Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Coupon Companion Plug_in take over

3K views 37 replies 2 participants last post by  Mark1956 
#1 ·
Thank you for taking the time to view the following logs.

This laptop isn't used much but is updated / scanned for virus and malware regularly. While my brother was here recovering from knee surgery he used the laptop frequently. While I was using it recently I noticed a considerable difference in the performance.

Some most annoying symptoms: Terrible redirects, mouse movement / clicks are not normal, system runs very slowly after being on for sometime.

I have been poking around trying to figure out what happend and noticed that Norton had Quarantined the Coupon Companion Plug_in on Jan 4 and again on Jan 7...he was trying to download the "Easy Tag" program for his music files. I am still puzzled as to why he would have ignored the warnings that Norton gave him...but it is done.

If Norton had quarantined it I don't know how this thing has taken over the system...:eek:

While running the Gmer a message appeared asking to "Help us improve by Reporting". I did click ok to the following message:

Error Details: mod_Registery_IniGetStrings (s File=System.ini, sSection=Boot, sValue=Shell

Error #5 invalid procedure call or argument

A log was produced and is following. I hope it is correct...

Thanks so very much for any assistance in assessing this system for me!!!

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz, x64 Family 6 Model 15 Stepping 13
Processor Count: 2
RAM: 2939 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1341 Mb
Hard Drives: C: Total - 60954 MB, Free - 40367 MB;
Motherboard: TOSHIBA, Portable PC
Antivirus: Norton 360 Premier Edition, Updated and Enabled

HijackThis Log File:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:38:59 PM, on 2/15/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton 360 Premier Edition\Engine\20.2.1.22\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe
C:\Users\S&M Productions\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\20.2.1.22\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\20.2.1.22\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.2.1.22\coIEPlg.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [RockMelt Update] "C:\Users\S&M Productions\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360 Premier Edition\Engine\20.2.1.22\ccSvcHst.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
--
End of file - 6709 bytes

Ark.txt log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:38:59 PM, on 2/15/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton 360 Premier Edition\Engine\20.2.1.22\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe
C:\Users\S&M Productions\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\20.2.1.22\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\20.2.1.22\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.2.1.22\coIEPlg.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [RockMelt Update] "C:\Users\S&M Productions\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360 Premier Edition\Engine\20.2.1.22\ccSvcHst.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
--
End of file - 6709 bytes

Thank you!GMER 2.1.18952 - http://www.gmer.net
Rootkit scan 2013-02-15 19:00:22
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\0000006b ATA_____ rev.040H 59.63GB
Running: user70s.exe; Driver: C:\Users\S&MPRO~1\AppData\Local\Temp\pfdiakod.sys

---- System - GMER 2.1 ----
SSDT 87AD6B88 ZwAlertResumeThread
SSDT 88144448 ZwAlertThread
SSDT 87AB4840 ZwAllocateVirtualMemory
SSDT 87A422F0 ZwAlpcConnectPort
SSDT 87AB3CE8 ZwAssignProcessToJobObject
SSDT 87AD66F0 ZwCreateMutant
SSDT 857BAF60 ZwCreateSymbolicLinkObject
SSDT 87AAD238 ZwCreateThread
SSDT 87AAEF70 ZwCreateThreadEx
SSDT 87AB3FD0 ZwDebugActiveProcess
SSDT 87AB4210 ZwDuplicateObject
SSDT 87AB45F8 ZwFreeVirtualMemory
SSDT 87AD69E8 ZwImpersonateAnonymousToken
SSDT 87AD6AC8 ZwImpersonateThread
SSDT 87A4C0F0 ZwLoadDriver
SSDT 87AB44F8 ZwMapViewOfSection
SSDT 87AD6610 ZwOpenEvent
SSDT 87AAEE00 ZwOpenProcess
SSDT 87AB4930 ZwOpenProcessToken
SSDT 87AD6248 ZwOpenSection
SSDT 87AB42E0 ZwOpenThread
SSDT 856D9258 ZwProtectVirtualMemory
SSDT 88144528 ZwResumeThread
SSDT 88144988 ZwSetContextThread
SSDT 88144A68 ZwSetInformationProcess
SSDT 87AD6100 ZwSetSystemInformation
SSDT 87AD6530 ZwSuspendProcess
SSDT 881447C8 ZwSuspendThread
SSDT 87AAE998 ZwTerminateProcess
SSDT 881448A8 ZwTerminateThread
SSDT 88144B38 ZwUnmapViewOfSection
SSDT 87AB46E8 ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8288A9E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828C41C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 828CB1F0 8 Bytes [88, 6B, AD, 87, 48, 44, 14, ...] {MOV [EBX-0x53], CH; XCHG [EAX+0x44], ECX; ADC AL, 0x88}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 828CB208 4 Bytes [40, 48, AB, 87]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 828CB214 4 Bytes [F0, 22, A4, 87]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 828CB268 4 Bytes [E8, 3C, AB, 87]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 828CB2E4 4 Bytes [F0, 66, AD, 87]
.text ...
PAGE peauth.sys 98B5DB9B 72 Bytes [8E, F3, 59, E8, 25, 7E, A4, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1476] ntdll.dll!NtTerminateThread 770E68D8 5 Bytes JMP 0002004C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1476] USER32.dll!RecordShutdownReason + 372 75E906C2 7 Bytes JMP 00100930
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1560] ntdll.dll!NtTerminateThread 770E68D8 3 Bytes JMP 000F004C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1560] ntdll.dll!NtTerminateThread + 4 770E68DC 1 Byte [89]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe[1560] USER32.dll!RecordShutdownReason + 372 75E906C2 7 Bytes JMP 00110930
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1596] ntdll.dll!NtTerminateThread 770E68D8 5 Bytes JMP 0020004C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1596] USER32.dll!RecordShutdownReason + 372 75E906C2 7 Bytes JMP 00220930
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1620] ntdll.dll!NtTerminateThread 770E68D8 5 Bytes JMP 0002004C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1620] USER32.dll!RecordShutdownReason + 372 75E906C2 7 Bytes JMP 001E0930
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[1728] ntdll.dll!NtTerminateThread 770E68D8 5 Bytes JMP 0002004C
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[1728] USER32.dll!RecordShutdownReason + 372 75E906C2 7 Bytes JMP 003A0AF4
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[1880] ntdll.dll!NtTerminateThread 770E68D8 5 Bytes JMP 0002004C
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[1880] USER32.dll!RecordShutdownReason + 372 75E906C2 7 Bytes JMP 002B0AF4
.text C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[2024] ntdll.dll!NtTerminateThread 770E68D8 5 Bytes JMP 0002004C
.text C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe[2024] USER32.dll!RecordShutdownReason + 372 75E906C2 7 Bytes JMP 000F0930
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2276] ntdll.dll!NtTerminateThread 770E68D8 5 Bytes JMP 0012004C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2276] USER32.dll!RecordShutdownReason + 372 75E906C2 7 Bytes JMP 00B40930
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2384] ntdll.dll!NtTerminateThread 770E68D8 5 Bytes JMP 0002004C
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[2384] USER32.dll!RecordShutdownReason + 372 75E906C2 7 Bytes JMP 00210AF4
.text C:\Program Files\Winamp\winampa.exe[3692] ntdll.dll!NtTerminateThread 770E68D8 5 Bytes JMP 0022004C
.text C:\Program Files\Winamp\winampa.exe[3692] USER32.dll!RecordShutdownReason + 372 75E906C2 7 Bytes JMP 00240930
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3700] ntdll.dll!NtTerminateThread 770E68D8 5 Bytes JMP 0002004C
.text C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE[3700] USER32.dll!RecordShutdownReason + 372 75E906C2 7 Bytes JMP 001F0930
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3976] ntdll.dll!NtTerminateThread 770E68D8 5 Bytes JMP 0033004C
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[3976] USER32.dll!RecordShutdownReason + 372 75E906C2 7 Bytes JMP 00350930
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4048] ntdll.dll!NtTerminateThread 770E68D8 5 Bytes JMP 0002004C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4048] USER32.dll!RecordShutdownReason + 372 75E906C2 7 Bytes JMP 00200AF4
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[4208] ntdll.dll!NtTerminateThread 770E68D8 5 Bytes JMP 0002004C
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe[4208] USER32.dll!RecordShutdownReason + 372 75E906C2 7 Bytes JMP 00250AF4
.text C:\Users\S&M Productions\Desktop\user70s.exe[4800] ntdll.dll!NtTerminateThread 770E68D8 5 Bytes JMP 0002004C
.text C:\Users\S&M Productions\Desktop\user70s.exe[4800] USER32.dll!RecordShutdownReason + 372 75E906C2 7 Bytes JMP 001F0930
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- EOF - GMER 2.1 ----

Ugh, sorry about that log file duplicate...
 
See less See more
#2 ·
Please run these two scans and post the logs:

SCAN 1
Click on this link to download : ADWCleaner and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and click on this icon on your desktop:


You will then see the screen below, click on the Delete button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.



SCAN 2
Download RogueKiller (by tigzy) and save direct to your Desktop.
On the web page select the 32bit or 64bit button to match the bit rate of your version of Windows.

  • Quit all running programs.
  • Start RogueKiller.exe by double clicking on the icon.
  • Wait until Prescan has finished.
  • Ensure all boxes are ticked under "Report" tab.
  • Click on Scan.
  • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
  • NOTE: DO NOT attempt to remove anything that the scan detects.

 
#3 ·
Hi Mark,

Thanks you very much for your reply! Here are the 2 logs you requested.

AdwCleaner:

# AdwCleaner v2.112 - Logfile created 02/16/2013 at 07:37:38
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : S&M Productions - MALSKL-LAPTOPA
# Boot Mode : Normal
# Running from : C:\Users\S&M Productions\Desktop\adwcleaner0.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Registry is clean.
*************************
AdwCleaner[R12].txt - [1393 octets] - [09/02/2013 22:19:51]
AdwCleaner[R13].txt - [732 octets] - [16/02/2013 07:31:28]
AdwCleaner[R14].txt - [792 octets] - [16/02/2013 07:32:36]
AdwCleaner[R15].txt - [911 octets] - [16/02/2013 07:37:20]
AdwCleaner[S2].txt - [850 octets] - [16/02/2013 07:32:53]
AdwCleaner[S3].txt - [842 octets] - [16/02/2013 07:37:38]
########## EOF - C:\AdwCleaner[S3].txt - [901 octets] ##########

Rogue Kill log:

RogueKiller V8.5.1 [Feb 12 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : S&M Productions [Admin rights]
Mode : Scan -- Date : 02/16/2013 07:41:33
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x82B26B8B -> HOOKED (Unknown @ 0x87AB1048)
SSDT[14] : NtAlertThread @ 0x82A79BB0 -> HOOKED (Unknown @ 0x87AB1128)
SSDT[19] : NtAllocateVirtualMemory @ 0x82A72BBC -> HOOKED (Unknown @ 0x87BC9E50)
SSDT[22] : NtAlpcConnectPort @ 0x82ABE37E -> HOOKED (Unknown @ 0x87A40E00)
SSDT[43] : NtAssignProcessToJobObject @ 0x82A47FEC -> HOOKED (Unknown @ 0x87AAFBA8)
SSDT[74] : NtCreateMutant @ 0x82A5927A -> HOOKED (Unknown @ 0x87BCA3B0)
SSDT[86] : NtCreateSymbolicLinkObject @ 0x82A4A8F4 -> HOOKED (Unknown @ 0x87AAF440)
SSDT[87] : NtCreateThread @ 0x82B24DC6 -> HOOKED (Unknown @ 0x878E81B8)
SSDT[88] : NtCreateThreadEx @ 0x82AB92AB -> HOOKED (Unknown @ 0x87AAF530)
SSDT[96] : NtDebugActiveProcess @ 0x82AF6CBA -> HOOKED (Unknown @ 0x87AAFC88)
SSDT[111] : NtDuplicateObject @ 0x82A7A64A -> HOOKED (Unknown @ 0x879530C8)
SSDT[131] : NtFreeVirtualMemory @ 0x829017FC -> HOOKED (Unknown @ 0x87BC4C70)
SSDT[145] : NtImpersonateAnonymousToken @ 0x82A3E8DE -> HOOKED (Unknown @ 0x85800798)
SSDT[147] : NtImpersonateThread @ 0x82AC2772 -> HOOKED (Unknown @ 0x85800878)
SSDT[155] : NtLoadDriver @ 0x82A0EC14 -> HOOKED (Unknown @ 0x87A41320)
SSDT[168] : NtMapViewOfSection @ 0x82A8F4D9 -> HOOKED (Unknown @ 0x87BC4B70)
SSDT[177] : NtOpenEvent @ 0x82A58C76 -> HOOKED (Unknown @ 0x87BCA2D0)
SSDT[190] : NtOpenProcess @ 0x82A5AAC1 -> HOOKED (Unknown @ 0x857025F0)
SSDT[191] : NtOpenProcessToken @ 0x82AAD17F -> HOOKED (Unknown @ 0x87BC47E8)
SSDT[194] : NtOpenSection @ 0x82AB27FB -> HOOKED (Unknown @ 0x87AAD538)
SSDT[198] : NtOpenThread @ 0x82AA6F05 -> HOOKED (Unknown @ 0x8577D228)
SSDT[215] : NtProtectVirtualMemory @ 0x82A8B539 -> HOOKED (Unknown @ 0x87AAF630)
SSDT[304] : NtResumeThread @ 0x82AB94D2 -> HOOKED (Unknown @ 0x87AB1208)
SSDT[316] : NtSetContextThread @ 0x82B26637 -> HOOKED (Unknown @ 0x87BCAC00)
SSDT[333] : NtSetInformationProcess @ 0x82A8175D -> HOOKED (Unknown @ 0x87BCACE0)
SSDT[350] : NtSetSystemInformation @ 0x82A9723C -> HOOKED (Unknown @ 0x87AAFF70)
SSDT[366] : NtSuspendProcess @ 0x82B26AC7 -> HOOKED (Unknown @ 0x87AAD618)
SSDT[367] : NtSuspendThread @ 0x82ADDFAB -> HOOKED (Unknown @ 0x87AA50B0)
SSDT[370] : NtTerminateProcess @ 0x82AA3B9D -> HOOKED (Unknown @ 0x87AB2F90)
SSDT[371] : unknown @ 0x82AC14AB -> HOOKED (Unknown @ 0x87AA5190)
SSDT[385] : NtUnmapViewOfSection @ 0x82AAD7BA -> HOOKED (Unknown @ 0x87BCADD0)
SSDT[399] : NtWriteVirtualMemory @ 0x82AA889A -> HOOKED (Unknown @ 0x87BC8608)
S_SSDT[318] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x88B322F0)
S_SSDT[402] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x879C5360)
S_SSDT[434] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x879C52A0)
S_SSDT[436] : NtUserGetKeyState -> HOOKED (Unknown @ 0x879E4288)
S_SSDT[448] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x879C54A8)
S_SSDT[490] : NtUserMessageCall -> HOOKED (Unknown @ 0x879E0E28)
S_SSDT[508] : NtUserPostMessage -> HOOKED (Unknown @ 0x879C51D0)
S_SSDT[509] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x879E0F18)
S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x878ECD40)
S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x879CA0D8)
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ATA M4-CT064M4SSD2 SCSI Disk Device +++++
--- User ---
[MBR] 46fd79bdd8c71a922243f3e36abcc9c5
[BSP] 7b57efa636550f3b180e64d62c81a87b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 60955 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_02162013_02d0741.txt >>
RKreport[1]_S_02162013_02d0741.txt

I had found the Coupon Companion in the Add/Remove programs and have deleted that with Revo Uninstaller prior to this post.

Also, I tried everything to run the DDS program and had no luck.

Thanks again!
 
#4 ·
I had also ran the adwCleaner after removing the Coupon Companion with Revo Uninstall.

Here is the original log: _ (did not know if it would assist you)

# AdwCleaner v2.111 - Logfile created 02/08/2013 at 18:12:25
# Updated 05/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : S&M Productions - MALSKL-LAPTOPA
# Boot Mode : Normal
# Running from : C:\Users\S&M Productions\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com/ --> hxxp://www.google.com
*************************
AdwCleaner[R10].txt - [2599 octets] - [08/02/2013 18:11:53]
AdwCleaner[R1].txt - [3573 octets] - [04/02/2013 10:30:40]
AdwCleaner[R2].txt - [3633 octets] - [04/02/2013 10:35:25]
AdwCleaner[R3].txt - [3693 octets] - [04/02/2013 10:40:09]
AdwCleaner[R4].txt - [3753 octets] - [04/02/2013 10:44:29]
AdwCleaner[R5].txt - [3813 octets] - [04/02/2013 11:54:08]
AdwCleaner[R6].txt - [2642 octets] - [04/02/2013 22:11:57]
AdwCleaner[R7].txt - [2702 octets] - [07/02/2013 22:17:30]
AdwCleaner[R8].txt - [2751 octets] - [08/02/2013 18:00:02]
AdwCleaner[R9].txt - [2537 octets] - [08/02/2013 18:10:00]
AdwCleaner[S1].txt - [2440 octets] - [08/02/2013 18:12:25]
########## EOF - C:\AdwCleaner[S1].txt - [2500 octets] ##########

Thanks again!
 
#5 ·
I see you had already run ADWCleaner before coming here and then you ran it five times today. The program only needs to be run once to delete any Adware. The log you posted is clean as all the deletions would have been in the earlier scan. (EDIT: I posted this before seeing your last post)

Not sure why DDS won't run but you could try disabling Norton, what do you see when you try to run it?

Please run this scan:

Please follow the instructions exactly as written, deviating from the instructions and trying to fix anything before I have seen the logs may make your PC unbootable. If TDSSKiller does not offer the Cure option DO NOT select delete as you may remove files needed for the system to operate.

Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!
-- The tool is frequently updated...if you used TDSSKiller before, delete that version and download the most current one before using again.

Be sure to print out and follow the instructions for performing a scan.

  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
  • Alternatively, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If an update is available, TDSSKiller will prompt you to update and download the most current version. Click Load Update. Close TDSSKiller and start again.

  • When the program opens, click the Change parameters.

  • Under "Additional options", check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.

  • Click the Start Scan button.

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.
  • If Malicious objects are detected, they will show in the Scan results - Select action for found objects: and offer three options.

  • Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.

  • Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed. If you choose Delete you may remove critical system files and make your PC unstable or possibly unbootable.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C: ).
  • Copy and paste the contents of that file in your next reply.

-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else before beginning the download and saving to the computer or to perform the scan in "safe mode".
 
#6 ·
Hi Mark!

While trying to run the Dss, a DOS type box opened with green text...advised would take 3 minutes and a log would appear. The a small white box appears saying scan in progress. After that another white box appears and says 2 log files will be created and saved to desktop.

Nothing ever appears. I have waited up to an hour. The hard drive light works like something is happening but then back to the desktop with the DDS.scr highlighted.

I am running the Tdsskiller now. Will post soon.

Thanks!
 
#7 ·
Mark,

When I tried the DDS I forgot to let you know that I had disabled Norton, Malware and SpyBot. Don't know if something else would interfere. Sorry for leaving that out.

Here is the TDSSKiller log you requested:

09:50:18.0417 2712 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:50:19.0151 2712 ============================================================
09:50:19.0151 2712 Current date / time: 2013/02/16 09:50:19.0151
09:50:19.0151 2712 SystemInfo:
09:50:19.0151 2712
09:50:19.0151 2712 OS Version: 6.1.7601 ServicePack: 1.0
09:50:19.0151 2712 Product type: Workstation
09:50:19.0151 2712 ComputerName: MALSKL-LAPTOPA
09:50:19.0151 2712 UserName: S&M Productions
09:50:19.0151 2712 Windows directory: C:\Windows
09:50:19.0151 2712 System windows directory: C:\Windows
09:50:19.0151 2712 Processor architecture: Intel x86
09:50:19.0151 2712 Number of processors: 2
09:50:19.0151 2712 Page size: 0x1000
09:50:19.0151 2712 Boot type: Normal boot
09:50:19.0151 2712 ============================================================
09:50:19.0572 2712 Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:50:19.0572 2712 ============================================================
09:50:19.0572 2712 \Device\Harddisk0\DR0:
09:50:19.0572 2712 MBR partitions:
09:50:19.0572 2712 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:50:19.0572 2712 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x770D800
09:50:19.0572 2712 ============================================================
09:50:19.0587 2712 C: <-> \Device\Harddisk0\DR0\Partition2
09:50:19.0587 2712 ============================================================
09:50:19.0587 2712 Initialize success
09:50:19.0587 2712 ============================================================
09:50:48.0744 1748 ============================================================
09:50:48.0744 1748 Scan started
09:50:48.0744 1748 Mode: Manual; SigCheck; TDLFS;
09:50:48.0744 1748 ============================================================
09:50:48.0853 1748 ================ Scan system memory ========================
09:50:48.0853 1748 System memory - ok
09:50:48.0853 1748 ================ Scan services =============================
09:50:48.0900 1748 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:50:49.0040 1748 1394ohci - ok
09:50:49.0040 1748 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:50:49.0071 1748 ACPI - ok
09:50:49.0071 1748 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:50:49.0103 1748 AcpiPmi - ok
09:50:49.0118 1748 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:50:49.0134 1748 AdobeARMservice - ok
09:50:49.0134 1748 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:50:49.0165 1748 AdobeFlashPlayerUpdateSvc - ok
09:50:49.0165 1748 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:50:49.0196 1748 adp94xx - ok
09:50:49.0212 1748 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:50:49.0227 1748 adpahci - ok
09:50:49.0243 1748 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:50:49.0259 1748 adpu320 - ok
09:50:49.0274 1748 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:50:49.0305 1748 AeLookupSvc - ok
09:50:49.0305 1748 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
09:50:49.0337 1748 AFD - ok
09:50:49.0352 1748 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
09:50:49.0399 1748 AgereSoftModem - ok
09:50:49.0399 1748 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
09:50:49.0415 1748 agp440 - ok
09:50:49.0430 1748 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
09:50:49.0446 1748 aic78xx - ok
09:50:49.0461 1748 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
09:50:49.0477 1748 ALG - ok
09:50:49.0493 1748 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
09:50:49.0508 1748 aliide - ok
09:50:49.0508 1748 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:50:49.0539 1748 amdagp - ok
09:50:49.0539 1748 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
09:50:49.0555 1748 amdide - ok
09:50:49.0571 1748 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:50:49.0586 1748 AmdK8 - ok
09:50:49.0602 1748 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:50:49.0617 1748 AmdPPM - ok
09:50:49.0633 1748 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:50:49.0649 1748 amdsata - ok
09:50:49.0649 1748 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:50:49.0680 1748 amdsbs - ok
09:50:49.0680 1748 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:50:49.0695 1748 amdxata - ok
09:50:49.0711 1748 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
09:50:49.0758 1748 AppID - ok
09:50:49.0758 1748 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:50:49.0789 1748 AppIDSvc - ok
09:50:49.0789 1748 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
09:50:49.0820 1748 Appinfo - ok
09:50:49.0836 1748 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
09:50:49.0851 1748 arc - ok
09:50:49.0867 1748 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:50:49.0883 1748 arcsas - ok
09:50:49.0898 1748 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:50:49.0945 1748 AsyncMac - ok
09:50:49.0945 1748 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
09:50:49.0961 1748 atapi - ok
09:50:49.0976 1748 [ AC4ADAC154563AB41CC79B0257BC685A ] athr C:\Windows\system32\DRIVERS\athr.sys
09:50:50.0023 1748 athr - ok
09:50:50.0039 1748 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:50:50.0070 1748 AudioEndpointBuilder - ok
09:50:50.0085 1748 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:50:50.0117 1748 Audiosrv - ok
09:50:50.0117 1748 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:50:50.0148 1748 AxInstSV - ok
09:50:50.0163 1748 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
09:50:50.0195 1748 b06bdrv - ok
09:50:50.0195 1748 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
09:50:50.0226 1748 b57nd60x - ok
09:50:50.0226 1748 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
09:50:50.0257 1748 BDESVC - ok
09:50:50.0257 1748 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
09:50:50.0288 1748 Beep - ok
09:50:50.0304 1748 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
09:50:50.0351 1748 BFE - ok
09:50:50.0366 1748 [ D2A55F5FE6B716913FB573872F2E5944 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130116.013\BHDrvx86.sys
09:50:50.0397 1748 BHDrvx86 - ok
09:50:50.0413 1748 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
09:50:50.0460 1748 BITS - ok
09:50:50.0460 1748 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:50:50.0475 1748 blbdrive - ok
09:50:50.0491 1748 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:50:50.0507 1748 bowser - ok
09:50:50.0522 1748 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:50:50.0538 1748 BrFiltLo - ok
09:50:50.0538 1748 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:50:50.0569 1748 BrFiltUp - ok
09:50:50.0569 1748 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
09:50:50.0600 1748 BridgeMP - ok
09:50:50.0616 1748 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
09:50:50.0631 1748 Browser - ok
09:50:50.0647 1748 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:50:50.0678 1748 Brserid - ok
09:50:50.0678 1748 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:50:50.0694 1748 BrSerWdm - ok
09:50:50.0709 1748 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:50:50.0725 1748 BrUsbMdm - ok
09:50:50.0741 1748 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:50:50.0756 1748 BrUsbSer - ok
09:50:50.0756 1748 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:50:50.0787 1748 BTHMODEM - ok
09:50:50.0787 1748 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
09:50:50.0834 1748 bthserv - ok
09:50:50.0834 1748 catchme - ok
09:50:50.0850 1748 [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_N360 C:\Windows\system32\drivers\N360\1402010.016\ccSetx86.sys
09:50:50.0865 1748 ccSet_N360 - ok
09:50:50.0865 1748 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:50:50.0897 1748 cdfs - ok
09:50:50.0912 1748 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:50:50.0928 1748 cdrom - ok
09:50:50.0943 1748 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
09:50:50.0975 1748 CertPropSvc - ok
09:50:50.0975 1748 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:50:51.0006 1748 circlass - ok
09:50:51.0006 1748 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
09:50:51.0037 1748 CLFS - ok
09:50:51.0037 1748 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:50:51.0068 1748 clr_optimization_v2.0.50727_32 - ok
09:50:51.0084 1748 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:50:51.0099 1748 clr_optimization_v4.0.30319_32 - ok
09:50:51.0099 1748 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:50:51.0115 1748 CmBatt - ok
09:50:51.0131 1748 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:50:51.0146 1748 cmdide - ok
09:50:51.0162 1748 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
09:50:51.0177 1748 CNG - ok
09:50:51.0193 1748 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:50:51.0209 1748 Compbatt - ok
09:50:51.0209 1748 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:50:51.0240 1748 CompositeBus - ok
09:50:51.0240 1748 COMSysApp - ok
09:50:51.0255 1748 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:50:51.0271 1748 crcdisk - ok
09:50:51.0287 1748 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:50:51.0302 1748 CryptSvc - ok
09:50:51.0318 1748 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
09:50:51.0365 1748 DcomLaunch - ok
09:50:51.0365 1748 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
09:50:51.0411 1748 defragsvc - ok
09:50:51.0411 1748 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:50:51.0443 1748 DfsC - ok
09:50:51.0458 1748 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:50:51.0474 1748 Dhcp - ok
09:50:51.0489 1748 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
09:50:51.0521 1748 discache - ok
09:50:51.0536 1748 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:50:51.0552 1748 Disk - ok
09:50:51.0552 1748 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:50:51.0583 1748 Dnscache - ok
09:50:51.0583 1748 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
09:50:51.0614 1748 dot3svc - ok
09:50:51.0630 1748 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
09:50:51.0661 1748 DPS - ok
09:50:51.0661 1748 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:50:51.0692 1748 drmkaud - ok
09:50:51.0708 1748 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:50:51.0739 1748 DXGKrnl - ok
09:50:51.0739 1748 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
09:50:51.0770 1748 EapHost - ok
09:50:51.0817 1748 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
09:50:51.0879 1748 ebdrv - ok
09:50:51.0895 1748 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
09:50:51.0911 1748 eeCtrl - ok
09:50:51.0911 1748 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
09:50:51.0942 1748 EFS - ok
09:50:51.0957 1748 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:50:51.0989 1748 ehRecvr - ok
09:50:51.0989 1748 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
09:50:52.0004 1748 ehSched - ok
09:50:52.0020 1748 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:50:52.0051 1748 elxstor - ok
09:50:52.0051 1748 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:50:52.0067 1748 EraserUtilRebootDrv - ok
09:50:52.0082 1748 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:50:52.0098 1748 ErrDev - ok
09:50:52.0113 1748 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
09:50:52.0145 1748 EventSystem - ok
09:50:52.0160 1748 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
09:50:52.0191 1748 exfat - ok
09:50:52.0207 1748 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:50:52.0238 1748 fastfat - ok
09:50:52.0254 1748 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
09:50:52.0269 1748 Fax - ok
09:50:52.0285 1748 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:50:52.0301 1748 fdc - ok
09:50:52.0316 1748 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
09:50:52.0347 1748 fdPHost - ok
09:50:52.0347 1748 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
09:50:52.0379 1748 FDResPub - ok
09:50:52.0394 1748 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:50:52.0410 1748 FileInfo - ok
09:50:52.0410 1748 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:50:52.0441 1748 Filetrace - ok
09:50:52.0457 1748 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:50:52.0472 1748 flpydisk - ok
09:50:52.0488 1748 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:50:52.0503 1748 FltMgr - ok
09:50:52.0519 1748 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
09:50:52.0550 1748 FontCache - ok
09:50:52.0550 1748 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:50:52.0566 1748 FontCache3.0.0.0 - ok
09:50:52.0581 1748 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:50:52.0597 1748 FsDepends - ok
09:50:52.0597 1748 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:50:52.0628 1748 Fs_Rec - ok
09:50:52.0628 1748 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:50:52.0659 1748 fvevol - ok
09:50:52.0659 1748 [ 0F76E205BDC60364F08A5949082771CA ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys
09:50:52.0675 1748 FwLnk - ok
09:50:52.0691 1748 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:50:52.0706 1748 gagp30kx - ok
09:50:52.0722 1748 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
09:50:52.0753 1748 gpsvc - ok
09:50:52.0769 1748 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:50:52.0784 1748 hcw85cir - ok
09:50:52.0800 1748 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:50:52.0815 1748 HdAudAddService - ok
09:50:52.0831 1748 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:50:52.0847 1748 HDAudBus - ok
09:50:52.0862 1748 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:50:52.0878 1748 HidBatt - ok
09:50:52.0878 1748 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:50:52.0909 1748 HidBth - ok
09:50:52.0909 1748 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:50:52.0925 1748 HidIr - ok
09:50:52.0940 1748 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
09:50:52.0971 1748 hidserv - ok
09:50:52.0987 1748 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:50:53.0003 1748 HidUsb - ok
09:50:53.0003 1748 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:50:53.0049 1748 hkmsvc - ok
09:50:53.0049 1748 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:50:53.0065 1748 HomeGroupListener - ok
09:50:53.0081 1748 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:50:53.0096 1748 HomeGroupProvider - ok
09:50:53.0112 1748 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:50:53.0127 1748 HpSAMD - ok
09:50:53.0143 1748 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:50:53.0174 1748 HTTP - ok
09:50:53.0190 1748 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:50:53.0205 1748 hwpolicy - ok
09:50:53.0205 1748 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:50:53.0237 1748 i8042prt - ok
09:50:53.0252 1748 [ CDF6179EC9129E9ABC5B0F0525B159EB ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:50:53.0268 1748 iaStor - ok
09:50:53.0283 1748 [ 70BADD827F0C6863AD7F4850DCC5E79B ] iaStorA C:\Windows\system32\DRIVERS\iaStorA.sys
09:50:53.0315 1748 iaStorA - ok
09:50:53.0315 1748 [ 0AB254994A460550258446950BB58311 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
09:50:53.0330 1748 IAStorDataMgrSvc - ok
09:50:53.0346 1748 [ 48BD3DD357DB6BB61FB2E6EF3D137764 ] iaStorF C:\Windows\system32\DRIVERS\iaStorF.sys
09:50:53.0361 1748 iaStorF - ok
09:50:53.0361 1748 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:50:53.0393 1748 iaStorV - ok
09:50:53.0408 1748 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:50:53.0439 1748 idsvc - ok
09:50:53.0455 1748 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130215.001\IDSvix86.sys
09:50:53.0471 1748 IDSVix86 - ok
09:50:53.0580 1748 [ 1EC36A3CA56B0A31B4920399EE6D77EB ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
09:50:53.0736 1748 igfx - ok
09:50:53.0751 1748 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:50:53.0767 1748 iirsp - ok
09:50:53.0783 1748 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
09:50:53.0814 1748 IKEEXT - ok
09:50:53.0829 1748 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
09:50:53.0845 1748 intelide - ok
09:50:53.0861 1748 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:50:53.0876 1748 intelppm - ok
09:50:53.0892 1748 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:50:53.0923 1748 IPBusEnum - ok
09:50:53.0923 1748 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:50:53.0954 1748 IpFilterDriver - ok
09:50:53.0970 1748 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:50:54.0001 1748 iphlpsvc - ok
09:50:54.0017 1748 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:50:54.0032 1748 IPMIDRV - ok
09:50:54.0048 1748 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:50:54.0079 1748 IPNAT - ok
09:50:54.0079 1748 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:50:54.0110 1748 IRENUM - ok
09:50:54.0110 1748 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:50:54.0126 1748 isapnp - ok
09:50:54.0141 1748 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:50:54.0157 1748 iScsiPrt - ok
09:50:54.0173 1748 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:50:54.0188 1748 kbdclass - ok
09:50:54.0188 1748 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:50:54.0219 1748 kbdhid - ok
09:50:54.0219 1748 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
09:50:54.0235 1748 KeyIso - ok
09:50:54.0251 1748 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:50:54.0266 1748 KSecDD - ok
09:50:54.0266 1748 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:50:54.0297 1748 KSecPkg - ok
09:50:54.0297 1748 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
09:50:54.0344 1748 KtmRm - ok
09:50:54.0344 1748 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
09:50:54.0391 1748 LanmanServer - ok
09:50:54.0391 1748 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:50:54.0422 1748 LanmanWorkstation - ok
09:50:54.0438 1748 [ 54581F1B8A4B517040AD316E5C430A2C ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
09:50:54.0453 1748 LBTServ - ok
09:50:54.0469 1748 [ 5001C2B3557B53DED02ABED3BCC6FD2D ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
09:50:54.0485 1748 LHidFilt - ok
09:50:54.0500 1748 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:50:54.0531 1748 lltdio - ok
09:50:54.0531 1748 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:50:54.0578 1748 lltdsvc - ok
09:50:54.0578 1748 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
09:50:54.0609 1748 lmhosts - ok
09:50:54.0625 1748 [ 3AD9369E5D17014971A11728F198994C ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
09:50:54.0641 1748 LMouFilt - ok
09:50:54.0641 1748 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:50:54.0672 1748 LSI_FC - ok
09:50:54.0672 1748 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:50:54.0687 1748 LSI_SAS - ok
09:50:54.0703 1748 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:50:54.0719 1748 LSI_SAS2 - ok
09:50:54.0719 1748 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:50:54.0750 1748 LSI_SCSI - ok
09:50:54.0750 1748 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
09:50:54.0781 1748 luafv - ok
09:50:54.0797 1748 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:50:54.0812 1748 MBAMProtector - ok
09:50:54.0812 1748 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:50:54.0843 1748 MBAMScheduler - ok
09:50:54.0859 1748 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:50:54.0875 1748 MBAMService - ok
09:50:54.0890 1748 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:50:54.0906 1748 Mcx2Svc - ok
09:50:54.0921 1748 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
09:50:54.0937 1748 MDM ( UnsignedFile.Multi.Generic ) - warning
09:50:54.0937 1748 MDM - detected UnsignedFile.Multi.Generic (1)
09:50:54.0937 1748 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:50:54.0953 1748 megasas - ok
09:50:54.0968 1748 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:50:54.0984 1748 MegaSR - ok
09:50:54.0999 1748 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
09:50:55.0015 1748 Microsoft Office Groove Audit Service - ok
09:50:55.0015 1748 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
09:50:55.0062 1748 MMCSS - ok
09:50:55.0062 1748 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
09:50:55.0093 1748 Modem - ok
09:50:55.0109 1748 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:50:55.0124 1748 monitor - ok
09:50:55.0124 1748 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:50:55.0155 1748 mouclass - ok
09:50:55.0155 1748 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:50:55.0171 1748 mouhid - ok
09:50:55.0187 1748 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:50:55.0202 1748 mountmgr - ok
09:50:55.0202 1748 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
09:50:55.0233 1748 mpio - ok
09:50:55.0233 1748 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:50:55.0265 1748 mpsdrv - ok
09:50:55.0280 1748 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:50:55.0327 1748 MpsSvc - ok
09:50:55.0327 1748 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:50:55.0358 1748 MRxDAV - ok
09:50:55.0358 1748 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:50:55.0389 1748 mrxsmb - ok
09:50:55.0389 1748 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:50:55.0421 1748 mrxsmb10 - ok
09:50:55.0421 1748 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:50:55.0436 1748 mrxsmb20 - ok
09:50:55.0452 1748 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
09:50:55.0467 1748 msahci - ok
09:50:55.0467 1748 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:50:55.0499 1748 msdsm - ok
09:50:55.0499 1748 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
09:50:55.0514 1748 MSDTC - ok
09:50:55.0530 1748 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:50:55.0561 1748 Msfs - ok
09:50:55.0577 1748 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:50:55.0608 1748 mshidkmdf - ok
09:50:55.0623 1748 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:50:55.0639 1748 msisadrv - ok
09:50:55.0639 1748 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:50:55.0670 1748 MSiSCSI - ok
09:50:55.0686 1748 msiserver - ok
09:50:55.0686 1748 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:50:55.0717 1748 MSKSSRV - ok
09:50:55.0733 1748 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:50:55.0764 1748 MSPCLOCK - ok
09:50:55.0764 1748 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:50:55.0795 1748 MSPQM - ok
09:50:55.0811 1748 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:50:55.0826 1748 MsRPC - ok
09:50:55.0842 1748 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:50:55.0857 1748 mssmbios - ok
09:50:55.0857 1748 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:50:55.0904 1748 MSTEE - ok
09:50:55.0904 1748 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:50:55.0920 1748 MTConfig - ok
09:50:55.0935 1748 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
09:50:55.0951 1748 Mup - ok
09:50:55.0967 1748 [ 4BA84C832E0741A294C4444556DFE993 ] N360 C:\Program Files\Norton 360 Premier Edition\Engine\20.2.1.22\ccSvcHst.exe
09:50:55.0982 1748 N360 - ok
09:50:55.0982 1748 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
09:50:56.0029 1748 napagent - ok
09:50:56.0029 1748 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:50:56.0060 1748 NativeWifiP - ok
09:50:56.0060 1748 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130215.034\NAVENG.SYS
09:50:56.0091 1748 NAVENG - ok
09:50:56.0107 1748 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130215.034\NAVEX15.SYS
09:50:56.0154 1748 NAVEX15 - ok
09:50:56.0169 1748 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:50:56.0201 1748 NDIS - ok
09:50:56.0201 1748 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:50:56.0232 1748 NdisCap - ok
09:50:56.0247 1748 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:50:56.0279 1748 NdisTapi - ok
09:50:56.0279 1748 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:50:56.0310 1748 Ndisuio - ok
09:50:56.0325 1748 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:50:56.0357 1748 NdisWan - ok
09:50:56.0357 1748 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:50:56.0388 1748 NDProxy - ok
09:50:56.0403 1748 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:50:56.0435 1748 NetBIOS - ok
09:50:56.0435 1748 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:50:56.0466 1748 NetBT - ok
09:50:56.0481 1748 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
09:50:56.0497 1748 Netlogon - ok
09:50:56.0513 1748 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
09:50:56.0544 1748 Netman - ok
09:50:56.0559 1748 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
09:50:56.0591 1748 netprofm - ok
09:50:56.0591 1748 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:50:56.0622 1748 NetTcpPortSharing - ok
09:50:56.0622 1748 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:50:56.0637 1748 nfrd960 - ok
09:50:56.0653 1748 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
09:50:56.0669 1748 NlaSvc - ok
09:50:56.0684 1748 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:50:56.0715 1748 Npfs - ok
09:50:56.0715 1748 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
09:50:56.0747 1748 nsi - ok
09:50:56.0762 1748 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:50:56.0793 1748 nsiproxy - ok
09:50:56.0809 1748 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:50:56.0856 1748 Ntfs - ok
09:50:56.0856 1748 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
09:50:56.0903 1748 Null - ok
09:50:56.0903 1748 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:50:56.0918 1748 nvraid - ok
09:50:56.0934 1748 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:50:56.0949 1748 nvstor - ok
09:50:56.0965 1748 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:50:56.0981 1748 nv_agp - ok
09:50:56.0996 1748 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:50:57.0012 1748 odserv - ok
09:50:57.0027 1748 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:50:57.0043 1748 ohci1394 - ok
09:50:57.0043 1748 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:50:57.0074 1748 ose - ok
09:50:57.0090 1748 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:50:57.0105 1748 p2pimsvc - ok
09:50:57.0121 1748 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
09:50:57.0137 1748 p2psvc - ok
09:50:57.0152 1748 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:50:57.0168 1748 Parport - ok
09:50:57.0183 1748 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:50:57.0199 1748 partmgr - ok
09:50:57.0199 1748 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
09:50:57.0215 1748 Parvdm - ok
09:50:57.0246 1748 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:50:57.0261 1748 PcaSvc - ok
09:50:57.0277 1748 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
09:50:57.0293 1748 pci - ok
09:50:57.0293 1748 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
09:50:57.0324 1748 pciide - ok
09:50:57.0324 1748 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:50:57.0339 1748 pcmcia - ok
09:50:57.0355 1748 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
09:50:57.0371 1748 pcw - ok
09:50:57.0386 1748 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:50:57.0433 1748 PEAUTH - ok
09:50:57.0464 1748 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
09:50:57.0527 1748 pla - ok
09:50:57.0527 1748 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:50:57.0558 1748 PlugPlay - ok
09:50:57.0558 1748 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:50:57.0589 1748 PNRPAutoReg - ok
09:50:57.0589 1748 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:50:57.0620 1748 PNRPsvc - ok
09:50:57.0620 1748 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:50:57.0667 1748 PolicyAgent - ok
09:50:57.0683 1748 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
09:50:57.0714 1748 Power - ok
09:50:57.0714 1748 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:50:57.0745 1748 PptpMiniport - ok
09:50:57.0761 1748 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:50:57.0776 1748 Processor - ok
09:50:57.0792 1748 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
09:50:57.0807 1748 ProfSvc - ok
09:50:57.0807 1748 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:50:57.0839 1748 ProtectedStorage - ok
09:50:57.0839 1748 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:50:57.0870 1748 Psched - ok
09:50:57.0901 1748 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:50:57.0948 1748 ql2300 - ok
09:50:57.0948 1748 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:50:57.0963 1748 ql40xx - ok
09:50:57.0979 1748 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
09:50:57.0995 1748 QWAVE - ok
09:50:58.0010 1748 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:50:58.0026 1748 QWAVEdrv - ok
09:50:58.0041 1748 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:50:58.0073 1748 RasAcd - ok
09:50:58.0073 1748 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:50:58.0104 1748 RasAgileVpn - ok
09:50:58.0119 1748 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
09:50:58.0151 1748 RasAuto - ok
09:50:58.0166 1748 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:50:58.0197 1748 Rasl2tp - ok
09:50:58.0213 1748 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
09:50:58.0244 1748 RasMan - ok
09:50:58.0244 1748 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:50:58.0291 1748 RasPppoe - ok
09:50:58.0291 1748 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:50:58.0322 1748 RasSstp - ok
09:50:58.0338 1748 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:50:58.0369 1748 rdbss - ok
09:50:58.0369 1748 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:50:58.0400 1748 rdpbus - ok
09:50:58.0400 1748 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:50:58.0431 1748 RDPCDD - ok
09:50:58.0447 1748 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:50:58.0478 1748 RDPENCDD - ok
09:50:58.0478 1748 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:50:58.0509 1748 RDPREFMP - ok
09:50:58.0525 1748 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:50:58.0541 1748 RdpVideoMiniport - ok
09:50:58.0556 1748 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:50:58.0572 1748 RDPWD - ok
09:50:58.0587 1748 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:50:58.0603 1748 rdyboost - ok
09:50:58.0603 1748 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
09:50:58.0650 1748 RemoteAccess - ok
09:50:58.0650 1748 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:50:58.0681 1748 RemoteRegistry - ok
09:50:58.0697 1748 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:50:58.0728 1748 RpcEptMapper - ok
09:50:58.0728 1748 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
09:50:58.0759 1748 RpcLocator - ok
09:50:58.0759 1748 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\System32\rpcss.dll
09:50:58.0790 1748 RpcSs - ok
09:50:58.0806 1748 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:50:58.0837 1748 rspndr - ok
09:50:58.0853 1748 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
09:50:58.0868 1748 RTL8167 - ok
09:50:58.0884 1748 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
09:50:58.0899 1748 SamSs - ok
09:50:58.0899 1748 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:50:58.0915 1748 sbp2port - ok
09:50:58.0931 1748 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:50:58.0962 1748 SCardSvr - ok
09:50:58.0977 1748 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:50:59.0009 1748 scfilter - ok
09:50:59.0024 1748 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
09:50:59.0055 1748 Schedule - ok
09:50:59.0071 1748 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:50:59.0102 1748 SCPolicySvc - ok
09:50:59.0102 1748 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:50:59.0133 1748 SDRSVC - ok
09:50:59.0149 1748 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
09:50:59.0180 1748 SDScannerService - ok
09:50:59.0196 1748 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
09:50:59.0243 1748 SDUpdateService - ok
09:50:59.0243 1748 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
09:50:59.0258 1748 SDWSCService - ok
09:50:59.0274 1748 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:50:59.0305 1748 secdrv - ok
09:50:59.0305 1748 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
09:50:59.0336 1748 seclogon - ok
09:50:59.0352 1748 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
09:50:59.0383 1748 SENS - ok
09:50:59.0383 1748 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:50:59.0414 1748 SensrSvc - ok
09:50:59.0414 1748 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:50:59.0445 1748 Serenum - ok
09:50:59.0445 1748 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:50:59.0461 1748 Serial - ok
09:50:59.0477 1748 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:50:59.0492 1748 sermouse - ok
09:50:59.0508 1748 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
09:50:59.0539 1748 SessionEnv - ok
09:50:59.0555 1748 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:50:59.0570 1748 sffdisk - ok
09:50:59.0570 1748 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:50:59.0601 1748 sffp_mmc - ok
09:50:59.0601 1748 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:50:59.0633 1748 sffp_sd - ok
09:50:59.0633 1748 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:50:59.0648 1748 sfloppy - ok
09:50:59.0664 1748 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:50:59.0695 1748 SharedAccess - ok
09:50:59.0711 1748 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:50:59.0742 1748 ShellHWDetection - ok
09:50:59.0757 1748 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:50:59.0773 1748 sisagp - ok
09:50:59.0773 1748 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:50:59.0804 1748 SiSRaid2 - ok
09:50:59.0804 1748 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:50:59.0820 1748 SiSRaid4 - ok
09:50:59.0835 1748 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:50:59.0867 1748 Smb - ok
09:50:59.0882 1748 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:50:59.0898 1748 SNMPTRAP - ok
09:50:59.0913 1748 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
09:50:59.0929 1748 spldr - ok
09:50:59.0929 1748 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
09:50:59.0960 1748 Spooler - ok
09:51:00.0007 1748 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
09:51:00.0069 1748 sppsvc - ok
09:51:00.0069 1748 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:51:00.0116 1748 sppuinotify - ok
09:51:00.0116 1748 [ 26C1B59C80FEF94B025DF5C3C1B791A7 ] SRTSP C:\Windows\System32\Drivers\N360\1402010.016\SRTSP.SYS
09:51:00.0147 1748 SRTSP - ok
09:51:00.0147 1748 [ 21AC3AE81E8263061624C4ED3B11509A ] SRTSPX C:\Windows\system32\drivers\N360\1402010.016\SRTSPX.SYS
09:51:00.0163 1748 SRTSPX - ok
09:51:00.0179 1748 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:51:00.0210 1748 srv - ok
09:51:00.0210 1748 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:51:00.0241 1748 srv2 - ok
09:51:00.0241 1748 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:51:00.0272 1748 srvnet - ok
09:51:00.0272 1748 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:51:00.0303 1748 SSDPSRV - ok
09:51:00.0319 1748 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:51:00.0350 1748 SstpSvc - ok
09:51:00.0350 1748 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:51:00.0381 1748 stexstor - ok
09:51:00.0381 1748 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
09:51:00.0413 1748 StiSvc - ok
09:51:00.0428 1748 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
09:51:00.0444 1748 swenum - ok
09:51:00.0459 1748 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
09:51:00.0491 1748 swprv - ok
09:51:00.0506 1748 [ FB69A67FEEE3026C7F99774A1C405326 ] SymDS C:\Windows\system32\drivers\N360\1402010.016\SYMDS.SYS
09:51:00.0522 1748 SymDS - ok
09:51:00.0537 1748 [ 28C5FAFA7FD1C522B8DCD59694D39412 ] SymEFA C:\Windows\system32\drivers\N360\1402010.016\SYMEFA.SYS
09:51:00.0569 1748 SymEFA - ok
09:51:00.0584 1748 [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
09:51:00.0600 1748 SymEvent - ok
09:51:00.0600 1748 [ 3DAAD401453F5A46CAE076F9D9D1458E ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys
09:51:00.0615 1748 SymIM - ok
09:51:00.0631 1748 [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON C:\Windows\system32\drivers\N360\1402010.016\Ironx86.SYS
09:51:00.0647 1748 SymIRON - ok
09:51:00.0662 1748 [ 21698476A90ACAA056B8CFE09A82785F ] SymNetS C:\Windows\System32\Drivers\N360\1402010.016\SYMNETS.SYS
09:51:00.0678 1748 SymNetS - ok
09:51:00.0678 1748 [ 70534D1E4F9AC990536D5FB5B550B3DE ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
09:51:00.0709 1748 SynTP - ok
09:51:00.0725 1748 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
09:51:00.0756 1748 SysMain - ok
09:51:00.0771 1748 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:51:00.0803 1748 TabletInputService - ok
09:51:00.0803 1748 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
09:51:00.0849 1748 TapiSrv - ok
09:51:00.0849 1748 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
09:51:00.0881 1748 TBS - ok
09:51:00.0912 1748 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:51:00.0943 1748 Tcpip - ok
09:51:00.0974 1748 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:51:01.0005 1748 TCPIP6 - ok
09:51:01.0021 1748 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:51:01.0037 1748 tcpipreg - ok
09:51:01.0052 1748 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:51:01.0068 1748 TDPIPE - ok
09:51:01.0068 1748 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:51:01.0083 1748 TDTCP - ok
09:51:01.0099 1748 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:51:01.0130 1748 tdx - ok
09:51:01.0130 1748 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:51:01.0161 1748 TermDD - ok
09:51:01.0161 1748 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
09:51:01.0208 1748 TermService - ok
09:51:01.0208 1748 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
09:51:01.0239 1748 Themes - ok
09:51:01.0255 1748 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
09:51:01.0286 1748 THREADORDER - ok
09:51:01.0286 1748 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
09:51:01.0317 1748 TrkWks - ok
09:51:01.0333 1748 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:51:01.0364 1748 TrustedInstaller - ok
09:51:01.0380 1748 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:51:01.0411 1748 tssecsrv - ok
09:51:01.0411 1748 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:51:01.0442 1748 TsUsbFlt - ok
09:51:01.0442 1748 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:51:01.0473 1748 tunnel - ok
09:51:01.0489 1748 [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
09:51:01.0505 1748 TVALZ - ok
09:51:01.0505 1748 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:51:01.0520 1748 uagp35 - ok
09:51:01.0536 1748 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:51:01.0567 1748 udfs - ok
09:51:01.0583 1748 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:51:01.0598 1748 UI0Detect - ok
09:51:01.0614 1748 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:51:01.0629 1748 uliagpkx - ok
09:51:01.0629 1748 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:51:01.0661 1748 umbus - ok
09:51:01.0661 1748 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:51:01.0676 1748 UmPass - ok
09:51:01.0692 1748 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
09:51:01.0739 1748 upnphost - ok
09:51:01.0739 1748 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:51:01.0754 1748 usbccgp - ok
09:51:01.0770 1748 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:51:01.0785 1748 usbcir - ok
09:51:01.0801 1748 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:51:01.0817 1748 usbehci - ok
09:51:01.0832 1748 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:51:01.0848 1748 usbhub - ok
09:51:01.0848 1748 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:51:01.0879 1748 usbohci - ok
09:51:01.0879 1748 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:51:01.0895 1748 usbprint - ok
09:51:01.0910 1748 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:51:01.0926 1748 USBSTOR - ok
09:51:01.0926 1748 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:51:01.0957 1748 usbuhci - ok
09:51:01.0957 1748 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
09:51:01.0988 1748 UxSms - ok
09:51:02.0004 1748 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
09:51:02.0019 1748 VaultSvc - ok
09:51:02.0019 1748 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:51:02.0051 1748 vdrvroot - ok
09:51:02.0051 1748 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
09:51:02.0097 1748 vds - ok
09:51:02.0097 1748 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:51:02.0129 1748 vga - ok
09:51:02.0129 1748 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:51:02.0160 1748 VgaSave - ok
09:51:02.0175 1748 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:51:02.0191 1748 vhdmp - ok
09:51:02.0191 1748 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:51:02.0222 1748 viaagp - ok
09:51:02.0222 1748 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
09:51:02.0238 1748 ViaC7 - ok
09:51:02.0253 1748 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
09:51:02.0269 1748 viaide - ok
09:51:02.0269 1748 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:51:02.0300 1748 volmgr - ok
09:51:02.0300 1748 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:51:02.0331 1748 volmgrx - ok
09:51:02.0331 1748 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:51:02.0363 1748 volsnap - ok
09:51:02.0363 1748 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:51:02.0378 1748 vsmraid - ok
09:51:02.0409 1748 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
09:51:02.0456 1748 VSS - ok
09:51:02.0456 1748 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:51:02.0472 1748 vwifibus - ok
09:51:02.0487 1748 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:51:02.0503 1748 vwififlt - ok
09:51:02.0519 1748 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
09:51:02.0550 1748 W32Time - ok
09:51:02.0565 1748 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:51:02.0581 1748 WacomPen - ok
09:51:02.0597 1748 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:51:02.0628 1748 WANARP - ok
09:51:02.0628 1748 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:51:02.0659 1748 Wanarpv6 - ok
09:51:02.0690 1748 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:51:02.0721 1748 WatAdminSvc - ok
09:51:02.0753 1748 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
09:51:02.0784 1748 wbengine - ok
09:51:02.0799 1748 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:51:02.0831 1748 WbioSrvc - ok
09:51:02.0831 1748 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:51:02.0862 1748 wcncsvc - ok
09:51:02.0862 1748 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:51:02.0893 1748 WcsPlugInService - ok
09:51:02.0893 1748 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:51:02.0909 1748 Wd - ok
09:51:02.0924 1748 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:51:02.0955 1748 Wdf01000 - ok
09:51:02.0955 1748 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:51:02.0987 1748 WdiServiceHost - ok
09:51:02.0987 1748 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:51:03.0018 1748 WdiSystemHost - ok
09:51:03.0018 1748 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
09:51:03.0049 1748 WebClient - ok
09:51:03.0065 1748 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:51:03.0096 1748 Wecsvc - ok
09:51:03.0096 1748 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:51:03.0127 1748 wercplsupport - ok
09:51:03.0143 1748 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
09:51:03.0174 1748 WerSvc - ok
09:51:03.0189 1748 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:51:03.0221 1748 WfpLwf - ok
09:51:03.0221 1748 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:51:03.0236 1748 WIMMount - ok
09:51:03.0252 1748 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
09:51:03.0299 1748 WinDefend - ok
09:51:03.0299 1748 WinHttpAutoProxySvc - ok
09:51:03.0314 1748 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:51:03.0345 1748 Winmgmt - ok
09:51:03.0361 1748 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
09:51:03.0423 1748 WinRM - ok
09:51:03.0439 1748 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:51:03.0470 1748 Wlansvc - ok
09:51:03.0486 1748 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:51:03.0501 1748 WmiAcpi - ok
09:51:03.0517 1748 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:51:03.0533 1748 wmiApSrv - ok
09:51:03.0548 1748 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:51:03.0579 1748 WMPNetworkSvc - ok
09:51:03.0595 1748 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:51:03.0611 1748 WPCSvc - ok
09:51:03.0626 1748 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:51:03.0657 1748 WPDBusEnum - ok
09:51:03.0657 1748 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:51:03.0689 1748 ws2ifsl - ok
09:51:03.0704 1748 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
09:51:03.0720 1748 wscsvc - ok
09:51:03.0720 1748 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
09:51:03.0751 1748 WSDPrintDevice - ok
09:51:03.0767 1748 WSearch - ok
09:51:03.0798 1748 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
09:51:03.0845 1748 wuauserv - ok
09:51:03.0845 1748 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:51:03.0876 1748 WudfPf - ok
09:51:03.0876 1748 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:51:03.0891 1748 WUDFRd - ok
09:51:03.0907 1748 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:51:03.0923 1748 wudfsvc - ok
09:51:03.0938 1748 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
09:51:03.0954 1748 WwanSvc - ok
09:51:03.0969 1748 ================ Scan global ===============================
09:51:03.0969 1748 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
09:51:03.0985 1748 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
09:51:04.0001 1748 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
09:51:04.0001 1748 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
09:51:04.0016 1748 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
09:51:04.0016 1748 [Global] - ok
09:51:04.0016 1748 ================ Scan MBR ==================================
09:51:04.0016 1748 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:51:04.0079 1748 \Device\Harddisk0\DR0 - ok
09:51:04.0079 1748 ================ Scan VBR ==================================
09:51:04.0094 1748 [ 350DEC51DAA930E586AAA52A8C22C041 ] \Device\Harddisk0\DR0\Partition1
09:51:04.0094 1748 \Device\Harddisk0\DR0\Partition1 - ok
09:51:04.0094 1748 [ 298837036F5FD1493587A4EA7D33143F ] \Device\Harddisk0\DR0\Partition2
09:51:04.0094 1748 \Device\Harddisk0\DR0\Partition2 - ok
09:51:04.0094 1748 ============================================================
09:51:04.0094 1748 Scan finished
09:51:04.0094 1748 ============================================================
09:51:04.0110 1772 Detected object count: 1
09:51:04.0110 1772 Actual detected object count: 1
09:51:14.0468 1772 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
09:51:14.0468 1772 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:57:56.0717 5928 Deinitialize success

Truly appreciate your patience and assistance!
 
#8 ·
Nothing is coming up in the scans so far, but a bit of a mystery why DDS won't complete.

Please run these scans and post the logs:

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Please download RKill
There are three buttons to choose from with different names on, select the first one and save it to your desktop.

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.
 
#9 ·
Hi Mark,

Yes, DDS has grayed some hairs for me over the last couple of weeks...I'm feeling so very novice.

I have downloaded the 2 programs and will be back to post those logs as well.

Also, upon opening IE this time the Home Page changed to a different MSN page. In the favorites I now see an Ask.com Search - Better Search Engine that I don't believe was there before. I will wait for your advice on this before deleting.

Thank you,
Susan
 
#10 ·
Ok Mark,

I tried downloading JRT and Norton did not like it. However, I was able to download it the other day from this computer with no problem so attached the log it made. Although there is not much to it and may be a good thing.

The Rkill log is also attch'd. Both were run with anti-virus and malware disabled.

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows 7 Home Premium x86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/10/2013 at 21:10:47.33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Rkil log:

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 02/16/2013 11:30:48 AM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Defender Disabled
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
Checking Windows Service Integrity:
* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* No issues found.
Program finished at: 02/16/2013 11:30:55 AM
Execution time: 0 hours(s), 0 minute(s), and 7 seconds(s)
 
#11 ·
OK, post the logs when done, I am out for the rest of the evening and won't be back until Sunday so no rush.

Also, upon opening IE this time the Home Page changed to a different MSN page. In the favorites I now see an Ask.com Search - Better Search Engine that I don't believe was there before. I will wait for your advice on this before deleting.
As you ran multiple scans with ADWCleaner it is difficult for me to see what it changed, Ask.com is always replaced with Google as it is considered to be Adware. I've not seen a situation where the scan will add anything to your favorites list.
 
#13 ·
Thank you Mark,

I am sorry for any issue the previous runs have caused. My husband took this laptop over in November as I purchased a new one. He was anxious wanting to take this with him last week...thus the many runs.

Thanks you again and have a great remainder of your weekend!

Susan
 
#14 ·
Just another short note. I had advised that Norton had an issue with JRT but it had placed an icon on my desktop. As mentioned, it did run ok on 2/10 but not today (or at least made a log).

When I tried to delete the JRT icon off the desktop i received an error that the file no longer existed.

When I rebooted, the JRT icon is now an icon for aswmbr and when i right click it says Avast! Antirootkit. I did not dowload that and now more puzzled as to how it is in the same location on the desktop as the JRT was.

Again, enjoy your eve and remaining weekend! :)
 
#15 ·
I had a great weekend, thank you.

ASWmbr is one of the Malware tools we use here and could not have got onto your system without it being downloaded, may be your husband tried to use it.

Lets try another tool:

STEP 1
NOTE: If you have already used Combofix please delete the icon from your desktop.

  • Please download DeFogger and save it to your desktop.
  • Once downloaded, double-click on the DeFogger icon to start the tool.
  • The application window will appear.
  • You should now click on the Disable button to disable your CD Emulation drivers.
  • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
  • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

STEP 2
Please download ComboFix
from one of the locations below and save it to your Desktop. <-Important!!!


Be sure to print out and follow these instructions: A guide and tutorial on using ComboFix

Vista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. XP users need to install the Recovery Console first.

  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.
  • If ComboFix detects an older version of itself, you will be asked to update the program.
  • ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.
  • Follow the prompts and click on Yes to continue scanning for malware.
  • If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
  • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
  • Be sure to re-enable your anti-virus and other security programs.

-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.


If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier. Those instructions only apply to XP, for Vista and Windows 7 go here: Internet connection repair

NOTE: if you see a message like this when you attempt to open anything after the reboot "Illegal Operation attempted on a registry key that has been marked for deletion" please reboot the system again and the warning should not return.

Do NOT use ComboFix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read ComboFix's Disclaimer.
 
#16 ·
Glad to hear you had a nice weekend!

Here is the ComboFix log you requested. Defogger ran without issue as did combofix.

I am also attaching a screenshot for your review:

This happens when I first download anything on this machine. The download appears as a IE/Word looking icon. Then after I reboot, the true icon is there.

ComboFix 13-02-15.01 - S&M Productions 02/17/2013 8:32.4.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.1917 [GMT -6:00]
Running from: c:\users\S&M Productions\Desktop\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Premier Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2013-01-17 to 2013-02-17 )))))))))))))))))))))))))))))))
.
.
2013-02-17 14:36 . 2013-02-17 14:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-17 14:36 . 2013-02-17 14:36 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-02-13 01:10 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-13 01:10 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 01:10 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 01:10 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 01:10 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 01:10 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-02-11 03:06 . 2013-02-11 03:06 -------- d-----w- c:\windows\ERUNT
2013-02-10 21:55 . 2013-02-11 04:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-02-10 21:55 . 2009-01-25 18:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-02-10 21:55 . 2013-02-10 21:55 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-02-06 21:33 . 2013-02-06 21:33 -------- d-----w- c:\program files\Common Files\Java
2013-02-06 21:32 . 2013-02-06 21:32 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-23 21:41 . 2013-01-24 04:07 -------- d-----w- c:\windows\system32\drivers\N360\1402010.016
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-08 01:32 . 2012-04-18 21:11 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-08 01:32 . 2012-04-18 21:11 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-06 21:32 . 2012-06-21 21:17 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-06 21:32 . 2012-04-18 21:06 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-08 17:18 . 2013-01-08 17:18 53248 ----a-r- c:\users\S&M Productions\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-01-08 17:17 . 2013-01-08 17:17 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-12-16 14:13 . 2012-12-21 12:54 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-14 22:49 . 2012-04-18 21:17 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-07 12:26 . 2013-01-08 23:56 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20 . 2013-01-08 23:56 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 10:46 . 2013-01-08 23:56 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 10:46 . 2013-01-08 23:56 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 10:46 . 2013-01-08 23:56 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 10:46 . 2013-01-08 23:56 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 10:46 . 2013-01-08 23:56 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 10:46 . 2013-01-08 23:56 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 10:46 . 2013-01-08 23:56 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 10:46 . 2013-01-08 23:56 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 10:46 . 2013-01-08 23:56 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 10:46 . 2013-01-08 23:56 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 10:46 . 2013-01-08 23:56 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 10:46 . 2013-01-08 23:56 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 10:46 . 2013-01-08 23:56 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 10:46 . 2013-01-08 23:56 51712 ----a-w- c:\windows\system32\esrb.rs
2012-11-30 04:47 . 2013-01-08 23:56 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 04:45 . 2013-01-08 23:56 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:56 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 02:55 . 2013-01-08 23:56 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38 . 2013-01-08 23:56 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38 . 2013-01-08 23:56 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38 . 2013-01-08 23:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38 . 2013-01-08 23:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-23 02:48 . 2013-01-08 23:56 49152 ----a-w- c:\windows\system32\taskhost.exe
2012-11-22 04:45 . 2013-01-08 23:56 626688 ----a-w- c:\windows\system32\usp10.dll
2012-11-20 04:51 . 2013-01-08 23:56 220160 ----a-w- c:\windows\system32\ncrypt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-13 138784]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-13 172064]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-13 173600]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 1851192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2012-10-01 07:22 66360 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
.
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\1402010.016\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\1402010.016\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130116.013\BHDrvx86.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\1402010.016\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130215.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\1402010.016\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\1402010.016\SYMNETS.SYS [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\20.2.1.22\ccSvcHst.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 01:32]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-RockMelt Update - c:\users\S&M Productions\AppData\Local\RockMelt\Update\RockMeltUpdate.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\20.2.1.22\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\20.2.1.22\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-17 08:37:59
ComboFix-quarantined-files.txt 2013-02-17 14:37
ComboFix2.txt 2013-02-10 01:59
.
Pre-Run: 41,598,877,696 bytes free
Post-Run: 42,215,632,896 bytes free
.
- - End Of File - - E3D2C852F3DF1CB655E90A7925AE06BB

I tried this with all virus/malware on as well as disabled. Also, upon opening IE browser, it will open with just a blank screen. I have to close out the browser and re-open to be able to browse.

Thanks so very much - grateful for your patience and assistance.
 

Attachments

#17 ·
First of all, there were no problems found by Combofix.

Sounds like we have two separate issues and after the scans that we have done I doubt these are Malware related, most probably some file corruption has occurred.

Proceed as follows and let me know if anything improves:

STEP 1
Download this and save it to the desktop: Windows Repair

Close your browser and any running programs, double click on the Tweaking icon to run the tool. When the program opens click on the Step 4 tab. Under System Restore click on Create and wait for the confirmation to appear just below the button.

When complete click on the tab Start Repairs, click on the Start button. Then click on Unselect All and tick the boxes next to the following items only.

When done click on the Start button and leave it undisturbed until complete.

  • Reset Registry Permissions
  • Register System Files
  • Repair WMI
  • Repair Internet Explorer
  • Remove Policies Set By Infections
  • Repair Missing Start Menu Icons Removed By Infections
  • Repair Icons
  • Repair Winsock & DNS Cache
  • Remove Temp Files
  • Set Windows Services To Default Startup
  • Repair MSI (Windows Installer)
  • Repair .lnk (Shortcuts) File Associations

===============================================================

STEP 2

  • Click on Start and type cmd in the search box. Right click on cmd in the popup menu and select Run as Administrator.
  • Another box will open, at the Command Prompt, type sfc /scannow and press Enter. (Note the gap between the c and the /)
  • Let the check run to completion. DO NOT reboot the PC or close the cmd window.
  • Copy & Paste the following command at the Command Prompt and press Enter:

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt

  • This will place a file on your desktop called sfcdetails.txt which contains the results of the scan.
  • Copy and Paste the contents of the file into your next post.

===============================================================

STEP 3
Disk Check

  • Click on Start then type cmd in the search box. A menu will pop up with cmd at the top, right click on it and select Run as Administrator. Another box will open, at the prompt type chkdsk /r and hit Enter. Note: you must include a space between the k and the /
  • You will then see the following message:
    chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)
  • Type Y for yes, and hit Enter. Then reboot the computer.
  • chkdsk will start when Windows begins loading again. Let all 5 phases run and don't use or turn off the computer. (The chkdsk process may take an hour or more to finish, if it appears to freeze this is normal so do not interrupt it. On drives above 500GB it can take several hours.)
  • When the Disk Check is done, it will finish loading Windows.

Then follow this guide to find the chkdsk log. NOTE: You need to do the search for wininit not chkdsk.
Windows 7 Disk Check log

Once the log is in view then click on Copy in the right hand pane and select "Copy details as text".
You can then right click on the message box on this forum and select Paste and the log will appear, add any further information asked for and then click on Submit/Post Quick Reply and your done.
 
#18 ·
Thank you Mark for you reply! I was starting to suspect that as well, a corruption in Windows or Norton.

I will proceed with your next instructions very soon. Sunday's are quite busy as it is my only "full" day off.

Thanks again for your continued assistance and I will report soon.

Take care!
 
#20 ·
Greeting Mark,

All went well in Step 1 and I will post the results below.

I did not reboot and went to next step...

However, Step 2 was not successful. I guessed that i clicked the Start on the Desktop ;) and i got the cmd and ran as Admin. I copied and pasted as you posted but it returned with the following:

'M' is not recognized as an internal or external command, operable program or batch file.

I attempted this action twice with the same result.

So...I tried typing in exactly what you instructed and this is what was returned:

FINDSTR: cannot open C:\Windows\logs\cbs.log
'M' is not recognized as an internal or external command, operable program or batch file.

GOOD NEWS though - I don't have to mouseclick things 3x for it to respond. The backspace button is now working again in browser window as well as no blanck white screan upon opening~!!!

I will await further instruction/advise when you have the opportunity. Sorry to be so wordie-lol. Thanks!!!

Log:
Starting Repairs...
Start (2/17/2013 12:21:50 PM)
Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (2/17/2013 12:21:50 PM)
Running Repair Under Current User Account
Done (2/17/2013 12:21:52 PM)
Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (2/17/2013 12:21:52 PM)
Running Repair Under System Account
Done (2/17/2013 12:21:55 PM)
Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (2/17/2013 12:21:55 PM)
Running Repair Under System Account
Done (2/17/2013 12:21:57 PM)
Register System Files
Start (2/17/2013 12:21:57 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (2/17/2013 12:22:02 PM)
Repair WMI
Start (2/17/2013 12:22:02 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (2/17/2013 12:22:07 PM)
Repair Internet Explorer
Start (2/17/2013 12:22:07 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (2/17/2013 12:22:12 PM)
Remove Policies Set By Infections
Start (2/17/2013 12:22:12 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (2/17/2013 12:22:17 PM)
Repair Missing Start Menu Icons Removed By Infections
Start (2/17/2013 12:22:17 PM)
Running Repair Under System Account
Done (2/17/2013 12:22:19 PM)
Repair Icons
Start (2/17/2013 12:22:19 PM)
Running Repair Under System Account
Done (2/17/2013 12:22:22 PM)
Repair Winsock & DNS Cache
Start (2/17/2013 12:22:22 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (2/17/2013 12:22:26 PM)
Remove Temp Files
Start (2/17/2013 12:22:26 PM)
Running Repair Under System Account
Done (2/17/2013 12:22:29 PM)
Set Windows Services To Default Startup
Start (2/17/2013 12:22:29 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (2/17/2013 12:22:34 PM)
Repair MSI (Windows Installer)
Start (2/17/2013 12:22:34 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (2/17/2013 12:22:38 PM)
Repair lnk (Shortcuts) Association
Start (2/17/2013 12:22:39 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (2/17/2013 12:22:43 PM)
Cleaning up empty logs...
All Selected Repairs Done.
Done (2/17/2013 12:22:43 PM)
Total Repair Time: 00:01:07

...YOU MUST RESTART YOUR SYSTEM...
 
#21 ·
Sounds like we are making some progress.

I am baffled by the error you got after running the System File Checker:

'M' is not recognized as an internal or external command, operable program or batch file.

There is no 'M' in the command so why it is saying that is a mystery, could you try it again and send me a screenshot of the Command box.

You can continue with the Disk Check and send the results from that with your next reply.

You can post screenshots as an attachment which you may find easier.

How to take a screen shot in Vista/Windows 7

How to post a screenshot.

  • Below the Message Box click on Go Advanced.
  • Then scroll down until you see a button, Manage Attachments. Click on that and a new window opens.
  • Click on the Browse button, find the screenshot you made earlier and doubleclick on it.
  • Now click on the Upload button. When done, click on the Close this window button at the bottom of the page.
  • Enter your message-text in the message box, then click on Submit Message/Reply.
 
#22 ·
I said that very same thing about the 'M' and copy/pasted it a 2nd time then typed it out.

Unfortunately, the same return was received and the screenshot is attached.

Here is the chkdsk log: (i hope i did it correctly)

Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 2/17/2013 3:05:39 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: MALSKL-LaptopA
Description:

Checking file system on C:
The type of the file system is NTFS.
A disk check has been scheduled.
Windows will now check the disk.
CHKDSK is verifying files (stage 1 of 5)...
115200 file records processed.
File verification completed.
346 large file records processed.
0 bad file records processed.
0 EA records processed.
43 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 5)...
143156 index entries processed.
Index verification completed.
0 unindexed files scanned.
0 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 5)...
115200 file SDs/SIDs processed.
Cleaning up 4170 unused index entries from index $SII of file 0x9.
Cleaning up 4170 unused index entries from index $SDH of file 0x9.
Cleaning up 4170 unused security descriptors.
Security descriptor verification completed.
13979 data files processed.
CHKDSK is verifying Usn Journal...
34353568 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
115184 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
10285112 free clusters processed.
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.
62417919 KB total disk space.
21013588 KB in 66723 files.
45192 KB in 13980 indexes.
0 KB in bad sectors.
218687 KB in use by the system.
65536 KB occupied by the log file.
41140452 KB available on disk.
4096 bytes in each allocation unit.
15604479 total allocation units on disk.
10285113 allocation units available on disk.
Internal Info:
00 c2 01 00 4b 3b 01 00 6f 4b 02 00 00 00 00 00 ....K;..oK......
25 04 00 00 2b 00 00 00 00 00 00 00 00 00 00 00 %...+...........
a8 8a 15 00 50 01 14 00 e8 17 14 00 00 00 14 00 ....P...........
Windows has finished checking your disk.
Please wait while your computer restarts.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-02-17T21:05:39.000000000Z" />
<EventRecordID>57875</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>MALSKL-LaptopA</Computer>
<Security />
</System>
<EventData>

Checking file system on C:
The type of the file system is NTFS.
A disk check has been scheduled.
Windows will now check the disk.
CHKDSK is verifying files (stage 1 of 5)...
115200 file records processed.
File verification completed.
346 large file records processed.
0 bad file records processed.
0 EA records processed.
43 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 5)...
143156 index entries processed.
Index verification completed.
0 unindexed files scanned.
0 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 5)...
115200 file SDs/SIDs processed.
Cleaning up 4170 unused index entries from index $SII of file 0x9.
Cleaning up 4170 unused index entries from index $SDH of file 0x9.
Cleaning up 4170 unused security descriptors.
Security descriptor verification completed.
13979 data files processed.
CHKDSK is verifying Usn Journal...
34353568 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
115184 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
10285112 free clusters processed.
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.
62417919 KB total disk space.
21013588 KB in 66723 files.
45192 KB in 13980 indexes.
0 KB in bad sectors.
218687 KB in use by the system.
65536 KB occupied by the log file.
41140452 KB available on disk.
4096 bytes in each allocation unit.
15604479 total allocation units on disk.
10285113 allocation units available on disk.
Internal Info:
00 c2 01 00 4b 3b 01 00 6f 4b 02 00 00 00 00 00 ....K;..oK......
25 04 00 00 2b 00 00 00 00 00 00 00 00 00 00 00 %...+...........
a8 8a 15 00 50 01 14 00 e8 17 14 00 00 00 14 00 ....P...........
Windows has finished checking your disk.
Please wait while your computer restarts.

</EventData>
</Event>

Thank you for the info on the screenshop upload and all that you have worked through with me.
 

Attachments

#23 ·
Check Disk has come back clean which is good. That weird error when trying the get the SFC log I can't answer and it gives zero results on Google, I doubt the error will have any detrimental effect on the system, the good news is I can see the scan completed without any errors.

Are there any remaining issues?
 
#24 ·
Greeting Mark,

After seeing your reply and the computer running much better, I was making a list of things we would delete. When I had ran the Tweek program, i thought that I had changed the download destination. I guess I missed that somehow. So while in the root c: I found the Tweaking.com Windows Repair folder with a log inside. It appears to be very similar log to the one I posted but noticed a difference in the Temp folder actions.

Could you please take a look?

Also, would appreciat any advice or articles you would recommend on add on like WinPatrol and/or others.

Thank you so very much . I will probaly not be on till late tomorrow so no hurry on this one. Take care.


Starting Repairs...
Start (2/17/2013 12:21:50 PM)
Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (2/17/2013 12:21:50 PM)
Running Repair Under Current User Account
Done (2/17/2013 12:21:52 PM)
Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (2/17/2013 12:21:52 PM)
Running Repair Under System Account
Done (2/17/2013 12:21:55 PM)
Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (2/17/2013 12:21:55 PM)
Running Repair Under System Account
Done (2/17/2013 12:21:57 PM)
Register System Files
Start (2/17/2013 12:21:57 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (2/17/2013 12:22:02 PM)
Repair WMI
Start (2/17/2013 12:22:02 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (2/17/2013 12:22:07 PM)
Repair Internet Explorer
Start (2/17/2013 12:22:07 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (2/17/2013 12:22:12 PM)
Remove Policies Set By Infections
Start (2/17/2013 12:22:12 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (2/17/2013 12:22:17 PM)
Repair Missing Start Menu Icons Removed By Infections
Start (2/17/2013 12:22:17 PM)
Running Repair Under System Account
Done (2/17/2013 12:22:19 PM)
Repair Icons
Start (2/17/2013 12:22:19 PM)
Running Repair Under System Account
Done (2/17/2013 12:22:22 PM)
Repair Winsock & DNS Cache
Start (2/17/2013 12:22:22 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (2/17/2013 12:22:26 PM)
Remove Temp Files
Start (2/17/2013 12:22:26 PM)
Running Repair Under System Account
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
C:\Users\S&MPRO~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt - The process cannot access the file because it is being used by another process.
C:\Users\S&MPRO~1\AppData\Local\Temp\~DFA7AA3AEF1773C957.TMP - The process cannot access the file because it is being used by another process.
Done (2/17/2013 12:22:29 PM)
Set Windows Services To Default Startup
Start (2/17/2013 12:22:29 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (2/17/2013 12:22:34 PM)
Repair MSI (Windows Installer)
Start (2/17/2013 12:22:34 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (2/17/2013 12:22:38 PM)
Repair lnk (Shortcuts) Association
Start (2/17/2013 12:22:39 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (2/17/2013 12:22:43 PM)
Cleaning up empty logs...
All Selected Repairs Done.
Done (2/17/2013 12:22:43 PM)
Total Repair Time: 00:01:07

...YOU MUST RESTART YOUR SYSTEM...
Starting Repairs...
Start (2/17/2013 12:24:40 PM)
Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (2/17/2013 12:24:40 PM)
Running Repair Under Current User Account
Done (2/17/2013 12:24:42 PM)
Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (2/17/2013 12:24:42 PM)
Running Repair Under System Account
Done (2/17/2013 12:24:45 PM)
Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (2/17/2013 12:24:45 PM)
Running Repair Under System Account
Done (2/17/2013 12:24:47 PM)
Register System Files
Start (2/17/2013 12:24:47 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (2/17/2013 12:24:52 PM)
Repair WMI
Start (2/17/2013 12:24:52 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (2/17/2013 12:24:57 PM)
Repair Internet Explorer
Start (2/17/2013 12:24:57 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (2/17/2013 12:25:02 PM)
Remove Policies Set By Infections
Start (2/17/2013 12:25:02 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (2/17/2013 12:25:06 PM)
Repair Missing Start Menu Icons Removed By Infections
Start (2/17/2013 12:25:06 PM)
Running Repair Under System Account
Done (2/17/2013 12:25:09 PM)
Repair Icons
Start (2/17/2013 12:25:09 PM)
Running Repair Under System Account
Done (2/17/2013 12:25:11 PM)
Repair Winsock & DNS Cache
Start (2/17/2013 12:25:11 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (2/17/2013 12:25:16 PM)
Remove Temp Files
Start (2/17/2013 12:25:16 PM)
Running Repair Under System Account
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
C:\Users\S&MPRO~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt - The process cannot access the file because it is being used by another process.
C:\Users\S&MPRO~1\AppData\Local\Temp\~DFA7AA3AEF1773C957.TMP - The process cannot access the file because it is being used by another process.
The system cannot find the file specified.
The system cannot find the file specified.
Done (2/17/2013 12:25:18 PM)
Set Windows Services To Default Startup
Start (2/17/2013 12:25:18 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (2/17/2013 12:25:23 PM)
Repair MSI (Windows Installer)
Start (2/17/2013 12:25:23 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (2/17/2013 12:25:28 PM)
Repair lnk (Shortcuts) Association
Start (2/17/2013 12:25:28 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (2/17/2013 12:25:33 PM)
Cleaning up empty logs...
All Selected Repairs Done.
Done (2/17/2013 12:25:33 PM)
Total Repair Time: 00:01:07

...YOU MUST RESTART YOUR SYSTEM...
 
#25 ·
That is a bit strange as the first log shows the exact same time as the previous one you posted but with the additional part about the temp file it could not remove. Anyway, it is nothing to worry about. If you want to keep the system clear of temp files I would use this program Temporary file cleaner

We now need to do a check on your security and uninstall the tools used.
I shall post some advice on additional security software when we are done.

To re-enable your CD Emulation drivers if you disabled them, double click DeFogger.exe to run the tool again.

  • The application window will appear.
  • Click the Re-enable button to re-enable your CD Emulation drivers.
  • Click Yes to continue.
  • A 'Finished!' message will appear.
  • Click OK.
  • DeFogger will now ask to reboot the machine...click OK.

To uninstall ComboFix, press the WINKEY + R keys on your keyboard or click on Start
and type Run into the search box and hit Enter.
In the Run box type: ComboFix /Uninstall (Be sure to leave a space before the forward slash).



  • Click on OK.
  • If you encounter any problems using the switch from the Run dialog box, just rename ComboFix.exe to Uninstall.exe, then double-click on it to remove.
  • This will delete ComboFix's related folders/files, reset the clock settings, hide file extensions/system files, clear the System Restore cache to prevent possible reinfection and create a new Restore point.
  • When it has finished you will see a dialog box stating that "ComboFix has been uninstalled".
  • After that, you can delete the ComboFix.exe program from your computer (Desktop).

Next

  • Download OTC by OldTimer and save it to your desktop.
  • Double click
    icon to start the program.
    If you are using Vista or Windows 7, please right-click and choose Run as Administrator
  • Then Click the big
    button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

-- Doing this will remove any specialized tools downloaded and used. If OTC does not delete itself, then delete the file manually when done.
-- Any leftover folders/files related to ComboFix or other tools which OTC did not remove can be deleted manually (right-click on it and choose delete).


Please post back when this is complete and let me know if you have had any problems.

===================================================================

Download Security Check by screen317 from Here or Here.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please Copy & Paste the contents of that document into your next reply.
 
#26 ·
Hi Mark,

Sorry for the delay in responding. Our hot water heater burst on Monday...

Also, Norton has been a bit a little odd since the Microsoft updates as well as with a couple of things we've worked with here. Sunday, I received an error, Norton did an autofix and had me reboot. Monday I received another Norton error and later while updating it had a patch to install.

However, I have used the Temp File cleaner and it cleaned up some stuff. :)

I re-enabled using Defogger and will work on the next 2 steps, so far so good.

We are in the track of quite a storm and may not have power but I will respond as soon as possible.

Thanks so much for all of your assistance. Take good care, Susan
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top