Jump to content

searchbrowsing, bsod, browser hangs, 50 domains?


Germak
 Share

Recommended Posts

Greetings! I want to start by thanking you for being there for me. I wish I had your knowledge! Please find the attached logs you've requested. Basically, I have a problem with searchbrowsing.com and some coupon thingy URL coming up in my msie in safe mode (with networking). In normal mode I cannot access websites. I have tried resetting TCP and Advanced Browser rest with no joy. I have tried mbam and eset online but they cant seem to find the issue and resolve it. After attempting to access the web using msie 9 It hangs, then locks up and manually powering down is the only corse left. Then I get PFN_FILE_CORRUPT BSOD. Then after reboot I get Windows has recovered from an error, but when I click on check for solutions I get another BSOD andreboot again. Also, It just recently started making a sound I never heard before, so I looked in sounds control panel and found it to be device failed to connect alert sound. When I follow the path to the memory dump files I am told the file does not exist. I am at wits end and hope you can get this infarktion resolved ;)

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.19.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

AJAH :: SCOTT-PC [administrator]

11/20/2012 10:04:36 AM

mbam-log-2012-11-20 (10-04-36).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 235646

Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2

Run by AJAH at 10:23:34 on 2012-11-20

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2942.1750 [GMT -5:00]

.

AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

mStart Page = hxxp://search.coupons.com/

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} -

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ips\ipsbho.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: {ACC01A56-70E3-472E-9C4F-83B1DA817DD8} - <orphaned>

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coieplg.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coieplg.dll

uRun: [EPSON NX300 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIEJA.EXE /FU "C:\Windows\TEMP\E_S8012.tmp" /EF "HKCU"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1352871757167

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{EC810410-1BE5-4E91-92C0-4634162C5C5F} : DHCPNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1402000.013\symds64.sys [2012-11-14 493216]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1402000.013\symefa64.sys [2012-11-14 1133216]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-10-23 1384608]

R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\System32\drivers\N360x64\1402000.013\ccsetx64.sys [2012-11-14 168096]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20121119.001\IDSviA64.sys [2012-11-20 513184]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1402000.013\ironx64.sys [2012-11-14 224416]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1402000.013\symnets.sys [2012-11-14 432800]

R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-12-7 375728]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-1-31 72216]

R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccsvchst.exe [2012-11-14 143928]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-18 138912]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-29 19456]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-29 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-29 30208]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-30 1255736]

.

=============== Created Last 30 ================

.

2012-11-20 15:02:48 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-11-20 12:57:58 184133384 ----a-w- C:\306.97-desktop-win8-win7-winvista-64bit-english-whql.exe

2012-11-20 12:52:12 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-11-18 13:36:26 -------- d-----w- C:\Users\AJAH\AppData\Local\{C89C34F6-659C-488B-B3F9-31E70EE7A4F5}

2012-11-18 13:33:30 -------- d-----w- C:\Users\AJAH\AppData\Local\{36DD98A7-A498-4D97-AD4C-DD1C989B7C11}

2012-11-17 15:20:27 -------- d-----w- C:\Users\AJAH\AppData\Local\{322C0762-2C7F-4A5E-8CEE-DBFAC94CE3ED}

2012-11-17 15:11:03 -------- d-----w- C:\Users\AJAH\AppData\Local\{4A68AD69-49F2-4654-8788-F37322426565}

2012-11-16 18:20:48 -------- d-----w- C:\Users\AJAH\AppData\Local\{9FB765A7-51E7-4DFB-832D-B08B2FECC0CE}

2012-11-16 18:18:03 -------- d-----w- C:\Users\AJAH\AppData\Local\{DA7FC998-5E06-414C-80B1-50E469A5CE77}

2012-11-14 14:50:30 -------- d-----w- C:\Users\AJAH\AppData\Local\{7D76D554-9FB3-4B2C-B110-4013C0C53AAE}

2012-11-14 14:27:24 43680 ----a-r- C:\Windows\System32\drivers\SymIMV.sys

2012-11-14 08:29:47 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2012-11-14 08:11:04 776864 ----a-w- C:\Windows\System32\drivers\N360x64\1402000.013\srtsp64.sys

2012-11-14 08:11:04 493216 ----a-w- C:\Windows\System32\drivers\N360x64\1402000.013\symds64.sys

2012-11-14 08:11:04 432800 ----a-r- C:\Windows\System32\drivers\N360x64\1402000.013\symnets.sys

2012-11-14 08:11:04 37496 ----a-r- C:\Windows\System32\drivers\N360x64\1402000.013\srtspx64.sys

2012-11-14 08:11:04 23448 ----a-r- C:\Windows\System32\drivers\N360x64\1402000.013\symelam.sys

2012-11-14 08:11:04 224416 ----a-r- C:\Windows\System32\drivers\N360x64\1402000.013\ironx64.sys

2012-11-14 08:11:04 168096 ----a-w- C:\Windows\System32\drivers\N360x64\1402000.013\ccsetx64.sys

2012-11-14 08:11:04 1133216 ----a-w- C:\Windows\System32\drivers\N360x64\1402000.013\symefa64.sys

2012-11-14 08:10:49 -------- d-----w- C:\Windows\System32\drivers\N360x64\1402000.013

2012-11-14 07:53:39 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-11-14 07:53:39 -------- d-----w- C:\Program Files\Symantec

2012-11-14 07:53:39 -------- d-----w- C:\Program Files\Common Files\Symantec Shared

2012-11-14 07:53:01 -------- d-----w- C:\Windows\System32\drivers\N360x64

2012-11-14 07:52:59 -------- d-----w- C:\Program Files (x86)\Norton Security Suite

2012-11-14 07:52:53 -------- d-----w- C:\Program Files (x86)\NortonInstaller

2012-11-14 07:46:43 -------- d-sh--w- C:\Windows\System32\%APPDATA%

2012-11-14 07:40:38 60776 ----a-w- C:\Windows\System32\OpenCL.dll

2012-11-14 07:40:38 52584 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-11-14 07:33:11 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-14 07:33:11 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-11-14 05:52:53 -------- d--h--w- C:\Windows\msdownld.tmp

2012-11-14 05:52:43 -------- d-----w- C:\Windows\SysWow64\directx

2012-11-14 03:02:29 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-11-14 03:02:29 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-11-14 03:02:29 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-11-14 03:02:29 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-11-14 02:54:47 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-11-14 02:53:56 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-14 02:49:54 -------- d-----w- C:\Users\AJAH\AppData\Local\{E127B189-C08E-41EA-A8CA-CE08042B3905}

2012-11-13 14:49:16 -------- d-----w- C:\Users\AJAH\AppData\Local\{70F1A6B8-7E3C-471F-9916-84DE04BDEC1F}

2012-11-12 14:48:39 -------- d-----w- C:\Users\AJAH\AppData\Local\{2F52CDB5-63C6-4E4A-AC04-0E321926E6B5}

2012-11-12 01:56:04 -------- d-----w- C:\Users\AJAH\AppData\Local\{9806D812-17A5-4C0E-A3A5-A9B771CE8F0E}

2012-11-11 13:55:29 -------- d-----w- C:\Users\AJAH\AppData\Local\{031D2E20-1A4E-4DD8-8BE5-0678D9DF0CA7}

2012-11-09 01:53:18 -------- d-----w- C:\Users\AJAH\AppData\Local\{7DB4CE9E-2A03-4A58-9883-792F7CDD399B}

2012-11-06 01:50:46 -------- d-----w- C:\Users\AJAH\AppData\Local\{DFA32249-4EEB-4936-8B80-2EDCE2BAD586}

2012-11-04 13:49:25 -------- d-----w- C:\Users\AJAH\AppData\Local\{6F713B32-2078-45B3-8988-D805E7B3CFCF}

2012-11-04 01:48:49 -------- d-----w- C:\Users\AJAH\AppData\Local\{EB2F70BF-421F-47AF-BF4B-BC03C001D25A}

2012-11-03 01:48:00 -------- d-----w- C:\Users\AJAH\AppData\Local\{D3E88E95-7A8B-4B25-9D42-17A9FD52460F}

2012-11-03 01:45:23 -------- d-----w- C:\Users\AJAH\AppData\Local\{4847A2A8-15ED-4ACA-9672-777F2A50DF92}

2012-11-03 01:42:26 -------- d-----w- C:\Users\AJAH\AppData\Local\{DB50D146-4596-4D80-8E03-ED25DBD9F2D0}

2012-10-30 15:03:27 -------- d-----w- C:\Users\AJAH\AppData\Local\{EBB9CDB1-E260-4C39-AA22-88793545EB0B}

2012-10-30 03:02:44 -------- d-----w- C:\Users\AJAH\AppData\Local\{D047E71B-E716-4DB5-AF81-37B3777E5EFF}

2012-10-30 01:26:07 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui

2012-10-30 01:26:05 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll

2012-10-30 01:26:05 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll

2012-10-30 01:26:05 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe

2012-10-30 01:26:01 57856 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys

2012-10-30 01:26:01 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys

2012-10-30 01:26:01 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys

2012-10-29 15:02:05 -------- d-----w- C:\Users\AJAH\AppData\Local\{41D0406D-C00A-4AD9-87D9-1A8745142A3D}

2012-10-29 14:43:33 -------- d-----w- C:\Users\AJAH\New folder

2012-10-26 11:32:04 -------- d-----w- C:\Program Files (x86)\FLV_Runner

2012-10-26 02:59:08 -------- d-----w- C:\Users\AJAH\AppData\Local\{0AECA65F-2A9C-4D66-94A7-9B72BE5BF662}

2012-10-22 02:55:51 -------- d-----w- C:\Users\AJAH\AppData\Local\{EC24CA1F-18FF-48A3-9A42-F1ECFC7EF6F9}

.

==================== Find3M ====================

.

2012-11-20 12:52:08 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-11-20 12:38:20 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-11-05 14:27:22 88008 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll

2012-11-05 14:27:21 83880 ----a-w- C:\Windows\System32\LMIinit.dll

2012-11-05 14:27:21 35240 ----a-w- C:\Windows\System32\LMIport.dll

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-08-24 18:13:17 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-08-24 18:09:34 458712 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll

2012-08-24 18:05:03 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-08-24 18:04:18 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-08-24 18:03:09 1448448 ----a-w- C:\Windows\System32\lsasrv.dll

2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-08-24 16:57:40 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-08-24 16:57:40 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-08-24 16:57:37 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-08-24 16:53:35 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-08-23 14:13:11 243200 ----a-w- C:\Windows\System32\rdpudd.dll

2012-08-23 13:47:20 46592 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll

2012-08-23 13:46:20 16896 ----a-w- C:\Windows\SysWow64\wksprtPS.dll

2012-08-23 13:20:40 54272 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll

2012-08-23 13:18:14 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll

2012-08-23 13:17:54 18432 ----a-w- C:\Windows\System32\wksprtPS.dll

2012-08-23 13:06:58 43520 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll

2012-08-23 12:52:53 44032 ----a-w- C:\Windows\System32\tsgqec.dll

2012-08-23 11:20:06 62976 ----a-w- C:\Windows\System32\TSWbPrxy.exe

2012-08-23 11:15:57 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll

2012-08-23 11:14:09 384000 ----a-w- C:\Windows\System32\wksprt.exe

2012-08-23 11:12:17 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll

2012-08-23 10:54:24 322560 ----a-w- C:\Windows\System32\aaclient.dll

2012-08-23 10:51:14 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll

2012-08-23 10:39:24 1048064 ----a-w- C:\Windows\SysWow64\mstsc.exe

2012-08-23 10:22:22 1123840 ----a-w- C:\Windows\System32\mstsc.exe

2012-08-23 09:51:57 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll

2012-08-23 08:19:01 4916224 ----a-w- C:\Windows\SysWow64\mstscax.dll

2012-08-23 08:13:07 5773824 ----a-w- C:\Windows\System32\mstscax.dll

2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

.

============= FINISH: 10:24:27.21 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 1/30/2012 1:57:50 AM

System Uptime: 11/20/2012 10:22:36 AM (0 hours ago)

.

Motherboard: eMachines | | MCP61PM-GM

Processor: AMD Athlon Processor LE-1640 | Socket AM2 | 2700/201mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 139 GiB total, 98.162 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Reader XI

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DivX Setup

EPSON NX300 Series Printer Uninstall

EPSON Scan

Google Chrome

Google Earth

Google Update Helper

GoToMeeting 5.1.0.880

Java 7 Update 9

Java Auto Updater

LogMeIn

LSI PCI-SV92PP Soft Modem

Malwarebytes Anti-Malware version 1.65.1.1000

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Norton Security Suite

NVIDIA Drivers

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition

swMSM

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

VC80CRTRedist - 8.0.50727.6195

Watchtower Library 2011 - English

.

==== Event Viewer Messages From Past Week ========

.

11/20/2012 9:57:26 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x0000000000031065, 0x0000000000000002, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112012-31325-01.

11/20/2012 9:47:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

11/20/2012 9:47:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

11/20/2012 9:47:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/20/2012 9:46:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

11/20/2012 9:46:54 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_N360 discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6

11/20/2012 9:46:43 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x00000000000a5278, 0x0000000000000000, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112012-19000-02.

11/20/2012 9:44:11 AM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147023544.

11/20/2012 9:44:11 AM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80070548.

11/20/2012 9:40:07 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

11/20/2012 9:40:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

11/20/2012 9:40:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

11/20/2012 9:39:52 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_N360 CSC DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIM SymIRON SymNetS tdx Wanarpv6 WfpLwf

11/20/2012 9:39:51 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/20/2012 9:39:51 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

11/20/2012 9:39:51 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

11/20/2012 9:39:51 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

11/20/2012 9:39:51 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

11/20/2012 9:39:51 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

11/20/2012 9:39:51 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/20/2012 9:39:51 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/20/2012 9:39:51 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/20/2012 9:39:51 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

11/20/2012 8:39:58 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/20/2012 8:39:58 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/20/2012 8:39:58 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/20/2012 8:31:56 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

11/20/2012 8:31:56 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.

11/20/2012 8:31:02 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Update service, but this action failed with the following error: An instance of the service is already running.

11/20/2012 8:29:56 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/20/2012 8:29:56 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/20/2012 8:29:56 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/20/2012 8:29:56 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/20/2012 8:29:56 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/20/2012 8:29:56 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/20/2012 8:29:56 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/20/2012 8:29:56 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/20/2012 8:29:56 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/20/2012 7:35:04 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80001eb04f0, 0xfffff88003978890, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112012-19000-01.

11/20/2012 7:20:45 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80002b64ec5, 0xfffff88002e61c80, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112012-18033-01.

11/20/2012 7:18:51 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x000000000009cf08, 0x0000000000000002, 0x00000000000b1807). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112012-23088-01.

11/20/2012 7:12:18 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff96000124b02, 0xfffff880032b70c0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112012-23836-01.

11/20/2012 6:46:08 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112012-23368-01.

11/18/2012 9:18:52 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002a85129, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-20826-01.

11/18/2012 9:16:07 PM, Error: Service Control Manager [7031] - The Norton Security Suite service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/18/2012 8:36:43 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

11/18/2012 8:36:43 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/18/2012 8:36:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

11/18/2012 8:35:46 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x0000000000000001, 0x0000000000000002, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-31917-01.

11/18/2012 8:17:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002bb39bc, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-19921-01.

11/18/2012 8:14:32 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000094, 0xfffff80002d7385a, 0xfffff8800313fa18, 0xfffff8800313f270). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-17690-01.

11/18/2012 8:07:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x0000000000098b0a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-25240-01.

11/18/2012 8:05:18 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x000000000008f0b3, 0x0000000000000005, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-22308-01.

11/18/2012 8:02:09 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000005003, 0xfffff781c0000000, 0x0000000000008c78, 0x00008c7a000118e0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-20810-01.

11/18/2012 7:26:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}

11/18/2012 7:19:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000010, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ab64f0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-21730-01.

11/18/2012 7:16:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002aba4f0, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-17503-01.

11/18/2012 6:44:15 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-18922-01.

11/18/2012 3:10:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-36566-01.

11/18/2012 3:08:13 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x00000000000004c0, 0x0000000000000000, 0x00000000000004c8). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-36067-01.

11/18/2012 3:02:06 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041284, 0xfffff8a00443e001, 0x0000000000008f61, 0xfffff781c0000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-28704-01.

11/18/2012 3:00:23 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x000000000009bbf8, 0x0000000000000000, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-33072-01.

11/18/2012 2:56:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x000000000009e896, 0x0000000000000000, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-32931-01.

11/18/2012 2:54:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x00000000000255df, 0x0000000000000002, 0x0000000000024f6b). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-30513-01.

11/18/2012 2:39:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x000000000000328c, 0x0000000000000000, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-27471-01.

11/18/2012 2:37:03 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x00000000000a7018, 0x0000000000000000, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-27097-01.

11/18/2012 2:25:43 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002ac3129, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-22058-01.

11/18/2012 2:23:25 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000fc (0xfffff8a000024010, 0x82400000620ea963, 0xfffff880030d7570, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-21512-01.

11/18/2012 2:12:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041284, 0xfffff8a00d362001, 0x000000000000bf18, 0xfffff781c0000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-22573-01.

11/18/2012 12:06:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x000000000008e63c, 0x0000000000000000, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-25802-01.

11/18/2012 1:28:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x000000000000009a, 0x00000000000ab01c, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-30420-01.

11/18/2012 1:26:16 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x00000000000a3dff, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-20748-01.

11/18/2012 1:24:25 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x0000000000020000, 0x0000000000000000, 0x0000000000020008). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-21106-01.

11/18/2012 1:07:40 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

11/18/2012 1:07:40 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

11/18/2012 1:07:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x0000000000026e11, 0x0000000000000002, 0x0000000000024988). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-19858-01.

11/18/2012 1:05:03 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x000000000001ad1b, 0x0000000000000002, 0x0000000000015bd2). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-20919-01.

11/18/2012 1:02:45 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041284, 0xfffff8a0058ee001, 0x0000000000008551, 0xfffff781c0000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-19812-01.

11/18/2012 1:00:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x0000000000000003, 0xfffff8a00d37daa0, 0xfffff8a00d345280, 0xfffff8a00d37daa0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-21621-01.

11/17/2012 8:51:03 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x0000000000093d54, 0x0000000000000000, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111712-22729-01.

11/17/2012 8:02:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x000000000001d400, 0x0000000000000000, 0x000000000001d3f8). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111712-30420-01.

11/17/2012 7:58:09 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x0000000000022847, 0x0000000000000000, 0x00000000000228c7). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111712-19905-01.

11/17/2012 7:55:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041201, 0xfffff6800000b268, 0xff494747ff594747, 0xfffffa8006021850). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111712-28158-01.

11/17/2012 7:49:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041284, 0xfffff8a009b7d001, 0x000000000000a2b7, 0xfffff781c0000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111712-27861-01.

11/17/2012 7:45:03 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x00000000000aaeb2, 0x0000000000000000, 0x000000000000009e). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111712-18860-01.

11/17/2012 7:43:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x000000000002bc85, 0x0000000000000000, 0x000000000002bc8d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111712-29140-01.

11/17/2012 7:40:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041284, 0x0000000017632001, 0x0000000000011b50, 0xfffff70001080000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111712-34335-01.

11/17/2012 10:19:31 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x0000000000093bbd, 0x0000000000000002, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111712-27346-01.

11/17/2012 10:10:03 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x0000000000039d09, 0x0000000000000002, 0x0000000000039d07). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111712-26644-01.

11/16/2012 1:19:32 PM, Error: volmgr [46] - Crash dump initialization failed!

11/16/2012 1:13:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x000000000009d6ac, 0x0000000000000000, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111612-17128-01.

11/16/2012 1:11:06 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002a8d129, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111612-26832-01.

11/16/2012 1:08:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x000000000009bff6, 0x0000000000000002, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111612-27814-01.

11/16/2012 1:06:03 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000010, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ab44f0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111612-28860-01.

11/16/2012 1:03:35 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c2 (0x0000000000000007, 0x000000000000109b, 0x0000000000150006, 0xfffffa80053e0210). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111612-30794-01.

11/14/2012 12:27:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

11/14/2012 12:27:05 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6

11/14/2012 12:27:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service LMIGuardianSvc with arguments "" in order to run the server: {D4258A22-CF85-489D-83AE-49FCD0DFAD29}

11/13/2012 8:28:04 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x000000000009810e, 0x0000000000000002, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111312-21964-01.

11/13/2012 8:25:38 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000fc (0xfffff8a000024010, 0x8240000061f06963, 0xfffff88003653570, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111312-23306-01.

11/13/2012 8:23:20 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x0000000000000099, 0x000000000001a4f0, 0x0000000000000000, 0x000000000001a4f8). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111312-22448-01.

11/13/2012 8:18:15 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c139bc, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111312-18392-01.

11/13/2012 8:18:12 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_N360 CSC DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx Wanarpv6 WfpLwf

11/13/2012 8:16:19 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041284, 0xfffff8a003e0b001, 0x0000000000008955, 0xfffff781c0000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111312-28797-01.

11/13/2012 7:35:03 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111312-26395-01.

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

I received another bsod attempting to d/load screen317's Security Check. "BAD_POOL_HEADER". I am using Google Chrome because MSIE will not access the internet. It will hang for infinity and beyond and after a minute or so locks the computer where clock stops and windows is totally unresponsive. Power button only option at that point. Upon reboot it tells me that windows shut down abnormally and when I opt to check for solutions it goes bsod with the "PFN_FILE_CORRUPT". I rebooted and was able to get you the results from security check.

Also, when d/loading Rogue Killer, my Norton said it was evil and destroyed it. So, I disabled Norton ;)

Results of screen317's Security Check version 0.99.54

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Norton Security Suite

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

Java 7 Update 9

Google Chrome 23.0.1271.64

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 4%

````````````````````End of Log``````````````````````

# AdwCleaner v2.008 - Logfile created 11/20/2012 at 07:14:09

# Updated 17/11/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : AJAH - SCOTT-PC

# Boot Mode : Normal

# Running from : C:\Users\AJAH\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\crawlersrch.xml

Folder Deleted : C:\Program Files (x86)\Smartdl

Folder Deleted : C:\Users\AJAH\AppData\LocalLow\Toolbar4

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\AJAH\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6321 octets] - [20/11/2012 07:12:24]

AdwCleaner[s1].txt - [6406 octets] - [20/11/2012 07:14:09]

########## EOF - C:\AdwCleaner[s1].txt - [6466 octets] ##########

---

RogueKiller V8.3.1 [Nov 20 2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : AJAH [Admin rights]

Mode : Remove -- Date : 11/20/2012 07:26:24

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : EPSON NX300 Series (C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJA.EXE /FU "C:\Windows\TEMP\E_S8012.tmp" /EF "HKCU") -> DELETED

[TASK][sUSP PATH] IHSelfDeleteTASK : CMD /C DEL C:\Users\Scott\AppData\Local\Temp\IHUD807.tmp.exe -> DELETED

[TASK][sUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\Scott\AppData\Local\Temp\IHUD6BE.tmp.exe -> DELETED

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST316081 5AS SCSI Disk Device +++++

--- User ---

[MBR] 276795c5554dc4bea6bb85bd901f0237

[bSP] 70afcb2feddebe906e598e01c7120b2d : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20973568 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 21178368 | Size: 142284 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[2]_D_11202012_02d0726.txt >>

RKreport[1]_S_11202012_02d0724.txt ; RKreport[2]_D_11202012_02d0726.txt

Link to post
Share on other sites

  • Staff

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

After 8 failed attempts at running combofix to completion, I was finally able to get it to go all the way through without error.

Short Run down:

Stage 1 BAD_POOL_HEADER

Stage 2 BSOD SYSTEM_SERVICE_EXCEPTION

Stage 3 PFN_LIST_CORRUPT

Stage 4 IRQL_NOT_LESS_OR_EQUAL

Stage 36 MEMORY_MANAGEMENT

Each subsequent attempt it would get a little farther into the combofix processes before BSOD. Finally, I got a bsod BAD_POOL_HEADER @ Stage 1. I tried 1 more time and succeded with the scan.

Although I had disabled Norton Auto-Protect, Norton Firewall, Norton Anti-Spyware and Norton Task Scheduling, I still got an error from combofix that norton was detected. I was about to uninstall it but the instructions were to not install/uninstall anything so I booted into "safe mode" and then back into normal mode and Norton went away. Until Stage 32 (or so) when Norton informed me that a service was unable to start due to a dependency issue. AAARRRGGGHHH! I think I will be replacing it with MSE! I can still not access websites with MSIE, It hangs with a clean page of white and errors out. I am using Google Chrome to post this and when I am in Event Viewer and opt to submit the info to MS for a possible solution, I am told there is no internet connection. So, here is the most difficult log-file to get produced I have ever seen ;)

ComboFix 12-11-21.01 - AJAH 11/21/2012 18:32:34.1.1 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1918.946 [GMT -5:00]

Running from: c:\users\AJAH\Desktop\ComboFix.exe

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-10-21 to 2012-11-21 )))))))))))))))))))))))))))))))

.

.

2012-11-20 15:02 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-20 12:57 . 2012-11-20 12:58 184133384 ----a-w- C:\306.97-desktop-win8-win7-winvista-64bit-english-whql.exe

2012-11-20 12:52 . 2012-11-20 12:52 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-11-20 12:52 . 2012-11-20 12:52 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-11-20 12:38 . 2012-11-20 12:38 -------- d-----w- c:\program files (x86)\Java

2012-11-18 16:34 . 2012-11-18 16:34 -------- d-----w- c:\program files\Microsoft Silverlight

2012-11-18 16:34 . 2012-11-18 16:34 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-11-14 14:27 . 2012-08-09 01:50 43680 ----a-r- c:\windows\system32\drivers\SymIMV.sys

2012-11-14 08:31 . 2012-11-14 08:31 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2012-11-14 08:29 . 2012-11-14 08:29 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared

2012-11-14 07:53 . 2012-11-14 07:53 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-11-14 07:53 . 2012-11-14 07:53 -------- d-----w- c:\program files\Symantec

2012-11-14 07:53 . 2012-11-14 07:53 -------- d-----w- c:\program files\Common Files\Symantec Shared

2012-11-14 07:53 . 2012-11-14 08:13 -------- d-----w- c:\windows\system32\drivers\N360x64

2012-11-14 07:52 . 2012-11-14 07:53 -------- d-----w- c:\program files (x86)\Norton Security Suite

2012-11-14 07:52 . 2012-11-14 07:52 -------- d-----w- c:\program files (x86)\NortonInstaller

2012-11-14 07:46 . 2012-11-14 07:46 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-11-14 07:41 . 2012-11-14 07:41 -------- d-----w- c:\users\UpdatusUser

2012-11-14 07:40 . 2012-10-02 22:21 60776 ----a-w- c:\windows\system32\OpenCL.dll

2012-11-14 07:40 . 2012-10-02 22:21 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-11-14 07:33 . 2012-11-14 07:33 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-14 07:33 . 2012-11-14 07:33 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-14 05:52 . 2012-11-14 05:57 -------- d--h--w- c:\windows\msdownld.tmp

2012-11-14 03:02 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-14 03:02 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-14 03:02 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-14 03:02 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-14 02:54 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-14 02:53 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-11-13 13:32 . 2012-11-14 00:32 -------- d-----w- c:\program files\Google

2012-10-30 01:26 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui

2012-10-30 01:26 . 2012-08-23 13:41 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2012-10-30 01:26 . 2012-08-23 13:40 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2012-10-30 01:26 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll

2012-10-30 01:26 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys

2012-10-30 01:26 . 2012-08-23 14:08 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys

2012-10-30 01:26 . 2012-08-23 14:07 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys

2012-10-26 11:32 . 2012-10-26 11:32 -------- d-----w- c:\program files (x86)\FLV_Runner

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-20 12:52 . 2012-05-09 09:39 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-11-20 12:38 . 2012-01-31 06:21 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-11-14 02:55 . 2012-01-30 07:21 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-11-05 14:27 . 2012-02-01 04:10 88008 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-11-05 14:27 . 2012-02-01 04:10 35240 ----a-w- c:\windows\system32\LMIport.dll

2012-11-05 14:27 . 2012-02-01 04:10 83880 ----a-w- c:\windows\system32\LMIinit.dll

2012-09-14 19:19 . 2012-10-10 05:55 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 05:55 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-08-31 18:19 . 2012-10-10 05:55 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 18:03 . 2012-10-10 05:55 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 05:55 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-10 05:55 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-24 18:05 . 2012-10-10 05:55 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 16:57 . 2012-10-10 05:55 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-30 1255736]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1402000.013\SYMDS64.SYS [2012-10-04 493216]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1402000.013\SYMEFA64.SYS [2012-10-04 1133216]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-10-23 1384608]

S1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360x64\1402000.013\ccSetx64.sys [2012-10-04 168096]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20121120.001\IDSvia64.sys [2012-11-13 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1402000.013\Ironx64.SYS [2012-07-28 224416]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1402000.013\SYMNETS.SYS [2012-07-23 432800]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-05 375728]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]

S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe [2012-10-11 143928]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-14 138912]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-25 22:50]

.

2012-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-25 22:50]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://search.coupons.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

Trusted Zone: netflix.com

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{ACC01A56-70E3-472E-9C4F-83B1DA817DD8} - (no file)

Toolbar-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)

Wow6432Node-HKLM-Run-DivXUpdate - c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

AddRemove-DivX Setup - c:\programdata\DivX\Setup\DivXSetup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

.

**************************************************************************

.

Completion time: 2012-11-21 18:44:49 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-21 23:44

.

Pre-Run: 110,616,735,744 bytes free

Post-Run: 110,486,568,960 bytes free

.

- - End Of File - - 3B0E2D92896662B95ED8A181571AB608

Keyboard Error: No keyboard detected. Press any key to continue.

Link to post
Share on other sites

  • Staff

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Link to post
Share on other sites

Gringo,

This process went as smooth silk. Both utilities ran flawlessly.

21:03:46.0052 2800 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

21:03:46.0489 2800 ============================================================

21:03:46.0489 2800 Current date / time: 2012/11/21 21:03:46.0489

21:03:46.0489 2800 SystemInfo:

21:03:46.0489 2800

21:03:46.0489 2800 OS Version: 6.1.7601 ServicePack: 1.0

21:03:46.0489 2800 Product type: Workstation

21:03:46.0489 2800 ComputerName: SCOTT-PC

21:03:46.0489 2800 UserName: AJAH

21:03:46.0489 2800 Windows directory: C:\Windows

21:03:46.0489 2800 System windows directory: C:\Windows

21:03:46.0489 2800 Running under WOW64

21:03:46.0489 2800 Processor architecture: Intel x64

21:03:46.0489 2800 Number of processors: 1

21:03:46.0489 2800 Page size: 0x1000

21:03:46.0489 2800 Boot type: Normal boot

21:03:46.0489 2800 ============================================================

21:03:48.0424 2800 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:03:48.0439 2800 ============================================================

21:03:48.0439 2800 \Device\Harddisk0\DR0:

21:03:48.0455 2800 MBR partitions:

21:03:48.0455 2800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x32000

21:03:48.0455 2800 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1432800, BlocksNum 0x115E67F9

21:03:48.0455 2800 ============================================================

21:03:48.0470 2800 C: <-> \Device\Harddisk0\DR0\Partition2

21:03:48.0470 2800 ============================================================

21:03:48.0470 2800 Initialize success

21:03:48.0470 2800 ============================================================

21:03:52.0464 3712 ============================================================

21:03:52.0464 3712 Scan started

21:03:52.0464 3712 Mode: Manual;

21:03:52.0464 3712 ============================================================

21:03:52.0994 3712 ================ Scan system memory ========================

21:03:52.0994 3712 System memory - ok

21:03:53.0010 3712 ================ Scan services =============================

21:03:53.0135 3712 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

21:03:53.0150 3712 1394ohci - ok

21:03:53.0182 3712 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

21:03:53.0182 3712 ACPI - ok

21:03:53.0213 3712 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

21:03:53.0213 3712 AcpiPmi - ok

21:03:53.0291 3712 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

21:03:53.0291 3712 AdobeARMservice - ok

21:03:53.0494 3712 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

21:03:53.0509 3712 adp94xx - ok

21:03:53.0603 3712 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

21:03:53.0618 3712 adpahci - ok

21:03:53.0681 3712 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

21:03:53.0696 3712 adpu320 - ok

21:03:53.0728 3712 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

21:03:53.0728 3712 AeLookupSvc - ok

21:03:53.0852 3712 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

21:03:53.0868 3712 AFD - ok

21:03:53.0977 3712 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe

21:03:53.0977 3712 AgereModemAudio - ok

21:03:54.0024 3712 [ A6AB6F0ACE87DA76B4C401813D18BE95 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys

21:03:54.0055 3712 AgereSoftModem - ok

21:03:54.0086 3712 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

21:03:54.0086 3712 agp440 - ok

21:03:54.0133 3712 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

21:03:54.0133 3712 ALG - ok

21:03:54.0164 3712 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

21:03:54.0164 3712 aliide - ok

21:03:54.0196 3712 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

21:03:54.0196 3712 amdide - ok

21:03:54.0242 3712 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

21:03:54.0242 3712 AmdK8 - ok

21:03:54.0258 3712 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

21:03:54.0258 3712 AmdPPM - ok

21:03:54.0305 3712 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

21:03:54.0320 3712 amdsata - ok

21:03:54.0352 3712 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

21:03:54.0352 3712 amdsbs - ok

21:03:54.0367 3712 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

21:03:54.0367 3712 amdxata - ok

21:03:54.0398 3712 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

21:03:54.0398 3712 AppID - ok

21:03:54.0430 3712 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

21:03:54.0430 3712 AppIDSvc - ok

21:03:54.0461 3712 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

21:03:54.0461 3712 Appinfo - ok

21:03:54.0492 3712 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll

21:03:54.0508 3712 AppMgmt - ok

21:03:54.0523 3712 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

21:03:54.0539 3712 arc - ok

21:03:54.0570 3712 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

21:03:54.0570 3712 arcsas - ok

21:03:54.0601 3712 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

21:03:54.0601 3712 AsyncMac - ok

21:03:54.0632 3712 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

21:03:54.0632 3712 atapi - ok

21:03:54.0695 3712 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

21:03:54.0710 3712 AudioEndpointBuilder - ok

21:03:54.0726 3712 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

21:03:54.0742 3712 AudioSrv - ok

21:03:54.0773 3712 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

21:03:54.0773 3712 AxInstSV - ok

21:03:54.0804 3712 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

21:03:54.0820 3712 b06bdrv - ok

21:03:54.0866 3712 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

21:03:54.0866 3712 b57nd60a - ok

21:03:54.0898 3712 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

21:03:54.0898 3712 BDESVC - ok

21:03:54.0913 3712 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

21:03:54.0913 3712 Beep - ok

21:03:54.0976 3712 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

21:03:54.0991 3712 BFE - ok

21:03:55.0178 3712 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20121106.001\BHDrvx64.sys

21:03:55.0178 3712 BHDrvx64 - ok

21:03:55.0225 3712 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

21:03:55.0256 3712 BITS - ok

21:03:55.0288 3712 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

21:03:55.0288 3712 blbdrive - ok

21:03:55.0334 3712 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

21:03:55.0334 3712 bowser - ok

21:03:55.0366 3712 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

21:03:55.0366 3712 BrFiltLo - ok

21:03:55.0412 3712 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

21:03:55.0412 3712 BrFiltUp - ok

21:03:55.0459 3712 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

21:03:55.0459 3712 BridgeMP - ok

21:03:55.0490 3712 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

21:03:55.0506 3712 Browser - ok

21:03:55.0522 3712 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

21:03:55.0522 3712 Brserid - ok

21:03:55.0537 3712 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

21:03:55.0553 3712 BrSerWdm - ok

21:03:55.0568 3712 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

21:03:55.0568 3712 BrUsbMdm - ok

21:03:55.0584 3712 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

21:03:55.0584 3712 BrUsbSer - ok

21:03:55.0600 3712 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

21:03:55.0615 3712 BTHMODEM - ok

21:03:55.0646 3712 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

21:03:55.0646 3712 bthserv - ok

21:03:55.0724 3712 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1402000.013\ccSetx64.sys

21:03:55.0724 3712 ccSet_N360 - ok

21:03:55.0787 3712 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

21:03:55.0802 3712 cdfs - ok

21:03:55.0943 3712 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

21:03:55.0958 3712 cdrom - ok

21:03:55.0990 3712 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

21:03:55.0990 3712 CertPropSvc - ok

21:03:56.0005 3712 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

21:03:56.0021 3712 circlass - ok

21:03:56.0036 3712 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

21:03:56.0052 3712 CLFS - ok

21:03:56.0114 3712 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:03:56.0114 3712 clr_optimization_v2.0.50727_32 - ok

21:03:56.0177 3712 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

21:03:56.0177 3712 clr_optimization_v2.0.50727_64 - ok

21:03:56.0239 3712 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

21:03:56.0255 3712 clr_optimization_v4.0.30319_32 - ok

21:03:56.0286 3712 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

21:03:56.0286 3712 clr_optimization_v4.0.30319_64 - ok

21:03:56.0317 3712 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

21:03:56.0317 3712 CmBatt - ok

21:03:56.0333 3712 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

21:03:56.0333 3712 cmdide - ok

21:03:56.0364 3712 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys

21:03:56.0380 3712 CNG - ok

21:03:56.0395 3712 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

21:03:56.0395 3712 Compbatt - ok

21:03:56.0426 3712 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

21:03:56.0442 3712 CompositeBus - ok

21:03:56.0458 3712 COMSysApp - ok

21:03:56.0489 3712 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

21:03:56.0489 3712 crcdisk - ok

21:03:56.0536 3712 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

21:03:56.0536 3712 CryptSvc - ok

21:03:56.0567 3712 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys

21:03:56.0582 3712 CSC - ok

21:03:56.0614 3712 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll

21:03:56.0629 3712 CscService - ok

21:03:56.0692 3712 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

21:03:56.0692 3712 DcomLaunch - ok

21:03:56.0723 3712 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

21:03:56.0723 3712 defragsvc - ok

21:03:56.0754 3712 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

21:03:56.0754 3712 DfsC - ok

21:03:56.0785 3712 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

21:03:56.0785 3712 Dhcp - ok

21:03:56.0816 3712 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

21:03:56.0816 3712 discache - ok

21:03:56.0848 3712 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

21:03:56.0848 3712 Disk - ok

21:03:56.0879 3712 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys

21:03:56.0879 3712 dmvsc - ok

21:03:56.0910 3712 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

21:03:56.0910 3712 Dnscache - ok

21:03:56.0941 3712 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

21:03:56.0941 3712 dot3svc - ok

21:03:56.0972 3712 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

21:03:56.0972 3712 DPS - ok

21:03:57.0004 3712 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

21:03:57.0004 3712 drmkaud - ok

21:03:57.0035 3712 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

21:03:57.0050 3712 DXGKrnl - ok

21:03:57.0082 3712 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

21:03:57.0082 3712 EapHost - ok

21:03:57.0175 3712 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

21:03:57.0238 3712 ebdrv - ok

21:03:57.0284 3712 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

21:03:57.0284 3712 eeCtrl - ok

21:03:57.0331 3712 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

21:03:57.0331 3712 EFS - ok

21:03:57.0378 3712 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

21:03:57.0378 3712 elxstor - ok

21:03:57.0409 3712 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

21:03:57.0409 3712 EraserUtilRebootDrv - ok

21:03:57.0425 3712 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

21:03:57.0425 3712 ErrDev - ok

21:03:57.0472 3712 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

21:03:57.0472 3712 EventSystem - ok

21:03:57.0503 3712 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

21:03:57.0503 3712 exfat - ok

21:03:57.0534 3712 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

21:03:57.0534 3712 fastfat - ok

21:03:57.0550 3712 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

21:03:57.0550 3712 fdc - ok

21:03:57.0581 3712 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

21:03:57.0581 3712 fdPHost - ok

21:03:57.0596 3712 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

21:03:57.0596 3712 FDResPub - ok

21:03:57.0612 3712 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

21:03:57.0628 3712 FileInfo - ok

21:03:57.0643 3712 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

21:03:57.0643 3712 Filetrace - ok

21:03:57.0659 3712 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

21:03:57.0659 3712 flpydisk - ok

21:03:57.0690 3712 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

21:03:57.0690 3712 FltMgr - ok

21:03:57.0752 3712 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

21:03:57.0768 3712 FontCache - ok

21:03:57.0830 3712 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

21:03:57.0830 3712 FontCache3.0.0.0 - ok

21:03:57.0862 3712 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

21:03:57.0862 3712 FsDepends - ok

21:03:57.0893 3712 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

21:03:57.0893 3712 Fs_Rec - ok

21:03:57.0940 3712 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

21:03:57.0940 3712 fvevol - ok

21:03:57.0955 3712 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

21:03:57.0955 3712 gagp30kx - ok

21:03:58.0002 3712 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

21:03:58.0018 3712 gpsvc - ok

21:03:58.0080 3712 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:03:58.0080 3712 gupdate - ok

21:03:58.0096 3712 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:03:58.0096 3712 gupdatem - ok

21:03:58.0127 3712 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

21:03:58.0142 3712 hcw85cir - ok

21:03:58.0174 3712 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

21:03:58.0189 3712 HdAudAddService - ok

21:03:58.0205 3712 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

21:03:58.0205 3712 HDAudBus - ok

21:03:58.0236 3712 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

21:03:58.0236 3712 HidBatt - ok

21:03:58.0252 3712 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

21:03:58.0252 3712 HidBth - ok

21:03:58.0267 3712 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

21:03:58.0267 3712 HidIr - ok

21:03:58.0298 3712 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

21:03:58.0298 3712 hidserv - ok

21:03:58.0330 3712 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

21:03:58.0330 3712 HidUsb - ok

21:03:58.0361 3712 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

21:03:58.0361 3712 hkmsvc - ok

21:03:58.0376 3712 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

21:03:58.0392 3712 HomeGroupListener - ok

21:03:58.0423 3712 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

21:03:58.0423 3712 HomeGroupProvider - ok

21:03:58.0439 3712 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

21:03:58.0439 3712 HpSAMD - ok

21:03:58.0470 3712 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

21:03:58.0486 3712 HTTP - ok

21:03:58.0501 3712 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

21:03:58.0501 3712 hwpolicy - ok

21:03:58.0517 3712 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

21:03:58.0532 3712 i8042prt - ok

21:03:58.0564 3712 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

21:03:58.0564 3712 iaStorV - ok

21:03:58.0626 3712 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

21:03:58.0642 3712 idsvc - ok

21:03:58.0720 3712 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20121120.001\IDSvia64.sys

21:03:58.0720 3712 IDSVia64 - ok

21:03:58.0751 3712 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

21:03:58.0751 3712 iirsp - ok

21:03:58.0798 3712 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

21:03:58.0813 3712 IKEEXT - ok

21:03:58.0844 3712 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

21:03:58.0844 3712 intelide - ok

21:03:58.0876 3712 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys

21:03:58.0876 3712 intelppm - ok

21:03:58.0891 3712 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

21:03:58.0907 3712 IPBusEnum - ok

21:03:58.0922 3712 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:03:58.0922 3712 IpFilterDriver - ok

21:03:58.0954 3712 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

21:03:58.0969 3712 iphlpsvc - ok

21:03:59.0000 3712 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

21:03:59.0000 3712 IPMIDRV - ok

21:03:59.0032 3712 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

21:03:59.0047 3712 IPNAT - ok

21:03:59.0078 3712 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

21:03:59.0078 3712 IRENUM - ok

21:03:59.0094 3712 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

21:03:59.0094 3712 isapnp - ok

21:03:59.0125 3712 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

21:03:59.0125 3712 iScsiPrt - ok

21:03:59.0156 3712 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

21:03:59.0156 3712 kbdclass - ok

21:03:59.0188 3712 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

21:03:59.0188 3712 kbdhid - ok

21:03:59.0219 3712 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

21:03:59.0219 3712 KeyIso - ok

21:03:59.0234 3712 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

21:03:59.0234 3712 KSecDD - ok

21:03:59.0281 3712 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

21:03:59.0281 3712 KSecPkg - ok

21:03:59.0312 3712 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

21:03:59.0312 3712 ksthunk - ok

21:03:59.0359 3712 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

21:03:59.0359 3712 KtmRm - ok

21:03:59.0406 3712 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

21:03:59.0422 3712 LanmanServer - ok

21:03:59.0453 3712 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

21:03:59.0453 3712 LanmanWorkstation - ok

21:03:59.0500 3712 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

21:03:59.0500 3712 lltdio - ok

21:03:59.0546 3712 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

21:03:59.0546 3712 lltdsvc - ok

21:03:59.0578 3712 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

21:03:59.0578 3712 lmhosts - ok

21:03:59.0671 3712 [ 7109163D8027076D2680CFC4E80E2A28 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

21:03:59.0671 3712 LMIGuardianSvc - ok

21:03:59.0718 3712 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys

21:03:59.0718 3712 LMIInfo - ok

21:03:59.0765 3712 [ 8054CE1FC8B417691960D00F931516A7 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

21:03:59.0765 3712 LMIMaint - ok

21:03:59.0812 3712 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys

21:03:59.0812 3712 lmimirr - ok

21:03:59.0827 3712 LMIRfsClientNP - ok

21:03:59.0858 3712 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys

21:03:59.0858 3712 LMIRfsDriver - ok

21:03:59.0890 3712 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

21:03:59.0905 3712 LogMeIn - ok

21:03:59.0936 3712 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

21:03:59.0936 3712 LSI_FC - ok

21:03:59.0952 3712 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

21:03:59.0968 3712 LSI_SAS - ok

21:03:59.0983 3712 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

21:03:59.0983 3712 LSI_SAS2 - ok

21:03:59.0999 3712 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

21:04:00.0014 3712 LSI_SCSI - ok

21:04:00.0030 3712 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

21:04:00.0030 3712 luafv - ok

21:04:00.0077 3712 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys

21:04:00.0077 3712 mcdbus - ok

21:04:00.0108 3712 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

21:04:00.0108 3712 megasas - ok

21:04:00.0124 3712 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

21:04:00.0139 3712 MegaSR - ok

21:04:00.0202 3712 Microsoft SharePoint Workspace Audit Service - ok

21:04:00.0217 3712 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

21:04:00.0217 3712 MMCSS - ok

21:04:00.0248 3712 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

21:04:00.0248 3712 Modem - ok

21:04:00.0280 3712 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

21:04:00.0280 3712 monitor - ok

21:04:00.0311 3712 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

21:04:00.0311 3712 mouclass - ok

21:04:00.0342 3712 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

21:04:00.0358 3712 mouhid - ok

21:04:00.0373 3712 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

21:04:00.0373 3712 mountmgr - ok

21:04:00.0389 3712 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

21:04:00.0404 3712 mpio - ok

21:04:00.0420 3712 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

21:04:00.0420 3712 mpsdrv - ok

21:04:00.0467 3712 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

21:04:00.0482 3712 MpsSvc - ok

21:04:00.0482 3712 MREMP50 - ok

21:04:00.0529 3712 MREMP50a64 - ok

21:04:00.0529 3712 MREMPR5 - ok

21:04:00.0545 3712 MRENDIS5 - ok

21:04:00.0545 3712 MRESP50 - ok

21:04:00.0576 3712 MRESP50a64 - ok

21:04:00.0592 3712 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

21:04:00.0592 3712 MRxDAV - ok

21:04:00.0623 3712 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

21:04:00.0623 3712 mrxsmb - ok

21:04:00.0654 3712 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:04:00.0654 3712 mrxsmb10 - ok

21:04:00.0685 3712 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:04:00.0685 3712 mrxsmb20 - ok

21:04:00.0701 3712 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

21:04:00.0701 3712 msahci - ok

21:04:00.0732 3712 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

21:04:00.0732 3712 msdsm - ok

21:04:00.0763 3712 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

21:04:00.0763 3712 MSDTC - ok

21:04:00.0794 3712 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

21:04:00.0794 3712 Msfs - ok

21:04:00.0810 3712 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

21:04:00.0810 3712 mshidkmdf - ok

21:04:00.0826 3712 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

21:04:00.0826 3712 msisadrv - ok

21:04:00.0857 3712 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

21:04:00.0857 3712 MSiSCSI - ok

21:04:00.0872 3712 msiserver - ok

21:04:00.0904 3712 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

21:04:00.0904 3712 MSKSSRV - ok

21:04:00.0935 3712 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

21:04:00.0935 3712 MSPCLOCK - ok

21:04:00.0982 3712 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

21:04:00.0982 3712 MSPQM - ok

21:04:00.0997 3712 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

21:04:00.0997 3712 MsRPC - ok

21:04:01.0028 3712 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

21:04:01.0028 3712 mssmbios - ok

21:04:01.0060 3712 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

21:04:01.0060 3712 MSTEE - ok

21:04:01.0075 3712 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

21:04:01.0075 3712 MTConfig - ok

21:04:01.0091 3712 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

21:04:01.0091 3712 Mup - ok

21:04:01.0153 3712 [ 4A9258B9597A31DB68EC9740F3A8A70B ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe

21:04:01.0153 3712 N360 - ok

21:04:01.0200 3712 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

21:04:01.0216 3712 napagent - ok

21:04:01.0262 3712 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

21:04:01.0262 3712 NativeWifiP - ok

21:04:01.0325 3712 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20121120.022\ENG64.SYS

21:04:01.0325 3712 NAVENG - ok

21:04:01.0403 3712 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20121120.022\EX64.SYS

21:04:01.0450 3712 NAVEX15 - ok

21:04:01.0512 3712 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

21:04:01.0543 3712 NDIS - ok

21:04:01.0574 3712 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

21:04:01.0574 3712 NdisCap - ok

21:04:01.0590 3712 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

21:04:01.0590 3712 NdisTapi - ok

21:04:01.0637 3712 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

21:04:01.0637 3712 Ndisuio - ok

21:04:01.0652 3712 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

21:04:01.0652 3712 NdisWan - ok

21:04:01.0668 3712 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

21:04:01.0684 3712 NDProxy - ok

21:04:01.0699 3712 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

21:04:01.0699 3712 NetBIOS - ok

21:04:01.0730 3712 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

21:04:01.0746 3712 NetBT - ok

21:04:01.0762 3712 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

21:04:01.0762 3712 Netlogon - ok

21:04:01.0808 3712 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

21:04:01.0808 3712 Netman - ok

21:04:01.0840 3712 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

21:04:01.0855 3712 netprofm - ok

21:04:01.0886 3712 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

21:04:01.0886 3712 NetTcpPortSharing - ok

21:04:01.0918 3712 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

21:04:01.0918 3712 nfrd960 - ok

21:04:01.0949 3712 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

21:04:01.0964 3712 NlaSvc - ok

21:04:01.0980 3712 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

21:04:01.0980 3712 Npfs - ok

21:04:02.0011 3712 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

21:04:02.0011 3712 nsi - ok

21:04:02.0027 3712 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

21:04:02.0027 3712 nsiproxy - ok

21:04:02.0105 3712 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

21:04:02.0136 3712 Ntfs - ok

21:04:02.0167 3712 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

21:04:02.0167 3712 Null - ok

21:04:02.0214 3712 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys

21:04:02.0214 3712 NVENETFD - ok

21:04:02.0479 3712 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

21:04:02.0542 3712 nvlddmkm - ok

21:04:02.0588 3712 [ 0AD267A4674805B61A5D7B911D2A978A ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys

21:04:02.0588 3712 NVNET - ok

21:04:02.0604 3712 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

21:04:02.0604 3712 nvraid - ok

21:04:02.0635 3712 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

21:04:02.0635 3712 nvstor - ok

21:04:02.0666 3712 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

21:04:02.0666 3712 nv_agp - ok

21:04:02.0698 3712 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

21:04:02.0698 3712 ohci1394 - ok

21:04:02.0744 3712 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

21:04:02.0744 3712 ose - ok

21:04:02.0900 3712 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

21:04:02.0994 3712 osppsvc - ok

21:04:03.0041 3712 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

21:04:03.0041 3712 p2pimsvc - ok

21:04:03.0072 3712 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

21:04:03.0088 3712 p2psvc - ok

21:04:03.0119 3712 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

21:04:03.0119 3712 Parport - ok

21:04:03.0166 3712 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

21:04:03.0166 3712 partmgr - ok

21:04:03.0181 3712 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

21:04:03.0181 3712 PcaSvc - ok

21:04:03.0212 3712 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

21:04:03.0212 3712 pci - ok

21:04:03.0228 3712 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

21:04:03.0228 3712 pciide - ok

21:04:03.0244 3712 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

21:04:03.0259 3712 pcmcia - ok

21:04:03.0275 3712 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

21:04:03.0275 3712 pcw - ok

21:04:03.0306 3712 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

21:04:03.0306 3712 PEAUTH - ok

21:04:03.0368 3712 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

21:04:03.0400 3712 PeerDistSvc - ok

21:04:03.0462 3712 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

21:04:03.0462 3712 PerfHost - ok

21:04:03.0524 3712 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

21:04:03.0556 3712 pla - ok

21:04:03.0602 3712 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

21:04:03.0602 3712 PlugPlay - ok

21:04:03.0634 3712 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

21:04:03.0634 3712 PNRPAutoReg - ok

21:04:03.0665 3712 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

21:04:03.0665 3712 PNRPsvc - ok

21:04:03.0696 3712 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

21:04:03.0712 3712 PolicyAgent - ok

21:04:03.0727 3712 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

21:04:03.0743 3712 Power - ok

21:04:03.0758 3712 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

21:04:03.0774 3712 PptpMiniport - ok

21:04:03.0790 3712 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

21:04:03.0790 3712 Processor - ok

21:04:03.0821 3712 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

21:04:03.0821 3712 ProfSvc - ok

21:04:03.0836 3712 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

21:04:03.0836 3712 ProtectedStorage - ok

21:04:03.0868 3712 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

21:04:03.0868 3712 Psched - ok

21:04:03.0930 3712 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

21:04:03.0961 3712 ql2300 - ok

21:04:03.0977 3712 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

21:04:03.0992 3712 ql40xx - ok

21:04:04.0024 3712 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

21:04:04.0024 3712 QWAVE - ok

21:04:04.0039 3712 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

21:04:04.0039 3712 QWAVEdrv - ok

21:04:04.0070 3712 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

21:04:04.0070 3712 RasAcd - ok

21:04:04.0102 3712 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

21:04:04.0102 3712 RasAgileVpn - ok

21:04:04.0133 3712 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

21:04:04.0133 3712 RasAuto - ok

21:04:04.0164 3712 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

21:04:04.0164 3712 Rasl2tp - ok

21:04:04.0195 3712 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

21:04:04.0195 3712 RasMan - ok

21:04:04.0211 3712 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

21:04:04.0211 3712 RasPppoe - ok

21:04:04.0258 3712 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

21:04:04.0258 3712 RasSstp - ok

21:04:04.0273 3712 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

21:04:04.0273 3712 rdbss - ok

21:04:04.0304 3712 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

21:04:04.0304 3712 rdpbus - ok

21:04:04.0320 3712 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

21:04:04.0320 3712 RDPCDD - ok

21:04:04.0351 3712 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

21:04:04.0351 3712 RDPDR - ok

21:04:04.0382 3712 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

21:04:04.0382 3712 RDPENCDD - ok

21:04:04.0398 3712 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

21:04:04.0398 3712 RDPREFMP - ok

21:04:04.0445 3712 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

21:04:04.0445 3712 RdpVideoMiniport - ok

21:04:04.0492 3712 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

21:04:04.0492 3712 RDPWD - ok

21:04:04.0523 3712 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

21:04:04.0523 3712 rdyboost - ok

21:04:04.0570 3712 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

21:04:04.0570 3712 RemoteAccess - ok

21:04:04.0601 3712 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

21:04:04.0601 3712 RemoteRegistry - ok

21:04:04.0632 3712 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

21:04:04.0632 3712 RpcEptMapper - ok

21:04:04.0648 3712 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

21:04:04.0663 3712 RpcLocator - ok

21:04:04.0679 3712 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

21:04:04.0694 3712 RpcSs - ok

21:04:04.0726 3712 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

21:04:04.0726 3712 rspndr - ok

21:04:04.0757 3712 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

21:04:04.0757 3712 s3cap - ok

21:04:04.0772 3712 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

21:04:04.0772 3712 SamSs - ok

21:04:04.0804 3712 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

21:04:04.0804 3712 sbp2port - ok

21:04:04.0835 3712 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

21:04:04.0835 3712 SCardSvr - ok

21:04:04.0850 3712 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

21:04:04.0866 3712 scfilter - ok

21:04:04.0897 3712 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

21:04:04.0928 3712 Schedule - ok

21:04:04.0960 3712 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

21:04:04.0960 3712 SCPolicySvc - ok

21:04:04.0975 3712 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

21:04:04.0975 3712 SDRSVC - ok

21:04:05.0022 3712 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

21:04:05.0022 3712 secdrv - ok

21:04:05.0038 3712 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

21:04:05.0038 3712 seclogon - ok

21:04:05.0069 3712 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

21:04:05.0069 3712 SENS - ok

21:04:05.0084 3712 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

21:04:05.0084 3712 SensrSvc - ok

21:04:05.0100 3712 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

21:04:05.0100 3712 Serenum - ok

21:04:05.0116 3712 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

21:04:05.0116 3712 Serial - ok

21:04:05.0147 3712 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

21:04:05.0147 3712 sermouse - ok

21:04:05.0178 3712 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

21:04:05.0194 3712 SessionEnv - ok

21:04:05.0209 3712 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

21:04:05.0209 3712 sffdisk - ok

21:04:05.0225 3712 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

21:04:05.0225 3712 sffp_mmc - ok

21:04:05.0240 3712 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

21:04:05.0240 3712 sffp_sd - ok

21:04:05.0272 3712 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

21:04:05.0272 3712 sfloppy - ok

21:04:05.0334 3712 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

21:04:05.0350 3712 SharedAccess - ok

21:04:05.0381 3712 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

21:04:05.0381 3712 ShellHWDetection - ok

21:04:05.0412 3712 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

21:04:05.0412 3712 SiSRaid2 - ok

21:04:05.0443 3712 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

21:04:05.0443 3712 SiSRaid4 - ok

21:04:05.0474 3712 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

21:04:05.0474 3712 Smb - ok

21:04:05.0506 3712 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

21:04:05.0506 3712 SNMPTRAP - ok

21:04:05.0521 3712 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

21:04:05.0521 3712 spldr - ok

21:04:05.0568 3712 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

21:04:05.0568 3712 Spooler - ok

21:04:05.0646 3712 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

21:04:05.0724 3712 sppsvc - ok

21:04:05.0740 3712 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

21:04:05.0740 3712 sppuinotify - ok

21:04:05.0818 3712 [ 3510E7021D2637A67FBCB5105EAE945D ] SRTSP C:\Windows\System32\Drivers\N360x64\1402000.013\SRTSP64.SYS

21:04:05.0833 3712 SRTSP - ok

21:04:05.0864 3712 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\Windows\system32\drivers\N360x64\1402000.013\SRTSPX64.SYS

21:04:05.0864 3712 SRTSPX - ok

21:04:05.0896 3712 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

21:04:05.0896 3712 srv - ok

21:04:05.0927 3712 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

21:04:05.0927 3712 srv2 - ok

21:04:05.0958 3712 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

21:04:05.0958 3712 srvnet - ok

21:04:06.0005 3712 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

21:04:06.0005 3712 SSDPSRV - ok

21:04:06.0020 3712 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

21:04:06.0020 3712 SstpSvc - ok

21:04:06.0052 3712 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

21:04:06.0052 3712 stexstor - ok

21:04:06.0098 3712 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

21:04:06.0114 3712 stisvc - ok

21:04:06.0145 3712 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

21:04:06.0145 3712 storflt - ok

21:04:06.0161 3712 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll

21:04:06.0176 3712 StorSvc - ok

21:04:06.0192 3712 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys

21:04:06.0192 3712 storvsc - ok

21:04:06.0223 3712 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

21:04:06.0223 3712 swenum - ok

21:04:06.0254 3712 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

21:04:06.0270 3712 swprv - ok

21:04:06.0317 3712 [ 777217682DA76337E8E6EC8AC4412B9B ] SymDS C:\Windows\system32\drivers\N360x64\1402000.013\SYMDS64.SYS

21:04:06.0332 3712 SymDS - ok

21:04:06.0379 3712 [ 64D1AF3D04E70A681154FFF1893848F6 ] SymEFA C:\Windows\system32\drivers\N360x64\1402000.013\SYMEFA64.SYS

21:04:06.0410 3712 SymEFA - ok

21:04:06.0457 3712 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

21:04:06.0457 3712 SymEvent - ok

21:04:06.0488 3712 [ BFD99DC6C7FEB2F8B20D488FDF3A9A55 ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys

21:04:06.0488 3712 SymIM - ok

21:04:06.0535 3712 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\N360x64\1402000.013\Ironx64.SYS

21:04:06.0535 3712 SymIRON - ok

21:04:06.0566 3712 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\N360x64\1402000.013\SYMNETS.SYS

21:04:06.0566 3712 SymNetS - ok

21:04:06.0629 3712 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

21:04:06.0676 3712 SysMain - ok

21:04:06.0691 3712 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

21:04:06.0707 3712 TabletInputService - ok

21:04:06.0722 3712 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

21:04:06.0722 3712 TapiSrv - ok

21:04:06.0754 3712 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

21:04:06.0754 3712 TBS - ok

21:04:06.0816 3712 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

21:04:06.0863 3712 Tcpip - ok

21:04:06.0925 3712 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

21:04:06.0941 3712 TCPIP6 - ok

21:04:06.0972 3712 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

21:04:06.0972 3712 tcpipreg - ok

21:04:07.0003 3712 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

21:04:07.0003 3712 TDPIPE - ok

21:04:07.0034 3712 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

21:04:07.0034 3712 TDTCP - ok

21:04:07.0050 3712 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

21:04:07.0066 3712 tdx - ok

21:04:07.0081 3712 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

21:04:07.0081 3712 TermDD - ok

21:04:07.0112 3712 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

21:04:07.0144 3712 TermService - ok

21:04:07.0159 3712 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

21:04:07.0159 3712 Themes - ok

21:04:07.0175 3712 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

21:04:07.0175 3712 THREADORDER - ok

21:04:07.0190 3712 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

21:04:07.0190 3712 TrkWks - ok

21:04:07.0237 3712 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

21:04:07.0237 3712 TrustedInstaller - ok

21:04:07.0284 3712 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

21:04:07.0284 3712 tssecsrv - ok

21:04:07.0331 3712 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

21:04:07.0331 3712 TsUsbFlt - ok

21:04:07.0362 3712 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

21:04:07.0362 3712 TsUsbGD - ok

21:04:07.0378 3712 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

21:04:07.0378 3712 tunnel - ok

21:04:07.0409 3712 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

21:04:07.0409 3712 uagp35 - ok

21:04:07.0424 3712 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

21:04:07.0440 3712 udfs - ok

21:04:07.0471 3712 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

21:04:07.0471 3712 UI0Detect - ok

21:04:07.0502 3712 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

21:04:07.0502 3712 uliagpkx - ok

21:04:07.0534 3712 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

21:04:07.0534 3712 umbus - ok

21:04:07.0549 3712 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

21:04:07.0549 3712 UmPass - ok

21:04:07.0596 3712 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll

21:04:07.0596 3712 UmRdpService - ok

21:04:07.0627 3712 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

21:04:07.0627 3712 upnphost - ok

21:04:07.0674 3712 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

21:04:07.0674 3712 usbaudio - ok

21:04:07.0705 3712 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

21:04:07.0721 3712 usbccgp - ok

21:04:07.0736 3712 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

21:04:07.0752 3712 usbcir - ok

21:04:07.0768 3712 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

21:04:07.0768 3712 usbehci - ok

21:04:07.0814 3712 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

21:04:07.0814 3712 usbhub - ok

21:04:07.0846 3712 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

21:04:07.0846 3712 usbohci - ok

21:04:07.0861 3712 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

21:04:07.0877 3712 usbprint - ok

21:04:07.0908 3712 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

21:04:07.0908 3712 usbscan - ok

21:04:07.0939 3712 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:04:07.0939 3712 USBSTOR - ok

21:04:07.0955 3712 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

21:04:07.0955 3712 usbuhci - ok

21:04:07.0986 3712 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

21:04:07.0986 3712 UxSms - ok

21:04:08.0002 3712 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

21:04:08.0002 3712 VaultSvc - ok

21:04:08.0033 3712 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

21:04:08.0033 3712 vdrvroot - ok

21:04:08.0064 3712 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

21:04:08.0080 3712 vds - ok

21:04:08.0095 3712 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

21:04:08.0095 3712 vga - ok

21:04:08.0111 3712 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

21:04:08.0111 3712 VgaSave - ok

21:04:08.0142 3712 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

21:04:08.0142 3712 vhdmp - ok

21:04:08.0158 3712 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

21:04:08.0158 3712 viaide - ok

21:04:08.0189 3712 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys

21:04:08.0204 3712 vmbus - ok

21:04:08.0220 3712 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

21:04:08.0220 3712 VMBusHID - ok

21:04:08.0251 3712 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

21:04:08.0251 3712 volmgr - ok

21:04:08.0267 3712 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

21:04:08.0282 3712 volmgrx - ok

21:04:08.0314 3712 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

21:04:08.0314 3712 volsnap - ok

21:04:08.0329 3712 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

21:04:08.0329 3712 vsmraid - ok

21:04:08.0392 3712 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

21:04:08.0438 3712 VSS - ok

21:04:08.0454 3712 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

21:04:08.0454 3712 vwifibus - ok

21:04:08.0485 3712 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

21:04:08.0485 3712 W32Time - ok

21:04:08.0516 3712 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

21:04:08.0516 3712 WacomPen - ok

21:04:08.0548 3712 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

21:04:08.0548 3712 WANARP - ok

21:04:08.0563 3712 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

21:04:08.0563 3712 Wanarpv6 - ok

21:04:08.0641 3712 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

21:04:08.0672 3712 WatAdminSvc - ok

21:04:08.0719 3712 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

21:04:08.0766 3712 wbengine - ok

21:04:08.0797 3712 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

21:04:08.0797 3712 WbioSrvc - ok

21:04:08.0828 3712 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

21:04:08.0828 3712 wcncsvc - ok

21:04:08.0844 3712 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

21:04:08.0860 3712 WcsPlugInService - ok

21:04:08.0891 3712 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

21:04:08.0891 3712 Wd - ok

21:04:08.0938 3712 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

21:04:08.0938 3712 Wdf01000 - ok

21:04:08.0953 3712 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

21:04:08.0969 3712 WdiServiceHost - ok

21:04:08.0969 3712 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

21:04:08.0984 3712 WdiSystemHost - ok

21:04:09.0000 3712 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

21:04:09.0000 3712 WebClient - ok

21:04:09.0031 3712 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

21:04:09.0031 3712 Wecsvc - ok

21:04:09.0047 3712 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

21:04:09.0047 3712 wercplsupport - ok

21:04:09.0078 3712 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

21:04:09.0078 3712 WerSvc - ok

21:04:09.0125 3712 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

21:04:09.0125 3712 WfpLwf - ok

21:04:09.0140 3712 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

21:04:09.0140 3712 WIMMount - ok

21:04:09.0156 3712 WinDefend - ok

21:04:09.0172 3712 WinHttpAutoProxySvc - ok

21:04:09.0234 3712 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

21:04:09.0234 3712 Winmgmt - ok

21:04:09.0296 3712 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

21:04:09.0359 3712 WinRM - ok

21:04:09.0421 3712 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

21:04:09.0421 3712 WinUsb - ok

21:04:09.0468 3712 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

21:04:09.0484 3712 Wlansvc - ok

21:04:09.0515 3712 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

21:04:09.0515 3712 WmiAcpi - ok

21:04:09.0562 3712 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

21:04:09.0562 3712 wmiApSrv - ok

21:04:09.0593 3712 WMPNetworkSvc - ok

21:04:09.0608 3712 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

21:04:09.0608 3712 WPCSvc - ok

21:04:09.0624 3712 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

21:04:09.0640 3712 WPDBusEnum - ok

21:04:09.0655 3712 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

21:04:09.0655 3712 ws2ifsl - ok

21:04:09.0686 3712 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

21:04:09.0702 3712 wscsvc - ok

21:04:09.0718 3712 WSearch - ok

21:04:09.0796 3712 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

21:04:09.0842 3712 wuauserv - ok

21:04:09.0874 3712 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

21:04:09.0874 3712 WudfPf - ok

21:04:09.0889 3712 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

21:04:09.0905 3712 WUDFRd - ok

21:04:09.0920 3712 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

21:04:09.0920 3712 wudfsvc - ok

21:04:09.0952 3712 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

21:04:09.0967 3712 WwanSvc - ok

21:04:09.0983 3712 ================ Scan global ===============================

21:04:09.0998 3712 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

21:04:10.0045 3712 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

21:04:10.0061 3712 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll

21:04:10.0092 3712 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

21:04:10.0123 3712 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

21:04:10.0123 3712 [Global] - ok

21:04:10.0123 3712 ================ Scan MBR ==================================

21:04:10.0139 3712 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

21:04:10.0466 3712 \Device\Harddisk0\DR0 - ok

21:04:10.0482 3712 ================ Scan VBR ==================================

21:04:10.0482 3712 [ C97AC94BEE985A5F1B4BC3B204324108 ] \Device\Harddisk0\DR0\Partition1

21:04:10.0482 3712 \Device\Harddisk0\DR0\Partition1 - ok

21:04:10.0498 3712 [ ABE71F4837AB9DA8AF0A23F901AD5808 ] \Device\Harddisk0\DR0\Partition2

21:04:10.0498 3712 \Device\Harddisk0\DR0\Partition2 - ok

21:04:10.0498 3712 ============================================================

21:04:10.0498 3712 Scan finished

21:04:10.0498 3712 ============================================================

21:04:10.0513 3644 Detected object count: 0

21:04:10.0513 3644 Actual detected object count: 0

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-11-21 21:05:52

-----------------------------

21:05:52.885 OS Version: Windows x64 6.1.7601 Service Pack 1

21:05:52.885 Number of processors: 1 586 0x7F02

21:05:52.885 ComputerName: SCOTT-PC UserName: AJAH

21:05:54.632 Initialize success

21:07:06.726 AVAST engine defs: 12112101

21:07:37.306 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066

21:07:37.322 Disk 0 Vendor: ST316081 4.AA Size: 152627MB BusType: 3

21:07:37.338 Disk 0 MBR read successfully

21:07:37.353 Disk 0 MBR scan

21:07:37.353 Disk 0 Windows 7 default MBR code

21:07:37.369 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048

21:07:37.384 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 20973568

21:07:37.400 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 142284 MB offset 21178368

21:07:37.416 Disk 0 scanning C:\Windows\system32\drivers

21:07:47.056 Service scanning

21:08:13.015 Modules scanning

21:08:13.015 Disk 0 trace - called modules:

21:08:13.046 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys

21:08:13.561 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002833060]

21:08:13.561 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80022f4670]

21:08:13.561 5 ACPI.sys[fffff88000f0f7a1] -> nt!IofCallDriver -> \Device\00000066[0xfffffa80022f49c0]

21:08:13.982 AVAST engine scan C:\Windows

21:08:15.792 AVAST engine scan C:\Windows\system32

21:11:09.465 AVAST engine scan C:\Windows\system32\drivers

21:11:25.065 AVAST engine scan C:\Users\AJAH

21:15:07.345 AVAST engine scan C:\ProgramData

21:16:03.396 Scan finished successfully

21:16:28.683 Disk 0 MBR has been saved successfully to "C:\Users\AJAH\Desktop\MBR.dat"

21:16:28.683 The log file has been saved successfully to "C:\Users\AJAH\Desktop\aswMBR.txt"

Link to post
Share on other sites

  • Staff

Greetings,

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737

Then I want you to do the following

  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE

Gringo

Link to post
Share on other sites

Gringo,

I ran the fixit to reset the msie using that tool. I had previously done it from the advanced tab in the internet options. When I did it before, I ticked all the checkboxes, but I had to go through control panel>internet to access the internet options. The tools menu had "internet options" greyed-out. Upon loading MSIE, The browser loaded extremely slowly, About 7 minutes to finish loading msn.com and the setup msie page. I am unsure what you mean by "-click on safety", but I was able to access the internet options and follow all the other steps. I had also, prior to asking your assistance, tried using "netsh int ip reset c:\resetlog.txt" (without the quotes) to reset the tcp stack. I still have the log if you want to see it. Now, when I open the msie9 it takes over 7 minutes for the default homepage to load (msn.com). (But that is an improvement!) LoL

Link to post
Share on other sites

Not that I can tell. Still takes a dozen forevers for msie to load a page. I tried tracert to msn and all seems well out there... Yet it still takes several minutes to load msn. While watching the "busy" donut going around and around I was able to find the " - click on sagety " thingy. ;) But it is still not going well for MSIE.

Link to post
Share on other sites

Okay, tracert to malwarebytes.org (love DNS Servers) has 4 different hops timing out and from me to my provider is 1054ms DOH! Ging to power-cycle my modem and all to see what that will do. Back in 5 minutes ;)

Also, the BSOD issue seems resolved! I have not booted into safe mode to see if I still get searchbrowsing.com or the coupon thingy....

Link to post
Share on other sites

  • Staff

PLEASE create a restore point before trying this

Please copy the entire contents of the codebox below into Notepad:


REGEDIT4
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2]

Open a notepad ,copy the script,save it as

Filename:winsock.reg

save as type:All files

Launch it and click YES to add it to registry

After that, Reboot your computer.

After the restart,

Go to Network Connections

Right click on your normal connection icon, and choose Properties

Click the Install button

Choose Protocol then click Add

Click Have disk

In the drop down box, type in: C:\WINDOWS\INF and click OK

In the next dialog, click Internet Protocol (TCP/IP) then click OK

Click Close to leave the properties box

After that, restart your computer and see if you can browse now.

Link to post
Share on other sites

  • Staff

if you want to remove norton now is a great time

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**

sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe

(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit

(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit

and select to run as administrator

"information and logs"

  • In your next post I need the following
  1. Log From MBAM
  2. report from Hijackthis
  3. let me know of any problems you may have had
  4. How is the computer doing now?

Gringo

Link to post
Share on other sites

Google forgot me after ccleaner was run ;) MSIE is still slower than molasses coming from a tree in Antarctica. The computer, overall is performing much better. BSOD is a thing of the past and I am seeing signs of hope for this thing. You are making it happen!

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.22.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

AJAH :: SCOTT-PC [administrator]

11/22/2012 2:37:25 AM

mbam-log-2012-11-22 (02-37-25).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 236178

Time elapsed: 2 minute(s), 33 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

---

Please help us to improve HijackThis by reporting this error

Click 'Yes' to submit

Error Details:

An unexpected error has occurred at proceedure:

modRegistry_IniGetString(sFile=system.ini, sSection=boot,

sValue=Shell)

Error #5 - Invalid proceedure call or argument

Windows Version: Windows NT 6.01.3505

MSIE version: 9.0.8112.16421

HijackThis version 2.0.4

Yes No

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:52:14 AM, on 11/22/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16455)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Users\AJAH\Desktop\HijackThis.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O3 - Toolbar: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.netflix.com

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1352871757167

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com//activex/ractrl.cab?lmi=928

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 6680 bytes

Link to post
Share on other sites

Internet Explorer did not finish installing For more information see internet explorer troubleshooter.

Do you think the missing files reported in HJT might have some influence on this?

I tried following all of the steps/links from the URL you sent me in the last post. Sorry I did not respond to you last night, I kept hitting refresh until I passed out. Today I discovered that you had responded at 3:07am my time and I passed out about 4:30am my time... Only this afternoon did I notice that MB/Forum had gone to a second page and refreshing the screen to get to the next post only works when it is on the same page DOH!! LoL My bad.

I ran the uninstaller fixit at that link and it said I had the wrong OS/MSIE version for the fixit. I checked my date and it was correct, but when I tried to sync with NTP servers all I got was an error occurred when synchroniz... I did the manual uninstall command for MSIE9 and it said the folder did not exist. I did follow the steps in order and tried from appwiz.cpl in the "updates>windows" section and found Windows Internet Explorer listed there. Uninstalled it normally. Now MSIE 8 has the same issues that IE9 had. The last thing I did was a failed attempt at installing the MSIE9 from the download link you sent me. Prior to that I tried to get my updates for MSIE8 cumulative security update and the Win7x64 security update that Automagic Updates offered me. It will not install.

Should I continue with all of the troubleshooting steps for failed installation from that link? Or, dou you have a better Idea?

Link to post
Share on other sites

  • Staff

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.