Green dot Please help

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Solved Green dot Please help

Post by joelo1127 on Tue 18 Dec 2012, 7:34 am

I have got the green dot maleware virus. My computer is in safe mode and I updated and ran malewarebytes. Here is the log: [You must be registered and logged in to see this link.]

Database version: v2012.12.17.05

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Joelo :: JOELO-PC [administrator]

12/17/2012 7:31:24 AM
mbam-log-2012-12-17 (07-31-24).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 481181
Time elapsed: 56 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Please help me get rid of this!!

joelo1127

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2010-07-30
Operating System : xp

View user profile

Back to top Go down

Solved Re: Green dot Please help

Post by DragonMaster Jay on Tue 18 Dec 2012, 9:00 am

Hi there!

ComboFix scan

Please download ComboFix by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:

  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Green dot Please help

Post by joelo1127 on Tue 18 Dec 2012, 9:14 am

combofix has detected Mcafee antivirus and syware but when when Mcafee says my subscription has expired. Its telling me to disable them before I hit ok. Should I just go ahead and hit ok now?

joelo1127

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2010-07-30
Operating System : xp

View user profile

Back to top Go down

Solved Re: Green dot Please help

Post by joelo1127 on Tue 18 Dec 2012, 9:50 am

ComboFix 12-12-17.02 - Joelo 12/17/2012 17:29:08.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4029.2676 [GMT -5:00]
Running from: c:\users\Joelo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IN8GJW1R\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Outdated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Webroot AntiVirus with Spy Sweeper *Disabled/Outdated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\Reactivate.exe
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
c:\program files (x86)\StartNow Toolbar\ToolbarBroker.exe
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\program files (x86)\StartNow Toolbar\XBrowser.dll
c:\users\Joelo\AppData\Local\Mxroh_u_mf.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-11-17 to 2012-12-17 )))))))))))))))))))))))))))))))
.
.
2012-12-17 03:41 . 2012-12-17 03:41 163840 ----a-w- c:\users\Joelo\AppData\Roaming\Mxroh_u_mf.exe
2012-12-16 22:47 . 2012-12-16 22:47 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes
2012-12-16 22:20 . 2012-12-16 22:20 163840 ----a-w- c:\programdata\Mxroh_u_mf.exe
2012-12-14 12:33 . 2012-11-09 05:34 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-14 12:33 . 2012-11-09 04:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-14 12:32 . 2012-11-22 08:20 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-12-14 12:32 . 2012-11-05 16:25 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-14 12:32 . 2012-11-05 14:17 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 12:32 . 2012-11-05 14:03 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-14 12:32 . 2012-11-05 14:03 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-13 22:40 . 2012-10-04 16:45 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-12-13 22:40 . 2012-10-04 16:45 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-12-13 22:40 . 2012-10-04 17:28 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-12-13 22:40 . 2012-10-04 17:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-12-13 22:40 . 2012-10-04 14:49 2048 ----a-w- c:\windows\SysWow64\user.exe
2012-12-13 22:38 . 2012-11-02 05:27 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 22:38 . 2012-11-02 04:48 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-13 22:38 . 2012-09-06 17:38 295792 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-08 19:18 . 2012-12-08 19:20 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-08 19:18 . 2012-12-08 19:20 -------- d-----w- c:\program files\iTunes
2012-12-08 19:18 . 2012-12-08 19:20 -------- d-----w- c:\program files (x86)\iTunes
2012-12-08 19:18 . 2012-12-08 19:18 -------- d-----w- c:\program files\iPod
2012-11-18 12:36 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-18 12:36 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-18 12:36 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-18 12:36 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-16 21:20 . 2012-11-28 03:37 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 21:20 . 2012-11-28 03:37 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 20:34 . 2012-11-28 03:37 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-04 16:45 . 2012-12-14 12:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-09-30 00:54 . 2010-10-10 03:26 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-26 23:55 . 2012-09-26 23:56 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-26 23:55 . 2012-08-04 15:46 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-26 23:55 . 2010-12-15 01:15 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-25 22:39 . 2012-11-16 13:04 95744 ----a-w- c:\windows\system32\synceng.dll
2012-09-25 21:55 . 2012-11-16 13:04 78336 ----a-w- c:\windows\SysWow64\synceng.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7413F9FC-8E54-4c93-BEB7-1225EB0970CA}]
2011-08-02 10:58 506080 ----a-w- c:\program files (x86)\PDFLite Toolbar\Toolbar32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7C8ACEEB-B1D8-43cc-A387-DA838515368D}"= "c:\program files (x86)\PDFLite Toolbar\Toolbar32.dll" [2011-08-02 506080]
.
[HKEY_CLASSES_ROOT\clsid\{7c8aceeb-b1d8-43cc-a387-da838515368d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ohjkvdrnhwdy"="c:\users\Joelo\AppData\Roaming\Mxroh_u_mf" [X]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-10-10 328056]
"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2010-12-08 5247624]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-11-28 59280]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-11-28 59280]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-11-28 59280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-04 103720]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-01-13 75048]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-01-11 210216]
"WebrootTrayApp"="c:\program files (x86)\Webroot\Security\Current\Framework\WRTray.exe" [2010-10-01 1286960]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-29 151952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-30 766536]
.
c:\users\Joelo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2119488]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-9-21 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-03-31 13824]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/06/26 14:45];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2010-01-12 14:08 146928]
R2 0017921355783156mcinstcleanup;McAfee Application Installer Cleanup (0017921355783156);c:\users\Joelo\AppData\Local\Temp\001792~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [2010-06-17 55360]
R2 Updater Service for PDFLite Toolbar;Updater Service for PDFLite Toolbar;c:\program files (x86)\PDFLite Toolbar\ToolbarUpdaterService.exe [2011-08-02 267488]
R2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 130048]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 139264]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-17 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
S2 WRConsumerService;Webroot Client Service;c:\program files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2010-10-01 3066528]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 03:49]
.
2012-12-17 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2010-10-10 14:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{6E13D095-45C3-4271-9475-F3B48227DD9F} - c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
Toolbar-Locked - (no file)
Toolbar-{5911488E-9D1E-40ec-8CBB-06B231CC153F} - c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
Wow6432Node-HKLM-Run-UpdateLBPShortCut - c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
Wow6432Node-HKLM-Run-UpdateP2GoShortCut - c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
Wow6432Node-HKLM-Run-UpdatePDRShortCut - c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
Wow6432Node-HKLM-Run-UpdatePPShortCut - c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe
Wow6432Node-HKLM-Run-UCam_Menu - c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
.
**************************************************************************
.
Completion time: 2012-12-17 17:47:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-17 22:47
.
Pre-Run: 25,927,532,544 bytes free
Post-Run: 25,523,941,376 bytes free
.
- - End Of File - - 68635BF03831EB836EF5F16749ACF35A

joelo1127

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2010-07-30
Operating System : xp

View user profile

Back to top Go down

Solved Re: Green dot Please help

Post by DragonMaster Jay on Tue 18 Dec 2012, 8:44 pm

Please download and run MCPR.exe

  1. Download the removal tool from: [You must be registered and logged in to see this link.]
  2. Click Save and save the file to a folder on your computer.
  3. Navigate to the folder where the file was saved.
  4. Make sure all McAfee windows are closed.
  5. Double-click MCPR.exe to run the removal tool.

    NOTE: Windows Vista users must right-click MCPR.exe and select Run as Administrator.
  6. Restart your computer after receiving the message CleanUp Successful.
    Your McAfee product will not be fully removed until the system is restarted.



Adware Cleaning

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.



Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.
  • Warning! Once the scan is complete JRT will shut down your browser with NO warning.

  • Shut down your protection software now to avoid potential conflicts.
  • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Copy and Paste the JRT.txt log into your next message.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Green dot Please help

Post by joelo1127 on Tue 18 Dec 2012, 11:50 pm

The jrt log will be in my next message. Going to run it now.

# AdwCleaner v2.101 - Logfile created 12/18/2012 at 07:40:26
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Joelo - JOELO-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Joelo\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [766 octets] - [18/12/2012 07:36:44]
AdwCleaner[S1].txt - [3191 octets] - [18/12/2012 07:17:51]
AdwCleaner[S2].txt - [707 octets] - [18/12/2012 07:25:40]
AdwCleaner[S3].txt - [825 octets] - [18/12/2012 07:37:02]
AdwCleaner[S4].txt - [757 octets] - [18/12/2012 07:40:26]

########## EOF - C:\AdwCleaner[S4].txt - [816 octets] ##########

joelo1127

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2010-07-30
Operating System : xp

View user profile

Back to top Go down

Solved Re: Green dot Please help

Post by joelo1127 on Wed 19 Dec 2012, 12:10 am

I have tried to run jrt a number of times. As a guest not in safemode as admin in safe mode ect... When I right click and "run as admin" it looks as though iis about to start and then the green dot screen pops up and I have to restart the computer again.


joelo1127

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2010-07-30
Operating System : xp

View user profile

Back to top Go down

Solved Re: Green dot Please help

Post by DragonMaster Jay on Wed 19 Dec 2012, 5:06 am

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.



-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue




----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.





--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.



avast! aswMBR

Please download aswMBR from here

  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Uncheck "Trace disk IO calls".
  • Click the Scan button to start the scan as illustrated below


Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.

  • Once the scan finishes click Save log to save the log to your Desktop

  • Copy and paste the contents of aswMBR.txt back here for review
  • Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Green dot Please help

Post by joelo1127 on Wed 19 Dec 2012, 7:31 am

avast will be in the next post..

15:19:42.0567 1336 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:19:43.0050 1336 ============================================================
15:19:43.0050 1336 Current date / time: 2012/12/18 15:19:43.0050
15:19:43.0050 1336 SystemInfo:
15:19:43.0050 1336
15:19:43.0050 1336 OS Version: 6.1.7600 ServicePack: 0.0
15:19:43.0050 1336 Product type: Workstation
15:19:43.0050 1336 ComputerName: JOELO-PC
15:19:43.0050 1336 UserName: Joelo
15:19:43.0050 1336 Windows directory: C:\Windows
15:19:43.0050 1336 System windows directory: C:\Windows
15:19:43.0050 1336 Running under WOW64
15:19:43.0050 1336 Processor architecture: Intel x64
15:19:43.0050 1336 Number of processors: 2
15:19:43.0050 1336 Page size: 0x1000
15:19:43.0050 1336 Boot type: Safe boot with network
15:19:43.0050 1336 ============================================================
15:19:43.0659 1336 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:19:43.0659 1336 ============================================================
15:19:43.0659 1336 \Device\Harddisk0\DR0:
15:19:43.0659 1336 MBR partitions:
15:19:43.0659 1336 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
15:19:43.0659 1336 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0xC800000
15:19:43.0659 1336 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE632800, BlocksNum 0x16DFB000
15:19:43.0659 1336 ============================================================
15:19:43.0721 1336 C: <-> \Device\Harddisk0\DR0\Partition2
15:19:43.0815 1336 D: <-> \Device\Harddisk0\DR0\Partition3
15:19:43.0815 1336 ============================================================
15:19:43.0815 1336 Initialize success
15:19:43.0815 1336 ============================================================
15:20:27.0386 2980 ============================================================
15:20:27.0386 2980 Scan started
15:20:27.0386 2980 Mode: Manual; SigCheck; TDLFS;
15:20:27.0386 2980 ============================================================
15:20:27.0635 2980 ================ Scan system memory ========================
15:20:27.0635 2980 System memory - ok
15:20:27.0635 2980 ================ Scan services =============================
15:20:27.0869 2980 0017921355783156mcinstcleanup - ok
15:20:27.0994 2980 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
15:20:28.0056 2980 1394ohci - ok
15:20:28.0119 2980 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
15:20:28.0134 2980 ACPI - ok
15:20:28.0181 2980 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
15:20:28.0306 2980 AcpiPmi - ok
15:20:28.0462 2980 [ 459AC130C6AB892B1CD5D7544626EFC5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:20:28.0478 2980 AdobeFlashPlayerUpdateSvc - ok
15:20:28.0540 2980 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:20:28.0571 2980 adp94xx - ok
15:20:28.0634 2980 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:20:28.0649 2980 adpahci - ok
15:20:28.0665 2980 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:20:28.0680 2980 adpu320 - ok
15:20:28.0712 2980 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:20:28.0836 2980 AeLookupSvc - ok
15:20:28.0883 2980 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
15:20:28.0961 2980 AFD - ok
15:20:29.0039 2980 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
15:20:29.0117 2980 AgereSoftModem - ok
15:20:29.0164 2980 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
15:20:29.0180 2980 agp440 - ok
15:20:29.0211 2980 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:20:29.0273 2980 ALG - ok
15:20:29.0304 2980 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
15:20:29.0304 2980 aliide - ok
15:20:29.0320 2980 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
15:20:29.0320 2980 amdide - ok
15:20:29.0351 2980 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:20:29.0367 2980 AmdK8 - ok
15:20:29.0382 2980 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:20:29.0445 2980 AmdPPM - ok
15:20:29.0538 2980 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:20:29.0554 2980 amdsata - ok
15:20:29.0601 2980 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:20:29.0616 2980 amdsbs - ok
15:20:29.0632 2980 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:20:29.0648 2980 amdxata - ok
15:20:29.0679 2980 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
15:20:29.0788 2980 AppID - ok
15:20:29.0819 2980 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:20:29.0882 2980 AppIDSvc - ok
15:20:29.0897 2980 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
15:20:29.0944 2980 Appinfo - ok
15:20:30.0100 2980 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:20:30.0100 2980 Apple Mobile Device - ok
15:20:30.0194 2980 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:20:30.0209 2980 arc - ok
15:20:30.0209 2980 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:20:30.0225 2980 arcsas - ok
15:20:30.0256 2980 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:20:30.0318 2980 AsyncMac - ok
15:20:30.0350 2980 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
15:20:30.0365 2980 atapi - ok
15:20:30.0474 2980 [ CCA705CDF038D5BC243203CE4416B345 ] athr C:\Windows\system32\DRIVERS\athrx.sys
15:20:30.0537 2980 athr - ok
15:20:30.0584 2980 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:20:30.0662 2980 AudioEndpointBuilder - ok
15:20:30.0662 2980 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:20:30.0708 2980 AudioSrv - ok
15:20:30.0755 2980 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:20:30.0818 2980 AxInstSV - ok
15:20:30.0864 2980 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:20:30.0927 2980 b06bdrv - ok
15:20:30.0958 2980 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:20:31.0052 2980 b57nd60a - ok
15:20:31.0114 2980 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:20:31.0192 2980 BDESVC - ok
15:20:31.0208 2980 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:20:31.0239 2980 Beep - ok
15:20:31.0317 2980 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
15:20:31.0379 2980 BFE - ok
15:20:31.0426 2980 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
15:20:31.0691 2980 BITS - ok
15:20:31.0738 2980 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:20:31.0769 2980 blbdrive - ok
15:20:31.0910 2980 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:20:31.0925 2980 Bonjour Service - ok
15:20:31.0972 2980 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:20:32.0066 2980 bowser - ok
15:20:32.0112 2980 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:20:32.0144 2980 BrFiltLo - ok
15:20:32.0175 2980 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:20:32.0190 2980 BrFiltUp - ok
15:20:32.0268 2980 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:20:32.0378 2980 BridgeMP - ok
15:20:32.0440 2980 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
15:20:32.0487 2980 Browser - ok
15:20:32.0502 2980 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:20:32.0596 2980 Brserid - ok
15:20:32.0596 2980 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:20:32.0627 2980 BrSerWdm - ok
15:20:32.0643 2980 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:20:32.0674 2980 BrUsbMdm - ok
15:20:32.0674 2980 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:20:32.0705 2980 BrUsbSer - ok
15:20:32.0736 2980 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:20:32.0768 2980 BTHMODEM - ok
15:20:32.0814 2980 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:20:32.0877 2980 bthserv - ok
15:20:32.0877 2980 catchme - ok
15:20:32.0892 2980 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:20:32.0955 2980 cdfs - ok
15:20:33.0048 2980 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:20:33.0080 2980 cdrom - ok
15:20:33.0111 2980 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
15:20:33.0158 2980 CertPropSvc - ok
15:20:33.0189 2980 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:20:33.0220 2980 circlass - ok
15:20:33.0251 2980 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:20:33.0267 2980 CLFS - ok
15:20:33.0329 2980 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:20:33.0345 2980 clr_optimization_v2.0.50727_32 - ok
15:20:33.0407 2980 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:20:33.0423 2980 clr_optimization_v2.0.50727_64 - ok
15:20:33.0532 2980 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:20:33.0626 2980 clr_optimization_v4.0.30319_32 - ok
15:20:33.0641 2980 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:20:33.0657 2980 clr_optimization_v4.0.30319_64 - ok
15:20:33.0735 2980 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:20:33.0750 2980 CmBatt - ok
15:20:33.0782 2980 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
15:20:33.0797 2980 cmdide - ok
15:20:33.0860 2980 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
15:20:33.0891 2980 CNG - ok
15:20:33.0953 2980 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:20:33.0953 2980 Compbatt - ok
15:20:34.0016 2980 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:20:34.0031 2980 CompositeBus - ok
15:20:34.0062 2980 COMSysApp - ok
15:20:34.0078 2980 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:20:34.0094 2980 crcdisk - ok
15:20:34.0172 2980 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:20:34.0265 2980 CryptSvc - ok
15:20:34.0296 2980 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:20:34.0359 2980 DcomLaunch - ok
15:20:34.0390 2980 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:20:34.0452 2980 defragsvc - ok
15:20:34.0499 2980 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:20:34.0530 2980 DfsC - ok
15:20:34.0608 2980 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
15:20:34.0671 2980 Dhcp - ok
15:20:34.0718 2980 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:20:34.0780 2980 discache - ok
15:20:34.0827 2980 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:20:34.0842 2980 Disk - ok
15:20:34.0874 2980 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:20:34.0905 2980 Dnscache - ok
15:20:34.0952 2980 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
15:20:34.0998 2980 dot3svc - ok
15:20:35.0014 2980 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
15:20:35.0061 2980 DPS - ok
15:20:35.0108 2980 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:20:35.0139 2980 drmkaud - ok
15:20:35.0186 2980 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:20:35.0217 2980 DXGKrnl - ok
15:20:35.0232 2980 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:20:35.0310 2980 EapHost - ok
15:20:35.0373 2980 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:20:35.0466 2980 ebdrv - ok
15:20:35.0482 2980 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
15:20:35.0513 2980 EFS - ok
15:20:35.0560 2980 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:20:35.0607 2980 ehRecvr - ok
15:20:35.0638 2980 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:20:35.0669 2980 ehSched - ok
15:20:35.0778 2980 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:20:35.0810 2980 elxstor - ok
15:20:35.0810 2980 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
15:20:35.0888 2980 ErrDev - ok
15:20:36.0028 2980 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:20:36.0090 2980 EventSystem - ok
15:20:36.0106 2980 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:20:36.0153 2980 exfat - ok
15:20:36.0184 2980 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:20:36.0231 2980 fastfat - ok
15:20:36.0278 2980 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
15:20:36.0324 2980 Fax - ok
15:20:36.0356 2980 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:20:36.0387 2980 fdc - ok
15:20:36.0449 2980 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:20:36.0512 2980 fdPHost - ok
15:20:36.0527 2980 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:20:36.0590 2980 FDResPub - ok
15:20:36.0605 2980 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:20:36.0621 2980 FileInfo - ok
15:20:36.0636 2980 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:20:36.0683 2980 Filetrace - ok
15:20:36.0714 2980 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:20:36.0730 2980 flpydisk - ok
15:20:36.0792 2980 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:20:36.0808 2980 FltMgr - ok
15:20:36.0855 2980 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
15:20:36.0964 2980 FontCache - ok
15:20:37.0011 2980 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:20:37.0026 2980 FontCache3.0.0.0 - ok
15:20:37.0042 2980 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:20:37.0058 2980 FsDepends - ok
15:20:37.0151 2980 [ 53DAB1791917A72738539AD25C4EED7F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
15:20:37.0167 2980 fssfltr - ok
15:20:37.0260 2980 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:20:37.0292 2980 fsssvc - ok
15:20:37.0354 2980 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:20:37.0370 2980 Fs_Rec - ok
15:20:37.0416 2980 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:20:37.0432 2980 fvevol - ok
15:20:37.0510 2980 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:20:37.0526 2980 gagp30kx - ok
15:20:37.0572 2980 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:20:37.0588 2980 GEARAspiWDM - ok
15:20:37.0635 2980 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
15:20:37.0682 2980 gpsvc - ok
15:20:37.0697 2980 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:20:37.0775 2980 hcw85cir - ok
15:20:37.0806 2980 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:20:37.0838 2980 HdAudAddService - ok
15:20:37.0884 2980 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:20:37.0916 2980 HDAudBus - ok
15:20:37.0916 2980 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:20:37.0962 2980 HidBatt - ok
15:20:37.0978 2980 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:20:38.0009 2980 HidBth - ok
15:20:38.0025 2980 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:20:38.0056 2980 HidIr - ok
15:20:38.0087 2980 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
15:20:38.0118 2980 hidserv - ok
15:20:38.0165 2980 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:20:38.0228 2980 HidUsb - ok
15:20:38.0259 2980 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:20:38.0306 2980 hkmsvc - ok
15:20:38.0337 2980 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:20:38.0368 2980 HomeGroupListener - ok
15:20:38.0430 2980 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:20:38.0462 2980 HomeGroupProvider - ok
15:20:38.0493 2980 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
15:20:38.0508 2980 HpSAMD - ok
15:20:38.0586 2980 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:20:38.0633 2980 HTTP - ok
15:20:38.0696 2980 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:20:38.0711 2980 hwpolicy - ok
15:20:38.0742 2980 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:20:38.0774 2980 i8042prt - ok
15:20:38.0820 2980 [ BE7D72FCF442C26975942007E0831241 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:20:38.0836 2980 iaStor - ok
15:20:38.0883 2980 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:20:38.0898 2980 iaStorV - ok
15:20:38.0976 2980 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:20:38.0992 2980 idsvc - ok
15:20:39.0273 2980 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
15:20:39.0554 2980 igfx - ok
15:20:39.0600 2980 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:20:39.0616 2980 iirsp - ok
15:20:39.0772 2980 [ AD5DF6F4FBBC798636EDC66BFEC7D0DE ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
15:20:39.0788 2980 IJPLMSVC - ok
15:20:39.0834 2980 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
15:20:39.0897 2980 IKEEXT - ok
15:20:39.0990 2980 [ 801946CE25DD2179FE68599826B0BB88 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:20:40.0037 2980 IntcAzAudAddService - ok
15:20:40.0100 2980 [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
15:20:40.0162 2980 IntcHdmiAddService - ok
15:20:40.0178 2980 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
15:20:40.0178 2980 intelide - ok
15:20:40.0256 2980 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:20:40.0287 2980 intelppm - ok
15:20:40.0302 2980 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:20:40.0365 2980 IPBusEnum - ok
15:20:40.0396 2980 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:20:40.0427 2980 IpFilterDriver - ok
15:20:40.0458 2980 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:20:40.0521 2980 iphlpsvc - ok
15:20:40.0536 2980 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:20:40.0552 2980 IPMIDRV - ok
15:20:40.0599 2980 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:20:40.0646 2980 IPNAT - ok
15:20:40.0755 2980 [ B474C756C13960793C7583B766F904C4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:20:40.0770 2980 iPod Service - ok
15:20:40.0833 2980 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:20:40.0848 2980 IRENUM - ok
15:20:40.0848 2980 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
15:20:40.0864 2980 isapnp - ok
15:20:40.0895 2980 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:20:40.0911 2980 iScsiPrt - ok
15:20:40.0942 2980 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:20:40.0958 2980 kbdclass - ok
15:20:41.0067 2980 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:20:41.0098 2980 kbdhid - ok
15:20:41.0114 2980 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
15:20:41.0114 2980 KeyIso - ok
15:20:41.0160 2980 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:20:41.0176 2980 KSecDD - ok
15:20:41.0223 2980 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:20:41.0238 2980 KSecPkg - ok
15:20:41.0270 2980 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:20:41.0316 2980 ksthunk - ok
15:20:41.0348 2980 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:20:41.0441 2980 KtmRm - ok
15:20:41.0519 2980 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:20:41.0597 2980 LanmanServer - ok
15:20:41.0613 2980 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:20:41.0675 2980 LanmanWorkstation - ok
15:20:41.0738 2980 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:20:41.0784 2980 lltdio - ok
15:20:41.0816 2980 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:20:41.0862 2980 lltdsvc - ok
15:20:41.0878 2980 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:20:41.0909 2980 lmhosts - ok
15:20:41.0987 2980 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:20:42.0003 2980 LSI_FC - ok
15:20:42.0003 2980 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:20:42.0018 2980 LSI_SAS - ok
15:20:42.0018 2980 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:20:42.0034 2980 LSI_SAS2 - ok
15:20:42.0050 2980 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:20:42.0065 2980 LSI_SCSI - ok
15:20:42.0096 2980 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:20:42.0143 2980 luafv - ok
15:20:42.0206 2980 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:20:42.0237 2980 Mcx2Svc - ok
15:20:42.0237 2980 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:20:42.0252 2980 megasas - ok
15:20:42.0268 2980 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:20:42.0299 2980 MegaSR - ok
15:20:42.0362 2980 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:20:42.0424 2980 MMCSS - ok
15:20:42.0424 2980 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:20:42.0471 2980 Modem - ok
15:20:42.0518 2980 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:20:42.0549 2980 monitor - ok
15:20:42.0611 2980 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:20:42.0627 2980 mouclass - ok
15:20:42.0674 2980 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:20:42.0689 2980 mouhid - ok
15:20:42.0720 2980 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:20:42.0736 2980 mountmgr - ok
15:20:42.0752 2980 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
15:20:42.0767 2980 mpio - ok
15:20:42.0798 2980 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:20:42.0830 2980 mpsdrv - ok
15:20:42.0861 2980 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:20:42.0908 2980 MpsSvc - ok
15:20:42.0923 2980 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:20:42.0939 2980 MRxDAV - ok
15:20:43.0001 2980 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:20:43.0032 2980 mrxsmb - ok
15:20:43.0079 2980 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:20:43.0126 2980 mrxsmb10 - ok
15:20:43.0157 2980 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:20:43.0188 2980 mrxsmb20 - ok
15:20:43.0204 2980 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
15:20:43.0220 2980 msahci - ok
15:20:43.0235 2980 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
15:20:43.0251 2980 msdsm - ok
15:20:43.0266 2980 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:20:43.0298 2980 MSDTC - ok
15:20:43.0344 2980 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:20:43.0376 2980 Msfs - ok
15:20:43.0391 2980 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:20:43.0438 2980 mshidkmdf - ok
15:20:43.0454 2980 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
15:20:43.0469 2980 msisadrv - ok
15:20:43.0547 2980 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:20:43.0594 2980 MSiSCSI - ok
15:20:43.0610 2980 msiserver - ok
15:20:43.0641 2980 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:20:43.0703 2980 MSKSSRV - ok
15:20:43.0750 2980 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:20:43.0797 2980 MSPCLOCK - ok
15:20:43.0859 2980 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:20:43.0890 2980 MSPQM - ok
15:20:43.0922 2980 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:20:43.0937 2980 MsRPC - ok
15:20:43.0953 2980 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:20:43.0968 2980 mssmbios - ok
15:20:43.0984 2980 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:20:44.0031 2980 MSTEE - ok
15:20:44.0031 2980 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:20:44.0046 2980 MTConfig - ok
15:20:44.0093 2980 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:20:44.0109 2980 Mup - ok
15:20:44.0124 2980 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
15:20:44.0187 2980 napagent - ok
15:20:44.0249 2980 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:20:44.0265 2980 NativeWifiP - ok
15:20:44.0343 2980 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
15:20:44.0374 2980 NDIS - ok
15:20:44.0405 2980 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:20:44.0436 2980 NdisCap - ok
15:20:44.0483 2980 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:20:44.0514 2980 NdisTapi - ok
15:20:44.0577 2980 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:20:44.0624 2980 Ndisuio - ok
15:20:44.0670 2980 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:20:44.0702 2980 NdisWan - ok
15:20:44.0748 2980 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:20:44.0780 2980 NDProxy - ok
15:20:44.0826 2980 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:20:44.0904 2980 NetBIOS - ok
15:20:44.0936 2980 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:20:44.0982 2980 NetBT - ok
15:20:44.0998 2980 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
15:20:45.0014 2980 Netlogon - ok
15:20:45.0076 2980 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:20:45.0123 2980 Netman - ok
15:20:45.0154 2980 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:20:45.0201 2980 netprofm - ok
15:20:45.0232 2980 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:20:45.0248 2980 NetTcpPortSharing - ok
15:20:45.0341 2980 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:20:45.0341 2980 nfrd960 - ok
15:20:45.0372 2980 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:20:45.0419 2980 NlaSvc - ok
15:20:45.0435 2980 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:20:45.0482 2980 Npfs - ok
15:20:45.0513 2980 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:20:45.0544 2980 nsi - ok
15:20:45.0575 2980 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:20:45.0622 2980 nsiproxy - ok
15:20:45.0716 2980 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:20:45.0762 2980 Ntfs - ok
15:20:45.0809 2980 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:20:45.0918 2980 Null - ok
15:20:45.0950 2980 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:20:45.0965 2980 nvraid - ok
15:20:45.0981 2980 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:20:45.0996 2980 nvstor - ok
15:20:46.0028 2980 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
15:20:46.0028 2980 nv_agp - ok
15:20:46.0043 2980 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:20:46.0074 2980 ohci1394 - ok
15:20:46.0168 2980 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:20:46.0184 2980 ose - ok
15:20:46.0402 2980 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:20:46.0574 2980 osppsvc - ok
15:20:46.0605 2980 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:20:46.0652 2980 p2pimsvc - ok
15:20:46.0667 2980 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:20:46.0683 2980 p2psvc - ok
15:20:46.0730 2980 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:20:46.0745 2980 Parport - ok
15:20:46.0776 2980 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:20:46.0792 2980 partmgr - ok
15:20:46.0808 2980 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:20:46.0839 2980 PcaSvc - ok
15:20:46.0854 2980 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
15:20:46.0870 2980 pci - ok
15:20:46.0886 2980 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
15:20:46.0901 2980 pciide - ok
15:20:46.0917 2980 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:20:46.0932 2980 pcmcia - ok
15:20:46.0948 2980 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:20:46.0964 2980 pcw - ok
15:20:46.0979 2980 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:20:47.0042 2980 PEAUTH - ok
15:20:47.0104 2980 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:20:47.0166 2980 PerfHost - ok
15:20:47.0229 2980 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
15:20:47.0291 2980 pla - ok
15:20:47.0322 2980 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:20:47.0354 2980 PlugPlay - ok
15:20:47.0416 2980 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:20:47.0432 2980 PNRPAutoReg - ok
15:20:47.0463 2980 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:20:47.0478 2980 PNRPsvc - ok
15:20:47.0525 2980 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:20:47.0556 2980 PolicyAgent - ok
15:20:47.0588 2980 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:20:47.0650 2980 Power - ok
15:20:47.0697 2980 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:20:47.0744 2980 PptpMiniport - ok
15:20:47.0759 2980 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:20:47.0790 2980 Processor - ok
15:20:47.0853 2980 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
15:20:47.0931 2980 ProfSvc - ok
15:20:47.0946 2980 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:20:47.0962 2980 ProtectedStorage - ok
15:20:47.0993 2980 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:20:48.0024 2980 Psched - ok
15:20:48.0071 2980 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:20:48.0118 2980 ql2300 - ok
15:20:48.0118 2980 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:20:48.0134 2980 ql40xx - ok
15:20:48.0165 2980 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:20:48.0180 2980 QWAVE - ok
15:20:48.0196 2980 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:20:48.0227 2980 QWAVEdrv - ok
15:20:48.0258 2980 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:20:48.0305 2980 RasAcd - ok
15:20:48.0383 2980 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:20:48.0414 2980 RasAgileVpn - ok
15:20:48.0446 2980 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:20:48.0492 2980 RasAuto - ok
15:20:48.0508 2980 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:20:48.0555 2980 Rasl2tp - ok
15:20:48.0586 2980 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
15:20:48.0664 2980 RasMan - ok
15:20:48.0680 2980 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:20:48.0726 2980 RasPppoe - ok
15:20:48.0773 2980 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:20:48.0820 2980 RasSstp - ok
15:20:48.0836 2980 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:20:48.0898 2980 rdbss - ok
15:20:48.0914 2980 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:20:48.0929 2980 rdpbus - ok
15:20:48.0976 2980 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:20:49.0007 2980 RDPCDD - ok
15:20:49.0038 2980 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:20:49.0085 2980 RDPENCDD - ok
15:20:49.0101 2980 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:20:49.0148 2980 RDPREFMP - ok
15:20:49.0179 2980 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:20:49.0241 2980 RDPWD - ok
15:20:49.0288 2980 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:20:49.0304 2980 rdyboost - ok
15:20:49.0335 2980 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:20:49.0382 2980 RemoteAccess - ok
15:20:49.0413 2980 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:20:49.0491 2980 RemoteRegistry - ok
15:20:49.0600 2980 [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
15:20:49.0616 2980 RichVideo - ok
15:20:49.0647 2980 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:20:49.0709 2980 RpcEptMapper - ok
15:20:49.0740 2980 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:20:49.0772 2980 RpcLocator - ok
15:20:49.0787 2980 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
15:20:49.0834 2980 RpcSs - ok
15:20:49.0896 2980 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:20:49.0943 2980 rspndr - ok
15:20:49.0990 2980 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:20:49.0990 2980 RTL8167 - ok
15:20:50.0162 2980 [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport C:\Windows\SysWOW64\drivers\rtport.sys
15:20:50.0162 2980 rtport - ok
15:20:50.0208 2980 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\Windows\system32\Drivers\SABI.sys
15:20:50.0255 2980 SABI - ok
15:20:50.0255 2980 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
15:20:50.0271 2980 SamSs - ok
15:20:50.0286 2980 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
15:20:50.0302 2980 sbp2port - ok
15:20:50.0333 2980 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:20:50.0380 2980 SCardSvr - ok
15:20:50.0411 2980 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:20:50.0458 2980 scfilter - ok
15:20:50.0520 2980 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
15:20:50.0598 2980 Schedule - ok
15:20:50.0630 2980 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:20:50.0661 2980 SCPolicySvc - ok
15:20:50.0723 2980 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:20:50.0754 2980 SDRSVC - ok
15:20:50.0817 2980 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:20:50.0848 2980 secdrv - ok
15:20:50.0864 2980 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
15:20:50.0910 2980 seclogon - ok
15:20:50.0926 2980 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
15:20:50.0973 2980 SENS - ok
15:20:51.0004 2980 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:20:51.0035 2980 SensrSvc - ok
15:20:51.0082 2980 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:20:51.0098 2980 Serenum - ok
15:20:51.0113 2980 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:20:51.0129 2980 Serial - ok
15:20:51.0129 2980 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:20:51.0160 2980 sermouse - ok
15:20:51.0207 2980 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
15:20:51.0238 2980 SessionEnv - ok
15:20:51.0238 2980 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
15:20:51.0269 2980 sffdisk - ok
15:20:51.0285 2980 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:20:51.0300 2980 sffp_mmc - ok
15:20:51.0316 2980 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
15:20:51.0332 2980 sffp_sd - ok
15:20:51.0332 2980 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:20:51.0347 2980 sfloppy - ok
15:20:51.0378 2980 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:20:51.0425 2980 SharedAccess - ok
15:20:51.0456 2980 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:20:51.0488 2980 ShellHWDetection - ok
15:20:51.0534 2980 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:20:51.0534 2980 SiSRaid2 - ok
15:20:51.0550 2980 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:20:51.0566 2980 SiSRaid4 - ok
15:20:51.0581 2980 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:20:51.0659 2980 Smb - ok
15:20:51.0706 2980 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:20:51.0737 2980 SNMPTRAP - ok
15:20:51.0784 2980 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:20:51.0800 2980 spldr - ok
15:20:51.0831 2980 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
15:20:51.0909 2980 Spooler - ok
15:20:52.0002 2980 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
15:20:52.0096 2980 sppsvc - ok
15:20:52.0143 2980 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:20:52.0190 2980 sppuinotify - ok
15:20:52.0236 2980 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:20:52.0299 2980 srv - ok
15:20:52.0330 2980 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:20:52.0361 2980 srv2 - ok
15:20:52.0392 2980 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:20:52.0408 2980 srvnet - ok
15:20:52.0470 2980 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:20:52.0548 2980 SSDPSRV - ok
15:20:52.0580 2980 [ 2C8842AC3FB749423311D934A3746FE2 ] ssfmonm C:\Windows\system32\DRIVERS\ssfmonm.sys
15:20:52.0580 2980 ssfmonm - ok
15:20:52.0611 2980 [ 4A69C76BBA285745A45045C4672F89C7 ] ssidrv C:\Windows\system32\DRIVERS\ssidrv.sys
15:20:52.0611 2980 ssidrv - ok
15:20:52.0642 2980 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:20:52.0704 2980 SstpSvc - ok
15:20:52.0720 2980 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:20:52.0736 2980 stexstor - ok
15:20:52.0782 2980 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
15:20:52.0829 2980 stisvc - ok
15:20:52.0860 2980 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:20:52.0860 2980 swenum - ok
15:20:52.0892 2980 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:20:52.0938 2980 swprv - ok
15:20:52.0985 2980 [ 3C80203C725C28CEA5713D1AB242880A ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:20:53.0001 2980 SynTP - ok
15:20:53.0079 2980 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
15:20:53.0157 2980 SysMain - ok
15:20:53.0172 2980 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:20:53.0204 2980 TabletInputService - ok
15:20:53.0235 2980 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
15:20:53.0313 2980 TapiSrv - ok
15:20:53.0328 2980 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:20:53.0375 2980 TBS - ok
15:20:53.0453 2980 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:20:53.0484 2980 Tcpip - ok
15:20:53.0516 2980 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:20:53.0562 2980 TCPIP6 - ok
15:20:53.0609 2980 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:20:53.0640 2980 tcpipreg - ok
15:20:53.0703 2980 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:20:53.0734 2980 TDPIPE - ok
15:20:53.0765 2980 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:20:53.0812 2980 TDTCP - ok
15:20:53.0874 2980 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:20:53.0921 2980 tdx - ok
15:20:53.0937 2980 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:20:53.0952 2980 TermDD - ok
15:20:54.0015 2980 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
15:20:54.0062 2980 TermService - ok
15:20:54.0093 2980 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:20:54.0124 2980 Themes - ok
15:20:54.0140 2980 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:20:54.0171 2980 THREADORDER - ok
15:20:54.0186 2980 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:20:54.0249 2980 TrkWks - ok
15:20:54.0280 2980 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:20:54.0296 2980 TrustedInstaller - ok
15:20:54.0327 2980 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:20:54.0374 2980 tssecsrv - ok
15:20:54.0452 2980 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:20:54.0514 2980 tunnel - ok
15:20:54.0530 2980 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:20:54.0545 2980 uagp35 - ok
15:20:54.0576 2980 [ 31BA4A33AFAB6A69EA092B18017F737F ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:20:54.0592 2980 udfs - ok
15:20:54.0639 2980 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:20:54.0654 2980 UI0Detect - ok
15:20:54.0670 2980 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
15:20:54.0670 2980 uliagpkx - ok
15:20:54.0717 2980 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:20:54.0732 2980 umbus - ok
15:20:54.0732 2980 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:20:54.0764 2980 UmPass - ok
15:20:54.0842 2980 [ 243150D00793CF71B6DE344538E1CBC3 ] Updater Service for PDFLite Toolbar C:\Program Files (x86)\PDFLite Toolbar\ToolbarUpdaterService.exe
15:20:54.0857 2980 Updater Service for PDFLite Toolbar - ok
15:20:54.0904 2980 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:20:54.0951 2980 upnphost - ok
15:20:55.0013 2980 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:20:55.0029 2980 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
15:20:55.0029 2980 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
15:20:55.0060 2980 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:20:55.0138 2980 usbccgp - ok
15:20:55.0169 2980 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
15:20:55.0200 2980 usbcir - ok
15:20:55.0263 2980 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:20:55.0294 2980 usbehci - ok
15:20:55.0325 2980 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:20:55.0341 2980 usbhub - ok
15:20:55.0372 2980 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:20:55.0388 2980 usbohci - ok
15:20:55.0434 2980 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:20:55.0450 2980 usbprint - ok
15:20:55.0481 2980 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:20:55.0512 2980 usbscan - ok
15:20:55.0544 2980 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:20:55.0622 2980 USBSTOR - ok
15:20:55.0653 2980 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:20:55.0684 2980 usbuhci - ok
15:20:55.0762 2980 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
15:20:55.0809 2980 usbvideo - ok
15:20:55.0840 2980 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:20:55.0887 2980 UxSms - ok
15:20:55.0918 2980 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
15:20:55.0934 2980 VaultSvc - ok
15:20:56.0012 2980 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
15:20:56.0027 2980 vdrvroot - ok
15:20:56.0043 2980 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
15:20:56.0074 2980 vds - ok
15:20:56.0105 2980 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:20:56.0121 2980 vga - ok
15:20:56.0136 2980 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:20:56.0183 2980 VgaSave - ok
15:20:56.0199 2980 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
15:20:56.0214 2980 vhdmp - ok
15:20:56.0230 2980 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
15:20:56.0246 2980 viaide - ok
15:20:56.0261 2980 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
15:20:56.0261 2980 volmgr - ok
15:20:56.0292 2980 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:20:56.0308 2980 volmgrx - ok
15:20:56.0339 2980 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:20:56.0370 2980 volsnap - ok
15:20:56.0402 2980 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:20:56.0417 2980 vsmraid - ok
15:20:56.0480 2980 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
15:20:56.0511 2980 VSS - ok
15:20:56.0542 2980 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:20:56.0636 2980 vwifibus - ok
15:20:56.0667 2980 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:20:56.0698 2980 vwififlt - ok
15:20:56.0792 2980 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:20:56.0838 2980 W32Time - ok
15:20:56.0854 2980 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:20:56.0870 2980 WacomPen - ok
15:20:56.0916 2980 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:20:56.0963 2980 WANARP - ok
15:20:56.0963 2980 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:20:57.0010 2980 Wanarpv6 - ok
15:20:57.0104 2980 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:20:57.0135 2980 WatAdminSvc - ok
15:20:57.0197 2980 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
15:20:57.0275 2980 wbengine - ok
15:20:57.0275 2980 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:20:57.0306 2980 WbioSrvc - ok
15:20:57.0353 2980 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:20:57.0416 2980 wcncsvc - ok
15:20:57.0447 2980 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:20:57.0494 2980 WcsPlugInService - ok
15:20:57.0540 2980 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:20:57.0540 2980 Wd - ok
15:20:57.0587 2980 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
15:20:57.0665 2980 WDC_SAM - ok
15:20:57.0743 2980 [ 2ED495FB03C177A7F51416C2BE253363 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
15:20:57.0759 2980 WDDMService ( UnsignedFile.Multi.Generic ) - warning
15:20:57.0759 2980 WDDMService - detected UnsignedFile.Multi.Generic (1)
15:20:57.0806 2980 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:20:57.0837 2980 Wdf01000 - ok
15:20:57.0852 2980 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:20:57.0868 2980 WdiServiceHost - ok
15:20:57.0868 2980 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:20:57.0899 2980 WdiSystemHost - ok
15:20:57.0962 2980 [ 138AB06ADBBF300AA804D7974A5AEC82 ] WDSmartWareBackgroundService C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
15:20:57.0977 2980 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - warning
15:20:57.0977 2980 WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic (1)
15:20:58.0024 2980 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
15:20:58.0055 2980 WebClient - ok
15:20:58.0242 2980 [ 74CBE3F3B912B7FC97E65E20385C5810 ] WebrootSpySweeperService C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
15:20:58.0320 2980 WebrootSpySweeperService - ok
15:20:58.0352 2980 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:20:58.0414 2980 Wecsvc - ok
15:20:58.0445 2980 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:20:58.0476 2980 wercplsupport - ok
15:20:58.0523 2980 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:20:58.0570 2980 WerSvc - ok
15:20:58.0617 2980 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:20:58.0648 2980 WfpLwf - ok
15:20:58.0664 2980 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:20:58.0679 2980 WIMMount - ok
15:20:58.0695 2980 WinDefend - ok
15:20:58.0710 2980 WinHttpAutoProxySvc - ok
15:20:58.0773 2980 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:20:58.0820 2980 Winmgmt - ok
15:20:58.0882 2980 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
15:20:58.0960 2980 WinRM - ok
15:20:59.0069 2980 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:20:59.0085 2980 WinUsb - ok
15:20:59.0132 2980 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:20:59.0163 2980 Wlansvc - ok
15:20:59.0178 2980 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:20:59.0194 2980 WmiAcpi - ok
15:20:59.0225 2980 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:20:59.0241 2980 wmiApSrv - ok
15:20:59.0334 2980 WMPNetworkSvc - ok
15:20:59.0350 2980 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:20:59.0366 2980 WPCSvc - ok
15:20:59.0381 2980 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:20:59.0459 2980 WPDBusEnum - ok
15:20:59.0537 2980 [ FF0115403517A1FD7619F73F4A6C331E ] WRConsumerService C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
15:20:59.0600 2980 WRConsumerService - ok
15:20:59.0631 2980 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:20:59.0678 2980 ws2ifsl - ok
15:20:59.0724 2980 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
15:20:59.0771 2980 wscsvc - ok
15:20:59.0787 2980 WSearch - ok
15:20:59.0865 2980 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:20:59.0927 2980 wuauserv - ok
15:20:59.0974 2980 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:21:00.0005 2980 WudfPf - ok
15:21:00.0036 2980 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:21:00.0052 2980 WUDFRd - ok
15:21:00.0114 2980 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:21:00.0146 2980 wudfsvc - ok
15:21:00.0161 2980 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:21:00.0192 2980 WwanSvc - ok
15:21:00.0255 2980 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
15:21:00.0286 2980 yukonw7 - ok
15:21:00.0380 2980 [ 74983ADDCA2D9618512C088D856D6615 ] {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
15:21:00.0380 2980 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
15:21:00.0380 2980 ================ Scan global ===============================
15:21:00.0426 2980 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:21:00.0473 2980 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
15:21:00.0473 2980 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
15:21:00.0504 2980 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:21:00.0551 2980 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:21:00.0551 2980 [Global] - ok
15:21:00.0551 2980 ================ Scan MBR ==================================
15:21:00.0567 2980 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
15:21:00.0879 2980 \Device\Harddisk0\DR0 - ok
15:21:00.0879 2980 ================ Scan VBR ==================================
15:21:00.0879 2980 [ AC44920068B58B826267447EB9403D3B ] \Device\Harddisk0\DR0\Partition1
15:21:00.0894 2980 \Device\Harddisk0\DR0\Partition1 - ok
15:21:00.0926 2980 [ 8154E74DD8B581A835ABCD2F74D24A4C ] \Device\Harddisk0\DR0\Partition2
15:21:00.0926 2980 \Device\Harddisk0\DR0\Partition2 - ok
15:21:00.0957 2980 [ 093ECD2CD8924944EFF4F0A449F82970 ] \Device\Harddisk0\DR0\Partition3
15:21:00.0957 2980 \Device\Harddisk0\DR0\Partition3 - ok
15:21:00.0957 2980 ============================================================
15:21:00.0957 2980 Scan finished
15:21:00.0957 2980 ============================================================
15:21:00.0972 2836 Detected object count: 3
15:21:00.0972 2836 Actual detected object count: 3
15:21:47.0086 2836 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
15:21:47.0086 2836 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:21:47.0086 2836 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
15:21:47.0086 2836 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:21:47.0086 2836 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - skipped by user
15:21:47.0086 2836 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:28:02.0358 2852 Deinitialize success

joelo1127

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2010-07-30
Operating System : xp

View user profile

Back to top Go down

Solved Re: Green dot Please help

Post by joelo1127 on Wed 19 Dec 2012, 7:40 am

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-18 15:36:30
-----------------------------
15:36:30.894 OS Version: Windows x64 6.1.7600
15:36:30.894 Number of processors: 2 586 0x170A
15:36:30.894 ComputerName: JOELO-PC UserName: Joelo
15:36:31.252 Initialize success
15:37:38.535 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:37:38.551 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 305245MB BusType: 3
15:37:38.566 Disk 0 MBR read successfully
15:37:38.566 Disk 0 MBR scan
15:37:38.566 Disk 0 unknown MBR code
15:37:38.582 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
15:37:38.598 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
15:37:38.613 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 102400 MB offset 31664128
15:37:38.629 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 187382 MB offset 241379328
15:37:38.676 Disk 0 scanning C:\Windows\system32\drivers
15:37:43.886 Service scanning
15:37:56.444 Modules scanning
15:37:56.444 Scan finished successfully
15:38:45.288 Disk 0 MBR has been saved successfully to "C:\Users\Joelo\Desktop\MBR.dat"
15:38:45.319 The log file has been saved successfully to "C:\Users\Joelo\Desktop\aswMBR.txt"

joelo1127

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2010-07-30
Operating System : xp

View user profile

Back to top Go down

Solved Re: Green dot Please help

Post by joelo1127 on Wed 19 Dec 2012, 7:53 am

when i changed the name to MBRscan.txt. it is a long line of characters that i dont understand and i dont know how to "upload" it

joelo1127

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2010-07-30
Operating System : xp

View user profile

Back to top Go down

Solved Re: Green dot Please help

Post by joelo1127 on Wed 19 Dec 2012, 9:03 am

just seeing if this works. keeps telling me file is not allowed or something like that

joelo1127

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2010-07-30
Operating System : xp

View user profile

Back to top Go down

Solved Re: Green dot Please help

Post by DragonMaster Jay on Wed 19 Dec 2012, 11:51 am

Upload to SpeedyShare.com.
  • When you enter the site, click the center bar, "Click here to upload[...]", find the file "mbr.dat" in "Desktop". Select that, and upload it.
  • Once you do that, you will get a sharing link. Please post that in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Green dot Please help

Post by joelo1127 on Wed 19 Dec 2012, 11:55 am

[You must be registered and logged in to see this link.]

joelo1127

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2010-07-30
Operating System : xp

View user profile

Back to top Go down

Solved Re: Green dot Please help

Post by joelo1127 on Wed 19 Dec 2012, 12:00 pm

Code:
http://speedy.sh/Sw8jj/MBRscan.txt.txt

[You must be registered and logged in to see this link.]


joelo1127

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2010-07-30
Operating System : xp

View user profile

Back to top Go down

Solved Re: Green dot Please help

Post by DragonMaster Jay on Wed 19 Dec 2012, 12:10 pm

Need a different scan to differentiate the results...

Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.


Hitman Pro

Please download Hitman Pro


  • After the download completes please double click the program to run it.
  • Accept the terms of the license agreement and click Next
  • Let the scan run. It will not take long
  • When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
  • Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
  • Upload log.xml here for review please


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Green dot Please help

Post by joelo1127 on Wed 19 Dec 2012, 12:53 pm

This is both from the malwarebytes anti-rootkit you asked for. gonna run hitman pro now..

Malwarebytes Anti-Rootkit 1.01.0.1011
[You must be registered and logged in to see this link.]

Database version: v2012.12.18.09

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Joelo :: JOELO-PC [administrator]

12/18/2012 8:49:27 PM
mbar-log-2012-12-18 (20-49-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30488
Time elapsed: 6 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.194000 GHz
Memory total: 4224303104, free: 3299512320

------------ Kernel report ------------
12/18/2012 20:18:05
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\ssidrv.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\yk62x64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\framebuf.dll
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Users\Joelo\AppData\Local\Temp\aswMBR.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\advapi32.dll
\Windows\System32\wininet.dll
\Windows\System32\sechost.dll
\Windows\System32\imagehlp.dll
\Windows\System32\normaliz.dll
\Windows\System32\shell32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msctf.dll
\Windows\System32\Wldap32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\usp10.dll
\Windows\System32\msvcrt.dll
\Windows\System32\urlmon.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imm32.dll
\Windows\System32\nsi.dll
\Windows\System32\ole32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\user32.dll
\Windows\System32\lpk.dll
\Windows\System32\difxapi.dll
\Windows\System32\psapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\oleaut32.dll
\Windows\System32\gdi32.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80047ce060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80046db050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.12.18.09
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80047ce060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80047ceb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80047ce060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80046db050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xfffff8a00440b860, 0xfffffa80047ce060, 0xfffffa8004a67090
Lower DeviceData: 0xfffff8a003259e80, 0xfffffa80046db050, 0xfffffa800493be40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 76E032E4

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 31457280

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 31459328 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 31664128 Numsec = 209715200

Partition 3 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 241379328 Numsec = 383758336

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Performing system, memory and registry scan...
Read File: File "C:\ProgramData\{CB7DC039-811E-4CD1-81CD-8AD0EF4B8CBA}\instance.dat" is compressed (flags = 1)
Read File: File "C:\ProgramData\{CB7DC039-811E-4CD1-81CD-8AD0EF4B8CBA}\WRInstall.dat" is compressed (flags = 1)
Read File: File "C:\ProgramData\{CD365A7B-CF03-4BDA-BFCA-FC24F7407C39}\Best Buy pc app Setup.dat" is compressed (flags = 1)
Read File: File "C:\ProgramData\{CD365A7B-CF03-4BDA-BFCA-FC24F7407C39}\instance.dat" is compressed (flags = 1)
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr --> [PUM.Hijack.TaskManager]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell --> [Hijack.Shell.Gen.A]
Done!
Scan finished
Creating System Restore point...
Could not create restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.194000 GHz
Memory total: 4224303104, free: 3318517760

------------ Kernel report ------------
12/18/2012 20:42:41
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\ssidrv.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\yk62x64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\framebuf.dll
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Users\Joelo\AppData\Local\Temp\aswMBR.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\advapi32.dll
\Windows\System32\wininet.dll
\Windows\System32\sechost.dll
\Windows\System32\imagehlp.dll
\Windows\System32\normaliz.dll
\Windows\System32\shell32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\msctf.dll
\Windows\System32\Wldap32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\usp10.dll
\Windows\System32\msvcrt.dll
\Windows\System32\urlmon.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imm32.dll
\Windows\System32\nsi.dll
\Windows\System32\ole32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\user32.dll
\Windows\System32\lpk.dll
\Windows\System32\difxapi.dll
\Windows\System32\psapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\oleaut32.dll
\Windows\System32\gdi32.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80047ce060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80046db050
Lower Device Driver Name: \Driver\iaStor\
Device already Exists: 0xfffffa800493be40
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80047ce060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80047ceb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80047ce060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80046db050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xfffff8a003626660, 0xfffffa80047ce060, 0xfffffa8004a67090
Lower DeviceData: 0xfffff8a00c621ed0, 0xfffffa80046db050, 0xfffffa800493be40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 76E032E4

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 31457280

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 31459328 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 31664128 Numsec = 209715200

Partition 3 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 241379328 Numsec = 383758336

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Performing system, memory and registry scan...
Read File: File "C:\ProgramData\{CB7DC039-811E-4CD1-81CD-8AD0EF4B8CBA}\instance.dat" is compressed (flags = 1)
Read File: File "C:\ProgramData\{CB7DC039-811E-4CD1-81CD-8AD0EF4B8CBA}\WRInstall.dat" is compressed (flags = 1)
Read File: File "C:\ProgramData\{CD365A7B-CF03-4BDA-BFCA-FC24F7407C39}\Best Buy pc app Setup.dat" is compressed (flags = 1)
Read File: File "C:\ProgramData\{CD365A7B-CF03-4BDA-BFCA-FC24F7407C39}\instance.dat" is compressed (flags = 1)
Done!
Scan finished

joelo1127

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2010-07-30
Operating System : xp

View user profile

Back to top Go down

Solved Re: Green dot Please help

Post by joelo1127 on Wed 19 Dec 2012, 1:04 pm

Code:
http://speedy.sh/93bKh/HitmanPro-20121218-2101.log

joelo1127

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2010-07-30
Operating System : xp

View user profile

Back to top Go down

Solved Re: Green dot Please help

Post by joelo1127 on Thu 20 Dec 2012, 12:04 am

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]




joelo1127

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2010-07-30
Operating System : xp

View user profile

Back to top Go down

Solved Re: Green dot Please help

Post by DragonMaster Jay on Thu 20 Dec 2012, 6:47 am

Cool. Clean!

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.



Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


Note: Absence of issues does not mean that you're protected in the future.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Green dot Please help

Post by joelo1127 on Thu 20 Dec 2012, 10:43 am

C:\Users\All Users\Mxroh_u_mf.exe a variant of Win32/Kryptik.AQWE trojan unable to clean
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MPB2T94\updater-startnow-200-2.5-f[1].exe a variant of Win32/Toolbar.Zugo application unable to clean
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GRYL48NE\updater-startnow-2.1-2.4-fixed[1].exe Win32/Toolbar.Zugo application unable to clean
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GRYL48NE\updater-startnow-200-2.5-f[1].exe a variant of Win32/Toolbar.Zugo application unable to clean
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GRYL48NE\updater-startnow-200-2.5-g[1].exe a variant of Win32/Toolbar.Zugo application unable to clean
C:\Program Files (x86)\PDFLite Toolbar\PDFLiteToolbarUninstall.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Program Files (x86)\PDFLite Toolbar\Toolbar32.dll a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Program Files (x86)\PDFLite Toolbar\ToolbarUpdaterService.exe a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\ProgramData\Mxroh_u_mf.exe a variant of Win32/Kryptik.AQWE trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Reactivate.exe.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Toolbar32.dll.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarBroker.exe.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Joelo\AppData\Local\Mxroh_u_mf.exe.vir a variant of Win32/Kryptik.AQWE trojan cleaned by deleting - quarantined
C:\Users\Joelo\AppData\Local\Mxroh_u_mf.exe a variant of Win32/Kryptik.AQWE trojan cleaned by deleting - quarantined
C:\Users\Joelo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\57f0e2c2-6484e877 Java/Exploit.CVE-2012-1723.FA trojan cleaned by deleting - quarantined
C:\Users\Joelo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\6d280330-78109451 Java/Exploit.CVE-2012-5076.AA trojan cleaned by deleting - quarantined
C:\Users\Joelo\AppData\Roaming\Mxroh_u_mf.exe a variant of Win32/Kryptik.AQWE trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MPB2T94\updater-startnow-200-2.5-f[1].exe a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GRYL48NE\updater-startnow-2.1-2.4-fixed[1].exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GRYL48NE\updater-startnow-200-2.5-f[1].exe a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GRYL48NE\updater-startnow-200-2.5-g[1].exe a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined

As far as any other problems go... I don't notice any but I don't know how to check for the svchost.exe

joelo1127

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2010-07-30
Operating System : xp

View user profile

Back to top Go down

Solved Re: Green dot Please help

Post by DragonMaster Jay on Thu 20 Dec 2012, 8:14 pm

That's okay. I just want to do another check deeply, before we call it clean.

Kaspersky Virus Removal Tool

The Kaspersky Virus Removal Tool is a scan-and-remove solution from Kaspersky that searches out the most common malware and attempts to remove it from your computer.

Please download the Kaspersky Virus Removal Tool from [URL='http://www.kaspersky.com/antivirus-removal-tool?form=1']Kaspersky's Official Link[/URL] and save it to your Desktop.


  • Double-click the Setup file to install it on your computer.
  • Once it has installed, review and accept the agreement and press the Start button.
  • You will presented with the main interface, but don't scan yet, click the options tab (gear icon):

  • On the Scan Scope tab, make sure to checkmark all the options, except for the CD/DVD drive:

  • On the Security Level tab, make sure to move the slider up denoting "Current Security Level: High":

  • Now, go back to the Automatic Scan tab, and choose "Start Scanning". It may take several hours to complete. Please allow it to do so.
  • Once done scanning, choose the Report tab (page icon), select Detected Threats tab on left, and choose Disinfect All:

  • Then, choose Save. Also, in the Automatic Report tab, select Save:

  • Please post the reports in your next reply.
  • Once you exit, the tool should uninstall automatically.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: Green dot Please help

Post by joelo1127 on Fri 21 Dec 2012, 9:27 am

Just got home from work and thought the scan would be done. It has been running for 10hrs and says it will be done in one day. It has found six threats so far and wimdow pops up asking if i want to delet it or skip it. Should I do either of those actions or just let the scan continue until its done. Also, I am still running in safemode. Is that ok?

joelo1127

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2010-07-30
Operating System : xp

View user profile

Back to top Go down

Solved Re: Green dot Please help

Post by joelo1127 on Fri 21 Dec 2012, 9:29 am

only 21% has been completed

joelo1127

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2010-07-30
Operating System : xp

View user profile

Back to top Go down

Solved Re: Green dot Please help

Post by joelo1127 on Fri 21 Dec 2012, 11:36 am

i'm not posting this to be annoying, just to keep you updated, 2 hrs later and still at 21%

joelo1127

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2010-07-30
Operating System : xp

View user profile

Back to top Go down

Solved Re: Green dot Please help

Post by Sponsored content Today at 9:23 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum