Author Topic: Ram usage really high (Read 45379 times)

smallzZz8 · « **on:** September 10, 2013, 06:15:33 PM »

ok so i normally get around 50-60 ram when doing my stuff. but just the other day i ran all these scans to clean my computer. Norton did a backup, tuneup and disk optimization. I also used ccleaner to clear some junk and delete a few programs. That all took me a few days and now when i turn my server on like normal and do my stuff i run like 90% ram or physical memory. so i did a malware scan and deleted a few things. I also turned off some startup programs and restarted my computer. When it turned back on it was working good and i turned all my programs back on and it was running normal. i left it on over night like normal and woke up the next morning and it was at like 90%-100%. Can someone please tell me what is wrong with my computer!!!?!?!?!?!? Thanks soo much

Here are the scans report logs

step 4 security check http://pastebin.com/iYR0cSCa#

step 3 malwarebytes http://pastebin.com/EkaaAdKe

Step 2 AdwCleaner http://pastebin.com/qJsBTLXi

I am following/replying from this link http://www.computerhope.com/forum/index.php/topic,46313.0.html

Results of screen317's Security Check version 0.99.73
2. Windows 7 Service Pack 1 x64 (UAC is enabled)
3. Internet Explorer 10
4.``````````````Antivirus/Firewall Check:``````````````[/u]
5. Windows Firewall Enabled!
6.Norton 360
7. WMI entry may not exist for antivirus; attempting automatic update.
8.`````````Anti-malware/Other Utilities Check:`````````[/u]
9. Malwarebytes Anti-Malware version 1.75.0.1300
10. Java 7 Update 25
11. Adobe Reader 9 Adobe Reader out of Date!
12. Google Chrome 29.0.1547.62
13. Google Chrome 29.0.1547.66
14.````````Process Check: objlist.exe by Laurent````````[/u]
15. Norton ccSvcHst.exe
16.`````````````````System Health check`````````````````[/u]
17. Total Fragmentation on Drive C: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
18.````````````````````End of Log``````````````````````[/u]

1.Malwarebytes Anti-Malware 1.75.0.1300
2.www.malwarebytes.org
3.
4.Database version: v2013.09.03.07
5.
6.Windows 7 Service Pack 1 x64 NTFS
7.Internet Explorer 10.0.9200.16660
8.Bryce :: ADAMS-PC [administrator]
9.
10.9/10/2013 5:26:07 PM
11.mbam-log-2013-09-10 (17-26-07).txt
12.
13.Scan type: Quick scan
14.Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
15.Scan options disabled: P2P
16.Objects scanned: 321294
17.Time elapsed: 6 minute(s), 44 second(s)
18.
19.Memory Processes Detected: 0
20.(No malicious items detected)
21.
22.Memory Modules Detected: 0
23.(No malicious items detected)
24.
25.Registry Keys Detected: 0
26.(No malicious items detected)
27.
28.Registry Values Detected: 0
29.(No malicious items detected)
30.
31.Registry Data Items Detected: 0
32.(No malicious items detected)
33.
34.Folders Detected: 0
35.(No malicious items detected)
36.
37.Files Detected: 1
38.C:\Users\Bryce\Downloads\ManyCamSetup.exe (PUP.Optional.BundledToolBar.A) -> Quarantined and deleted successfully.
39.
40.(end)

1.# AdwCleaner v3.003 - Report created 10/09/2013 at 17:19:28
2.# Updated 07/09/2013 by Xplode
3.# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
4.# Username : Bryce - ADAMS-PC
5.# Running from : C:\Users\Bryce\Downloads\adwcleaner.exe
6.# Option : Clean
7.
8.***** [ Services ] *****
9.
10.
11.***** [ Files / Folders ] *****
12.
13.Folder Deleted : C:\ProgramData\apn
14.Folder Deleted : C:\ProgramData\Babylon
15.Folder Deleted : C:\ProgramData\blekko toolbars
16.Folder Deleted : C:\ProgramData\boost_interprocess
17.Folder Deleted : C:\ProgramData\BrowserProtect
18.Folder Deleted : C:\ProgramData\PC Optimizer Pro
19.Folder Deleted : C:\Program Files (x86)\FunWebProducts
20.Folder Deleted : C:\Program Files (x86)\Yontoo
21.Folder Deleted : C:\Users\Laura\AppData\LocalLow\iBryte
22.Folder Deleted : C:\Users\Brent\AppData\Local\Babylon
23.Folder Deleted : C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
24.Folder Deleted : C:\Users\Brent\AppData\LocalLow\BabylonToolbar
25.Folder Deleted : C:\Users\Brent\AppData\LocalLow\facemoods.com
26.Folder Deleted : C:\Users\Brent\AppData\LocalLow\iBryte
27.Folder Deleted : C:\Users\Brent\AppData\Roaming\DefaultTab
28.Folder Deleted : C:\Users\Bryce\AppData\Local\Bundled software uninstaller
29.Folder Deleted : C:\Users\Bryce\AppData\LocalLow\facemoods.com
30.Folder Deleted : C:\Users\Bryce\AppData\LocalLow\iBryte
31.Folder Deleted : C:\Users\Bryce\AppData\LocalLow\Minibar
32.Folder Deleted : C:\Users\Bryce\AppData\LocalLow\Smartbar
33.Folder Deleted : C:\Users\Bryce\AppData\LocalLow\Softonic
34.Folder Deleted : C:\Users\Mike\AppData\LocalLow\facemoods.com
35.Folder Deleted : C:\Users\Mike\AppData\LocalLow\iBryte
36.Folder Deleted : C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
37.Folder Deleted : C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
38.Folder Deleted : C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
39.Folder Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
40.File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
41.File Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
42.File Deleted : C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
43.File Deleted : C:\Users\Bryce\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
44.File Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
45.File Deleted : C:\Windows\Tasks\PC Optimizer Pro Updates.job
46.File Deleted : C:\Windows\System32\Tasks\PC Optimizer Pro Updates
47.
48.***** [ Shortcuts ] *****
49.
50.
51.***** [ Registry ] *****
52.
53.Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
54.Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
55.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
56.Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DownloadManager]
57.Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
58.Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
59.Key Deleted : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowser
60.Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
61.Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
62.Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
63.Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
64.Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
65.Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
66.Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
67.Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
68.Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
69.Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
70.Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
71.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
72.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
73.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
74.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
75.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
76.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
77.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
78.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
79.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
80.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
81.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
82.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
83.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
84.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
85.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
86.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
87.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
88.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
89.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
90.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
91.Key Deleted : HKCU\Software\5d28adbb73de414
92.Key Deleted : HKLM\SOFTWARE\5d28adbb73de414
93.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_axife-mouse-recorder_RASAPI32
94.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_axife-mouse-recorder_RASMANCS
95.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-movie-maker_RASAPI32
96.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-movie-maker_RASMANCS
97.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_winrar_RASAPI32
98.Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_winrar_RASMANCS
99.Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
100.Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
101.Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
102.Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
103.Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
104.Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
105.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
106.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F}
107.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
108.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
109.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
110.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
111.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
112.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
113.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
114.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
115.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
116.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
117.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
118.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
119.Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
120.Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
121.Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
122.Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
123.Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
124.Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
125.Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
126.Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
127.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
128.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
129.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
130.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
131.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
132.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
133.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
134.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
135.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
136.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
137.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
138.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
139.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
140.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
141.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
142.Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
143.Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
144.Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
145.Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
146.Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
147.Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
148.Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{250BECD2-5C43-48CF-A3C6-666338526D67}
149.Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
150.Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
151.Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
152.Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
153.Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{154D339E-CCAA-49A5-9B38-6878AD4220BC}
154.Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
155.Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
156.Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{91607FA7-3C2F-4F90-93E3-D5337A6B0AC2}
157.Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
158.Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
159.Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{154D339E-CCAA-49A5-9B38-6878AD4220BC}
160.Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
161.Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]
162.Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B4DE90BB-150D-4B33-95FE-6BAAC97E1C21}]
163.Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
164.Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
165.Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
166.Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
167.Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
168.Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
169.Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
170.Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
171.Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\iBryte\playbryte\ibrytedesktop.exe]
172.Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\iBryte\browseforchange\ibrytedesktop.exe]
173.Key Deleted : HKCU\Software\BabylonToolbar
174.Key Deleted : HKCU\Software\BI
175.Key Deleted : HKCU\Software\facemoods.com
176.Key Deleted : HKCU\Software\wecarereminder
177.Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
178.Key Deleted : HKLM\Software\Babylon
179.Key Deleted : HKLM\Software\Conduit
180.Key Deleted : HKLM\Software\DataMngr
181.Key Deleted : HKLM\Software\Freeze.com
182.Key Deleted : HKLM\Software\FunWebProducts
183.Key Deleted : HKLM\Software\InstallIQ
184.Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
185.Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
186.Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
187.Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
188.Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
189.
190.***** [ Browsers ] *****
191.
192.-\\ Internet Explorer v10.0.9200.16660
193.
194.Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
195.Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
196.Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
197.
198.-\\ Google Chrome v29.0.1547.66
199.
200.[ File : C:\Users\Laura\AppData\Local\Google\Chrome\User Data\Default\preferences ]
201.
202.
203.[ File : C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\preferences ]
204.
205.Deleted : urls_to_restore_on_startup
206.
207.[ File : C:\Users\Bryce\AppData\Local\Google\Chrome\User Data\Default\preferences ]
208.
209.Deleted : homepage
210.
211.[ File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\preferences ]
212.
213.
214.*************************
215.
216.AdwCleaner[R0].txt - [16766 octets] - [10/09/2013 17:17:20]
217.AdwCleaner[S0].txt - [15524 octets] - [10/09/2013 17:19:28]
218.
219.########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15585 octets] ##########

SuperDave · « **Reply #1 on:** September 10, 2013, 07:07:39 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)

Quote

Total Fragmentation on Drive C: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)

This could be part of your problem. Please defrag your harddrive.If you need help, please ask. (SSD means Solid State Drive).

Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.

smallzZz8 · « **Reply #2 on:** September 10, 2013, 08:03:42 PM »

Ok i ran the scan and this is my log

http://pastebin.com/Yv6rwidW

I distinctly asked you not to attach the logs. Please copy and paste them in your reply

2.Junkware Removal Tool (JRT) by Thisisu
3.Version: 5.5.9 (09.07.2013:1)
4.OS: Windows 7 Home Premium x64
5.Ran by Bryce on Tue 09/10/2013 at 21:49:12.96
6.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7.
8.
9.
10.
11.~~~ Services
12.
13.
14.
15.~~~ Registry Values
16.
17.
18.
19.~~~ Registry Keys
20.
21.Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2811912722-384006635-2399798662-1002\Software\SweetIM
22.Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeep_BetterInstaller_2012-10-02_RASAPI32
23.Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeep_BetterInstaller_2012-10-02_RASMANCS
24.Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\stub_455_softonic_RASAPI32
25.Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\stub_455_softonic_RASMANCS
26.Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeep_BetterInstaller_2012-10-02_RASAPI32
27.Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeep_BetterInstaller_2012-10-02_RASMANCS
28.Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\stub_455_softonic_RASAPI32
29.Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\stub_455_softonic_RASMANCS
30.Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{99CCBB95-9586-4231-BD38-0FFBCB48F676}
31.Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2455}
32.Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}
33.Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F9C4D153-0065-4C3C-9D87-0561AE12F2B2}
34.Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2455}
35.Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}
36.Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{912C156F-05CF-4B62-851A-96E167A677B0}
37.
38.
39.
40.~~~ Files
41.
42.
43.
44.~~~ Folders
45.
46.Successfully deleted: [Folder] "C:\Users\Bryce\appdata\local\blekkotb_031"
47.Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
48.
49.
50.
51.~~~ Chrome
52.
53.Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ippkomaaonokjnfjoikaemidanojkfmm
54.
55.
56.
57.~~~ Event Viewer Logs were cleared
58.
59.
60.
61.
62.
63.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
64.Scan was completed on Tue 09/10/2013 at 21:58:37.53
65.End of JRT log
66.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

smallzZz8 · « **Reply #3 on:** September 11, 2013, 04:19:41 AM »

Also i restarted my computer and when it turned back on it was at 20-30 ram. i left it on over night and it is now 80-90% ram if this helps at all

SuperDave · « **Reply #4 on:** September 11, 2013, 01:33:14 PM »

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

smallzZz8 · « **Reply #5 on:** September 11, 2013, 05:13:42 PM »

Ok i did what you said and here is the report

l l l l l l l l l l l l l l l l l l l l l
\/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ \/

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   Command Line
System Idle Process   47.57   0 K   24 K   0
System   1.75   156 K   588 K   4
Interrupts   1.03   0 K   0 K   n/a   Hardware Interrupts and DPCs
smss.exe      444 K   84 K   288
csrss.exe   < 0.01   2,240 K   1,620 K   408
wininit.exe      1,644 K   152 K   472
services.exe      5,816 K   4,184 K   564
svchost.exe      3,960 K   3,056 K   712   Host Process for Windows Services   Microsoft Corporation   C:\Windows\system32\svchost.exe -k DcomLaunch
dllhost.exe      2,388 K   432 K   4980
WmiPrvSE.exe      2,820 K   2,524 K   936
nvvsvc.exe      2,496 K   184 K   768   NVIDIA Driver Helper Service, Version 311.06   NVIDIA Corporation   "C:\Windows\system32\nvvsvc.exe"
NvXDSync.exe      7,148 K   292 K   3372
nvtray.exe      13,780 K   812 K   3936   NVIDIA Settings   NVIDIA Corporation   "C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
nvvsvc.exe   < 0.01   5,156 K   404 K   3380
nvSCPAPISvr.exe      2,628 K   1,516 K   792   Stereo Vision Control Panel API Server   NVIDIA Corporation   "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
svchost.exe      5,168 K   3,748 K   832   Host Process for Windows Services   Microsoft Corporation   C:\Windows\system32\svchost.exe -k RPCSS
svchost.exe      21,568 K   9,184 K   912   Host Process for Windows Services   Microsoft Corporation   C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
audiodg.exe      17,044 K   16,784 K   4896
svchost.exe   1.37   251,356 K   236,336 K   972   Host Process for Windows Services   Microsoft Corporation   C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
dwm.exe   0.34   37,524 K   29,880 K   3280   Desktop Window Manager   Microsoft Corporation   "C:\Windows\system32\Dwm.exe"
svchost.exe   < 0.01   10,664 K   6,264 K   1020   Host Process for Windows Services   Microsoft Corporation   C:\Windows\system32\svchost.exe -k LocalService
svchost.exe   < 0.01   30,444 K   22,640 K   308   Host Process for Windows Services   Microsoft Corporation   C:\Windows\system32\svchost.exe -k netsvcs
taskeng.exe      2,144 K   944 K   3816
FourEngine.exe   < 0.01   11,676 K   1,312 K   3900
UMVPFSrv.exe      1,236 K   132 K   488   Logitech User mode UMVPF service   Logitech Inc.   C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
svchost.exe      2,312 K   1,396 K   1040   Host Process for Windows Services   Microsoft Corporation   C:\Windows\system32\svchost.exe -k GPSvcGroup
svchost.exe   < 0.01   12,140 K   8,504 K   1264   Host Process for Windows Services   Microsoft Corporation   C:\Windows\system32\svchost.exe -k NetworkService
spoolsv.exe   0.02   8,160 K   3,592 K   1472   Spooler SubSystem App   Microsoft Corporation   C:\Windows\System32\spoolsv.exe
svchost.exe      10,872 K   4,600 K   1504   Host Process for Windows Services   Microsoft Corporation   C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
eEBSvc.exe   0.01   5,112 K   700 K   1588   eEBAPI Core Process module   SEIKO EPSON CORPORATION   C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
AppleMobileDeviceService.exe   0.03   3,068 K   812 K   1788   MobileDeviceService   Apple Inc.   "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
mDNSResponder.exe      2,196 K   1,960 K   1816   Bonjour Service   Apple Inc.   "C:\Program Files\Bonjour\mDNSResponder.exe"
EPCP.exe      6,308 K   7,532 K   1856   Epson Customer Participation   SEIKO EPSON CORPORATION   "C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe"
E_S50RPB.EXE      1,304 K   168 K   1912   EPSON Status Monitor 3   SEIKO EPSON CORPORATION   C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
svchost.exe   < 0.01   7,948 K   3,736 K   1944   Host Process for Windows Services   Microsoft Corporation   C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
ccsvchst.exe   0.15   42,956 K   22,188 K   1976   Symantec Service Framework   Symantec Corporation   "C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\diMaster.dll" /prefetch:1
ccsvchst.exe   < 0.01   18,836 K   9,228 K   3588
svchost.exe      2,088 K   188 K   1172   Host Process for Windows Services   Microsoft Corporation   C:\Windows\system32\svchost.exe -k imgsvc
TeamViewer_Service.exe   < 0.01   4,872 K   672 K   1388   TeamViewer 8   TeamViewer GmbH   "C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
WLIDSVC.EXE   < 0.01   6,780 K   2,152 K   2276         "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSVCM.EXE      1,208 K   164 K   2512
escsvc64.exe      1,580 K   212 K   2336   Epson Scanner Service (64bit)   Seiko Epson Corporation   C:\Windows\system32\EscSvc64.exe
svchost.exe      2,360 K   228 K   2764   Host Process for Windows Services   Microsoft Corporation   C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
SearchIndexer.exe   0.01   52,596 K   11,964 K   2136   Microsoft Windows Search Indexer   Microsoft Corporation   C:\Windows\system32\SearchIndexer.exe /Embedding
taskhost.exe   0.01   12,576 K   7,284 K   3564   Host Process for Windows Tasks   Microsoft Corporation   "taskhost.exe"
svchost.exe      11,096 K   6,988 K   4164   Host Process for Windows Services   Microsoft Corporation   C:\Windows\System32\svchost.exe -k LocalServicePeerNet
wmpnetwk.exe      15,360 K   11,900 K   4288   Windows Media Player Network Sharing Service   Microsoft Corporation   "C:\Program Files\Windows Media Player\wmpnetwk.exe"
svchost.exe   45.97   36,144 K   1,996 K   3472   Host Process for Windows Services   Microsoft Corporation   C:\Windows\system32\svchost.exe -k defragsvc
taskhost.exe      6,904 K   13,500 K   4768
lsass.exe      6,624 K   3,972 K   584   Local Security Authority Process   Microsoft Corporation   C:\Windows\system32\lsass.exe
lsm.exe      2,672 K   1,396 K   592
csrss.exe   0.07   5,536 K   3,368 K   484
winlogon.exe      2,864 K   204 K   544
explorer.exe   0.04   44,548 K   46,672 K   3240   Windows Explorer   Microsoft Corporation   C:\Windows\Explorer.EXE
ipoint.exe   < 0.01   7,144 K   4,376 K   3804   IPoint.exe   Microsoft Corporation   "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
SKDaemon.exe      2,876 K   1,204 K   4004   SKDaemon.exe      "C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe"
RAVCpl64.exe      8,552 K   1,260 K   3520   HD Audio Control Panel   Realtek Semiconductor   "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
sidebar.exe   0.66   44,020 K   16,836 K   2216   Windows Desktop Gadgets   Microsoft Corporation   "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
E_IATIIBE.EXE   0.01   4,976 K   5,624 K   4052   EPSON Status Monitor 3   SEIKO EPSON CORPORATION   "C:\Windows\System32\spool\drivers\x64\3\E_IATIIBE.EXE" /EPT "EPLTarget\P0000000000000001" /M "XP-400 Series"
GoogleToolbarNotifier.exe   < 0.01   3,312 K   2,560 K   2140   GoogleToolbarNotifier   Google Inc.   "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
chrome.exe   0.02   82,820 K   88,560 K   2112   Google Chrome   Google Inc.   "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "http://www.computerhope.com/forum/index.php/board,53.0.html"
chrome.exe      91,368 K   78,724 K   2428   Google Chrome   Google Inc.   "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2112.0.1001853252\1208759826" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,9,19,22 --gpu-vendor-id=0x10de --gpu-device-id=0x06e6 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.1106 --ignored=" --type=renderer " /prefetch:822062411
chrome.exe      52,616 K   64,752 K   4412   Google Chrome   Google Inc.   "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="D3D11Experiment/Enabled/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Control0 pct:50a m29stable:r1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="2112.1.885769848\1624855712" /prefetch:673131151
chrome.exe      51,036 K   53,816 K   4524   Google Chrome   Google Inc.   "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="D3D11Experiment/Enabled/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Control0 pct:50a m29stable:r1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="2112.2.551526088\444615725" /prefetch:673131151
chrome.exe      71,116 K   72,056 K   3104   Google Chrome   Google Inc.   "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="D3D11Experiment/Enabled/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Control0 pct:50a m29stable:r1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="2112.3.394430138\1854293813" /prefetch:673131151
chrome.exe      18,908 K   16,900 K   3300   Google Chrome   Google Inc.   "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="D3D11Experiment/Enabled/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Control0 pct:50a m29stable:r1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="2112.4.350340702\628353570" /prefetch:673131151
chrome.exe      20,292 K   20,116 K   3848   Google Chrome   Google Inc.   "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="D3D11Experiment/Enabled/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Control0 pct:50a m29stable:r1/NewMenuStyle/Compact2/OmniboxStopTimer/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="2112.5.2111270942\2147011418" /prefetch:673131151
chrome.exe      12,532 K   20,780 K   1340   Google Chrome   Google Inc.   "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Bryce\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\npcoplgn.dll" --lang=en-US --channel="2112.6.1772699085\1181043759" /prefetch:-390060480
procexp.exe      2,688 K   6,872 K   3880   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   "C:\Users\Bryce\Desktop\New folder\procexp.exe"
procexp64.exe   0.89   21,780 K   41,264 K   2944   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   "C:\Users\Bryce\Desktop\New folder\procexp.exe"
EEventManager.exe   0.01   3,328 K   1,248 K   844   EEventManager Application   SEIKO EPSON CORPORATION   "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
jusched.exe      1,072 K   308 K   3332   Java(TM) Update Scheduler   Oracle Corporation   "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[recovering disk space, attachment deleted by admin]

SuperDave · « **Reply #6 on:** September 12, 2013, 01:25:54 PM »

I've already asked you to not attach the logs but you insist on doing it. If you do not conform to my instructions I will be forced to discontinue helping you. Use copy and paste to include your logs in your reply. It makes it so much easier to check them.

Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

smallzZz8 · « **Reply #7 on:** September 12, 2013, 03:55:33 PM »

Ok im sorry but i do not recall you saying to not attach the files but here is the scan from last post

ComboFix 13-09-12.01 - Bryce 09/12/2013 16:55:45.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.887 [GMT -4:00]
Running from: c:\users\Bryce\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\WinPCap
c:\program files (x86)\WinPCap\daemon_mgm.exe
c:\program files (x86)\WinPCap\INSTALL.LOG
c:\program files (x86)\WinPCap\npf_mgm.exe
c:\program files (x86)\WinPCap\rpcapd.exe
c:\program files (x86)\WinPCap\Uninstall.exe
c:\users\Brent\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\Bryce\AppData\Local\assembly\tmp
c:\users\Bryce\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Laura\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\Mike\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\SET9D8A.tmp
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2013-08-12 to 2013-09-12 )))))))))))))))))))))))))))))))
.
.
2013-09-12 21:04 . 2013-09-12 21:04   --------   d-----w-   c:\users\UpdatusUser\AppData\Local\temp
2013-09-12 21:04 . 2013-09-12 21:04   --------   d-----w-   c:\users\Mike\AppData\Local\temp
2013-09-12 21:04 . 2013-09-12 21:04   --------   d-----w-   c:\users\Laura\AppData\Local\temp
2013-09-11 02:35 . 2013-08-10 05:20   3959296   ----a-w-   c:\windows\system32\jscript9.dll
2013-09-11 01:49 . 2013-09-11 01:49   --------   d-----w-   c:\windows\ERUNT
2013-09-10 21:16 . 2013-09-10 21:19   --------   d-----w-   C:\AdwCleaner
2013-09-04 20:49 . 2013-09-04 20:49   --------   d-----w-   c:\programdata\ManyCam
2013-09-04 20:49 . 2013-09-04 20:51   --------   dc----w-   c:\users\Bryce\AppData\Roaming\ManyCam
2013-08-28 01:43 . 2013-09-04 21:31   --------   dc----w-   c:\users\Bryce\AppData\Local\ManyCam
2013-08-28 01:43 . 2013-09-04 21:14   --------   d-----w-   c:\program files (x86)\ManyCam
2013-08-28 01:43 . 2012-10-11 03:08   44928   ----a-w-   c:\windows\system32\drivers\mcvidrv_x64.sys
2013-08-27 22:43 . 2013-08-27 22:43   4406472   ----a-w-   c:\program files (x86)\Microsoft Games\Halo Custom Edition\Uninstall.exe
2013-08-24 20:53 . 2013-08-24 20:54   --------   d-----w-   C:\wamp
2013-08-14 05:44 . 2013-07-09 05:52   224256   ----a-w-   c:\windows\system32\wintrust.dll
2013-08-14 05:44 . 2013-07-09 05:46   184320   ----a-w-   c:\windows\system32\cryptsvc.dll
2013-08-14 05:44 . 2013-07-09 05:46   1472512   ----a-w-   c:\windows\system32\crypt32.dll
2013-08-14 05:44 . 2013-07-09 05:46   139776   ----a-w-   c:\windows\system32\cryptnet.dll
2013-08-14 05:44 . 2013-07-09 04:52   175104   ----a-w-   c:\windows\SysWow64\wintrust.dll
2013-08-14 05:44 . 2013-07-09 04:46   140288   ----a-w-   c:\windows\SysWow64\cryptsvc.dll
2013-08-14 05:44 . 2013-07-09 04:46   1166848   ----a-w-   c:\windows\SysWow64\crypt32.dll
2013-08-14 05:44 . 2013-07-09 04:46   103936   ----a-w-   c:\windows\SysWow64\cryptnet.dll
2013-08-14 05:44 . 2013-07-19 01:58   2048   ----a-w-   c:\windows\system32\tzres.dll
2013-08-14 05:44 . 2013-07-19 01:41   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2013-08-14 05:43 . 2013-07-25 09:25   1888768   ----a-w-   c:\windows\system32\WMVDECOD.DLL
2013-08-14 05:43 . 2013-07-25 08:57   1620992   ----a-w-   c:\windows\SysWow64\WMVDECOD.DLL
2013-08-14 05:43 . 2013-07-09 05:51   1217024   ----a-w-   c:\windows\system32\rpcrt4.dll
2013-08-14 05:43 . 2013-07-09 04:52   663552   ----a-w-   c:\windows\SysWow64\rpcrt4.dll
2013-08-14 05:43 . 2013-06-15 04:32   39936   ----a-w-   c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 05:43 . 2013-07-06 06:03   1910208   ----a-w-   c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-11 02:33 . 2011-06-28 20:58   79143768   ----a-w-   c:\windows\system32\MRT.exe
2013-09-11 00:55 . 2012-09-07 01:28   692616   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-11 00:55 . 2011-07-10 19:06   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-02 01:48 . 2013-09-10 19:08   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2013-07-06 21:52 . 2013-07-06 21:52   53248   -c--a-r-   c:\users\Bryce\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-07-02 22:03 . 2013-07-02 22:03   96168   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-02 22:03 . 2012-09-07 19:05   867240   ----a-w-   c:\windows\SysWow64\npDeployJava1.dll
2013-07-02 22:03 . 2012-01-22 02:45   789416   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2013-06-17 23:16 . 2011-07-05 00:35   177312   ----a-w-   c:\windows\system32\drivers\SYMEVENT64x86.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE" [2012-02-29 283232]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-10 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe

R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys

R3 AndNetDiag2;LGE AndroidNet For Diagnostics Port;c:\windows\system32\DRIVERS\lgandnetdiag264.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag264.sys

R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys

R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys

R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys

R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMDS64.SYS

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\SYMEFA64.SYS

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130903.002\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130903.002\BHDrvx64.sys

S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\ccSetx64.sys

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130911.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130911.001\IDSvia64.sys

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1404000.028\Ironx64.SYS

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1404000.028\SYMNETS.SYS

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe

S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe

S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys

S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys

S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys

S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys

.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 21:13 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 00:55]
.
2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 19:07]
.
2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-10 19:07]
.
2013-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2811912722-384006635-2399798662-1002Core.job
- c:\users\Bryce\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-03 18:58]
.
2013-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2811912722-384006635-2399798662-1002UA.job
- c:\users\Bryce\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-03 18:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"SKDaemon.exe"="c:\program files\LTONHIS\Touch Manager\SKDaemon.exe" [2009-06-16 318464]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-24 1833504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-24 7833120]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.3.1.22
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.3.1.22
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com;
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{C7AA91E5-B547-4EBB-88CF-46FF1DBE08A3}: NameServer = 208.67.222.222,208.67.220.220
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{06C7AD57-B655-418D-9AB8-9526A6D2E052} - (no file)
Toolbar-10 - (no file)
c:\users\Brent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk - c:\users\Bryce\AppData\Local\Temp\{F8E5235C-7EBC-43C6-936F-42164A5C58E3}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe /remind /language=ENU /PRNM="RollerCoaster Tycoon 3"/PRMP="RCT3"/SKUN="PCXX"/GTYP="STRY"
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-WinPcapInst - c:\program files (x86)\WinPcap\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2811912722-384006635-2399798662-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2811912722-384006635-2399798662-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
.
**************************************************************************
.
Completion time: 2013-09-12 17:12:54 - machine was rebooted
ComboFix-quarantined-files.txt 2013-09-12 21:12
.
Pre-Run: 528,597,897,216 bytes free
Post-Run: 528,281,608,192 bytes free
.
- - End Of File - - E315EF4652D7B1E3DA8D765641092610
4976D4A7A40B83FC7F06EE4BDD84EB9B

SuperDave · « **Reply #8 on:** September 12, 2013, 04:34:19 PM »

Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page for performing a scan.
Caution: This is a beta version so also read the disclaimer and back up all your data before using.
When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
Copy and paste the contents of these two log files in your next reply.

smallzZz8 · « **Reply #9 on:** September 12, 2013, 08:11:30 PM »

ok this is the mbar log

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.07.26.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Bryce :: ADAMS-PC [administrator]

9/12/2013 7:18:47 PM
mbar-log-2013-09-12 (19-18-47).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 360522
Time elapsed: 1 hour(s), 18 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

and this is the system log

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16686

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.700000 GHz
Memory total: 6441525248, free: 1641865216

=======================================
Initializing...
------------ Kernel report ------------
09/12/2013 19:18:38
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\ccSetx64.sys
\SystemRoot\system32\drivers\N360x64\1404000.028\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130911.001\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130903.002\BHDrvx64.sys
\SystemRoot\SysWow64\drivers\AsUpIO.sys
\SystemRoot\SysWow64\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1E62x64.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\mcvidrv_x64.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\mcaudrv_x64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\NuidFltr.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\point64.sys
\SystemRoot\system32\DRIVERS\wdcsam64.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\Drivers\PROCEXP113.SYS
\SystemRoot\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130912.001\EX64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130912.001\ENG64.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\psapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\normaliz.dll
\Windows\System32\nsi.dll
\Windows\System32\difxapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\ole32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\shell32.dll
\Windows\System32\sechost.dll
\Windows\System32\gdi32.dll
\Windows\System32\msctf.dll
\Windows\System32\kernel32.dll
\Windows\System32\wininet.dll
\Windows\System32\ws2_32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\usp10.dll
\Windows\System32\shlwapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\imagehlp.dll
\Windows\System32\oleaut32.dll
\Windows\System32\user32.dll
\Windows\System32\advapi32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\iertutil.dll
\Windows\System32\lpk.dll
\Windows\System32\setupapi.dll
\Windows\System32\imm32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa80086ea790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008d\
Lower Device Object: 0xfffffa80086ea060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8008402790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007a\
Lower Device Object: 0xfffffa800810ca30
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8005eab060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8005bd4060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8005eab060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005eabb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005eab060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005bd2580, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005bd4060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: CB5BD2B2

Partition information:

Partition 0 type is Other (0x1b)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 16787862

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 16787925 Numsec = 1936731329
Partition is not bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8008402790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80083f2b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008402790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800810ca30, DeviceName: \Device\0000007a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa80086ea790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80086e2b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80086ea790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80086ea060, DeviceName: \Device\0000008d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 42ADA

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953456128

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000170586112 bytes
Sector size: 512 bytes

Done!
Read File: File "C:\Users\Bryce\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat" is compressed (flags = 1)
Read File: File "C:\Users\Bryce\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp" is compressed (flags = 1)
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_16787925_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_2_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_2_r.mbam...
Removal finished

SuperDave · « **Reply #10 on:** September 13, 2013, 01:23:09 PM »

Is it still using a lot of RAM?

smallzZz8 · « **Reply #11 on:** September 13, 2013, 02:40:55 PM »

yes. i restart my computer and its starts at 20-30% and it SLOWLY goes up to 85-95%. Could it be a virus? because i remember a little time ago kinda when this started norton had me delete two programs

SuperDave · « **Reply #12 on:** September 13, 2013, 07:22:04 PM »

I'm going to ask you to do a little detective work. Start your Task Manager; CTRL+ ALT+ DELETE. Click on processes and click on Mem.usage. This will toggle between the lowest usage and the highest. Click on the highest user and stop the process. Does that help the problem. You will have to reboot the computer and that process will restart. You can do that with each process until you find one that is causing the high usage. The only one you don't want to stop is "explorer". If you find the one that's causing the problem, please let me know the name of it.

smallzZz8 · « **Reply #13 on:** September 16, 2013, 06:48:07 PM »

Ok i did what you said and started the investigation. i started ending random proccesses but i could not come out with an outcome. but when i restarted my computer it was working fine for a few days and i have been keeping an eye on it. sometimes it gets high again then i restart my computer. But i narrowed it down and i think it might be svchost.exe. it sometimes gets high memory usage and there are sometimes many of them.Chrome.exe also takes up alot when i use it also nvtray.exe. but i do think there could be something wrong with svchost.exe but im not sure. i could be wrong but im not sure. i do no that i had ended some progress that did help.Also java.exe goes really really high when i have my server up but i guess thats expected

SuperDave · « **Reply #14 on:** September 16, 2013, 07:22:02 PM »

How much RAM do you have on that computer? You can stop each svchost.exe one at a time and see if there's any improvement.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory..

smallzZz8 · « **Reply #15 on:** September 16, 2013, 08:23:32 PM »

i didnt get anything in that scan. but i have 6gb ram which has always worked fine for me.also my ram went high again. but here is my report.

22:20:57.0523 5960 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:20:59.0540 5960 ============================================================
22:20:59.0540 5960 Current date / time: 2013/09/16 22:20:59.0540
22:20:59.0540 5960 SystemInfo:
22:20:59.0540 5960
22:20:59.0541 5960 OS Version: 6.1.7601 ServicePack: 1.0
22:20:59.0541 5960 Product type: Workstation
22:20:59.0541 5960 ComputerName: ADAMS-PC
22:20:59.0541 5960 UserName: Bryce
22:20:59.0541 5960 Windows directory: C:\Windows
22:20:59.0541 5960 System windows directory: C:\Windows
22:20:59.0541 5960 Running under WOW64
22:20:59.0541 5960 Processor architecture: Intel x64
22:20:59.0541 5960 Number of processors: 2
22:20:59.0541 5960 Page size: 0x1000
22:20:59.0541 5960 Boot type: Normal boot
22:20:59.0541 5960 ============================================================
22:21:02.0444 5960 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:21:02.0458 5960 Drive \Device\Harddisk2\DR2 - Size: 0xE8DED00000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:21:09.0473 5960 ============================================================
22:21:09.0473 5960 \Device\Harddisk0\DR0:
22:21:09.0473 5960 MBR partitions:
22:21:09.0473 5960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x10029D5, BlocksNum 0x73702CC1
22:21:09.0473 5960 \Device\Harddisk2\DR2:
22:21:09.0485 5960 MBR partitions:
22:21:09.0485 5960 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000
22:21:09.0485 5960 ============================================================
22:21:09.0504 5960 C: <-> \Device\Harddisk0\DR0\Partition1
22:21:09.0562 5960 D: <-> \Device\Harddisk2\DR2\Partition1
22:21:09.0562 5960 ============================================================
22:21:09.0562 5960 Initialize success
22:21:09.0562 5960 ============================================================
22:21:18.0196 0240 ============================================================
22:21:18.0196 0240 Scan started
22:21:18.0196 0240 Mode: Manual;
22:21:18.0196 0240 ============================================================
22:21:20.0055 0240 ================ Scan system memory ========================
22:21:20.0055 0240 System memory - ok
22:21:20.0058 0240 ================ Scan services =============================
22:21:20.0178 0240 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:21:20.0182 0240 1394ohci - ok
22:21:20.0220 0240 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:21:20.0224 0240 ACPI - ok
22:21:20.0238 0240 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:21:20.0239 0240 AcpiPmi - ok
22:21:20.0340 0240 [ 7BBAF543CABE8A8D275BC7F6C66C1959 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:21:20.0343 0240 AdobeFlashPlayerUpdateSvc - ok
22:21:20.0405 0240 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:21:20.0423 0240 adp94xx - ok
22:21:20.0445 0240 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:21:20.0453 0240 adpahci - ok
22:21:20.0467 0240 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:21:20.0487 0240 adpu320 - ok
22:21:20.0531 0240 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:21:20.0533 0240 AeLookupSvc - ok
22:21:20.0565 0240 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:21:20.0574 0240 AFD - ok
22:21:20.0597 0240 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:21:20.0599 0240 agp440 - ok
22:21:20.0610 0240 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:21:20.0613 0240 ALG - ok
22:21:20.0628 0240 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:21:20.0630 0240 aliide - ok
22:21:20.0645 0240 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:21:20.0647 0240 amdide - ok
22:21:20.0662 0240 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:21:20.0665 0240 AmdK8 - ok
22:21:20.0679 0240 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:21:20.0681 0240 AmdPPM - ok
22:21:20.0738 0240 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:21:20.0741 0240 amdsata - ok
22:21:20.0783 0240 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:21:20.0788 0240 amdsbs - ok
22:21:20.0802 0240 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:21:20.0804 0240 amdxata - ok
22:21:20.0818 0240 AndNetDiag - ok
22:21:20.0829 0240 AndNetDiag2 - ok
22:21:20.0838 0240 ANDNetModem - ok
22:21:20.0853 0240 andnetndis - ok
22:21:20.0901 0240 [ C65A3C67630A67A97AD26C21173BA61E ] Apowersoft_AudioDevice C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys
22:21:20.0922 0240 Apowersoft_AudioDevice - ok
22:21:20.0953 0240 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:21:20.0956 0240 AppID - ok
22:21:20.0972 0240 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:21:20.0974 0240 AppIDSvc - ok
22:21:21.0020 0240 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
22:21:21.0022 0240 Appinfo - ok
22:21:21.0097 0240 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:21:21.0100 0240 Apple Mobile Device - ok
22:21:21.0131 0240 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:21:21.0134 0240 arc - ok
22:21:21.0144 0240 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:21:21.0146 0240 arcsas - ok
22:21:21.0167 0240 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
22:21:21.0169 0240 AsIO - ok
22:21:21.0285 0240 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:21:21.0288 0240 aspnet_state - ok
22:21:21.0295 0240 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
22:21:21.0297 0240 AsUpIO - ok
22:21:21.0323 0240 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:21:21.0324 0240 AsyncMac - ok
22:21:21.0351 0240 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:21:21.0352 0240 atapi - ok
22:21:21.0383 0240 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:21:21.0391 0240 AudioEndpointBuilder - ok
22:21:21.0403 0240 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:21:21.0407 0240 AudioSrv - ok
22:21:21.0435 0240 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:21:21.0438 0240 AxInstSV - ok
22:21:21.0462 0240 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:21:21.0469 0240 b06bdrv - ok
22:21:21.0488 0240 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:21:21.0492 0240 b57nd60a - ok
22:21:21.0516 0240 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:21:21.0519 0240 BDESVC - ok
22:21:21.0539 0240 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:21:21.0541 0240 Beep - ok
22:21:21.0585 0240 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:21:21.0595 0240 BFE - ok
22:21:21.0760 0240 [ 4CFB458DDB8C7874C1544A7653200F00 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130903.002\BHDrvx64.sys
22:21:21.0786 0240 BHDrvx64 - ok
22:21:21.0832 0240 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
22:21:21.0900 0240 BITS - ok
22:21:21.0916 0240 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:21:21.0917 0240 blbdrive - ok
22:21:21.0957 0240 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:21:21.0963 0240 Bonjour Service - ok
22:21:21.0985 0240 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:21:21.0987 0240 bowser - ok
22:21:21.0999 0240 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:21:22.0001 0240 BrFiltLo - ok
22:21:22.0009 0240 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:21:22.0010 0240 BrFiltUp - ok
22:21:22.0038 0240 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:21:22.0040 0240 BridgeMP - ok
22:21:22.0087 0240 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:21:22.0089 0240 Browser - ok
22:21:22.0113 0240 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:21:22.0116 0240 Brserid - ok
22:21:22.0133 0240 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:21:22.0135 0240 BrSerWdm - ok
22:21:22.0152 0240 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:21:22.0153 0240 BrUsbMdm - ok
22:21:22.0168 0240 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:21:22.0170 0240 BrUsbSer - ok
22:21:22.0190 0240 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:21:22.0191 0240 BTHMODEM - ok
22:21:22.0219 0240 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:21:22.0221 0240 bthserv - ok
22:21:22.0252 0240 catchme - ok
22:21:22.0302 0240 [ 56685951208AC81CF923B9B08BEDF3B7 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys
22:21:22.0306 0240 ccSet_N360 - ok
22:21:22.0319 0240 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:21:22.0321 0240 cdfs - ok
22:21:22.0344 0240 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:21:22.0347 0240 cdrom - ok
22:21:22.0368 0240 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:21:22.0370 0240 CertPropSvc - ok
22:21:22.0387 0240 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:21:22.0389 0240 circlass - ok
22:21:22.0406 0240 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:21:22.0411 0240 CLFS - ok
22:21:22.0444 0240 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:21:22.0446 0240 clr_optimization_v2.0.50727_32 - ok
22:21:22.0470 0240 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:21:22.0473 0240 clr_optimization_v2.0.50727_64 - ok
22:21:22.0667 0240 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:21:22.0714 0240 clr_optimization_v4.0.30319_32 - ok
22:21:22.0740 0240 [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:21:22.0766 0240 clr_optimization_v4.0.30319_64 - ok
22:21:22.0794 0240 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:21:22.0796 0240 CmBatt - ok
22:21:22.0809 0240 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:21:22.0811 0240 cmdide - ok
22:21:22.0859 0240 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
22:21:22.0866 0240 CNG - ok
22:21:22.0881 0240 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:21:22.0883 0240 Compbatt - ok
22:21:22.0908 0240 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:21:22.0910 0240 CompositeBus - ok
22:21:22.0916 0240 COMSysApp - ok
22:21:22.0934 0240 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:21:22.0935 0240 crcdisk - ok
22:21:22.0982 0240 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:21:22.0985 0240 CryptSvc - ok
22:21:23.0034 0240 [ 88123E5A5572405DF6FE56E4A2A95BD4 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
22:21:23.0036 0240 dc3d - ok
22:21:23.0066 0240 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:21:23.0085 0240 DcomLaunch - ok
22:21:23.0115 0240 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:21:23.0119 0240 defragsvc - ok
22:21:23.0146 0240 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:21:23.0149 0240 DfsC - ok
22:21:23.0172 0240 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:21:23.0178 0240 Dhcp - ok
22:21:23.0189 0240 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:21:23.0191 0240 discache - ok
22:21:23.0212 0240 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:21:23.0215 0240 Disk - ok
22:21:23.0234 0240 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:21:23.0237 0240 Dnscache - ok
22:21:23.0258 0240 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:21:23.0263 0240 dot3svc - ok
22:21:23.0278 0240 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:21:23.0281 0240 DPS - ok
22:21:23.0298 0240 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:21:23.0300 0240 drmkaud - ok
22:21:23.0360 0240 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:21:23.0378 0240 DXGKrnl - ok
22:21:23.0432 0240 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:21:23.0435 0240 EapHost - ok
22:21:23.0504 0240 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:21:23.0557 0240 ebdrv - ok
22:21:23.0651 0240 [ A2DA3D8E0B336E13F7A155B5789B58CF ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
22:21:23.0657 0240 eeCtrl - ok
22:21:23.0682 0240 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:21:23.0684 0240 EFS - ok
22:21:23.0726 0240 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:21:23.0734 0240 ehRecvr - ok
22:21:23.0754 0240 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:21:23.0757 0240 ehSched - ok
22:21:23.0784 0240 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:21:23.0791 0240 elxstor - ok
22:21:23.0852 0240 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
22:21:23.0854 0240 EpsonBidirectionalService - ok
22:21:23.0882 0240 [ 1E0764A8A8F39BAAEB271DA597422584 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
22:21:23.0889 0240 EpsonCustomerParticipation - ok
22:21:23.0914 0240 [ 20ECD0A490A121CB34F553FAD1DBBD39 ] EpsonScanSvc C:\Windows\system32\EscSvc64.exe
22:21:23.0916 0240 EpsonScanSvc - ok
22:21:23.0955 0240 [ 194E8100D57FC13BEF88129BAAD07E46 ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
22:21:23.0958 0240 EPSON_PM_RPCV4_04 - ok
22:21:24.0004 0240 [ 23C3061D2F7F8BCB6140A098447035B4 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:21:24.0025 0240 EraserUtilRebootDrv - ok
22:21:24.0054 0240 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:21:24.0055 0240 ErrDev - ok
22:21:24.0100 0240 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:21:24.0106 0240 EventSystem - ok
22:21:24.0132 0240 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:21:24.0136 0240 exfat - ok
22:21:24.0154 0240 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:21:24.0158 0240 fastfat - ok
22:21:24.0182 0240 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:21:24.0191 0240 Fax - ok
22:21:24.0207 0240 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:21:24.0209 0240 fdc - ok
22:21:24.0224 0240 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:21:24.0226 0240 fdPHost - ok
22:21:24.0236 0240 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:21:24.0238 0240 FDResPub - ok
22:21:24.0253 0240 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:21:24.0255 0240 FileInfo - ok
22:21:24.0271 0240 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:21:24.0273 0240 Filetrace - ok
22:21:24.0283 0240 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:21:24.0285 0240 flpydisk - ok
22:21:24.0305 0240 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:21:24.0310 0240 FltMgr - ok
22:21:24.0367 0240 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
22:21:24.0394 0240 FontCache - ok
22:21:24.0478 0240 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:21:24.0481 0240 FontCache3.0.0.0 - ok
22:21:24.0493 0240 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:21:24.0496 0240 FsDepends - ok
22:21:24.0538 0240 [ B3EB502D2C3F47C47415F85387DFAEF1 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
22:21:24.0541 0240 fssfltr - ok
22:21:24.0648 0240 [ B6AB40819ECEC4BA07266EC0EBBC85A7 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:21:24.0684 0240 fsssvc - ok
22:21:24.0735 0240 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:21:24.0756 0240 Fs_Rec - ok
22:21:24.0794 0240 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:21:24.0798 0240 fvevol - ok
22:21:24.0814 0240 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:21:24.0837 0240 gagp30kx - ok
22:21:24.0888 0240 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:21:24.0890 0240 GEARAspiWDM - ok
22:21:24.0927 0240 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:21:24.0936 0240 gpsvc - ok
22:21:24.0978 0240 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:21:24.0980 0240 gupdate - ok
22:21:24.0996 0240 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:21:24.0997 0240 gupdatem - ok
22:21:25.0031 0240 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:21:25.0034 0240 gusvc - ok
22:21:25.0048 0240 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:21:25.0050 0240 hcw85cir - ok
22:21:25.0077 0240 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:21:25.0082 0240 HdAudAddService - ok
22:21:25.0105 0240 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:21:25.0107 0240 HDAudBus - ok
22:21:25.0129 0240 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:21:25.0131 0240 HidBatt - ok
22:21:25.0145 0240 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:21:25.0148 0240 HidBth - ok
22:21:25.0156 0240 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:21:25.0158 0240 HidIr - ok
22:21:25.0176 0240 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:21:25.0178 0240 hidserv - ok
22:21:25.0207 0240 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:21:25.0209 0240 HidUsb - ok
22:21:25.0231 0240 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:21:25.0233 0240 hkmsvc - ok
22:21:25.0257 0240 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:21:25.0261 0240 HomeGroupListener - ok
22:21:25.0287 0240 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:21:25.0290 0240 HomeGroupProvider - ok
22:21:25.0313 0240 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:21:25.0315 0240 HpSAMD - ok
22:21:25.0351 0240 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:21:25.0361 0240 HTTP - ok
22:21:25.0374 0240 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:21:25.0375 0240 hwpolicy - ok
22:21:25.0394 0240 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:21:25.0397 0240 i8042prt - ok
22:21:25.0429 0240 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:21:25.0436 0240 iaStorV - ok
22:21:25.0468 0240 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:21:25.0478 0240 idsvc - ok
22:21:25.0551 0240 [ A1258065E8B16E23E2AFDE72FB5559BC ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130914.001\IDSvia64.sys
22:21:25.0558 0240 IDSVia64 - ok
22:21:25.0686 0240 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:21:25.0783 0240 igfx - ok
22:21:25.0805 0240 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:21:25.0807 0240 iirsp - ok
22:21:25.0837 0240 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:21:25.0847 0240 IKEEXT - ok
22:21:25.0886 0240 [ D42D651676883181400E22957A7E0B1E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:21:25.0919 0240 IntcAzAudAddService - ok
22:21:25.0978 0240 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:21:25.0979 0240 intelide - ok
22:21:26.0006 0240 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:21:26.0008 0240 intelppm - ok
22:21:26.0031 0240 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:21:26.0034 0240 IPBusEnum - ok
22:21:26.0052 0240 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:21:26.0054 0240 IpFilterDriver - ok
22:21:26.0113 0240 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:21:26.0120 0240 iphlpsvc - ok
22:21:26.0179 0240 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:21:26.0182 0240 IPMIDRV - ok
22:21:26.0229 0240 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:21:26.0233 0240 IPNAT - ok
22:21:26.0302 0240 [ 2872B90D57C8310194A78A9787406467 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:21:26.0325 0240 iPod Service - ok
22:21:26.0357 0240 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:21:26.0359 0240 IRENUM - ok
22:21:26.0384 0240 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:21:26.0386 0240 isapnp - ok
22:21:26.0412 0240 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:21:26.0417 0240 iScsiPrt - ok
22:21:26.0434 0240 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:21:26.0436 0240 kbdclass - ok
22:21:26.0448 0240 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:21:26.0450 0240 kbdhid - ok
22:21:26.0463 0240 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:21:26.0464 0240 KeyIso - ok
22:21:26.0513 0240 [ 07071C1E3CD8F0F9114AAC8B072CA1E5 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
22:21:26.0515 0240 KMWDFILTER - ok
22:21:26.0564 0240 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:21:26.0567 0240 KSecDD - ok
22:21:26.0611 0240 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:21:26.0615 0240 KSecPkg - ok
22:21:26.0656 0240 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:21:26.0658 0240 ksthunk - ok
22:21:26.0690 0240 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:21:26.0698 0240 KtmRm - ok
22:21:26.0712 0240 [ B8E670D7EF61615FA03104552854FAC9 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
22:21:26.0715 0240 L1E - ok
22:21:26.0766 0240 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:21:26.0786 0240 LanmanServer - ok
22:21:26.0814 0240 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:21:26.0819 0240 LanmanWorkstation - ok
22:21:26.0844 0240 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:21:26.0847 0240 lltdio - ok
22:21:26.0867 0240 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:21:26.0874 0240 lltdsvc - ok
22:21:26.0891 0240 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:21:26.0893 0240 lmhosts - ok
22:21:26.0918 0240 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:21:26.0920 0240 LSI_FC - ok
22:21:26.0930 0240 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:21:26.0933 0240 LSI_SAS - ok
22:21:26.0952 0240 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:21:26.0954 0240 LSI_SAS2 - ok
22:21:26.0969 0240 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:21:26.0972 0240 LSI_SCSI - ok
22:21:26.0987 0240 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:21:26.0989 0240 luafv - ok
22:21:27.0049 0240 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
22:21:27.0056 0240 LVRS64 - ok
22:21:27.0153 0240 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
22:21:27.0240 0240 LVUVC64 - ok
22:21:27.0287 0240 [ DE585D1D266805E5EEDAE911FDD16F38 ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
22:21:27.0289 0240 ManyCam - ok
22:21:27.0349 0240 [ 5858C4ABE87D0A842A941D6BD08038F1 ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv_x64.sys
22:21:27.0350 0240 mcaudrv_simple - ok
22:21:27.0374 0240 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:21:27.0377 0240 Mcx2Svc - ok
22:21:27.0394 0240 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:21:27.0396 0240 megasas - ok
22:21:27.0416 0240 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:21:27.0421 0240 MegaSR - ok
22:21:27.0447 0240 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:21:27.0448 0240 MMCSS - ok
22:21:27.0461 0240 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:21:27.0463 0240 Modem - ok
22:21:27.0490 0240 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:21:27.0491 0240 monitor - ok
22:21:27.0500 0240 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:21:27.0502 0240 mouclass - ok
22:21:27.0520 0240 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:21:27.0521 0240 mouhid - ok
22:21:27.0553 0240 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:21:27.0555 0240 mountmgr - ok
22:21:27.0575 0240 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:21:27.0578 0240 mpio - ok
22:21:27.0597 0240 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:21:27.0599 0240 mpsdrv - ok
22:21:27.0633 0240 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:21:27.0672 0240 MpsSvc - ok
22:21:27.0685 0240 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:21:27.0688 0240 MRxDAV - ok
22:21:27.0713 0240 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:21:27.0716 0240 mrxsmb - ok
22:21:27.0742 0240 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:21:27.0746 0240 mrxsmb10 - ok
22:21:27.0762 0240 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:21:27.0765 0240 mrxsmb20 - ok
22:21:27.0785 0240 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:21:27.0786 0240 msahci - ok
22:21:27.0807 0240 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:21:27.0810 0240 msdsm - ok
22:21:27.0828 0240 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:21:27.0830 0240 MSDTC - ok
22:21:27.0859 0240 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:21:27.0860 0240 Msfs - ok
22:21:27.0871 0240 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:21:27.0873 0240 mshidkmdf - ok
22:21:27.0894 0240 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:21:27.0896 0240 msisadrv - ok
22:21:27.0917 0240 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:21:27.0920 0240 MSiSCSI - ok
22:21:27.0931 0240 msiserver - ok
22:21:27.0953 0240 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:21:27.0955 0240 MSKSSRV - ok
22:21:27.0970 0240 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:21:27.0972 0240 MSPCLOCK - ok
22:21:27.0991 0240 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:21:27.0993 0240 MSPQM - ok
22:21:28.0006 0240 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:21:28.0011 0240 MsRPC - ok
22:21:28.0030 0240 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:21:28.0042 0240 mssmbios - ok
22:21:28.0061 0240 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:21:28.0063 0240 MSTEE - ok
22:21:28.0101 0240 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:21:28.0103 0240 MTConfig - ok
22:21:28.0140 0240 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
22:21:28.0142 0240 MTsensor - ok
22:21:28.0156 0240 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:21:28.0158 0240 Mup - ok
22:21:28.0201 0240 [ 1BF9D6476061B31CD7FC2BF848529A56 ] N360 C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
22:21:28.0203 0240 N360 - ok
22:21:28.0227 0240 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:21:28.0233 0240 napagent - ok
22:21:28.0267 0240 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:21:28.0272 0240 NativeWifiP - ok
22:21:28.0315 0240 [ 702E07EC32F96ACDB873E9A5465D4401 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130916.008\ENG64.SYS
22:21:28.0317 0240 NAVENG - ok
22:21:28.0371 0240 [ 302EA314A1AF0D7CEF0A3D0195F79561 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130916.008\EX64.SYS
22:21:28.0406 0240 NAVEX15 - ok
22:21:28.0461 0240 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:21:28.0472 0240 NDIS - ok
22:21:28.0520 0240 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:21:28.0522 0240 NdisCap - ok
22:21:28.0542 0240 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:21:28.0545 0240 NdisTapi - ok
22:21:28.0584 0240 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:21:28.0586 0240 Ndisuio - ok
22:21:28.0628 0240 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:21:28.0632 0240 NdisWan - ok
22:21:28.0660 0240 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:21:28.0684 0240 NDProxy - ok
22:21:28.0712 0240 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:21:28.0714 0240 NetBIOS - ok
22:21:28.0744 0240 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:21:28.0750 0240 NetBT - ok
22:21:28.0761 0240 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:21:28.0763 0240 Netlogon - ok
22:21:28.0804 0240 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:21:28.0811 0240 Netman - ok
22:21:28.0862 0240 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:21:28.0890 0240 NetMsmqActivator - ok
22:21:28.0898 0240 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:21:28.0901 0240 NetPipeActivator - ok
22:21:28.0931 0240 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:21:28.0938 0240 netprofm - ok
22:21:28.0989 0240 [ B72BB9496A126FCFC7FC5945DED9B411 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
22:21:29.0001 0240 netr28x - ok
22:21:29.0009 0240 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:21:29.0011 0240 NetTcpActivator - ok
22:21:29.0018 0240 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:21:29.0021 0240 NetTcpPortSharing - ok
22:21:29.0042 0240 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:21:29.0044 0240 nfrd960 - ok
22:21:29.0091 0240 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:21:29.0097 0240 NlaSvc - ok
22:21:29.0105 0240 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:21:29.0107 0240 Npfs - ok
22:21:29.0116 0240 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:21:29.0118 0240 nsi - ok
22:21:29.0130 0240 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:21:29.0149 0240 nsiproxy - ok
22:21:29.0206 0240 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:21:29.0232 0240 Ntfs - ok
22:21:29.0266 0240 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
22:21:29.0268 0240 NuidFltr - ok
22:21:29.0277 0240 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:21:29.0278 0240 Null - ok
22:21:29.0486 0240 [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:21:29.0661 0240 nvlddmkm - ok
22:21:29.0723 0240 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:21:29.0725 0240 nvraid - ok
22:21:29.0761 0240 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:21:29.0764 0240 nvstor - ok
22:21:29.0802 0240 [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc C:\Windows\system32\nvvsvc.exe
22:21:29.0812 0240 nvsvc - ok
22:21:29.0907 0240 [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:21:29.0934 0240 nvUpdatusService - ok
22:21:29.0953 0240 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:21:29.0955 0240 nv_agp - ok
22:21:30.0058 0240 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:21:30.0063 0240 odserv - ok
22:21:30.0088 0240 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:21:30.0090 0240 ohci1394 - ok
22:21:30.0136 0240 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:21:30.0139 0240 ose - ok
22:21:30.0167 0240 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:21:30.0172 0240 p2pimsvc - ok
22:21:30.0187 0240 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:21:30.0193 0240 p2psvc - ok
22:21:30.0205 0240 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:21:30.0208 0240 Parport - ok
22:21:30.0255 0240 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:21:30.0257 0240 partmgr - ok
22:21:30.0281 0240 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:21:30.0285 0240 PcaSvc - ok
22:21:30.0296 0240 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:21:30.0299 0240 pci - ok
22:21:30.0323 0240 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:21:30.0324 0240 pciide - ok
22:21:30.0347 0240 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:21:30.0352 0240 pcmcia - ok
22:21:30.0368 0240 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:21:30.0370 0240 pcw - ok
22:21:30.0388 0240 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:21:30.0396 0240 PEAUTH - ok
22:21:30.0465 0240 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:21:30.0468 0240 PerfHost - ok
22:21:30.0512 0240 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:21:30.0538 0240 pla - ok
22:21:30.0569 0240 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:21:30.0575 0240 PlugPlay - ok
22:21:30.0584 0240 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:21:30.0587 0240 PNRPAutoReg - ok
22:21:30.0595 0240 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:21:30.0598 0240 PNRPsvc - ok
22:21:30.0628 0240 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
22:21:30.0630 0240 Point64 - ok
22:21:30.0666 0240 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:21:30.0672 0240 PolicyAgent - ok
22:21:30.0719 0240 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:21:30.0738 0240 Power - ok
22:21:30.0767 0240 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:21:30.0771 0240 PptpMiniport - ok
22:21:30.0787 0240 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:21:30.0791 0240 Processor - ok
22:21:30.0849 0240 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:21:30.0856 0240 ProfSvc - ok
22:21:30.0867 0240 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:21:30.0870 0240 ProtectedStorage - ok
22:21:30.0899 0240 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:21:30.0904 0240 Psched - ok
22:21:30.0953 0240 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:21:30.0988 0240 ql2300 - ok
22:21:31.0012 0240 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:21:31.0016 0240 ql40xx - ok
22:21:31.0034 0240 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:21:31.0042 0240 QWAVE - ok
22:21:31.0060 0240 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:21:31.0062 0240 QWAVEdrv - ok
22:21:31.0105 0240 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:21:31.0107 0240 RasAcd - ok
22:21:31.0137 0240 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:21:31.0140 0240 RasAgileVpn - ok
22:21:31.0159 0240 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:21:31.0164 0240 RasAuto - ok
22:21:31.0214 0240 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:21:31.0218 0240 Rasl2tp - ok
22:21:31.0241 0240 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:21:31.0249 0240 RasMan - ok
22:21:31.0264 0240 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:21:31.0267 0240 RasPppoe - ok
22:21:31.0278 0240 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:21:31.0281 0240 RasSstp - ok
22:21:31.0324 0240 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:21:31.0330 0240 rdbss - ok
22:21:31.0345 0240 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:21:31.0347 0240 rdpbus - ok
22:21:31.0383 0240 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:21:31.0385 0240 RDPCDD - ok
22:21:31.0394 0240 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:21:31.0396 0240 RDPENCDD - ok
22:21:31.0418 0240 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:21:31.0420 0240 RDPREFMP - ok
22:21:31.0486 0240 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:21:31.0488 0240 RdpVideoMiniport - ok
22:21:31.0511 0240 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:21:31.0516 0240 RDPWD - ok
22:21:31.0551 0240 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:21:31.0556 0240 rdyboost - ok
22:21:31.0576 0240 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:21:31.0579 0240 RemoteAccess - ok
22:21:31.0594 0240 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:21:31.0597 0240 RemoteRegistry - ok
22:21:31.0616 0240 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:21:31.0618 0240 RpcEptMapper - ok
22:21:31.0634 0240 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:21:31.0636 0240 RpcLocator - ok
22:21:31.0665 0240 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:21:31.0670 0240 RpcSs - ok
22:21:31.0686 0240 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:21:31.0688 0240 rspndr - ok
22:21:31.0708 0240 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:21:31.0709 0240 SamSs - ok
22:21:31.0737 0240 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:21:31.0739 0240 sbp2port - ok
22:21:31.0758 0240 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:21:31.0762 0240 SCardSvr - ok
22:21:31.0790 0240 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:21:31.0792 0240 scfilter - ok
22:21:31.0823 0240 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:21:31.0842 0240 Schedule - ok
22:21:31.0875 0240 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:21:31.0876 0240 SCPolicySvc - ok
22:21:31.0909 0240 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:21:31.0913 0240 SDRSVC - ok
22:21:31.0926 0240 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:21:31.0927 0240 seclogon - ok
22:21:31.0956 0240 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:21:31.0959 0240 SENS - ok
22:21:31.0981 0240 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:21:31.0984 0240 SensrSvc - ok
22:21:31.0999 0240 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:21:32.0001 0240 Serenum - ok
22:21:32.0022 0240 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:21:32.0024 0240 Serial - ok
22:21:32.0056 0240 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:21:32.0058 0240 sermouse - ok
22:21:32.0090 0240 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:21:32.0093 0240 SessionEnv - ok
22:21:32.0105 0240 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:21:32.0107 0240 sffdisk - ok
22:21:32.0112 0240 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:21:32.0113 0240 sffp_mmc - ok
22:21:32.0123 0240 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:21:32.0125 0240 sffp_sd - ok
22:21:32.0138 0240 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:21:32.0140 0240 sfloppy - ok
22:21:32.0167 0240 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:21:32.0172 0240 SharedAccess - ok
22:21:32.0207 0240 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:21:32.0213 0240 ShellHWDetection - ok
22:21:32.0237 0240 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:21:32.0238 0240 SiSRaid2 - ok
22:21:32.0257 0240 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:21:32.0259 0240 SiSRaid4 - ok
22:21:32.0315 0240 [ 3E587DBBDFF938DDE5D4CE4047BE9041 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:21:32.0318 0240 SkypeUpdate - ok
22:21:32.0352 0240 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:21:32.0355 0240 Smb - ok
22:21:32.0380 0240 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:21:32.0382 0240 SNMPTRAP - ok
22:21:32.0397 0240 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:21:32.0398 0240 spldr - ok
22:21:32.0442 0240 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:21:32.0449 0240 Spooler - ok
22:21:32.0536 0240 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:21:32.0599 0240 sppsvc - ok
22:21:32.0617 0240 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:21:32.0621 0240 sppuinotify - ok
22:21:32.0707 0240 [ 2FD9346F9D76CB4192D37329CFA47A82 ] SRTSP C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS
22:21:32.0770 0240 SRTSP - ok
22:21:32.0812 0240 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS
22:21:32.0854 0240 SRTSPX - ok
22:21:32.0951 0240 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:21:32.0960 0240 srv - ok
22:21:32.0978 0240 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:21:32.0985 0240 srv2 - ok
22:21:33.0012 0240 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:21:33.0016 0240 srvnet - ok
22:21:33.0043 0240 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:21:33.0067 0240 SSDPSRV - ok
22:21:33.0097 0240 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:21:33.0101 0240 SstpSvc - ok
22:21:33.0177 0240 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:21:33.0183 0240 Stereo Service - ok
22

SuperDave · « **Reply #16 on:** September 17, 2013, 05:08:52 PM »

Ok, you will have to try stopping each svchost process on at a time to see if that helps.

smallzZz8 · « **Reply #17 on:** September 19, 2013, 07:52:46 PM »

there are so many of them when i hit show all users. i start with the highest and when i remove the highest my desktop color changes. and when ever i delete one another one shows up. also it will not let me remove some. and when delete the first one with the highest memory i can not pull up anything on my computer, google , any web app or any icon etc. so i have to restart my computer. all in all when i delete one another one pops up so i could not remove them

ps-also now that proccess is taking alot of cpu for some reason

smallzZz8 · « **Reply #18 on:** September 20, 2013, 03:41:47 PM »

Also i was looking through my recent files on norton that are blocked and what not and all i see is many pages of medium risk level that is saying unauthorized access blocked and i click it and it says actor: C:\WINDOWS\SYSTEM32\SVCHOST.EXE and there is a target but im not to sure what that means but it is C:\ProgramData\Norton\{0C55C096-0F1D-4.....

not sure if this helps but here it is and i am beginning to think it is svchost.exe that is causing all this

SuperDave · « **Reply #19 on:** September 20, 2013, 04:24:30 PM »

Quote from: smallzZz8 on September 20, 2013, 03:41:47 PM

Also i was looking through my recent files on norton that are blocked and what not and all i see is many pages of medium risk level that is saying unauthorized access blocked and i click it and it says actor: C:\WINDOWS\SYSTEM32\SVCHOST.EXE and there is a target but im not to sure what that means but it is C:\ProgramData\Norton\{0C55C096-0F1D-4.....

not sure if this helps but here it is and i am beginning to think it is svchost.exe that is causing all this

Can you try stopping that process? Have you tried starting your computer in Safe Mode to see if that problem still exists?

smallzZz8 · « **Reply #20 on:** September 20, 2013, 04:31:29 PM »

there are so many of those proccesses like i said but when i start stoping them and go to use my computer and i click on something like google chrome nothing works or pops up. safe mode i will try now

smallzZz8 · « **Reply #21 on:** September 20, 2013, 05:10:01 PM »

no the problem does not happen in safe mode

smallzZz8 · « **Reply #22 on:** September 20, 2013, 05:18:27 PM »

also would u happen to have a skype and teamviewer? that way we could chat faster and u can help me so much faster

SuperDave · « **Reply #23 on:** September 20, 2013, 07:27:01 PM »

Quote

also would u happen to have a skype and teamviewer? that way we could chat faster and u can help me so much faster

Sorry, I don't have either. Let's try this: Download and install MicroSoft Security Essentials. Disable your Norton AV and see if the problem still exists.

MicroSoft Security Essentials All versions and all languages.

smallzZz8 · « **Reply #24 on:** September 21, 2013, 09:05:20 AM »

ok i ran a full scan of everything besides the norton backup folder because that is the one that takes like 2 weeks to finish. but at the end it got 5 items. 4 of them were medium risk and the other 1 was severe risk and it got rid of all of those. i am about to restart my computer right now but i have a question. In the beginning when i did my norton backup do you thing it could of backed up all these bad files and viruses etc. so when i run a scan the scans dont mark them as bad because they are under norton backup? could that be the problem

smallzZz8 · « **Reply #25 on:** September 21, 2013, 10:09:56 AM »

no it did not help and the problem still exists

SuperDave · « **Reply #26 on:** September 21, 2013, 04:50:26 PM »

Quote

In the beginning when i did my norton backup do you thing it could of backed up all these bad files and viruses etc. so when i run a scan the scans dont mark them as bad because they are under norton backup? could that be the problem

That is quite possible.

Quote

no it did not help and the problem still exists

What didn't help? Do you mean installing MSE and disabling Norton? Do you the Norton installation disk? If you do, please uninstall Norton. You can always re-install it later.

smallzZz8 · « **Reply #27 on:** September 22, 2013, 07:47:49 AM »

Quote from: SuperDave on September 21, 2013, 04:50:26 PM

What didn't help? Do you mean installing MSE and disabling Norton? Do you the Norton installation disk? If you do, please uninstall Norton. You can always re-install it later.

running the mse scan did not help. i did not disable norton i just turned it off during the scan.although it got some items in the scan it did not fix the problem.do i have to uninstall norton because i my disk is up with my dad.

SuperDave · « **Reply #28 on:** September 22, 2013, 12:36:35 PM »

I just wanted you to use MSE while Norton was disabled. When you turned off Norton did you notice if it was still running in Task Manager? Try it again and, if it's still running in Task Manager, stop the process and see if that improves the situation.

smallzZz8 · « **Reply #29 on:** September 25, 2013, 04:34:32 AM »

ok i got rid of the norton proccess and did a full scan and the scan came out as protexted and did not detect anything.although i left the scan on overnight and ram was at 85% when started and i woke up to 31% but its at 48% now

SuperDave · « **Reply #30 on:** September 25, 2013, 01:13:34 PM »

Please download and run MicroSoft Safety Scanner. This will take about 20 minutes to run and will produce a log if your computer was infected. Please post the log. This scanner only has a shelf life of 10 days so you will need to download a new one if you want to run a scan after the trial period has expired.
***********************************
Download GMER Rootkit Scanner from here.

•Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
•If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
•In the right panel, you will see several boxes that have been checked. Uncheck the following ...
*Sections
*IAT/EAT
*Drives/Partition other than Systemdrive (typically C:\)
*Show All (don't miss this one)
•Then click the Scan button & wait for it to finish
•Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
•Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

smallzZz8 · « **Reply #31 on:** September 25, 2013, 04:42:44 PM »

should i disable norton and the microsoft essentials?

SuperDave · « **Reply #32 on:** September 25, 2013, 05:58:00 PM »

Quote from: smallzZz8 on September 25, 2013, 04:42:44 PM

should i disable norton and the microsoft essentials?

No, not necessary.

smallzZz8 · « **Reply #33 on:** September 25, 2013, 07:48:02 PM »

ok and here is the log for the Gmer scan...the first scan just said no viruses and spyware

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-25 21:46:27
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST31000528AS rev.CC46 931.51GB
Running: us5dkh0v.exe; Driver: C:\Users\Bryce\AppData\Local\Temp\kgtorpoc.sys

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

smallzZz8 · « **Reply #34 on:** September 26, 2013, 12:37:26 PM »

also would it help if i gave you the recent files that i downloaded that were mark bad and deleted by norton at the beginning of all this?

SuperDave · « **Reply #35 on:** September 26, 2013, 01:35:59 PM »

Quote

also would it help if i gave you the recent files that i downloaded that were mark bad and deleted by norton at the beginning of all this?

No, that won't help much. Please run this scan.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

On completion of the scan click save log, save it to your desktop and post in your next reply

smallzZz8 · « **Reply #36 on:** September 26, 2013, 06:56:54 PM »

here is the aswMBR scan

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-09-26 20:55:02
-----------------------------
20:55:02.783 OS Version: Windows x64 6.1.7601 Service Pack 1
20:55:02.783 Number of processors: 2 586 0x170A
20:55:02.784 ComputerName: ADAMS-PC UserName: Bryce
20:55:05.259 Initialize success
20:55:33.300 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:55:33.304 Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
20:55:33.364 Disk 0 MBR read successfully
20:55:33.368 Disk 0 MBR scan
20:55:33.372 Disk 0 unknown MBR code
20:55:33.376 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 8197 MB offset 63
20:55:33.381 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 945669 MB offset 16787925
20:55:33.405 Disk 0 scanning C:\Windows\system32\drivers
20:55:40.085 Service scanning
20:55:42.079 Service BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130903.002\BHDrvx64.sys **LOCKED** 5
20:55:42.783 Service ccSet_N360 C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys **LOCKED** 5
20:55:43.584 Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
20:55:43.848 Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
20:55:44.948 Service IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130925.001\IDSvia64.sys **LOCKED** 5
20:55:46.675 Service NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130925.003\ENG64.SYS **LOCKED** 5
20:55:46.748 Service NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130925.003\EX64.SYS **LOCKED** 5
20:55:49.560 Service SRTSPX C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS **LOCKED** 5
20:55:49.876 Service SymDS C:\Windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS **LOCKED** 5
20:55:49.930 Service SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS **LOCKED** 5
20:55:49.968 Service SymIRON C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS **LOCKED** 5
20:55:49.992 Service SymNetS C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS **LOCKED** 5
20:55:53.051 Modules scanning
20:55:53.065 Disk 0 trace - called modules:
20:55:53.084 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:55:53.090 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f7e060]
20:55:53.097 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8005bb0e40]
20:55:53.103 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005bda060]
20:55:53.110 Scan finished successfully
20:56:23.853 Disk 0 MBR has been saved successfully to "C:\Users\Bryce\Desktop\mbar\MBR.dat"
20:56:23.894 The log file has been saved successfully to "C:\Users\Bryce\Desktop\mbar\aswMBR.txt"

SuperDave · « **Reply #37 on:** September 26, 2013, 07:47:23 PM »

We need to fix the Master Boot Record using aswMBR now.

Double click aswMBR.exe to run it like before
Once the scan finishes click FixMBR to remove the infection as illustrated below

Once the scan finishes click Save log to save the log to your Desktop
Copy and paste the contents of aswMBR.txt back here for review

.

smallzZz8 · « **Reply #38 on:** September 26, 2013, 08:14:18 PM »

here it is

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-09-26 22:10:57
-----------------------------
22:10:57.533 OS Version: Windows x64 6.1.7601 Service Pack 1
22:10:57.533 Number of processors: 2 586 0x170A
22:10:57.534 ComputerName: ADAMS-PC UserName: Bryce
22:11:02.595 Initialize success
22:11:26.083 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:11:26.086 Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
22:11:26.164 Disk 0 MBR read successfully
22:11:26.166 Disk 0 MBR scan
22:11:26.168 Disk 0 unknown MBR code
22:11:26.172 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 8197 MB offset 63
22:11:26.175 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 945669 MB offset 16787925
22:11:26.197 Disk 0 scanning C:\Windows\system32\drivers
22:11:33.901 Service scanning
22:11:35.688 Service BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130903.002\BHDrvx64.sys **LOCKED** 5
22:11:36.051 Service ccSet_N360 C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys **LOCKED** 5
22:11:37.027 Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
22:11:37.356 Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
22:11:38.689 Service IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130926.001\IDSvia64.sys **LOCKED** 5
22:11:40.673 Service NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130925.003\ENG64.SYS **LOCKED** 5
22:11:40.730 Service NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20130925.003\EX64.SYS **LOCKED** 5
22:11:43.999 Service SRTSPX C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS **LOCKED** 5
22:11:44.249 Service SymDS C:\Windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS **LOCKED** 5
22:11:44.295 Service SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS **LOCKED** 5
22:11:44.349 Service SymIRON C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS **LOCKED** 5
22:11:44.381 Service SymNetS C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS **LOCKED** 5
22:11:47.649 Modules scanning
22:11:47.656 Disk 0 trace - called modules:
22:11:47.683 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:11:47.689 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f7e060]
22:11:47.695 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8005bb0e40]
22:11:47.701 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005bda060]
22:11:47.707 Scan finished successfully
22:12:23.294 Verifying
22:12:33.318 Disk 0 Windows 601 MBR fixed successfully
22:13:13.235 Disk 0 MBR has been saved successfully to "C:\Users\Bryce\Desktop\mbar\MBR.dat"
22:13:13.280 The log file has been saved successfully to "C:\Users\Bryce\Desktop\mbar\aswMBR.txt"

SuperDave · « **Reply #39 on:** September 27, 2013, 01:14:32 PM »

Any change?

smallzZz8 · « **Reply #40 on:** September 27, 2013, 03:19:22 PM »

kind of it doesnt slowly go up but when doing all my stuff i get like 80-87% but this may just be normal. would it help if i deleted other accounts on the computer?

immental1200 · « **Reply #41 on:** September 27, 2013, 03:37:21 PM »

Comments removed. You are not authorized to post in these malware forums unless you need help.

smallzZz8 · « **Reply #42 on:** September 29, 2013, 12:53:59 PM »

ya it used to slowly climb and i think it still might because it used to slowly go to 80-90% but now when i have all my stuff up i get 80-90% so idk if its my stuff or not...but when it slowly climbs like in the beginning i have nothing running

my startup is
microsoft intellipoint
hot key daemon
realtek voice manager
hd audio control panel
microsoft security client
epson status monitor 3
googletoolbarnotifier
eeventmanager application
java(tm) platform SE auto updater

this is all that is enabled

smallzZz8 · « **Reply #43 on:** September 29, 2013, 01:01:22 PM »

ok the problem is back im getting 50 cpu and 65 cpu running nothing but chrome to reply to this...svchost.exe is useing the most memory amd another svchost.exe is using all the cpu

Ps Read the reply above to

SuperDave · « **Reply #44 on:** September 29, 2013, 07:40:33 PM »

StartupLite

Download StartupLite by MalwareBytes to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.

smallzZz8 · « **Reply #45 on:** September 30, 2013, 12:44:01 PM »

When i hit continue i get an error message saying Error on Value: sunjavaupdatesched. there was an error creating msconfig key. i hit ok then i get another one saying error on value:swg. there was an error creating msconfig key. then i hit ok and it says all actions executed successfully changes will take effect after the system is restarted. so i hit ok and i will restart my computer now

smallzZz8 · « **Reply #46 on:** October 01, 2013, 04:21:17 AM »

and the problem still exists. i have 70 proccesses is that normal. and can i disable microsoft sequrity that you had me download?

smallzZz8 · « **Reply #47 on:** October 01, 2013, 12:39:21 PM »

also i was just got on and had all my stuff up and the last few days i was getting high 80's % recently and just got on and have only 50%

SuperDave · « **Reply #48 on:** October 01, 2013, 01:06:59 PM »

Quote

i have 70 proccesses is that normal. and can i disable microsoft sequrity that you had me download?

It really depends what is running. I have only 43 on mine.
At this point I would advise you to back up your data and run the Recovery Console and bring your computer back to the day you bought it.

smallzZz8 · « **Reply #49 on:** October 01, 2013, 08:05:20 PM »

how would i do all that. i only have a few things i wanna keep and a few files.

its weird because yesterday with all my stuff up i was getting high ram, in the morning i still had all my stuff up and i got low ram throughout the whole day, and now, at
night it went back up to high ram again

SuperDave · « **Reply #50 on:** October 02, 2013, 12:34:30 PM »

Quote

how would i do all that. i only have a few things i wanna keep and a few files.

If you have the OS CD you can boot to it and try a Recovery. There is probably a Recovery Console on a separate partition of your harddrive. You should be able to run the Recovery from there.
Here's more information about that.

smallzZz8 · « **Reply #51 on:** October 03, 2013, 01:03:55 PM »

maybe my ram is just suppose to be that high but i dout it. is there a way i can just run the proccess i acually need. because i do not wanna do the recovery and loose all my files

SuperDave · « **Reply #52 on:** October 03, 2013, 06:58:16 PM »

Quote

maybe my ram is just suppose to be that high but i dout it. is there a way i can just run the proccess i acually need. because i do not wanna do the recovery and loose all my files.

You can always and should back up your important data to an external harddrive of DVD's. As I mentioned before you should be able to stop every process except explorer.

smallzZz8 · « **Reply #53 on:** October 03, 2013, 07:24:37 PM »

well what if i backup the unknown problem onto the external hard drive. and no i cannot remove every process not talking about explorer

SuperDave · « **Reply #54 on:** October 04, 2013, 01:29:04 PM »

That could be a problem with bad RAM. Please run this check just to eliminate that possibility.
Test your RAM here.

smallzZz8 · « **Reply #55 on:** October 04, 2013, 02:31:34 PM »

I am sorry but i am very confuessed on how to install this. i clicked download and clicked the first one under windows and there is not a like start button like all the other programs. i am not sure if this is the right download so can u please tell me how or which one to download

SuperDave · « **Reply #56 on:** October 04, 2013, 04:41:39 PM »

Here are the operating instructions. If you decide to use a CD here are some more information how to burn an ISO image.

burn to a CD using an ISO Burner. One can be found here.

smallzZz8 · « **Reply #57 on:** October 05, 2013, 08:49:32 AM »

no can you just show me how to do the memtest that u want me to do

SuperDave · « **Reply #58 on:** October 05, 2013, 01:07:30 PM »

Quote from: smallzZz8 on October 05, 2013, 08:49:32 AM

no can you just show me how to do the memtest that u want me to do

The only other way I could show you is to be sitting beside you while you run the test but we both know that's impossible. The instructions seem to be quite clear.

Computer Hope Forum

News:

Author Topic: Ram usage really high (Read 45379 times)

smallzZz8

SuperDave

smallzZz8

smallzZz8

SuperDave

smallzZz8

SuperDave

smallzZz8

SuperDave

smallzZz8

SuperDave

smallzZz8

SuperDave

smallzZz8

SuperDave

smallzZz8

SuperDave

smallzZz8

smallzZz8

SuperDave

smallzZz8

smallzZz8

smallzZz8

SuperDave

smallzZz8

smallzZz8

SuperDave

smallzZz8

SuperDave

smallzZz8

SuperDave

smallzZz8

SuperDave

smallzZz8

smallzZz8

SuperDave

smallzZz8

SuperDave

smallzZz8

SuperDave

smallzZz8

immental1200

smallzZz8

smallzZz8

SuperDave

smallzZz8

smallzZz8

smallzZz8

SuperDave

smallzZz8

SuperDave

smallzZz8

SuperDave

smallzZz8

SuperDave

smallzZz8

SuperDave

smallzZz8

SuperDave