio - ok
                          22:58:59.0253 5520  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
                          22:58:59.0284 5520  NdisWan - ok
                          22:58:59.0315 5520  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
                          22:58:59.0346 5520  NDProxy - ok
                          22:58:59.0393 5520  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
                          22:58:59.0455 5520  NetBIOS - ok
                          22:58:59.0502 5520  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
                          22:58:59.0533 5520  NetBT - ok
                          22:58:59.0565 5520  [ 803B370865D907EA21DC0C2B6A8936B5 ] Netlogon        C:\Windows\system32\lsass.exe
                          22:58:59.0596 5520  Netlogon - ok
                          22:58:59.0627 5520  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
                          22:58:59.0689 5520  Netman - ok
                          22:58:59.0721 5520  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
                          22:58:59.0767 5520  netprofm - ok
                          22:58:59.0814 5520  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
                          22:58:59.0830 5520  NetTcpPortSharing - ok
                          22:58:59.0845 5520  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
                          22:58:59.0861 5520  nfrd960 - ok
                          22:58:59.0923 5520  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
                          22:59:00.0017 5520  NlaSvc - ok
                          22:59:00.0033 5520  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
                          22:59:00.0095 5520  Npfs - ok
                          22:59:00.0126 5520  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
                          22:59:00.0157 5520  nsi - ok
                          22:59:00.0189 5520  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
                          22:59:00.0235 5520  nsiproxy - ok
                          22:59:00.0423 5520  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
                          22:59:00.0501 5520  Ntfs - ok
                          22:59:00.0532 5520  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
                          22:59:00.0594 5520  Null - ok
                          22:59:00.0610 5520  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
                          22:59:00.0641 5520  nvraid - ok
                          22:59:00.0672 5520  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
                          22:59:00.0688 5520  nvstor - ok
                          22:59:00.0703 5520  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
                          22:59:00.0735 5520  nv_agp - ok
                          22:59:00.0797 5520  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
                          22:59:00.0844 5520  odserv - ok
                          22:59:00.0891 5520  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
                          22:59:00.0937 5520  ohci1394 - ok
                          22:59:00.0984 5520  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
                          22:59:01.0015 5520  ose - ok
                          22:59:01.0047 5520  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
                          22:59:01.0156 5520  p2pimsvc - ok
                          22:59:01.0171 5520  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
                          22:59:01.0218 5520  p2psvc - ok
                          22:59:01.0249 5520  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
                          22:59:01.0265 5520  Parport - ok
                          22:59:01.0296 5520  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
                          22:59:01.0312 5520  partmgr - ok
                          22:59:01.0327 5520  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
                          22:59:01.0374 5520  Parvdm - ok
                          22:59:01.0390 5520  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
                          22:59:01.0421 5520  PcaSvc - ok
                          22:59:01.0452 5520  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
                          22:59:01.0499 5520  pci - ok
                          22:59:01.0515 5520  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
                          22:59:01.0546 5520  pciide - ok
                          22:59:01.0561 5520  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
                          22:59:01.0593 5520  pcmcia - ok
                          22:59:01.0593 5520  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
                          22:59:01.0624 5520  pcw - ok
                          22:59:01.0671 5520  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
                          22:59:01.0749 5520  PEAUTH - ok
                          22:59:01.0795 5520  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
                          22:59:01.0905 5520  PeerDistSvc - ok
                          22:59:01.0951 5520  [ B4948E692AAB9091B45105706EC3F3EE ] PGEffect        C:\Windows\system32\DRIVERS\pgeffect.sys
                          22:59:01.0967 5520  PGEffect - ok
                          22:59:02.0029 5520  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
                          22:59:02.0123 5520  pla - ok
                          22:59:02.0170 5520  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
                          22:59:02.0232 5520  PlugPlay - ok
                          22:59:02.0263 5520  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
                          22:59:02.0295 5520  PNRPAutoReg - ok
                          22:59:02.0326 5520  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
                          22:59:02.0357 5520  PNRPsvc - ok
                          22:59:02.0388 5520  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
                          22:59:02.0435 5520  PolicyAgent - ok
                          22:59:02.0466 5520  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
                          22:59:02.0513 5520  Power - ok
                          22:59:02.0560 5520  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
                          22:59:02.0622 5520  PptpMiniport - ok
                          22:59:02.0654 5520  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
                          22:59:02.0685 5520  Processor - ok
                          22:59:02.0700 5520  ProcObsrv - ok
                          22:59:02.0732 5520  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
                          22:59:02.0825 5520  ProfSvc - ok
                          22:59:02.0841 5520  [ 803B370865D907EA21DC0C2B6A8936B5 ] ProtectedStorage C:\Windows\system32\lsass.exe
                          22:59:02.0872 5520  ProtectedStorage - ok
                          22:59:02.0888 5520  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
                          22:59:02.0950 5520  Psched - ok
                          22:59:03.0012 5520  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
                          22:59:03.0090 5520  ql2300 - ok
                          22:59:03.0106 5520  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
                          22:59:03.0122 5520  ql40xx - ok
                          22:59:03.0153 5520  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
                          22:59:03.0200 5520  QWAVE - ok
                          22:59:03.0231 5520  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
                          22:59:03.0262 5520  QWAVEdrv - ok
                          22:59:03.0324 5520  [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
                          22:59:03.0340 5520  RapiMgr - ok
                          22:59:03.0465 5520  [ AB51E1F08C8E789D6C9E8B94D15BE9A9 ] RapportCerberus_59849 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys
                          22:59:03.0512 5520  RapportCerberus_59849 - ok
                          22:59:03.0590 5520  [ 9D52A4DEB9F28CC41EB61346E3808E4D ] RapportEI       C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
                          22:59:03.0621 5520  RapportEI - ok
                          22:59:03.0636 5520  [ 4136175FABB89CB493DF1D237DB50CF4 ] RapportKELL     C:\Windows\system32\Drivers\RapportKELL.sys
                          22:59:03.0668 5520  RapportKELL - ok
                          22:59:03.0714 5520  [ 02396BD77121751A738444325E1F14E8 ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
                          22:59:03.0777 5520  RapportMgmtService - ok
                          22:59:03.0824 5520  [ A9B99416DE6CADEE2D3C369B634F20F1 ] RapportPG       C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
                          22:59:03.0855 5520  RapportPG - ok
                          22:59:03.0870 5520  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
                          22:59:03.0917 5520  RasAcd - ok
                          22:59:03.0964 5520  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
                          22:59:04.0026 5520  RasAgileVpn - ok
                          22:59:04.0058 5520  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
                          22:59:04.0089 5520  RasAuto - ok
                          22:59:04.0120 5520  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
                          22:59:04.0182 5520  Rasl2tp - ok
                          22:59:04.0214 5520  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
                          22:59:04.0260 5520  RasMan - ok
                          22:59:04.0292 5520  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
                          22:59:04.0338 5520  RasPppoe - ok
                          22:59:04.0354 5520  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
                          22:59:04.0401 5520  RasSstp - ok
                          22:59:04.0432 5520  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
                          22:59:04.0479 5520  rdbss - ok
                          22:59:04.0494 5520  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
                          22:59:04.0510 5520  rdpbus - ok
                          22:59:04.0541 5520  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
                          22:59:04.0572 5520  RDPCDD - ok
                          22:59:04.0604 5520  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
                          22:59:04.0666 5520  RDPDR - ok
                          22:59:04.0697 5520  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
                          22:59:04.0760 5520  RDPENCDD - ok
                          22:59:04.0775 5520  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
                          22:59:04.0838 5520  RDPREFMP - ok
                          22:59:04.0884 5520  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
                          22:59:04.0947 5520  RdpVideoMiniport - ok
                          22:59:04.0994 5520  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
                          22:59:05.0073 5520  RDPWD - ok
                          22:59:05.0119 5520  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
                          22:59:05.0151 5520  rdyboost - ok
                          22:59:05.0166 5520  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
                          22:59:05.0229 5520  RemoteAccess - ok
                          22:59:05.0260 5520  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
                          22:59:05.0307 5520  RemoteRegistry - ok
                          22:59:05.0338 5520  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
                          22:59:05.0400 5520  RpcEptMapper - ok
                          22:59:05.0431 5520  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
                          22:59:05.0463 5520  RpcLocator - ok
                          22:59:05.0478 5520  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
                          22:59:05.0509 5520  RpcSs - ok
                          22:59:05.0556 5520  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
                          22:59:05.0603 5520  rspndr - ok
                          22:59:05.0650 5520  [ B87F999E05DD9C0312C83A8752E8E66B ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
                          22:59:05.0665 5520  RSUSBSTOR - ok
                          22:59:05.0712 5520  [ 282C64DEE8300FA717844ECC9BA5B27A ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
                          22:59:05.0759 5520  RTL8167 - ok
                          22:59:05.0790 5520  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
                          22:59:05.0884 5520  s3cap - ok
                          22:59:05.0899 5520  [ 803B370865D907EA21DC0C2B6A8936B5 ] SamSs           C:\Windows\system32\lsass.exe
                          22:59:05.0931 5520  SamSs - ok
                          22:59:05.0977 5520  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
                          22:59:05.0993 5520  sbp2port - ok
                          22:59:06.0024 5520  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
                          22:59:06.0055 5520  SCardSvr - ok
                          22:59:06.0071 5520  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
                          22:59:06.0102 5520  scfilter - ok
                          22:59:06.0165 5520  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
                          22:59:06.0227 5520  Schedule - ok
                          22:59:06.0274 5520  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
                          22:59:06.0321 5520  SCPolicySvc - ok
                          22:59:06.0352 5520  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
                          22:59:06.0399 5520  SDRSVC - ok
                          22:59:06.0445 5520  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
                          22:59:06.0492 5520  secdrv - ok
                          22:59:06.0508 5520  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
                          22:59:06.0555 5520  seclogon - ok
                          22:59:06.0570 5520  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
                          22:59:06.0633 5520  SENS - ok
                          22:59:06.0664 5520  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
                          22:59:06.0773 5520  SensrSvc - ok
                          22:59:06.0789 5520  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
                          22:59:06.0835 5520  Serenum - ok
                          22:59:06.0867 5520  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
                          22:59:06.0929 5520  Serial - ok
                          22:59:06.0960 5520  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
                          22:59:07.0038 5520  sermouse - ok
                          22:59:07.0101 5520  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
                          22:59:07.0163 5520  SessionEnv - ok
                          22:59:07.0194 5520  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
                          22:59:07.0272 5520  sffdisk - ok
                          22:59:07.0288 5520  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
                          22:59:07.0381 5520  sffp_mmc - ok
                          22:59:07.0397 5520  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
                          22:59:07.0506 5520  sffp_sd - ok
                          22:59:07.0553 5520  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
                          22:59:07.0600 5520  sfloppy - ok
                          22:59:07.0647 5520  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
                          22:59:07.0693 5520  SharedAccess - ok
                          22:59:07.0709 5520  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
                          22:59:07.0756 5520  ShellHWDetection - ok
                          22:59:07.0787 5520  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
                          22:59:07.0803 5520  sisagp - ok
                          22:59:07.0834 5520  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
                          22:59:07.0849 5520  SiSRaid2 - ok
                          22:59:07.0865 5520  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
                          22:59:07.0896 5520  SiSRaid4 - ok
                          22:59:07.0943 5520  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
                          22:59:07.0959 5520  SkypeUpdate - ok
                          22:59:07.0990 5520  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
                          22:59:08.0021 5520  Smb - ok
                          22:59:08.0068 5520  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
                          22:59:08.0083 5520  SNMPTRAP - ok
                          22:59:08.0115 5520  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
                          22:59:08.0130 5520  spldr - ok
                          22:59:08.0177 5520  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
                          22:59:08.0271 5520  Spooler - ok
                          22:59:08.0380 5520  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
                          22:59:08.0505 5520  sppsvc - ok
                          22:59:08.0551 5520  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
                          22:59:08.0598 5520  sppuinotify - ok
                          22:59:08.0645 5520  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\D

                          SuperDave

                          • Malware Removal Specialist
                          • Moderator


                          • Genius
                          • Thanked: 1020
                          • Certifications: List
                          • Experience: Expert
                          • OS: Windows 10
                          Re: Problem with Virus and/or spyware : please help
                          « Reply #21 on: November 16, 2013, 11:15:25 AM »
                          That doesn't appear to be the full report. I need to see the bottom 10 lines. Is there any change?
                          Windows 8 and Windows 10 dual boot with two SSD's

                          MNMAN

                            Topic Starter


                            Rookie

                            • Experience: Beginner
                            • OS: Windows 7
                            Re: Problem with Virus and/or spyware : please help
                            « Reply #22 on: November 17, 2013, 03:02:48 AM »
                            For some reason I can't post the whole report in one reply, I will split it,  Here is part 1 of 2:

                            12:00:26.0810 3780  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
                            12:00:28.0869 3780  ============================================================
                            12:00:28.0869 3780  Current date / time: 2013/11/17 12:00:28.0869
                            12:00:28.0869 3780  SystemInfo:
                            12:00:28.0869 3780 
                            12:00:28.0869 3780  OS Version: 6.1.7601 ServicePack: 1.0
                            12:00:28.0869 3780  Product type: Workstation
                            12:00:28.0869 3780  ComputerName: MNMAN
                            12:00:28.0869 3780  UserName: TOSHIBA
                            12:00:28.0869 3780  Windows directory: C:\Windows
                            12:00:28.0869 3780  System windows directory: C:\Windows
                            12:00:28.0869 3780  Processor architecture: Intel x86
                            12:00:28.0869 3780  Number of processors: 4
                            12:00:28.0869 3780  Page size: 0x1000
                            12:00:28.0869 3780  Boot type: Normal boot
                            12:00:28.0869 3780  ============================================================
                            12:00:30.0335 3780  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
                            12:00:30.0398 3780  Drive \Device\Harddisk2\DR2 - Size: 0x1BF0FFB000 (111.77 Gb), SectorSize: 0x200, Cylinders: 0x38FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
                            12:00:30.0445 3780  ============================================================
                            12:00:30.0445 3780  \Device\Harddisk0\DR0:
                            12:00:30.0460 3780  MBR partitions:
                            12:00:30.0460 3780  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
                            12:00:30.0460 3780  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC7D9000
                            12:00:30.0460 3780  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC80B800, BlocksNum 0x18C22800
                            12:00:30.0460 3780  \Device\Harddisk2\DR2:
                            12:00:30.0460 3780  MBR partitions:
                            12:00:30.0460 3780  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x258, BlocksNum 0xDF87D80
                            12:00:30.0460 3780  ============================================================
                            12:00:30.0491 3780  C: <-> \Device\Harddisk0\DR0\Partition2
                            12:00:30.0523 3780  D: <-> \Device\Harddisk0\DR0\Partition3
                            12:00:30.0569 3780  I: <-> \Device\Harddisk2\DR2\Partition1
                            12:00:30.0569 3780  ============================================================
                            12:00:30.0569 3780  Initialize success
                            12:00:30.0569 3780  ============================================================
                            12:00:37.0574 5496  ============================================================
                            12:00:37.0574 5496  Scan started
                            12:00:37.0574 5496  Mode: Manual;
                            12:00:37.0574 5496  ============================================================
                            12:00:39.0165 5496  ================ Scan system memory ========================
                            12:00:39.0165 5496  System memory - ok
                            12:00:39.0165 5496  ================ Scan services =============================
                            12:00:39.0337 5496  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
                            12:00:39.0337 5496  1394ohci - ok
                            12:00:39.0383 5496  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
                            12:00:39.0383 5496  ACPI - ok
                            12:00:39.0446 5496  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
                            12:00:39.0446 5496  AcpiPmi - ok
                            12:00:39.0555 5496  AdobeARMservice - ok
                            12:00:39.0633 5496  [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
                            12:00:39.0633 5496  AdobeFlashPlayerUpdateSvc - ok
                            12:00:39.0727 5496  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
                            12:00:39.0727 5496  adp94xx - ok
                            12:00:39.0789 5496  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
                            12:00:39.0789 5496  adpahci - ok
                            12:00:39.0836 5496  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
                            12:00:39.0836 5496  adpu320 - ok
                            12:00:39.0851 5496  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
                            12:00:39.0851 5496  AeLookupSvc - ok
                            12:00:39.0929 5496  [ F81BB7E487EDCEAB630A7EE66CF23913 ] AFD             C:\Windows\system32\drivers\afd.sys
                            12:00:39.0929 5496  AFD - ok
                            12:00:39.0945 5496  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
                            12:00:39.0961 5496  agp440 - ok
                            12:00:39.0992 5496  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
                            12:00:39.0992 5496  aic78xx - ok
                            12:00:40.0039 5496  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
                            12:00:40.0039 5496  ALG - ok
                            12:00:40.0070 5496  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
                            12:00:40.0070 5496  aliide - ok
                            12:00:40.0117 5496  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
                            12:00:40.0117 5496  amdagp - ok
                            12:00:40.0148 5496  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
                            12:00:40.0148 5496  amdide - ok
                            12:00:40.0195 5496  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
                            12:00:40.0195 5496  AmdK8 - ok
                            12:00:40.0210 5496  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
                            12:00:40.0210 5496  AmdPPM - ok
                            12:00:40.0257 5496  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
                            12:00:40.0257 5496  amdsata - ok
                            12:00:40.0288 5496  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
                            12:00:40.0288 5496  amdsbs - ok
                            12:00:40.0320 5496  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
                            12:00:40.0320 5496  amdxata - ok
                            12:00:40.0366 5496  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
                            12:00:40.0366 5496  AppID - ok
                            12:00:40.0398 5496  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
                            12:00:40.0398 5496  AppIDSvc - ok
                            12:00:40.0444 5496  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\Windows\System32\appinfo.dll
                            12:00:40.0444 5496  Appinfo - ok
                            12:00:40.0522 5496  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                            12:00:40.0522 5496  Apple Mobile Device - ok
                            12:00:40.0569 5496  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
                            12:00:40.0569 5496  AppMgmt - ok
                            12:00:40.0616 5496  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
                            12:00:40.0616 5496  arc - ok
                            12:00:40.0632 5496  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
                            12:00:40.0647 5496  arcsas - ok
                            12:00:40.0663 5496  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
                            12:00:40.0678 5496  AsyncMac - ok
                            12:00:40.0710 5496  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
                            12:00:40.0710 5496  atapi - ok
                            12:00:40.0756 5496  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
                            12:00:40.0756 5496  AudioEndpointBuilder - ok
                            12:00:40.0772 5496  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
                            12:00:40.0788 5496  Audiosrv - ok
                            12:00:40.0819 5496  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
                            12:00:40.0819 5496  AxInstSV - ok
                            12:00:40.0959 5496  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
                            12:00:41.0006 5496  b06bdrv - ok
                            12:00:41.0053 5496  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
                            12:00:41.0053 5496  b57nd60x - ok
                            12:00:41.0162 5496  [ CDA161020BF75B12728AE394196AD991 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl6.sys
                            12:00:41.0193 5496  BCM43XX - ok
                            12:00:41.0224 5496  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
                            12:00:41.0224 5496  BDESVC - ok
                            12:00:41.0256 5496  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
                            12:00:41.0256 5496  Beep - ok
                            12:00:41.0302 5496  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
                            12:00:41.0318 5496  BFE - ok
                            12:00:41.0365 5496  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\system32\qmgr.dll
                            12:00:41.0380 5496  BITS - ok
                            12:00:41.0396 5496  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
                            12:00:41.0396 5496  blbdrive - ok
                            12:00:41.0474 5496  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
                            12:00:41.0474 5496  Bonjour Service - ok
                            12:00:41.0552 5496  [ E53D8FD3AB2F291963C686C01F8208F8 ] BootDefragDriver C:\Windows\system32\drivers\BootDefragDriver.sys
                            12:00:41.0552 5496  BootDefragDriver - ok
                            12:00:41.0583 5496  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
                            12:00:41.0583 5496  bowser - ok
                            12:00:41.0614 5496  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
                            12:00:41.0614 5496  BrFiltLo - ok
                            12:00:41.0630 5496  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
                            12:00:41.0630 5496  BrFiltUp - ok
                            12:00:41.0677 5496  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
                            12:00:41.0677 5496  BridgeMP - ok
                            12:00:41.0724 5496  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
                            12:00:41.0724 5496  Browser - ok
                            12:00:41.0770 5496  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
                            12:00:41.0770 5496  Brserid - ok
                            12:00:41.0817 5496  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
                            12:00:41.0817 5496  BrSerWdm - ok
                            12:00:41.0848 5496  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
                            12:00:41.0848 5496  BrUsbMdm - ok
                            12:00:41.0848 5496  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
                            12:00:41.0848 5496  BrUsbSer - ok
                            12:00:41.0864 5496  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
                            12:00:41.0880 5496  BTHMODEM - ok
                            12:00:41.0911 5496  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
                            12:00:41.0911 5496  bthserv - ok
                            12:00:41.0942 5496  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
                            12:00:41.0942 5496  cdfs - ok
                            12:00:42.0004 5496  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
                            12:00:42.0004 5496  cdrom - ok
                            12:00:42.0051 5496  [ AECD6E980834D784DEA44456B2DC5164 ] CeKbFilter      C:\Windows\system32\DRIVERS\CeKbFilter.sys
                            12:00:42.0067 5496  CeKbFilter - ok
                            12:00:42.0114 5496  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
                            12:00:42.0114 5496  CertPropSvc - ok
                            12:00:42.0145 5496  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
                            12:00:42.0145 5496  circlass - ok
                            12:00:42.0192 5496  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
                            12:00:42.0192 5496  CLFS - ok
                            12:00:42.0254 5496  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
                            12:00:42.0254 5496  clr_optimization_v2.0.50727_32 - ok
                            12:00:42.0332 5496  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
                            12:00:42.0363 5496  clr_optimization_v4.0.30319_32 - ok
                            12:00:42.0441 5496  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
                            12:00:42.0472 5496  CmBatt - ok
                            12:00:42.0504 5496  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
                            12:00:42.0504 5496  cmdide - ok
                            12:00:42.0535 5496  [ 85449EEBE8F8EBD6481EFBF0F352B4EB ] CNG             C:\Windows\system32\Drivers\cng.sys
                            12:00:42.0535 5496  CNG - ok
                            12:00:42.0566 5496  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
                            12:00:42.0582 5496  Compbatt - ok
                            12:00:42.0628 5496  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
                            12:00:42.0628 5496  CompositeBus - ok
                            12:00:42.0660 5496  COMSysApp - ok
                            12:00:42.0706 5496  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
                            12:00:42.0706 5496  crcdisk - ok
                            12:00:42.0784 5496  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
                            12:00:42.0784 5496  CryptSvc - ok
                            12:00:42.0831 5496  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
                            12:00:42.0831 5496  CSC - ok
                            12:00:42.0925 5496  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
                            12:00:42.0925 5496  CscService - ok
                            12:00:42.0940 5496  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
                            12:00:42.0940 5496  DcomLaunch - ok
                            12:00:42.0972 5496  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
                            12:00:42.0972 5496  defragsvc - ok
                            12:00:43.0065 5496  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
                            12:00:43.0065 5496  DfsC - ok
                            12:00:43.0221 5496  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
                            12:00:43.0237 5496  Dhcp - ok
                            12:00:43.0268 5496  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
                            12:00:43.0268 5496  discache - ok
                            12:00:43.0299 5496  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
                            12:00:43.0299 5496  Disk - ok
                            12:00:43.0330 5496  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
                            12:00:43.0346 5496  Dnscache - ok
                            12:00:43.0393 5496  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
                            12:00:43.0393 5496  dot3svc - ok
                            12:00:43.0440 5496  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
                            12:00:43.0440 5496  DPS - ok
                            12:00:43.0486 5496  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
                            12:00:43.0486 5496  drmkaud - ok
                            12:00:43.0549 5496  [ 71BC35067CABC02C9453AEAA42B2E43E ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
                            12:00:43.0549 5496  DXGKrnl - ok
                            12:00:43.0596 5496  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
                            12:00:43.0611 5496  EapHost - ok
                            12:00:43.0705 5496  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
                            12:00:43.0767 5496  ebdrv - ok
                            12:00:43.0798 5496  [ 803B370865D907EA21DC0C2B6A8936B5 ] EFS             C:\Windows\System32\lsass.exe
                            12:00:43.0798 5496  EFS - ok
                            12:00:44.0079 5496  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
                            12:00:44.0079 5496  ehRecvr - ok
                            12:00:44.0110 5496  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
                            12:00:44.0110 5496  ehSched - ok
                            12:00:44.0157 5496  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
                            12:00:44.0157 5496  elxstor - ok
                            12:00:44.0188 5496  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
                            12:00:44.0204 5496  ErrDev - ok
                            12:00:44.0235 5496  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
                            12:00:44.0251 5496  EventSystem - ok
                            12:00:44.0360 5496  [ B0B03560D4DB067B60789FC385762510 ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
                            12:00:44.0376 5496  ewusbnet - ok
                            12:00:44.0422 5496  [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
                            12:00:44.0422 5496  ew_hwusbdev - ok
                            12:00:44.0469 5496  [ 61A973F60E94A551BA7B15F3460444FB ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
                            12:00:44.0469 5496  ew_usbenumfilter - ok
                            12:00:44.0500 5496  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
                            12:00:44.0500 5496  exfat - ok
                            12:00:44.0516 5496  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
                            12:00:44.0532 5496  fastfat - ok
                            12:00:44.0594 5496  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
                            12:00:44.0594 5496  Fax - ok
                            12:00:44.0641 5496  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
                            12:00:44.0641 5496  fdc - ok
                            12:00:44.0672 5496  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
                            12:00:44.0688 5496  fdPHost - ok
                            12:00:44.0703 5496  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
                            12:00:44.0703 5496  FDResPub - ok
                            12:00:44.0734 5496  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
                            12:00:44.0734 5496  FileInfo - ok
                            12:00:44.0750 5496  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
                            12:00:44.0750 5496  Filetrace - ok
                            12:00:44.0828 5496  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
                            12:00:44.0859 5496  flpydisk - ok
                            12:00:44.0890 5496  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
                            12:00:44.0890 5496  FltMgr - ok
                            12:00:44.0984 5496  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
                            12:00:44.0984 5496  FontCache - ok
                            12:00:45.0062 5496  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
                            12:00:45.0062 5496  FontCache3.0.0.0 - ok
                            12:00:45.0093 5496  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
                            12:00:45.0093 5496  FsDepends - ok
                            12:00:45.0156 5496  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
                            12:00:45.0187 5496  Fs_Rec - ok
                            12:00:45.0265 5496  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
                            12:00:45.0265 5496  fvevol - ok
                            12:00:45.0296 5496  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
                            12:00:45.0312 5496  gagp30kx - ok
                            12:00:45.0358 5496  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
                            12:00:45.0374 5496  GEARAspiWDM - ok
                            12:00:45.0405 5496  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
                            12:00:45.0405 5496  gpsvc - ok
                            12:00:45.0436 5496  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
                            12:00:45.0452 5496  hcw85cir - ok
                            12:00:45.0499 5496  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
                            12:00:45.0514 5496  HdAudAddService - ok
                            12:00:45.0546 5496  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
                            12:00:45.0546 5496  HDAudBus - ok
                            12:00:45.0577 5496  [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI            C:\Windows\system32\DRIVERS\HECI.sys
                            12:00:45.0577 5496  HECI - ok
                            12:00:45.0592 5496  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
                            12:00:45.0592 5496  HidBatt - ok
                            12:00:45.0608 5496  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
                            12:00:45.0624 5496  HidBth - ok
                            12:00:45.0655 5496  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
                            12:00:45.0655 5496  HidIr - ok
                            12:00:45.0702 5496  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
                            12:00:45.0702 5496  hidserv - ok
                            12:00:45.0748 5496  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
                            12:00:45.0748 5496  HidUsb - ok
                            12:00:45.0795 5496  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
                            12:00:45.0795 5496  hkmsvc - ok
                            12:00:45.0811 5496  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
                            12:00:45.0826 5496  HomeGroupListener - ok
                            12:00:45.0842 5496  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
                            12:00:45.0858 5496  HomeGroupProvider - ok
                            12:00:45.0904 5496  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
                            12:00:45.0904 5496  HpSAMD - ok
                            12:00:45.0951 5496  [ 950CC1E6AE3A6CD23E0945CDE089B02C ] HTCAND32        C:\Windows\system32\Drivers\ANDROIDUSB.sys
                            12:00:45.0951 5496  HTCAND32 - ok
                            12:00:46.0201 5496  [ 5C8BC8A28798FD010E7ABC4E0D588CAA ] HTCMonitorService C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
                            12:00:46.0201 5496  HTCMonitorService - ok
                            12:00:46.0248 5496  [ 339ADEFAD60353F960E3CA67CE468C24 ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
                            12:00:46.0248 5496  htcnprot - ok
                            12:00:46.0326 5496  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
                            12:00:46.0341 5496  HTTP - ok
                            12:00:46.0388 5496  [ FB572C3FC151C308D1DC3A99954D97B7 ] huawei_cdcacm   C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
                            12:00:46.0388 5496  huawei_cdcacm - ok
                            12:00:46.0450 5496  [ 00B363D211909FB85BC6300A3214AC03 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
                            12:00:46.0450 5496  huawei_enumerator - ok
                            12:00:46.0513 5496  [ 7B1DED0BE9A4203857AB0DED695983E6 ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
                            12:00:46.0513 5496  huawei_ext_ctrl - ok
                            12:00:46.0544 5496  [ 189AC9CB8630FAEB1DCAE2F97B8FF98C ] huawei_wwanecm  C:\Windows\system32\DRIVERS\ew_juwwanecm.sys
                            12:00:46.0560 5496  huawei_wwanecm - ok
                            12:00:46.0591 5496  [ 1C09309A3D793C57EF87AC60C6BBD739 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
                            12:00:46.0591 5496  hwdatacard - ok
                            12:00:46.0622 5496  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
                            12:00:46.0622 5496  hwpolicy - ok
                            12:00:46.0669 5496  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
                            12:00:46.0669 5496  i8042prt - ok
                            12:00:46.0716 5496  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
                            12:00:46.0731 5496  iaStorV - ok
                            12:00:46.0809 5496  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
                            12:00:46.0809 5496  idsvc - ok
                            12:00:46.0996 5496  [ DB7413CF09D74231720F78737DCF4188 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
                            12:00:47.0152 5496  igfx - ok
                            12:00:47.0199 5496  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
                            12:00:47.0199 5496  iirsp - ok
                            12:00:47.0277 5496  [ EDCCC8C13B1EB882F77BA0ABB84566E7 ] IJPLMSVC        C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
                            12:00:47.0277 5496  IJPLMSVC - ok
                            12:00:47.0324 5496  [ B9C54120F46392100478F58F374E5709 ] IKEEXT          C:\Windows\System32\ikeext.dll
                            12:00:47.0324 5496  IKEEXT - ok
                            12:00:47.0402 5496  [ E3C36AC5AE87EC970AE8EA2A93D59AE1 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
                            12:00:47.0402 5496  Impcd - ok
                            12:00:47.0542 5496  [ AEE99ECF06CD1CEA95816CCB5BF73EC8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
                            12:00:47.0776 5496  IntcAzAudAddService - ok
                            12:00:47.0808 5496  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
                            12:00:47.0839 5496  intelide - ok
                            12:00:47.0886 5496  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
                            12:00:47.0886 5496  intelppm - ok
                            12:00:47.0917 5496  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
                            12:00:47.0917 5496  IPBusEnum - ok
                            12:00:47.0948 5496  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
                            12:00:47.0948 5496  IpFilterDriver - ok
                            12:00:47.0995 5496  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
                            12:00:47.0995 5496  iphlpsvc - ok
                            12:00:48.0026 5496  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
                            12:00:48.0026 5496  IPMIDRV - ok
                            12:00:48.0057 5496  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
                            12:00:48.0073 5496  IPNAT - ok
                            12:00:48.0135 5496  [ FE56897B27ED266F9C4E7D90A0B5DA47 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
                            12:00:48.0151 5496  iPod Service - ok
                            12:00:48.0166 5496  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
                            12:00:48.0166 5496  IRENUM - ok
                            12:00:48.0182 5496  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
                            12:00:48.0182 5496  isapnp - ok
                            12:00:48.0229 5496  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
                            12:00:48.0229 5496  iScsiPrt - ok
                            12:00:48.0260 5496  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
                            12:00:48.0260 5496  kbdclass - ok
                            12:00:48.0291 5496  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
                            12:00:48.0291 5496  kbdhid - ok
                            12:00:48.0307 5496  [ 803B370865D907EA21DC0C2B6A8936B5 ] KeyIso          C:\Windows\system32\lsass.exe
                            12:00:48.0307 5496  KeyIso - ok
                            12:00:48.0338 5496  [ F286830298323272260332D6ABC905C1 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
                            12:00:48.0354 5496  KSecDD - ok
                            12:00:48.0369 5496  [ D7C760D57B1656DD748B9E4AB6CB5A51 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
                            12:00:48.0385 5496  KSecPkg - ok
                            12:00:48.0400 5496  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
                            12:00:48.0416 5496  KtmRm - ok
                            12:00:48.0447 5496  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll
                            12:00:48.0447 5496  LanmanServer - ok
                            12:00:48.0478 5496  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
                            12:00:48.0494 5496  LanmanWorkstation - ok
                            12:00:48.0712 5496  [ 6DAAFFE9807B65E7CFA729974F844D1C ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
                            12:00:48.0759 5496  LeapFrog Connect Device Service - ok
                            12:00:48.0806 5496  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
                            12:00:48.0806 5496  lltdio - ok
                            12:00:48.0837 5496  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
                            12:00:48.0837 5496  lltdsvc - ok
                            12:00:48.0884 5496  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
                            12:00:48.0884 5496  lmhosts - ok
                            12:00:48.0931 5496  [ 6ADAB14D7AD12B35BDC665B35278099B ] LPCFilter       C:\Windows\system32\DRIVERS\LPCFilter.sys
                            12:00:48.0931 5496  LPCFilter - ok
                            12:00:48.0962 5496  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
                            12:00:48.0962 5496  LSI_FC - ok
                            12:00:48.0993 5496  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
                            12:00:48.0993 5496  LSI_SAS - ok
                            12:00:49.0009 5496  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
                            12:00:49.0009 5496  LSI_SAS2 - ok
                            12:00:49.0024 5496  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
                            12:00:49.0040 5496  LSI_SCSI - ok
                            12:00:49.0071 5496  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
                            12:00:49.0071 5496  luafv - ok
                            12:00:49.0305 5496  [ 062D80F13D762F7BC2F38430D60F5048 ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
                            12:00:49.0305 5496  McAfeeFramework - ok
                            12:00:49.0446 5496  [ 50182E471B44C7A0F63B46E2DEF08B0F ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
                            12:00:49.0446 5496  McShield - ok
                            12:00:49.0586 5496  [ 113C20EB4982C5670F49718441BEE76D ] McTaskManager   C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
                            12:00:49.0586 5496  McTaskManager - ok
                            12:00:49.0617 5496  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
                            12:00:49.0633 5496  Mcx2Svc - ok
                            12:00:49.0664 5496  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
                            12:00:49.0664 5496  megasas - ok
                            12:00:49.0695 5496  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
                            12:00:49.0695 5496  MegaSR - ok
                            12:00:49.0742 5496  [ C0D975D64C1AF8057F2D75B1297A6979 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
                            12:00:49.0742 5496  mfeapfk - ok
                            12:00:49.0773 5496  [ C169326049A8A03D5F905B34F5A65F8C ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
                            12:00:49.0804 5496  mfeavfk - ok
                            12:00:49.0914 5496  mfeavfk01 - ok
                            12:00:49.0960 5496  [ 50B0253B2484A306A20D8695C5AE5858 ] mfebopk         C:\Windows\system32\drivers\mfebopk.sys
                            12:00:49.0960 5496  mfebopk - ok
                            12:00:49.0992 5496  [ 188B40866DB2AB8EF262FEBC65291687 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
                            12:00:50.0007 5496  mfehidk - ok
                            12:00:50.0023 5496  [ C1B30AF2E18E69BF8CEB39B33F32D3C1 ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
                            12:00:50.0023 5496  mferkdet - ok
                            12:00:50.0038 5496  [ 49C8E20D178BE981FF28523A942A570F ] mfevtp          C:\Windows\system32\mfevtps.exe
                            12:00:50.0054 5496  mfevtp - ok
                            12:00:50.0210 5496  [ 451B49F0E10D6058CED5B56852D82C8B ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
                            12:00:50.0210 5496  mfewfpk - ok
                            12:00:50.0397 5496  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
                            12:00:50.0397 5496  MMCSS - ok
                            12:00:50.0460 5496  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
                            12:00:50.0460 5496  Modem - ok
                            12:00:50.0522 5496  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
                            12:00:50.0522 5496  monitor - ok
                            12:00:50.0631 5496  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
                            12:00:50.0694 5496  mouclass - ok
                            12:00:50.0881 5496  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
                            12:00:50.0881 5496  mouhid - ok
                            12:00:50.0912 5496  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
                            12:00:50.0928 5496  mountmgr - ok
                            12:00:50.0974 5496  [ 755A0900BA4B9FB59B4ED1F78341693A ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
                            12:00:50.0974 5496  MozillaMaintenance - ok
                            12:00:50.0990 5496  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
                            12:00:50.0990 5496  mpio - ok
                            12:00:51.0021 5496  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
                            12:00:51.0021 5496  mpsdrv - ok
                            12:00:51.0052 5496  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
                            12:00:51.0068 5496  MpsSvc - ok
                            12:00:51.0099 5496  [ 21F4B24ACFC79A483515BD986DD9043F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
                            12:00:51.0099 5496  MRxDAV - ok
                            12:00:51.0162 5496  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
                            12:00:51.0162 5496  mrxsmb - ok
                            12:00:51.0177 5496  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
                            12:00:51.0193 5496  mrxsmb10 - ok
                            12:00:51.0271 5496  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
                            12:00:51.0318 5496  mrxsmb20 - ok
                            12:00:51.0552 5496  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
                            12:00:51.0552 5496  msahci - ok
                            12:00:51.0583 5496  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
                            12:00:51.0583 5496  msdsm - ok
                            12:00:51.0630 5496  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
                            12:00:51.0630 5496  MSDTC - ok
                            12:00:51.0661 5496  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
                            12:00:51.0661 5496  Msfs - ok
                            12:00:51.0676 5496  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
                            12:00:51.0676 5496  mshidkmdf - ok
                            12:00:51.0708 5496  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
                            12:00:51.0708 5496  msisadrv - ok
                            12:00:51.0754 5496  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
                            12:00:51.0754 5496  MSiSCSI - ok
                            12:00:51.0754 5496  msiserver - ok
                            12:00:51.0801 5496  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
                            12:00:51.0801 5496  MSKSSRV - ok
                            12:00:51.0817 5496  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
                            12:00:51.0817 5496  MSPCLOCK - ok
                            12:00:51.0832 5496  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
                            12:00:51.0832 5496  MSPQM - ok
                            12:00:51.0848 5496  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
                            12:00:51.0848 5496  MsRPC - ok
                            12:00:51.0910 5496  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
                            12:00:51.0910 5496  mssmbios - ok
                            12:00:51.0988 5496  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
                            12:00:52.0020 5496  MSTEE - ok
                            12:00:52.0035 5496  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
                            12:00:52.0035 5496  MTConfig - ok
                            12:00:52.0051 5496  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
                            12:00:52.0051 5496  Mup - ok
                            12:00:52.0082 5496  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
                            12:00:52.0082 5496  napagent - ok
                            12:00:52.0144 5496  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
                            12:00:52.0144 5496  NativeWifiP - ok
                            12:00:52.0191 5496  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
                            12:00:52.0207 5496  NDIS - ok
                            12:00:52.0238 5496  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
                            12:00:52.0238 5496  NdisCap - ok
                            12:00:52.0269 5496  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
                            12:00:52.0269 5496  NdisTapi - ok
                            12:00:52.0347 5496  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
                            12:00:52.0363 5496  Ndisuio - ok
                            12:00:52.0425 5496  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
                            12:00:52.0441 5496  NdisWan - ok
                            12:00:52.0472 5496  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
                            12:00:52.0472 5496  NDProxy - ok
                            12:00:52.0503 5496  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
                            12:00:52.0503 5496  NetBIOS - ok
                            12:00:52.0534 5496  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
                            12:00:52.0534 5496  NetBT - ok
                            12:00:52.0550 5496  [ 803B370865D907EA21DC0C2B6A8936B5 ] Netlogon        C:\Windows\system32\lsass.exe
                            12:00:52.0550 5496  Netlogon - ok
                            12:00:52.0581 5496  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
                            12:00:52.0581 5496  Netman - ok
                            12:00:52.0597 5496  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll

                            MNMAN

                              Topic Starter


                              Rookie

                              • Experience: Beginner
                              • OS: Windows 7
                              Re: Problem with Virus and/or spyware : please help
                              « Reply #23 on: November 17, 2013, 03:07:48 AM »
                              Here is Part 2 of 2

                              12:00:52.0597 5496  netprofm - ok
                              12:00:52.0644 5496  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
                              12:00:52.0644 5496  NetTcpPortSharing - ok
                              12:00:52.0675 5496  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
                              12:00:52.0675 5496  nfrd960 - ok
                              12:00:52.0706 5496  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
                              12:00:52.0722 5496  NlaSvc - ok
                              12:00:52.0737 5496  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
                              12:00:52.0737 5496  Npfs - ok
                              12:00:52.0753 5496  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
                              12:00:52.0768 5496  nsi - ok
                              12:00:52.0784 5496  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
                              12:00:52.0784 5496  nsiproxy - ok
                              12:00:52.0831 5496  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
                              12:00:52.0846 5496  Ntfs - ok
                              12:00:52.0878 5496  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
                              12:00:52.0893 5496  Null - ok
                              12:00:52.0909 5496  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
                              12:00:52.0909 5496  nvraid - ok
                              12:00:52.0940 5496  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
                              12:00:52.0956 5496  nvstor - ok
                              12:00:52.0971 5496  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
                              12:00:52.0971 5496  nv_agp - ok
                              12:00:53.0049 5496  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
                              12:00:53.0065 5496  odserv - ok
                              12:00:53.0096 5496  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
                              12:00:53.0096 5496  ohci1394 - ok
                              12:00:53.0127 5496  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
                              12:00:53.0127 5496  ose - ok
                              12:00:53.0158 5496  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
                              12:00:53.0158 5496  p2pimsvc - ok
                              12:00:53.0174 5496  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
                              12:00:53.0190 5496  p2psvc - ok
                              12:00:53.0221 5496  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
                              12:00:53.0236 5496  Parport - ok
                              12:00:53.0314 5496  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
                              12:00:53.0314 5496  partmgr - ok
                              12:00:53.0377 5496  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
                              12:00:53.0517 5496  Parvdm - ok
                              12:00:53.0580 5496  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
                              12:00:53.0580 5496  PcaSvc - ok
                              12:00:53.0611 5496  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
                              12:00:53.0626 5496  pci - ok
                              12:00:53.0642 5496  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
                              12:00:53.0658 5496  pciide - ok
                              12:00:53.0689 5496  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
                              12:00:53.0689 5496  pcmcia - ok
                              12:00:53.0704 5496  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
                              12:00:53.0704 5496  pcw - ok
                              12:00:53.0736 5496  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
                              12:00:53.0751 5496  PEAUTH - ok
                              12:00:53.0782 5496  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
                              12:00:53.0798 5496  PeerDistSvc - ok
                              12:00:53.0845 5496  [ B4948E692AAB9091B45105706EC3F3EE ] PGEffect        C:\Windows\system32\DRIVERS\pgeffect.sys
                              12:00:53.0845 5496  PGEffect - ok
                              12:00:53.0923 5496  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
                              12:00:53.0938 5496  pla - ok
                              12:00:53.0985 5496  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
                              12:00:54.0001 5496  PlugPlay - ok
                              12:00:54.0032 5496  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
                              12:00:54.0032 5496  PNRPAutoReg - ok
                              12:00:54.0063 5496  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
                              12:00:54.0063 5496  PNRPsvc - ok
                              12:00:54.0094 5496  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
                              12:00:54.0094 5496  PolicyAgent - ok
                              12:00:54.0141 5496  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
                              12:00:54.0141 5496  Power - ok
                              12:00:54.0172 5496  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
                              12:00:54.0188 5496  PptpMiniport - ok
                              12:00:54.0204 5496  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
                              12:00:54.0204 5496  Processor - ok
                              12:00:54.0328 5496  [ ABA03A53F6929DDC84BA90CEAC1AE965 ] ProcObsrv       C:\Program Files\Glary Utilities 3\ProcObsrv.sys
                              12:00:54.0328 5496  ProcObsrv - ok
                              12:00:54.0360 5496  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
                              12:00:54.0360 5496  ProfSvc - ok
                              12:00:54.0391 5496  [ 803B370865D907EA21DC0C2B6A8936B5 ] ProtectedStorage C:\Windows\system32\lsass.exe
                              12:00:54.0391 5496  ProtectedStorage - ok
                              12:00:54.0422 5496  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
                              12:00:54.0422 5496  Psched - ok
                              12:00:54.0484 5496  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
                              12:00:54.0516 5496  ql2300 - ok
                              12:00:54.0531 5496  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
                              12:00:54.0531 5496  ql40xx - ok
                              12:00:54.0547 5496  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
                              12:00:54.0547 5496  QWAVE - ok
                              12:00:54.0578 5496  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
                              12:00:54.0578 5496  QWAVEdrv - ok
                              12:00:54.0703 5496  [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
                              12:00:54.0718 5496  RapiMgr - ok
                              12:00:54.0859 5496  [ AB51E1F08C8E789D6C9E8B94D15BE9A9 ] RapportCerberus_59849 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys
                              12:00:54.0874 5496  RapportCerberus_59849 - ok
                              12:00:54.0952 5496  [ 9D52A4DEB9F28CC41EB61346E3808E4D ] RapportEI       C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
                              12:00:54.0952 5496  RapportEI - ok
                              12:00:54.0984 5496  [ 4136175FABB89CB493DF1D237DB50CF4 ] RapportKELL     C:\Windows\system32\Drivers\RapportKELL.sys
                              12:00:54.0984 5496  RapportKELL - ok
                              12:00:55.0046 5496  [ 02396BD77121751A738444325E1F14E8 ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
                              12:00:55.0046 5496  RapportMgmtService - ok
                              12:00:55.0108 5496  [ A9B99416DE6CADEE2D3C369B634F20F1 ] RapportPG       C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
                              12:00:55.0108 5496  RapportPG - ok
                              12:00:55.0124 5496  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
                              12:00:55.0124 5496  RasAcd - ok
                              12:00:55.0171 5496  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
                              12:00:55.0171 5496  RasAgileVpn - ok
                              12:00:55.0218 5496  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
                              12:00:55.0233 5496  RasAuto - ok
                              12:00:55.0264 5496  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
                              12:00:55.0264 5496  Rasl2tp - ok
                              12:00:55.0296 5496  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
                              12:00:55.0311 5496  RasMan - ok
                              12:00:55.0342 5496  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
                              12:00:55.0342 5496  RasPppoe - ok
                              12:00:55.0374 5496  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
                              12:00:55.0374 5496  RasSstp - ok
                              12:00:55.0405 5496  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
                              12:00:55.0405 5496  rdbss - ok
                              12:00:55.0420 5496  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
                              12:00:55.0420 5496  rdpbus - ok
                              12:00:55.0452 5496  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
                              12:00:55.0452 5496  RDPCDD - ok
                              12:00:55.0498 5496  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
                              12:00:55.0498 5496  RDPDR - ok
                              12:00:55.0545 5496  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
                              12:00:55.0545 5496  RDPENCDD - ok
                              12:00:55.0561 5496  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
                              12:00:55.0561 5496  RDPREFMP - ok
                              12:00:55.0623 5496  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
                              12:00:55.0623 5496  RdpVideoMiniport - ok
                              12:00:55.0670 5496  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
                              12:00:55.0670 5496  RDPWD - ok
                              12:00:55.0732 5496  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
                              12:00:55.0732 5496  rdyboost - ok
                              12:00:55.0779 5496  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
                              12:00:55.0779 5496  RemoteAccess - ok
                              12:00:55.0810 5496  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
                              12:00:55.0826 5496  RemoteRegistry - ok
                              12:00:55.0842 5496  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
                              12:00:55.0842 5496  RpcEptMapper - ok
                              12:00:55.0873 5496  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
                              12:00:55.0873 5496  RpcLocator - ok
                              12:00:55.0888 5496  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
                              12:00:55.0888 5496  RpcSs - ok
                              12:00:55.0935 5496  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
                              12:00:55.0935 5496  rspndr - ok
                              12:00:55.0982 5496  [ B87F999E05DD9C0312C83A8752E8E66B ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
                              12:00:55.0982 5496  RSUSBSTOR - ok
                              12:00:56.0029 5496  [ 282C64DEE8300FA717844ECC9BA5B27A ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
                              12:00:56.0044 5496  RTL8167 - ok
                              12:00:56.0060 5496  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
                              12:00:56.0060 5496  s3cap - ok
                              12:00:56.0076 5496  [ 803B370865D907EA21DC0C2B6A8936B5 ] SamSs           C:\Windows\system32\lsass.exe
                              12:00:56.0076 5496  SamSs - ok
                              12:00:56.0122 5496  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
                              12:00:56.0122 5496  sbp2port - ok
                              12:00:56.0138 5496  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
                              12:00:56.0138 5496  SCardSvr - ok
                              12:00:56.0154 5496  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
                              12:00:56.0154 5496  scfilter - ok
                              12:00:56.0200 5496  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
                              12:00:56.0200 5496  Schedule - ok
                              12:00:56.0232 5496  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
                              12:00:56.0232 5496  SCPolicySvc - ok
                              12:00:56.0263 5496  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
                              12:00:56.0263 5496  SDRSVC - ok
                              12:00:56.0310 5496  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
                              12:00:56.0310 5496  secdrv - ok
                              12:00:56.0325 5496  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
                              12:00:56.0325 5496  seclogon - ok
                              12:00:56.0356 5496  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
                              12:00:56.0356 5496  SENS - ok
                              12:00:56.0388 5496  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
                              12:00:56.0388 5496  SensrSvc - ok
                              12:00:56.0403 5496  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
                              12:00:56.0403 5496  Serenum - ok
                              12:00:56.0450 5496  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
                              12:00:56.0450 5496  Serial - ok
                              12:00:56.0481 5496  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
                              12:00:56.0481 5496  sermouse - ok
                              12:00:56.0559 5496  [ 62CEDDAC546D59F9FC0ADD2E95A5EDF4 ] Service1        C:\Windows\system32\service.exe
                              12:00:56.0559 5496  Service1 - ok
                              12:00:56.0606 5496  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
                              12:00:56.0622 5496  SessionEnv - ok
                              12:00:56.0637 5496  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
                              12:00:56.0637 5496  sffdisk - ok
                              12:00:56.0653 5496  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
                              12:00:56.0653 5496  sffp_mmc - ok
                              12:00:56.0684 5496  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
                              12:00:56.0684 5496  sffp_sd - ok
                              12:00:56.0715 5496  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
                              12:00:56.0715 5496  sfloppy - ok
                              12:00:56.0731 5496  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
                              12:00:56.0746 5496  SharedAccess - ok
                              12:00:56.0762 5496  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
                              12:00:56.0778 5496  ShellHWDetection - ok
                              12:00:56.0793 5496  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
                              12:00:56.0793 5496  sisagp - ok
                              12:00:56.0840 5496  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
                              12:00:56.0840 5496  SiSRaid2 - ok
                              12:00:56.0856 5496  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
                              12:00:56.0856 5496  SiSRaid4 - ok
                              12:00:56.0918 5496  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
                              12:00:56.0918 5496  SkypeUpdate - ok
                              12:00:56.0949 5496  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
                              12:00:56.0949 5496  Smb - ok
                              12:00:56.0996 5496  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
                              12:00:56.0996 5496  SNMPTRAP - ok
                              12:00:57.0027 5496  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
                              12:00:57.0027 5496  spldr - ok
                              12:00:57.0074 5496  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
                              12:00:57.0074 5496  Spooler - ok
                              12:00:57.0168 5496  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
                              12:00:57.0183 5496  sppsvc - ok
                              12:00:57.0214 5496  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
                              12:00:57.0214 5496  sppuinotify - ok
                              12:00:57.0277 5496  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
                              12:00:57.0277 5496  srv - ok
                              12:00:57.0277 5496  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
                              12:00:57.0292 5496  srv2 - ok
                              12:00:57.0308 5496  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
                              12:00:57.0308 5496  srvnet - ok
                              12:00:57.0339 5496  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
                              12:00:57.0339 5496  SSDPSRV - ok
                              12:00:57.0370 5496  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
                              12:00:57.0370 5496  SstpSvc - ok
                              12:00:57.0417 5496  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
                              12:00:57.0417 5496  stexstor - ok
                              12:00:57.0464 5496  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
                              12:00:57.0480 5496  StiSvc - ok
                              12:00:57.0511 5496  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
                              12:00:57.0511 5496  storflt - ok
                              12:00:57.0526 5496  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
                              12:00:57.0526 5496  StorSvc - ok
                              12:00:57.0558 5496  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
                              12:00:57.0558 5496  storvsc - ok
                              12:00:57.0589 5496  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
                              12:00:57.0589 5496  swenum - ok
                              12:00:57.0604 5496  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
                              12:00:57.0620 5496  swprv - ok
                              12:00:57.0667 5496  [ 9A28F1C47CE0C8BBC02AAF5941AB44CD ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
                              12:00:57.0682 5496  SynTP - ok
                              12:00:57.0729 5496  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
                              12:00:57.0745 5496  SysMain - ok
                              12:00:57.0776 5496  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
                              12:00:57.0792 5496  TabletInputService - ok
                              12:00:57.0823 5496  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
                              12:00:57.0838 5496  TapiSrv - ok
                              12:00:57.0854 5496  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
                              12:00:57.0854 5496  TBS - ok
                              12:00:57.0901 5496  [ CA59F7C570AF70BC174F477CFE2D9EE3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
                              12:00:57.0932 5496  Tcpip - ok
                              12:00:57.0979 5496  [ CA59F7C570AF70BC174F477CFE2D9EE3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
                              12:00:57.0979 5496  TCPIP6 - ok
                              12:00:58.0026 5496  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
                              12:00:58.0026 5496  tcpipreg - ok
                              12:00:58.0057 5496  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
                              12:00:58.0057 5496  TDPIPE - ok
                              12:00:58.0088 5496  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
                              12:00:58.0088 5496  TDTCP - ok
                              12:00:58.0104 5496  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
                              12:00:58.0119 5496  tdx - ok
                              12:00:58.0119 5496  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
                              12:00:58.0119 5496  TermDD - ok
                              12:00:58.0166 5496  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
                              12:00:58.0182 5496  TermService - ok
                              12:00:58.0213 5496  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
                              12:00:58.0213 5496  Themes - ok
                              12:00:58.0228 5496  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
                              12:00:58.0228 5496  THREADORDER - ok
                              12:00:58.0291 5496  [ F95208D35A9667C58CF8122EE22805A6 ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
                              12:00:58.0291 5496  TOSHIBA Bluetooth Service - ok
                              12:00:58.0322 5496  [ 90AFA1A4451BBBEE87C9F18A665D8121 ] tosporte        C:\Windows\system32\DRIVERS\tosporte.sys
                              12:00:58.0322 5496  tosporte - ok
                              12:00:58.0353 5496  [ 490A76AB428F34EA676A23E429DD6DA4 ] tosrfbd         C:\Windows\system32\DRIVERS\tosrfbd.sys
                              12:00:58.0369 5496  tosrfbd - ok
                              12:00:58.0400 5496  [ 75CD3C238A0FFC66C4581C3870C09314 ] tosrfbnp        C:\Windows\system32\Drivers\tosrfbnp.sys
                              12:00:58.0400 5496  tosrfbnp - ok
                              12:00:58.0416 5496  [ B551D3F266DDA311256F963E8CFD1E9B ] Tosrfcom        C:\Windows\system32\Drivers\tosrfcom.sys
                              12:00:58.0431 5496  Tosrfcom - ok
                              12:00:58.0478 5496  [ 51BAA142744E236C3A886479CAD99A06 ] tosrfec         C:\Windows\system32\DRIVERS\tosrfec.sys
                              12:00:58.0478 5496  tosrfec - ok
                              12:00:58.0494 5496  [ F3E8762163EE87F3AC95537584CF5B4F ] Tosrfhid        C:\Windows\system32\DRIVERS\Tosrfhid.sys
                              12:00:58.0509 5496  Tosrfhid - ok
                              12:00:58.0525 5496  [ B2A1A6538245FD69578224BBF2FD4677 ] tosrfnds        C:\Windows\system32\DRIVERS\tosrfnds.sys
                              12:00:58.0525 5496  tosrfnds - ok
                              12:00:58.0556 5496  [ 3DE5CBB4F8EB64563CE08E8EC7458D03 ] TosRfSnd        C:\Windows\system32\drivers\tosrfsnd.sys
                              12:00:58.0556 5496  TosRfSnd - ok
                              12:00:58.0618 5496  [ AF5126FB6E9ED41C99AB7A10E98729CD ] Tosrfusb        C:\Windows\system32\DRIVERS\tosrfusb.sys
                              12:00:58.0665 5496  Tosrfusb - ok
                              12:00:58.0743 5496  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
                              12:00:58.0743 5496  TrkWks - ok
                              12:00:58.0806 5496  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
                              12:00:58.0821 5496  TrustedInstaller - ok
                              12:00:58.0852 5496  [ B37B08F2E5EEB1A37E448E09BACE1101 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
                              12:00:58.0852 5496  tssecsrv - ok
                              12:00:58.0884 5496  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
                              12:00:58.0884 5496  TsUsbFlt - ok
                              12:00:58.0946 5496  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
                              12:00:58.0946 5496  tunnel - ok
                              12:00:59.0055 5496  [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
                              12:00:59.0086 5496  TVALZ - ok
                              12:00:59.0133 5496  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
                              12:00:59.0149 5496  uagp35 - ok
                              12:00:59.0164 5496  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
                              12:00:59.0164 5496  udfs - ok
                              12:00:59.0211 5496  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
                              12:00:59.0211 5496  UI0Detect - ok
                              12:00:59.0242 5496  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
                              12:00:59.0242 5496  uliagpkx - ok
                              12:00:59.0289 5496  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
                              12:00:59.0289 5496  umbus - ok
                              12:00:59.0320 5496  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
                              12:00:59.0320 5496  UmPass - ok
                              12:00:59.0523 5496  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
                              12:00:59.0539 5496  UmRdpService - ok
                              12:00:59.0601 5496  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
                              12:00:59.0601 5496  upnphost - ok
                              12:00:59.0632 5496  [ 71D97F1A3CC47A56728F7A400A3F8295 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
                              12:00:59.0632 5496  usbccgp - ok
                              12:00:59.0664 5496  [ 2352AB5F9F8F097BF9D41D5A4718A041 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
                              12:00:59.0664 5496  usbcir - ok
                              12:00:59.0679 5496  [ C4FB8E7ADEA9B5CEEA885A1B504B7E40 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
                              12:00:59.0679 5496  usbehci - ok
                              12:00:59.0726 5496  [ 86AA95ACB611001E26CD2C0145F2225A ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
                              12:00:59.0742 5496  usbhub - ok
                              12:00:59.0742 5496  [ DCDF9855145A14DFCA0AB32308871961 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
                              12:00:59.0757 5496  usbohci - ok
                              12:00:59.0788 5496  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
                              12:00:59.0804 5496  usbprint - ok
                              12:00:59.0851 5496  [ FC6B21DB4B5B398AB93DBE59CBF11036 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
                              12:00:59.0851 5496  usbscan - ok
                              12:00:59.0866 5496  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
                              12:00:59.0866 5496  USBSTOR - ok
                              12:00:59.0882 5496  [ 8E51D04175BAA14C4F79AA5F6D248770 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
                              12:00:59.0882 5496  usbuhci - ok
                              12:00:59.0913 5496  [ DE014425522610BEDCA3821BB8C0F1D5 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
                              12:00:59.0913 5496  usbvideo - ok
                              12:00:59.0976 5496  [ AF77716205C97E902E6C5B78DECE2CCA ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
                              12:00:59.0976 5496  usb_rndisx - ok
                              12:01:00.0007 5496  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
                              12:01:00.0007 5496  UxSms - ok
                              12:01:00.0022 5496  [ 803B370865D907EA21DC0C2B6A8936B5 ] VaultSvc        C:\Windows\system32\lsass.exe
                              12:01:00.0022 5496  VaultSvc - ok
                              12:01:00.0069 5496  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
                              12:01:00.0069 5496  vdrvroot - ok
                              12:01:00.0116 5496  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
                              12:01:00.0116 5496  vds - ok
                              12:01:00.0163 5496  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
                              12:01:00.0163 5496  vga - ok
                              12:01:00.0178 5496  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
                              12:01:00.0178 5496  VgaSave - ok
                              12:01:00.0210 5496  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
                              12:01:00.0225 5496  vhdmp - ok
                              12:01:00.0256 5496  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
                              12:01:00.0256 5496  viaagp - ok
                              12:01:00.0288 5496  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
                              12:01:00.0288 5496  ViaC7 - ok
                              12:01:00.0319 5496  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
                              12:01:00.0319 5496  viaide - ok
                              12:01:00.0366 5496  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
                              12:01:00.0366 5496  vmbus - ok
                              12:01:00.0397 5496  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
                              12:01:00.0397 5496  VMBusHID - ok
                              12:01:00.0428 5496  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
                              12:01:00.0428 5496  volmgr - ok
                              12:01:00.0459 5496  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
                              12:01:00.0459 5496  volmgrx - ok
                              12:01:00.0490 5496  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
                              12:01:00.0490 5496  volsnap - ok
                              12:01:00.0522 5496  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
                              12:01:00.0537 5496  vsmraid - ok
                              12:01:00.0584 5496  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
                              12:01:00.0584 5496  VSS - ok
                              12:01:00.0615 5496  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
                              12:01:00.0615 5496  vwifibus - ok
                              12:01:00.0646 5496  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
                              12:01:00.0646 5496  vwififlt - ok
                              12:01:00.0678 5496  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
                              12:01:00.0678 5496  W32Time - ok
                              12:01:00.0693 5496  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
                              12:01:00.0693 5496  WacomPen - ok
                              12:01:00.0740 5496  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
                              12:01:00.0740 5496  WANARP - ok
                              12:01:00.0740 5496  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
                              12:01:00.0756 5496  Wanarpv6 - ok
                              12:01:00.0818 5496  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
                              12:01:00.0834 5496  WatAdminSvc - ok
                              12:01:00.0896 5496  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
                              12:01:00.0912 5496  wbengine - ok
                              12:01:00.0943 5496  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
                              12:01:00.0943 5496  WbioSrvc - ok
                              12:01:01.0005 5496  [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
                              12:01:01.0005 5496  WcesComm - ok
                              12:01:01.0052 5496  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
                              12:01:01.0052 5496  wcncsvc - ok
                              12:01:01.0083 5496  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
                              12:01:01.0083 5496  WcsPlugInService - ok
                              12:01:01.0099 5496  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
                              12:01:01.0099 5496  Wd - ok
                              12:01:01.0130 5496  [ 25944D2CC49E0A6C581D02A74B7D6645 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
                              12:01:01.0146 5496  Wdf01000 - ok
                              12:01:01.0161 5496  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
                              12:01:01.0177 5496  WdiServiceHost - ok
                              12:01:01.0177 5496  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
                              12:01:01.0177 5496  WdiSystemHost - ok
                              12:01:01.0208 5496  [ 75E8EBD7040CE238684333F97014762A ] WebClient       C:\Windows\System32\webclnt.dll
                              12:01:01.0208 5496  WebClient - ok
                              12:01:01.0239 5496  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
                              12:01:01.0255 5496  Wecsvc - ok
                              12:01:01.0270 5496  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
                              12:01:01.0270 5496  wercplsupport - ok
                              12:01:01.0317 5496  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
                              12:01:01.0317 5496  WerSvc - ok
                              12:01:01.0380 5496  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
                              12:01:01.0380 5496  WfpLwf - ok
                              12:01:01.0411 5496  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
                              12:01:01.0411 5496  WIMMount - ok
                              12:01:01.0473 5496  [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
                              12:01:01.0489 5496  WinDefend - ok
                              12:01:01.0504 5496  WinHttpAutoProxySvc - ok
                              12:01:01.0551 5496  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
                              12:01:01.0551 5496  Winmgmt - ok
                              12:01:01.0629 5496  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
                              12:01:01.0629 5496  WinRM - ok
                              12:01:01.0676 5496  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
                              12:01:01.0692 5496  WinUsb - ok
                              12:01:01.0723 5496  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
                              12:01:01.0723 5496  Wlansvc - ok
                              12:01:01.0816 5496  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
                              12:01:01.0832 5496  wlidsvc - ok
                              12:01:01.0863 5496  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
                              12:01:01.0879 5496  WmiAcpi - ok
                              12:01:01.0894 5496  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
                              12:01:01.0910 5496  wmiApSrv - ok
                              12:01:01.0957 5496  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
                              12:01:01.0972 5496  WMPNetworkSvc - ok
                              12:01:02.0004 5496  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
                              12:01:02.0004 5496  WPCSvc - ok
                              12:01:02.0035 5496  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
                              12:01:02.0035 5496  WPDBusEnum - ok
                              12:01:02.0050 5496  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
                              12:01:02.0066 5496  ws2ifsl - ok
                              12:01:02.0082 5496  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
                              12:01:02.0097 5496  wscsvc - ok
                              12:01:02.0097 5496  WSearch - ok
                              12:01:02.0160 5496  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
                              12:01:02.0175 5496  wuauserv - ok
                              12:01:02.0191 5496  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
                              12:01:02.0206 5496  WudfPf - ok
                              12:01:02.0222 5496  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
                              12:01:02.0222 5496  WUDFRd - ok
                              12:01:02.0253 5496  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
                              12:01:02.0253 5496  wudfsvc - ok
                              12:01:02.0300 5496  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc         C:\Windows\System32\wwansvc.dll
                              12:01:02.0300 5496  WwanSvc - ok
                              12:01:02.0394 5496  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
                              12:01:02.0394 5496  YahooAUService - ok
                              12:01:02.0487 5496  ================ Scan global ===============================
                              12:01:02.0518 5496  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
                              12:01:02.0550 5496  [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
                              12:01:02.0565 5496  [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
                              12:01:02.0581 5496  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
                              12:01:02.0628 5496  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
                              12:01:02.0628 5496  [Global] - ok
                              12:01:02.0628 5496  ================ Scan MBR ==================================
                              12:01:02.0643 5496  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
                              12:01:03.0064 5496  \Device\Harddisk0\DR0 - ok
                              12:01:03.0064 5496  [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk2\DR2
                              12:01:05.0030 5496  \Device\Harddisk2\DR2 - ok
                              12:01:05.0030 5496  ================ Scan VBR ==================================
                              12:01:05.0092 5496  [ F840048E3EB1FAECD27D5B14300B3110 ] \Device\Harddisk0\DR0\Partition1
                              12:01:05.0108 5496  \Device\Harddisk0\DR0\Partition1 - ok
                              12:01:05.0124 5496  [ F2FA2C4DD09D356A313E5DEC155033AC ] \Device\Harddisk0\DR0\Partition2
                              12:01:05.0124 5496  \Device\Harddisk0\DR0\Partition2 - ok
                              12:01:05.0139 5496  [ A528603B6678288682D02AFCF06AB09A ] \Device\Harddisk0\DR0\Partition3
                              12:01:05.0155 5496  \Device\Harddisk0\DR0\Partition3 - ok
                              12:01:05.0155 5496  [ D935D928FED99593EE260AE1E87CE67E ] \Device\Harddisk2\DR2\Partition1
                              12:01:05.0155 5496  \Device\Harddisk2\DR2\Partition1 - ok
                              12:01:05.0155 5496  ============================================================
                              12:01:05.0155 5496  Scan finished
                              12:01:05.0155 5496  ============================================================
                              12:01:05.0170 3076  Detected object count: 0
                              12:01:05.0170 3076  Actual detected object count: 0

                              MNMAN

                                Topic Starter


                                Rookie

                                • Experience: Beginner
                                • OS: Windows 7
                                Re: Problem with Virus and/or spyware : please help
                                « Reply #24 on: November 17, 2013, 03:11:49 AM »
                                Quote
                                Is there any change?

                                NO change the popup still there.  :||x :'(

                                SuperDave

                                • Malware Removal Specialist
                                • Moderator


                                • Genius
                                • Thanked: 1020
                                • Certifications: List
                                • Experience: Expert
                                • OS: Windows 10
                                Re: Problem with Virus and/or spyware : please help
                                « Reply #25 on: November 17, 2013, 02:56:30 PM »
                                The only thing I think of doing is to try another browser such as Firefox to see if it still happens.
                                Windows 8 and Windows 10 dual boot with two SSD's

                                MNMAN

                                  Topic Starter


                                  Rookie

                                  • Experience: Beginner
                                  • OS: Windows 7
                                  Re: Problem with Virus and/or spyware : please help
                                  « Reply #26 on: November 18, 2013, 04:44:38 AM »
                                  Quote
                                  The only thing I think of doing is to try another browser such as Firefox to see if it still happens

                                  I have tried both Google Chrome and FireFox , and YES it still happens.

                                  Please don't give up on me   :) ,    :'( :'(

                                  SuperDave

                                  • Malware Removal Specialist
                                  • Moderator


                                  • Genius
                                  • Thanked: 1020
                                  • Certifications: List
                                  • Experience: Expert
                                  • OS: Windows 10
                                  Re: Problem with Virus and/or spyware : please help
                                  « Reply #27 on: November 18, 2013, 07:25:20 PM »
                                  Download Dr.Web CureIt to the desktop:
                                  Dr WebCureIt
                                  • Double-click the launch.exe or cureit.exe file and Allow to run the express scan
                                  • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
                                    • Once the short scan has finished, chose the Complete Scan.
                                    • Select all drives. A red dot shows which drives have been chosen.
                                    • Click the green arrow

                                    at the right, and the scan will start.
                                    • Click 'Yes to all' if it asks if you want to cure/move the file.
                                    • When the scan has finished, look and see if you can click the following icon next to the files found:

                                    • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

                                  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
                                  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
                                  Windows 8 and Windows 10 dual boot with two SSD's

                                  MNMAN

                                    Topic Starter


                                    Rookie

                                    • Experience: Beginner
                                    • OS: Windows 7
                                    Re: Problem with Virus and/or spyware : please help
                                    « Reply #28 on: November 18, 2013, 11:40:59 PM »
                                    Quote
                                    Download Dr.Web CureIt to the desktop:
                                    Dr WebCureIt

                                    I couldn't start the download from the link provided "Dr WebCureIt" , please provide another link for the program.

                                    SuperDave

                                    • Malware Removal Specialist
                                    • Moderator


                                    • Genius
                                    • Thanked: 1020
                                    • Certifications: List
                                    • Experience: Expert
                                    • OS: Windows 10
                                    Re: Problem with Virus and/or spyware : please help
                                    « Reply #29 on: November 19, 2013, 12:14:37 PM »
                                    Download Dr.Web CureIt to the desktop:
                                    DrWebCureIt
                                    • Double-click the launch.exe or cureit.exe file and Allow to run the express scan
                                    • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
                                    • Once the short scan has finished, just let it cure whatever it finds...

                                      o Now, go to Settings >> Change Settings
                                      o Go to Actions tab >> under Objects section, change the settings to below
                                      Infected objects - Cure
                                      Incurable objects - Report
                                      Suspicious objects - Report
                                      o Don't change any other settings
                                    • Start the scan again. This time, choose Complete Scan
                                    • Click the green arrow button at the right, and the scan will start.
                                    • After the scan finished, click Select all
                                    • Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
                                    • When the scan has finished, in the menu, click File and choose Save report list
                                    • Save the report to your Desktop. The report will be called DrWeb.csv
                                    • Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..
                                    Windows 8 and Windows 10 dual boot with two SSD's

                                    MNMAN

                                      Topic Starter


                                      Rookie

                                      • Experience: Beginner
                                      • OS: Windows 7
                                      Re: Problem with Virus and/or spyware : please help
                                      « Reply #30 on: November 20, 2013, 05:45:12 AM »
                                      After downloading the program from the new link and clicking the exe file , a message popped up informing me that the license key is expired and I can download the latest free version of the program from their web site, in any case I had no options but to proceed and download Dr.Web CureIt latest version from DR.WEB  web site. After running scan a report was created, the report is very very long. It's not possible to copy past it, so I uploaded it to 4shared :

                                      http://www.4shared.com/file/ttHZEweQ/cureit.html

                                      P.S. : 33 threats were detected and neutralized, however after restart the popup issue still persist :'( :'( :


                                      And also to make it easy here are the first and last few lines from the report:


                                      =============================================================================
                                      Dr.Web Scanner SE for Windows v8.2.0.07100
                                      (c) Doctor Web, Ltd., 1992-2013
                                      Scan session started 2013/11/19 23:57:28
                                      Module location : C:\Users\TOSHIBA\AppData\Local\Temp\D370FD3B-FC09E658-E8408E88-B5E0DB14\
                                      =============================================================================
                                      OPTION [Automatic Apply Actions] NO
                                      OPTION [Turn Off Computer After Scan] NO
                                      OPTION [Use Sound Alerts] NO
                                      OPTION [Block Network] NO
                                      OPTION [Protect Process] NO
                                      OPTION [Protect Raw Disk] NO
                                      Using language: "English"
                                      Available instances: 6
                                      Instances used: 6
                                      Platform: Windows 7 Professional x86 (Build 7601), Service Pack 1
                                      API Version: 2.2
                                      Scanning Engine version: 8.1.0.7100
                                      Virus Finding Engine version: 7.0.5.6250
                                      Total 147 virus bases are loaded from C:\Users\TOSHIBA\AppData\Local\Temp\D370FD3B-FC09E658-E8408E88-B5E0DB14
                                      6f08f53w 7.0 55598bcbc4f04f5eb354b118d7ca765f41ddaf5 4 2013/11/19 21:10:42 349 records - OK
                                      qde8z28l 7.0 d07fc5cc240588c772457e7df580f3cec20d922 2 2011/07/25 16:20:03 2 records - OK
                                      yp3wa1qf 7.0 53dc5069230b45079bce66c919ab9f17659511b b 2013/11/19 21:03:50 5586 records - OK
                                      mj8gv3bp 7.0 8e677cc8b19dc0ad82c4b71202c0acd9e2e2582 7 2013/11/18 05:08:42 32245 records - OK
                                      jffi01x8 7.0 bc2662842e39ed5dc010a39140fd82d7ad1b600 6 2013/11/11 05:09:43 33084 records - OK
                                      u3zdya0q 7.0 8900859cec3affe1e5bbb086bdb2299d125acf7 c 2013/11/04 05:09:28 30356 records - OK
                                      ku2uxr1s 7.0 0e9ca4f15f289ae826d213e6a1d672470a127b5 1 2013/10/28 05:09:43 18457 records - OK
                                      dzzie9y3 7.0 eba0efa3e9d70063908fb5e41a704579c255ea3 3 2013/10/21 05:09:49 19594 records - OK
                                      oeu8svqr 7.0 0f5e49d3e5b4c931d1f2de5e7b3551b3290cae2 6 2013/10/14 05:07:20 22924 records - OK
                                      r65p2rv0 7.0 11c09a3ae7c80058711dd699aeb1ca4f5ba0f5a 5 2013/10/07 05:07:56 24694 records - OK
                                      mcn23nt2 7.0 27f46d939a14e1a0605b9762db1de5a2aca20a5 8 2013/09/30 05:08:23 24253 records - OK
                                      zk6ngi2q 7.0 e679853ff1af1082b1982cf226785128a26e109 9 2013/09/23 05:07:56 18453 records - OK
                                      -
                                      -
                                      -
                                      -
                                      -
                                      -
                                      C:\Users\TOSHIBA\Documents\My Downloads\AVSDVDCopy.exe\{app}\About.rtf - Ok
                                      C:\Users\TOSHIBA\Documents\My Downloads\AVSDVDCopy.exe\{app}\About.rtf - Ok
                                      C:\Users\TOSHIBA\Documents\My Downloads\AVSDVDCopy.exe\{app}\About.rtf - Ok
                                      C:\Users\TOSHIBA\Documents\My Downloads\AVSDVDCopy.exe\{app}\About.rtf - Ok
                                      C:\Users\TOSHIBA\Documents\My Downloads\AVSDVDCopy.exe\{app}\About.rtf - Ok
                                      C:\Users\TOSHIBA\Documents\My Downloads\AVSDVDCopy.exe\{app}\About.rtf - Ok
                                      C:\Users\TOSHIBA\Documents\My Downloads\AVSDVDCopy.exe - Ok
                                      C:\Users\TOSHIBA\Documents\My Downloads\AVSDVDCopy.exe - container

                                      Total 41945208014 bytes in 159555 files scanned (343594 objects)
                                      Total 159371 files (343406 objects) are clean
                                      Total 33 files are infected
                                      Total 99 files are raised error condition
                                      Scan time is 01:49:47.743

                                      -----------------------------------------------------------------------------
                                      Start curing
                                      -----------------------------------------------------------------------------
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\paauxstb.dll.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pabrmon.exe.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\padatact.dll.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pabrstub.dll.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\padlghk.dll.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\padyn.dll.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pahighin.exe.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pafeedmg.dll.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pahkstub.dll.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pabprtct.dll.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\paieovr.dll.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\paidle.dll.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pahttpct.dll.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\paimpipe.exe.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pahtmlmu.dll.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pamedint.exe.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pamlbtn.dll.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pamsg.dll.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\paradio.dll.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\paregfft.dll.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\paregiet.dll.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pareghk.dll.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pascript.dll.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\paskin.dll.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\paSrcAs.dll.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\paskplay.exe.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pasknlcr.dll.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\paSrchMn.exe.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\T8EXTEX.DLL.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\T8EXTPEX.DLL.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\pauabtn.dll.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\T8TICKER.DLL.vir - quarantined
                                      C:\AdwCleaner\Quarantine\C\Program Files\FilmFanatic\bar\1.bin\T8HTML.DLL.vir - quarantined

                                      Total 41945208014 bytes in 159555 files scanned (343594 objects)
                                      Total 159371 files (343406 objects) are clean
                                      Total 33 files are infected
                                      Total 33 files are neutralized
                                      Total 99 files are raised error condition
                                      Scan time is 01:49:47.743



                                      SuperDave

                                      • Malware Removal Specialist
                                      • Moderator


                                      • Genius
                                      • Thanked: 1020
                                      • Certifications: List
                                      • Experience: Expert
                                      • OS: Windows 10
                                      Re: Problem with Virus and/or spyware : please help
                                      « Reply #31 on: November 20, 2013, 01:08:58 PM »
                                      Let's try cleaning out the temp files.

                                      Click Start> Computer> right click the C Drive and choose Properties> enter
                                      Click Disk Cleanup from there.



                                      Click OK on the Disk Cleanup Screen.
                                      Click Yes on the Confirmation screen.



                                      This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
                                      Windows 8 and Windows 10 dual boot with two SSD's

                                      MNMAN

                                        Topic Starter


                                        Rookie

                                        • Experience: Beginner
                                        • OS: Windows 7
                                        Re: Problem with Virus and/or spyware : please help
                                        « Reply #32 on: November 21, 2013, 08:33:57 AM »
                                        After Performing disk clean the problem still there!!!!!     :||x :'( :'(

                                        SuperDave

                                        • Malware Removal Specialist
                                        • Moderator


                                        • Genius
                                        • Thanked: 1020
                                        • Certifications: List
                                        • Experience: Expert
                                        • OS: Windows 10
                                        Re: Problem with Virus and/or spyware : please help
                                        « Reply #33 on: November 21, 2013, 12:45:11 PM »
                                        Did you try blocking that site?
                                        Windows 8 and Windows 10 dual boot with two SSD's

                                        MNMAN

                                          Topic Starter


                                          Rookie

                                          • Experience: Beginner
                                          • OS: Windows 7
                                          Re: Problem with Virus and/or spyware : please help
                                          « Reply #34 on: November 22, 2013, 12:29:05 AM »
                                          Quote
                                          Did you try blocking that site?

                                          I blocked the two sites I believe the popup belongs too:
                                          http://newbase.sytes.net
                                          http://newbase.sytes.net.ipaddress.com/

                                          However the popup still coming, I believe the catch is that the popup is not coming on as a website address it's a file location C:\Users\TOSHIBA\AppData\Local\Microsoft\Windows\Temporary Internet Files\web.html


                                          SuperDave

                                          • Malware Removal Specialist
                                          • Moderator


                                          • Genius
                                          • Thanked: 1020
                                          • Certifications: List
                                          • Experience: Expert
                                          • OS: Windows 10
                                          Re: Problem with Virus and/or spyware : please help
                                          « Reply #35 on: November 22, 2013, 01:32:57 PM »
                                          Quote
                                          I believe the catch is that the popup is not coming on as a website address it's a file location C:\Users\TOSHIBA\AppData\Local\Microsoft\Windows\Temporary Internet Files\web.html
                                          I'm not sure I understand this statement. Could you please elaborate?
                                          Windows 8 and Windows 10 dual boot with two SSD's

                                          MNMAN

                                            Topic Starter


                                            Rookie

                                            • Experience: Beginner
                                            • OS: Windows 7
                                            Re: Problem with Virus and/or spyware : please help
                                            « Reply #36 on: November 22, 2013, 02:10:36 PM »
                                            If you go to page 1 and see the two screen prints I posted for the popup, you will see on the top left instead of usual web site address a file location.

                                            for example when you go to google you would see on the top left of the browser the web site address as https://www.google.com , in case of the popup I have it shows a file location C:\Users\TOSHIBA\AppData\Local\Microsoft\Windows\Temporary Internet Files\web.html

                                            SuperDave

                                            • Malware Removal Specialist
                                            • Moderator


                                            • Genius
                                            • Thanked: 1020
                                            • Certifications: List
                                            • Experience: Expert
                                            • OS: Windows 10
                                            Re: Problem with Virus and/or spyware : please help
                                            « Reply #37 on: November 22, 2013, 05:18:16 PM »
                                            Please try this and let me know what you find. Open your browser,go to Tools, internet options and tell me what your home page address is.
                                            Windows 8 and Windows 10 dual boot with two SSD's

                                            MNMAN

                                              Topic Starter


                                              Rookie

                                              • Experience: Beginner
                                              • OS: Windows 7
                                              Re: Problem with Virus and/or spyware : please help
                                              « Reply #38 on: November 22, 2013, 11:53:28 PM »
                                              Quote
                                              tell me what your home page address is

                                              https://www.google.co.za/


                                              SuperDave

                                              • Malware Removal Specialist
                                              • Moderator


                                              • Genius
                                              • Thanked: 1020
                                              • Certifications: List
                                              • Experience: Expert
                                              • OS: Windows 10
                                              Re: Problem with Virus and/or spyware : please help
                                              « Reply #39 on: November 23, 2013, 04:08:34 PM »
                                              Please try changing your home page just to see what happens.
                                              Windows 8 and Windows 10 dual boot with two SSD's

                                              MNMAN

                                                Topic Starter


                                                Rookie

                                                • Experience: Beginner
                                                • OS: Windows 7
                                                Re: Problem with Virus and/or spyware : please help
                                                « Reply #40 on: November 24, 2013, 12:42:13 AM »
                                                Quote
                                                Please try changing your home page just to see what happens.

                                                The popup still comes up.

                                                SuperDave

                                                • Malware Removal Specialist
                                                • Moderator


                                                • Genius
                                                • Thanked: 1020
                                                • Certifications: List
                                                • Experience: Expert
                                                • OS: Windows 10
                                                Re: Problem with Virus and/or spyware : please help
                                                « Reply #41 on: November 24, 2013, 12:16:10 PM »
                                                Does it pop up in Safe Mode?
                                                Windows 8 and Windows 10 dual boot with two SSD's

                                                MNMAN

                                                  Topic Starter


                                                  Rookie

                                                  • Experience: Beginner
                                                  • OS: Windows 7
                                                  Re: Problem with Virus and/or spyware : please help
                                                  « Reply #42 on: November 25, 2013, 08:53:28 AM »
                                                  Quote
                                                  Does it pop up in Safe Mode?

                                                  I connect to the internet by USB modem , in the safe mode the PC does not detect the USB modem, it always shows "device modem not detected, please connect device modem".
                                                  So, I couldn't find out if the popup will continue in safe mode or not.

                                                  SuperDave

                                                  • Malware Removal Specialist
                                                  • Moderator


                                                  • Genius
                                                  • Thanked: 1020
                                                  • Certifications: List
                                                  • Experience: Expert
                                                  • OS: Windows 10
                                                  Re: Problem with Virus and/or spyware : please help
                                                  « Reply #43 on: November 25, 2013, 12:58:17 PM »
                                                  We'll I'm stumped.
                                                  Windows 8 and Windows 10 dual boot with two SSD's

                                                  MNMAN

                                                    Topic Starter


                                                    Rookie

                                                    • Experience: Beginner
                                                    • OS: Windows 7
                                                    Re: Problem with Virus and/or spyware : please help
                                                    « Reply #44 on: November 25, 2013, 07:46:31 PM »
                                                    NO solution to my problem  :'( :'( :'( :'( :'( :'(

                                                    MNMAN

                                                      Topic Starter


                                                      Rookie

                                                      • Experience: Beginner
                                                      • OS: Windows 7
                                                      Re: Problem with Virus and/or spyware : please help
                                                      « Reply #45 on: November 26, 2013, 12:19:20 PM »
                                                      After searching the web for hours and hours , I found the solution :

                                                      It's alga.exe Trojan, the following link explains it all.

                                                      http://www.edwinraja.com/how-to-remove-alga-exe-trojan-pws.html


                                                      How To Remove alga.exe Trojan PWS

                                                      UnHackMe, Junk Removal Tool, HijackThis or Microsoft Security Essential, those antiviruses have failed to detect this alga.exe trojan virus.
                                                      alga.exe is a malware related executable file and runs in Task Manager as the process alga.exe. Most often it creates web page called web.html inside “C:\Users\<user>\AppData\Local\Microsoft\Windows\Temporary Internet Files”
                                                      folder and launches web browser to load (file:///C:/Users/<user>/AppData/Local/Microsoft/Windows/Temporary%20Internet%20Files/web.html) everytime there is internet connection available or at computer startup.
                                                      If your computer is having infected with this virus, there is a solution that might help with having to be done manually.

                                                      Steps Of How To Remove

                                                      1.Check to see if there is installed program named “setup” in your program lists and Uninstall with “Your Uninstaller!” with super mode (recommended) or go to Control Panel » Uninstall a program » right click “setup” name and Uninstall

                                                      2.Remove C:\Windows\System32\config\systemprofile\AppData\Local\Svchost folder which contains alga.exe or C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Svchost for x64 system.

                                                      3.Delete alga.exe from C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup folder

                                                      4.Delete patch.dll from C:\ProgramData folder

                                                      5.Restart computer

                                                      SuperDave

                                                      • Malware Removal Specialist
                                                      • Moderator


                                                      • Genius
                                                      • Thanked: 1020
                                                      • Certifications: List
                                                      • Experience: Expert
                                                      • OS: Windows 10
                                                      Re: Problem with Virus and/or spyware : please help
                                                      « Reply #46 on: November 26, 2013, 01:11:16 PM »
                                                      MBAM should have picked that up.
                                                      Windows 8 and Windows 10 dual boot with two SSD's

                                                      MNMAN

                                                        Topic Starter


                                                        Rookie

                                                        • Experience: Beginner
                                                        • OS: Windows 7
                                                        Re: Problem with Virus and/or spyware : please help
                                                        « Reply #47 on: November 26, 2013, 04:10:15 PM »
                                                        Quote
                                                        MBAM should have picked that up.
                                                        I really don't know why it didn't.

                                                        However the popup problem is over, I am afraid the symptoms are gone but there are still an infection of some kind.

                                                        Now and after following up the above procedures to remove the alga.exe, the popup is not coming (issue solved), however every time I delete the file Svchost that contains the file alga.exe (C:\Windows\System32\config\systemprofile\AppData\Local\Svchost) , it creates itself again in the same place (P.s. the computer running fine and no popup as I mentioned earlier), any ideas please?!!

                                                        SuperDave

                                                        • Malware Removal Specialist
                                                        • Moderator


                                                        • Genius
                                                        • Thanked: 1020
                                                        • Certifications: List
                                                        • Experience: Expert
                                                        • OS: Windows 10
                                                        Re: Problem with Virus and/or spyware : please help
                                                        « Reply #48 on: November 26, 2013, 04:26:44 PM »
                                                        Did you follow the instructions completely?
                                                        Please run MBAM again and see if it picks it up.This is a new infection (Nov./13)and I would like to see if it will remove it.
                                                        Also, please do a search for alga.exe and delete those you find.
                                                        Windows 8 and Windows 10 dual boot with two SSD's

                                                        MNMAN

                                                          Topic Starter


                                                          Rookie

                                                          • Experience: Beginner
                                                          • OS: Windows 7
                                                          Re: Problem with Virus and/or spyware : please help
                                                          « Reply #49 on: November 26, 2013, 05:12:24 PM »
                                                          Quote
                                                          Did you follow the instructions completely?

                                                          YES, word by word. And the popup is not an issue anymore.

                                                          Quote
                                                          Please run MBAM again and see if it picks it up. This is a new infection (Nov./13)and I would like to see if it will remove it
                                                          MBAM doesn't catch the alga.exe file
                                                           
                                                          Quote
                                                          Also, please do a search for alga.exe and delete those you find.
                                                          Done, and deleted manually.

                                                          The only issue now is the file Svchost that contains alga.exe. I delete it and it keeps generating itself. I have noticed that it only generate itself when the internet is connected. I deleted all the temp internet files and tried again, same thing, it generated itself once the internet connection is on.

                                                          MNMAN

                                                            Topic Starter


                                                            Rookie

                                                            • Experience: Beginner
                                                            • OS: Windows 7
                                                            Re: Problem with Virus and/or spyware : please help
                                                            « Reply #50 on: November 26, 2013, 06:12:51 PM »
                                                            http://www.removespywaretips.com/exe-a/alga-exe.html

                                                            Is this a safe program to try and see if it will solve the problem?

                                                            SuperDave

                                                            • Malware Removal Specialist
                                                            • Moderator


                                                            • Genius
                                                            • Thanked: 1020
                                                            • Certifications: List
                                                            • Experience: Expert
                                                            • OS: Windows 10
                                                            Re: Problem with Virus and/or spyware : please help
                                                            « Reply #51 on: November 26, 2013, 07:55:11 PM »
                                                            Quote
                                                            Is this a safe program to try and see if it will solve the problem?
                                                            Usually those programs that are downloaded to solve a problem end up making much more problems.

                                                            Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
                                                            Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
                                                            Click on View > Select Colunms.
                                                            In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
                                                            Go File>Save As, and save the report as Procexp.txt.
                                                            Attach the file to your next reply.
                                                            Windows 8 and Windows 10 dual boot with two SSD's

                                                            MNMAN

                                                              Topic Starter


                                                              Rookie

                                                              • Experience: Beginner
                                                              • OS: Windows 7
                                                              Re: Problem with Virus and/or spyware : please help
                                                              « Reply #52 on: November 27, 2013, 01:22:39 AM »
                                                              Please find attached the file requested : Procexp.txt




                                                              [recovering disk space, attachment deleted by admin]

                                                              MNMAN

                                                                Topic Starter


                                                                Rookie

                                                                • Experience: Beginner
                                                                • OS: Windows 7
                                                                Re: Problem with Virus and/or spyware : please help
                                                                « Reply #53 on: November 27, 2013, 01:58:27 AM »
                                                                I though it's better to run all common programs I use on daily bases and then run procexp.exe again while all these programs are running. Here attached the report Procexp2.txt 

                                                                [recovering disk space, attachment deleted by admin]

                                                                SuperDave

                                                                • Malware Removal Specialist
                                                                • Moderator


                                                                • Genius
                                                                • Thanked: 1020
                                                                • Certifications: List
                                                                • Experience: Expert
                                                                • OS: Windows 10
                                                                Re: Problem with Virus and/or spyware : please help
                                                                « Reply #54 on: November 27, 2013, 01:03:25 PM »
                                                                I don't see it running in Taskmanager. Could you please look for these folderss below

                                                                delete folder svchost from C:\Windows\system32\config\systemprofile\AppData\Local or C:\Windows\SysWOW64\config\systemprofile\AppData\Local for x64 system and

                                                                patch.dll from c:\ProgramData folder
                                                                Windows 8 and Windows 10 dual boot with two SSD's

                                                                MNMAN

                                                                  Topic Starter


                                                                  Rookie

                                                                  • Experience: Beginner
                                                                  • OS: Windows 7
                                                                  Re: Problem with Virus and/or spyware : please help
                                                                  « Reply #55 on: November 27, 2013, 01:39:38 PM »
                                                                  Quote
                                                                  delete folder svchost from C:\Windows\system32\config\systemprofile\AppData\Local

                                                                  I keep deleting svchost folder from C:\Windows\system32\config\systemprofile\AppData\Local but it generates itself every time I connect to the internet as I explained earlier.


                                                                  Quote
                                                                  and patch.dll from c:\ProgramData folder

                                                                  Already deleted from before.

                                                                  SuperDave

                                                                  • Malware Removal Specialist
                                                                  • Moderator


                                                                  • Genius
                                                                  • Thanked: 1020
                                                                  • Certifications: List
                                                                  • Experience: Expert
                                                                  • OS: Windows 10
                                                                  Re: Problem with Virus and/or spyware : please help
                                                                  « Reply #56 on: November 27, 2013, 05:21:50 PM »
                                                                  I sent a pm to my chum to see if he has any input. I'll be back.
                                                                  Windows 8 and Windows 10 dual boot with two SSD's

                                                                  MNMAN

                                                                    Topic Starter


                                                                    Rookie

                                                                    • Experience: Beginner
                                                                    • OS: Windows 7
                                                                    Re: Problem with Virus and/or spyware : please help
                                                                    « Reply #57 on: November 28, 2013, 12:16:29 AM »
                                                                    Quote
                                                                    I sent a pm to my chum to see if he has any input. I'll be back

                                                                    Thanks for all the efforts, really appreciated.

                                                                    SuperDave

                                                                    • Malware Removal Specialist
                                                                    • Moderator


                                                                    • Genius
                                                                    • Thanked: 1020
                                                                    • Certifications: List
                                                                    • Experience: Expert
                                                                    • OS: Windows 10
                                                                    Re: Problem with Virus and/or spyware : please help
                                                                    « Reply #58 on: November 28, 2013, 11:04:00 AM »
                                                                    My colleague has never seen anything like this but he did mention that Clarysoft says it's safe. That's about all the help I can give you.
                                                                    Windows 8 and Windows 10 dual boot with two SSD's

                                                                    MNMAN

                                                                      Topic Starter


                                                                      Rookie

                                                                      • Experience: Beginner
                                                                      • OS: Windows 7
                                                                      Re: Problem with Virus and/or spyware : please help
                                                                      « Reply #59 on: November 29, 2013, 10:29:53 AM »
                                                                      Thanks a lot for all the help provided and your patience.

                                                                      A friend of mine advised me to delete svchost file and then to run ESET Online scanner, but this time under setting check unwanted programs and check unsafe programs.

                                                                      I did that and three threats are founds as following (last few lines of the created log):

                                                                      # scanned=151511
                                                                      # found=3
                                                                      # cleaned=3
                                                                      # scan_time=6310
                                                                      sh=4EDB200FD0A27552F099453D3F5B6098A36E56FD ft=0 fh=0000000000000000 vn="a variant of MSIL/Adware.Agent.AB application (deleted - quarantined)" ac=C fn="C:\Windows\Installer\21c1102.msi"
                                                                      sh=B84A20BD42C6B0BB9C5BB033BF07F0FC47CADF20 ft=1 fh=b8a4cc1cd24ab5b0 vn="a variant of MSIL/Adware.Agent.AB application (cleaned by deleting (after the next restart) - quarantined)" ac=C fn="C:\Windows\System32\service.exe"
                                                                      sh=4EDB200FD0A27552F099453D3F5B6098A36E56FD ft=0 fh=0000000000000000 vn="a variant of MSIL/Adware.Agent.AB application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Update.msi"

                                                                      And since these three threats are quarantined the svchost file  stopped creating itself and the computer looks fine.
                                                                      I hope this is the end of my misery  :) :) :) , and again thanks for your help.

                                                                      SuperDave

                                                                      • Malware Removal Specialist
                                                                      • Moderator


                                                                      • Genius
                                                                      • Thanked: 1020
                                                                      • Certifications: List
                                                                      • Experience: Expert
                                                                      • OS: Windows 10
                                                                      Re: Problem with Virus and/or spyware : please help
                                                                      « Reply #60 on: November 29, 2013, 01:33:19 PM »
                                                                      Ok, let's do some cleanup.

                                                                      To uninstall ComboFix

                                                                      • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
                                                                      • In the field, type in ComboFix /uninstall


                                                                      (Note: Make sure there's a space between the word ComboFix and the forward-slash.)

                                                                      • Then, press Enter, or click OK.
                                                                      • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
                                                                      ******************************************
                                                                      Click Start> Computer> right click the C Drive and choose Properties> enter
                                                                      Click Disk Cleanup from there.



                                                                      Click OK on the Disk Cleanup Screen.
                                                                      Click Yes on the Confirmation screen.



                                                                      This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
                                                                      *****************************************
                                                                      Go to Microsoft Windows Update and get all critical updates.

                                                                      ----------

                                                                      I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

                                                                      Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.
                                                                      Windows 8 and Windows 10 dual boot with two SSD's

                                                                      MNMAN

                                                                        Topic Starter


                                                                        Rookie

                                                                        • Experience: Beginner
                                                                        • OS: Windows 7
                                                                        Re: Problem with Virus and/or spyware : please help
                                                                        « Reply #61 on: November 29, 2013, 02:46:56 PM »
                                                                        Thanks, I don't think we used comboFix?!

                                                                        I performed disk cleanup as you suggested, thanks.

                                                                        SuperDave

                                                                        • Malware Removal Specialist
                                                                        • Moderator


                                                                        • Genius
                                                                        • Thanked: 1020
                                                                        • Certifications: List
                                                                        • Experience: Expert
                                                                        • OS: Windows 10
                                                                        Re: Problem with Virus and/or spyware : please help
                                                                        « Reply #62 on: November 29, 2013, 04:43:43 PM »
                                                                        Thanks, I don't think we used comboFix?!

                                                                        I performed disk cleanup as you suggested, thanks.
                                                                        Yup, there is a CF log in Reply # 2
                                                                        You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.
                                                                        Windows 8 and Windows 10 dual boot with two SSD's