Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE8 can't open internet options or reinstall


  • This topic is locked This topic is locked
63 replies to this topic

#1 BeatlesFanatic9

BeatlesFanatic9

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 08 September 2012 - 03:25 AM

After a power outage, my computer restarted with a date of 2006 and said my Norton Internet Subscription had expired. Fixed date and Norton Internet Security, but Norton was offline for a couple of hours leaving my computer vulnerable. After fixing it, Norton alerted me to a Bloodhound.MaIPE virus which Norton says it quarantined. Since then I have been unable to open Internet Options and all attempts to download and reinstall IE8 have failed.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Jack King at 20:51:37 on 2012-09-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1272 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Zune\ZuneBusEnum.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\VCOM\PowerDesk\pddlghlp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = http=65.111.167.103:3128;ftp=65.111.167.103:3128;https=65.111.167.103:3128;
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.3.6\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.3.6\coIEPlg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVD.exe
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HPWPTOOLBOX] c:\program files\hewlett-packard\hp business inkjet 2800 series\toolbox\HPWPTBX.exe "-i"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
StartupFolder: c:\docume~1\jackki~1\startm~1\programs\startup\dialog~1.lnk - c:\program files\vcom\powerdesk\pddlghlp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\advanced jpeg compressor\ajcieex.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342651866000
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344893350406
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E2DF9E63-EE16-41BA-BD5F-A13638FE942E} : DhcpNameServer = 192.168.1.1
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.3.6\CoIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
============= SERVICES / DRIVERS ===============
.
R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [1979-12-31 251194]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008030.006\SymEFA.sys [2011-10-10 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008030.006\BHDrvx86.sys [2011-10-10 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008030.006\cchpx86.sys [2011-10-10 467592]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20120901.001\IDSXpx86.sys [2012-9-1 373728]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.3.6\ccSvcHst.exe [2011-10-10 117648]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2011-3-9 238592]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2011-3-9 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2011-3-9 484352]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20120907.001\NAVENG.SYS [2012-9-7 92704]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20120907.001\NAVEX15.SYS [2012-9-7 1601184]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2011-4-4 19056]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-15 250056]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-3-20 11520]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]
.
=============== Created Last 30 ================
.
2012-09-08 00:43:15 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-09-08 00:43:15 -------- d-----w- c:\windows\system32\wbem\Repository
2012-09-07 20:01:09 -------- d-----w- c:\documents and settings\jack king\application data\ElevatedDiagnostics
2012-09-07 15:32:07 7022536 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{b3237ac3-fdcd-4a05-8da7-60483cec26a9}\mpengine.dll
2012-09-01 08:22:10 98816 ----a-w- c:\windows\sed.exe
2012-09-01 08:22:10 518144 ----a-w- c:\windows\SWREG.exe
2012-09-01 08:22:10 256000 ----a-w- c:\windows\PEV.exe
2012-09-01 08:22:10 208896 ----a-w- c:\windows\MBR.exe
2012-09-01 08:06:58 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2012-09-01 05:09:40 -------- d-----w- C:\ComboFix(2)
2012-08-30 22:56:23 -------- d-----w- c:\program files\VS Revo Group
2012-08-29 09:47:51 -------- d-----w- c:\program files\common files\Java(2)
2012-08-29 09:46:46 -------- d-----w- c:\program files\Java(2)
2012-08-24 04:34:05 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2012-08-24 04:16:09 -------- d-----w- c:\program files\Radical Games
2012-08-21 04:24:13 -------- d-----w- c:\program files\Ask.com
2012-08-21 04:24:03 -------- d-----w- c:\documents and settings\jack king\local settings\application data\AskToolbar
2012-08-18 04:35:24 -------- d-----w- c:\program files\CCleaner
2012-08-18 02:44:44 -------- d-----w- c:\program files\Warecentral
2012-08-17 04:10:15 -------- d-----w- c:\windows\nview
2012-08-16 05:09:25 70344 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-16 05:09:25 426184 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 20:20:07 -------- d-----w- c:\program files\FreeHideIP
2012-08-13 03:21:40 -------- d-sha-r- C:\cmdcons
2012-08-12 08:24:25 -------- d-----w- c:\documents and settings\jack king\application data\FreeHideIP
2012-08-12 08:24:25 -------- d-----w- c:\documents and settings\all users\application data\FreeHideIP
.
==================== Find3M ====================
.
2012-07-23 06:44:49 687600 ------w- c:\windows\system32\deployJava1.dll
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-06 02:07:08 143872 ------w- c:\windows\system32\javacpl.cpl
2012-07-06 02:06:30 772544 ------w- c:\windows\system32\npDeployJava1.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 17:46:44 22344 ------w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 03:19:34 11111424 ------w- c:\windows\system32\ieframe(2)(2).dll
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:33 916992 ------w- c:\windows\system32\wininet(2)(2).dll
2012-07-02 17:49:33 1212416 ------w- c:\windows\system32\urlmon(2)(2).dll
2012-07-02 17:49:33 105984 ------w- c:\windows\system32\url(2)(2).dll
2012-07-02 17:49:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 2000384 ------w- c:\windows\system32\iertutil(2)(2).dll
2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec
2012-06-15 20:39:36 169744 ------w- c:\windows\system32\ztvunrar36.dll
2012-06-15 20:35:32 185616 ------w- c:\windows\system32\ztvunrar39.dll
2012-06-15 20:33:54 605968 ------w- c:\windows\system32\ztv7z.dll
2012-06-15 20:33:32 77072 ------w- c:\windows\system32\ztvcabinet.dll
.
============= FINISH: 20:52:38.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,010 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:17 PM

Posted 12 September 2012 - 12:20 PM

Greetings BeatlesFanatic9 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. If you prefer I call you something other than your screen name I would be pleased to do so. :thumbup2:


===================================================


Ground Rules:

  • First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided. I will post back as soon as possible.

Edited by Oh My, 12 September 2012 - 01:45 PM.
Removed request for new logs

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,010 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:17 PM

Posted 12 September 2012 - 02:02 PM

Greetings BeatlesFanatic9,

Can you confirm you have set your internet proxy through Server Pronto which is indicated by this:

uInternet Settings,ProxyServer = http=65.111.167.103:3128;ftp=65.111.167.103:3128;https=65.111.167.103:3128;


It appears you have run Combofix twice. Please perform the following for me so I can review was has already been addressed.


===================================================


Obtaining ComboFix logs

--------------------

Please copy and paste the contents of the following files in your reply.

C:\ComboFix.txt
c:\qoobox\combofix2.txt


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Is Server Pronto familiar?
  • Combofix.txt
  • Combofix2.txt
  • Are you experiencing any other issues besides IE?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 BeatlesFanatic9

BeatlesFanatic9
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 12 September 2012 - 08:13 PM

Is Server Pronto familiar? No I am not aware of this.

Are you experiencing any other issues besides IE? Not that im aware of other than can't access internet options or reinstall IE8.

ComboFix 12-09-07.03 - Jack King 09/07/2012 18:47:51.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1411 [GMT -4:00]
Running from: c:\documents and settings\Jack King\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Internet Explorer\SET3F.tmp
c:\program files\Internet Explorer\SET40.tmp
c:\program files\Internet Explorer\SET75.tmp
c:\program files\Internet Explorer\SET76.tmp
c:\program files\Internet Explorer\SET8.tmp
c:\program files\Internet Explorer\SET9.tmp
c:\program files\Internet Explorer\SETA7.tmp
c:\program files\Internet Explorer\SETA8.tmp
c:\windows\system32\SET10.tmp
c:\windows\system32\SET11.tmp
c:\windows\system32\SET13.tmp
c:\windows\system32\SET14.tmp
c:\windows\system32\SET15.tmp
c:\windows\system32\SET16.tmp
c:\windows\system32\SET19.tmp
c:\windows\system32\SET1A.tmp
c:\windows\system32\SET1B.tmp
c:\windows\system32\SET1D.tmp
c:\windows\system32\SET1E.tmp
c:\windows\system32\SET1F.tmp
c:\windows\system32\SET20.tmp
c:\windows\system32\SET21.tmp
c:\windows\system32\SET22.tmp
c:\windows\system32\SET23.tmp
c:\windows\system32\SET24.tmp
c:\windows\system32\SET25.tmp
c:\windows\system32\SET26.tmp
c:\windows\system32\SET27.tmp
c:\windows\system32\SET28.tmp
c:\windows\system32\SET29.tmp
c:\windows\system32\SET2A.tmp
c:\windows\system32\SET2B.tmp
c:\windows\system32\SET2C.tmp
c:\windows\system32\SET2D.tmp
c:\windows\system32\SET2E.tmp
c:\windows\system32\SET2F.tmp
c:\windows\system32\SET30.tmp
c:\windows\system32\SET31.tmp
c:\windows\system32\SET32.tmp
c:\windows\system32\SET42.tmp
c:\windows\system32\SET43.tmp
c:\windows\system32\SET44.tmp
c:\windows\system32\SET45.tmp
c:\windows\system32\SET46.tmp
c:\windows\system32\SET47.tmp
c:\windows\system32\SET48.tmp
c:\windows\system32\SET49.tmp
c:\windows\system32\SET4A.tmp
c:\windows\system32\SET4B.tmp
c:\windows\system32\SET4C.tmp
c:\windows\system32\SET4D.tmp
c:\windows\system32\SET4E.tmp
c:\windows\system32\SET50.tmp
c:\windows\system32\SET51.tmp
c:\windows\system32\SET52.tmp
c:\windows\system32\SET53.tmp
c:\windows\system32\SET54.tmp
c:\windows\system32\SET55.tmp
c:\windows\system32\SET56.tmp
c:\windows\system32\SET57.tmp
c:\windows\system32\SET58.tmp
c:\windows\system32\SET59.tmp
c:\windows\system32\SET5A.tmp
c:\windows\system32\SET5B.tmp
c:\windows\system32\SET5C.tmp
c:\windows\system32\SET5D.tmp
c:\windows\system32\SET5E.tmp
c:\windows\system32\SET5F.tmp
c:\windows\system32\SET60.tmp
c:\windows\system32\SET61.tmp
c:\windows\system32\SET62.tmp
c:\windows\system32\SET63.tmp
c:\windows\system32\SET64.tmp
c:\windows\system32\SET65.tmp
c:\windows\system32\SET78.tmp
c:\windows\system32\SET79.tmp
c:\windows\system32\SET7A.tmp
c:\windows\system32\SET7B.tmp
c:\windows\system32\SET7C.tmp
c:\windows\system32\SET7D.tmp
c:\windows\system32\SET7E.tmp
c:\windows\system32\SET7F.tmp
c:\windows\system32\SET80.tmp
c:\windows\system32\SET81.tmp
c:\windows\system32\SET82.tmp
c:\windows\system32\SET83.tmp
c:\windows\system32\SET84.tmp
c:\windows\system32\SET86.tmp
c:\windows\system32\SET87.tmp
c:\windows\system32\SET88.tmp
c:\windows\system32\SET89.tmp
c:\windows\system32\SET8A.tmp
c:\windows\system32\SET8B.tmp
c:\windows\system32\SET8C.tmp
c:\windows\system32\SET8D.tmp
c:\windows\system32\SET8E.tmp
c:\windows\system32\SET8F.tmp
c:\windows\system32\SET90.tmp
c:\windows\system32\SET91.tmp
c:\windows\system32\SET92.tmp
c:\windows\system32\SET93.tmp
c:\windows\system32\SET94.tmp
c:\windows\system32\SET95.tmp
c:\windows\system32\SET96.tmp
c:\windows\system32\SET97.tmp
c:\windows\system32\SET98.tmp
c:\windows\system32\SET99.tmp
c:\windows\system32\SET9A.tmp
c:\windows\system32\SET9B.tmp
c:\windows\system32\SETAA.tmp
c:\windows\system32\SETAB.tmp
c:\windows\system32\SETAC.tmp
c:\windows\system32\SETAD.tmp
c:\windows\system32\SETAE.tmp
c:\windows\system32\SETAF.tmp
c:\windows\system32\SETB0.tmp
c:\windows\system32\SETB1.tmp
c:\windows\system32\SETB2.tmp
c:\windows\system32\SETB3.tmp
c:\windows\system32\SETB4.tmp
c:\windows\system32\SETB5.tmp
c:\windows\system32\SETB6.tmp
c:\windows\system32\SETB8.tmp
c:\windows\system32\SETB9.tmp
c:\windows\system32\SETBA.tmp
c:\windows\system32\SETBB.tmp
c:\windows\system32\SETBC.tmp
c:\windows\system32\SETBD.tmp
c:\windows\system32\SETBE.tmp
c:\windows\system32\SETBF.tmp
c:\windows\system32\SETC.tmp
c:\windows\system32\SETC0.tmp
c:\windows\system32\SETC1.tmp
c:\windows\system32\SETC2.tmp
c:\windows\system32\SETC3.tmp
c:\windows\system32\SETC4.tmp
c:\windows\system32\SETC5.tmp
c:\windows\system32\SETC6.tmp
c:\windows\system32\SETC7.tmp
c:\windows\system32\SETC8.tmp
c:\windows\system32\SETC9.tmp
c:\windows\system32\SETCA.tmp
c:\windows\system32\SETCB.tmp
c:\windows\system32\SETCC.tmp
c:\windows\system32\SETCD.tmp
c:\windows\system32\SETD.tmp
c:\windows\system32\SETE.tmp
c:\windows\system32\SETF.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-08-07 to 2012-09-07 )))))))))))))))))))))))))))))))
.
.
2012-09-07 22:33 . 2012-09-07 22:33 -------- d-----w- c:\windows\system32\wbem\Repository
2012-09-07 20:01 . 2012-09-07 20:01 -------- d-----w- c:\documents and settings\Jack King\Application Data\ElevatedDiagnostics
2012-09-07 15:32 . 2012-08-28 05:50 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{B3237AC3-FDCD-4A05-8DA7-60483CEC26A9}\mpengine.dll
2012-09-01 08:07 . 2012-09-01 08:07 -------- d-----w- c:\program files\Java
2012-09-01 08:07 . 2012-09-01 08:07 -------- d-----w- c:\program files\Common Files\Java
2012-09-01 08:06 . 2012-09-01 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2012-08-30 22:56 . 2012-08-30 22:56 -------- d-----w- c:\program files\VS Revo Group
2012-08-24 04:34 . 2012-08-24 04:34 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2012-08-24 04:16 . 2012-08-24 04:16 -------- d-----w- c:\program files\Radical Games
2012-08-21 04:47 . 2012-08-21 04:47 -------- d-----w- c:\program files\uTorrent
2012-08-21 04:24 . 2012-08-21 04:34 -------- d-----w- c:\program files\Ask.com
2012-08-21 04:24 . 2012-08-21 04:27 -------- d-----w- c:\documents and settings\Jack King\Local Settings\Application Data\AskToolbar
2012-08-18 04:35 . 2012-08-18 04:35 -------- d-----w- c:\program files\CCleaner
2012-08-18 02:44 . 2012-08-18 02:44 -------- d-----w- c:\program files\Warecentral
2012-08-17 04:10 . 2012-08-18 00:36 -------- d-----w- c:\windows\nview
2012-08-16 05:09 . 2012-08-18 06:19 426184 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-08-16 05:09 . 2012-08-18 06:19 70344 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 20:20 . 2012-08-21 04:41 -------- d-----w- c:\program files\FreeHideIP
2012-08-12 08:24 . 2012-08-12 08:24 -------- d-----w- c:\documents and settings\Jack King\Application Data\FreeHideIP
2012-08-12 08:24 . 2012-08-12 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeHideIP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 05:50 . 2012-07-20 03:05 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-07-23 06:44 . 2012-07-23 06:45 687600 ------w- c:\windows\system32\deployJava1.dll
2012-07-06 13:58 . 2003-07-16 16:19 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-06 02:07 . 2012-07-23 06:45 143872 ------w- c:\windows\system32\javacpl.cpl
2012-07-06 02:06 . 2012-07-23 06:45 772544 ------w- c:\windows\system32\npDeployJava1.dll
2012-07-04 14:05 . 2011-04-04 22:03 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 17:46 . 2012-07-19 01:55 22344 ------w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2003-07-16 16:45 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 03:19 . 2009-03-08 08:39 11111424 ------w- c:\windows\system32\ieframe(2)(2).dll
2012-07-02 17:49 . 2003-07-16 16:45 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2003-07-16 16:45 916992 ------w- c:\windows\system32\wininet(2)(2).dll
2012-07-02 17:49 . 2003-07-16 16:43 1212416 ------w- c:\windows\system32\urlmon(2)(2).dll
2012-07-02 17:49 . 2003-07-16 16:43 105984 ------w- c:\windows\system32\url(2)(2).dll
2012-07-02 17:49 . 2009-03-08 08:32 2000384 ------w- c:\windows\system32\iertutil(2)(2).dll
2012-07-02 17:49 . 2003-07-16 16:26 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2003-07-16 16:24 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-06-15 20:39 . 2012-07-18 05:17 169744 ------w- c:\windows\system32\ztvunrar36.dll
2012-06-15 20:35 . 2012-07-18 05:17 185616 ------w- c:\windows\system32\ztvunrar39.dll
2012-06-15 20:33 . 2012-07-18 05:17 605968 ------w- c:\windows\system32\ztv7z.dll
2012-06-15 20:33 . 2012-07-18 05:17 77072 ------w- c:\windows\system32\ztvcabinet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-01_08.27.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-07 22:45 . 2012-09-07 22:45 16384 c:\windows\Temp\Perflib_Perfdata_7bc.dat
+ 2012-09-07 22:44 . 2012-09-07 22:44 16384 c:\windows\Temp\Perflib_Perfdata_72c.dat
+ 2003-07-16 16:38 . 2009-02-06 17:14 110592 c:\windows\system32\Services.exe
- 2003-07-16 16:38 . 2009-02-06 11:11 110592 c:\windows\system32\services.exe
+ 2012-04-30 16:52 . 2012-09-07 22:34 929352 c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2007-08-12 1465280]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 1867888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWPTOOLBOX"="c:\program files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe" [2004-11-26 327680]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-06-08 3784704]
.
c:\documents and settings\Jack King\Start Menu\Programs\Startup\
Dialog Helper.lnk - c:\program files\VCOM\PowerDesk\pddlghlp.exe [2004-8-2 40960]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Jack King\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [12/31/1979 8:00 PM 251194]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008030.006\SymEFA.sys [10/10/2011 8:49 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008030.006\BHDrvx86.sys [10/10/2011 8:49 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008030.006\cchpx86.sys [10/10/2011 8:48 PM 467592]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120901.001\IDSXpx86.sys [9/1/2012 12:32 AM 373728]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [10/10/2011 8:49 PM 117648]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [3/9/2011 11:07 AM 238592]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [3/9/2011 11:18 AM 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [3/9/2011 11:16 AM 484352]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/9/2012 6:20 AM 106656]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [4/4/2011 9:58 PM 19056]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4/6/2011 1:24 AM 47360]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [8/15/2012 12:43 AM 250056]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [3/20/2012 10:48 PM 11520]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [8/5/2011 12:30 PM 268512]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PBFILTER
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 06:19]
.
2012-09-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=65.111.167.103:3128;ftp=65.111.167.103:3128;https=65.111.167.103:3128;
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-07 19:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-1647877149-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2012-09-07 19:08:17
ComboFix-quarantined-files.txt 2012-09-07 23:08
ComboFix2.txt 2012-09-07 21:24
ComboFix3.txt 2012-09-07 20:42
ComboFix4.txt 2012-09-07 20:27
ComboFix5.txt 2012-09-07 22:46
.
Pre-Run: 54,514,032,640 bytes free
Post-Run: 54,551,760,896 bytes free
.
- - End Of File - - A450744A3FD953135ABFBBED63101DE9

ComboFix 12-09-07.03 - Jack King 09/07/2012 17:14:23.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1384 [GMT -4:00]
Running from: c:\documents and settings\Jack King\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jack King\Application Data\inst.exe
c:\documents and settings\Jack King\Application Data\vso_ts_preview.xml
c:\program files\Internet Explorer\SET5.tmp
c:\program files\Internet Explorer\SET6.tmp
c:\program files\Internet Explorer\SET7.tmp
c:\program files\Internet Explorer\SET8.tmp
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\SET10.tmp
c:\windows\system32\SET11.tmp
c:\windows\system32\SET13.tmp
c:\windows\system32\SET14.tmp
c:\windows\system32\SET15.tmp
c:\windows\system32\SET16.tmp
c:\windows\system32\SET19.tmp
c:\windows\system32\SET1A.tmp
c:\windows\system32\SET1B.tmp
c:\windows\system32\SET1C.tmp
c:\windows\system32\SET1D.tmp
c:\windows\system32\SET1E.tmp
c:\windows\system32\SET1F.tmp
c:\windows\system32\SET20.tmp
c:\windows\system32\SET21.tmp
c:\windows\system32\SET22.tmp
c:\windows\system32\SET23.tmp
c:\windows\system32\SET24.tmp
c:\windows\system32\SET25.tmp
c:\windows\system32\SET26.tmp
c:\windows\system32\SET27.tmp
c:\windows\system32\SET28.tmp
c:\windows\system32\SET29.tmp
c:\windows\system32\SET2A.tmp
c:\windows\system32\SET2B.tmp
c:\windows\system32\SET2C.tmp
c:\windows\system32\SET2D.tmp
c:\windows\system32\SET2E.tmp
c:\windows\system32\SET2F.tmp
c:\windows\system32\SET30.tmp
c:\windows\system32\SET31.tmp
c:\windows\system32\SET32.tmp
c:\windows\system32\SET33.tmp
c:\windows\system32\SET34.tmp
c:\windows\system32\SET35.tmp
c:\windows\system32\SET37.tmp
c:\windows\system32\SET38.tmp
c:\windows\system32\SET39.tmp
c:\windows\system32\SET3A.tmp
c:\windows\system32\SET3C.tmp
c:\windows\system32\SET3D.tmp
c:\windows\system32\SET3F.tmp
c:\windows\system32\SET40.tmp
c:\windows\system32\SET41.tmp
c:\windows\system32\SET42.tmp
c:\windows\system32\SET43.tmp
c:\windows\system32\SET44.tmp
c:\windows\system32\SET45.tmp
c:\windows\system32\SET46.tmp
c:\windows\system32\SET47.tmp
c:\windows\system32\SET48.tmp
c:\windows\system32\SET49.tmp
c:\windows\system32\SET4A.tmp
c:\windows\system32\SET4B.tmp
c:\windows\system32\SET4C.tmp
c:\windows\system32\SET4D.tmp
c:\windows\system32\SET4E.tmp
c:\windows\system32\SET4F.tmp
c:\windows\system32\SET50.tmp
c:\windows\system32\SET51.tmp
c:\windows\system32\SET52.tmp
c:\windows\system32\SET53.tmp
c:\windows\system32\SET54.tmp
c:\windows\system32\SET9.tmp
c:\windows\system32\SETA.tmp
c:\windows\system32\SETB.tmp
c:\windows\system32\SETC.tmp
c:\windows\system32\SETD.tmp
c:\windows\system32\SETE.tmp
c:\windows\system32\SETF.tmp
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-07 to 2012-09-07 )))))))))))))))))))))))))))))))
.
.
2012-09-07 21:08 . 2012-09-07 21:08 -------- d-----w- c:\windows\system32\wbem\Repository
2012-09-07 20:01 . 2012-09-07 20:01 -------- d-----w- c:\documents and settings\Jack King\Application Data\ElevatedDiagnostics
2012-09-07 15:32 . 2012-08-28 05:50 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{B3237AC3-FDCD-4A05-8DA7-60483CEC26A9}\mpengine.dll
2012-09-01 08:07 . 2012-09-01 08:07 -------- d-----w- c:\program files\Java
2012-09-01 08:07 . 2012-09-01 08:07 -------- d-----w- c:\program files\Common Files\Java
2012-09-01 08:06 . 2012-09-01 08:06 -------- d-----w- c:\program files\BillP Studios
2012-09-01 08:06 . 2012-09-01 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2012-09-01 08:03 . 2012-09-01 08:03 -------- d-----w- c:\documents and settings\Jack King\Application Data\WinPatrol
2012-08-30 22:56 . 2012-08-30 22:56 -------- d-----w- c:\program files\VS Revo Group
2012-08-24 04:34 . 2012-08-24 04:34 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2012-08-24 04:16 . 2012-08-24 04:16 -------- d-----w- c:\program files\Radical Games
2012-08-21 04:47 . 2012-08-21 04:47 -------- d-----w- c:\program files\uTorrent
2012-08-21 04:24 . 2012-08-21 04:34 -------- d-----w- c:\program files\Ask.com
2012-08-21 04:24 . 2012-08-21 04:27 -------- d-----w- c:\documents and settings\Jack King\Local Settings\Application Data\AskToolbar
2012-08-18 04:35 . 2012-08-18 04:35 -------- d-----w- c:\program files\CCleaner
2012-08-18 02:44 . 2012-08-18 02:44 -------- d-----w- c:\program files\Warecentral
2012-08-17 04:10 . 2012-08-18 00:36 -------- d-----w- c:\windows\nview
2012-08-16 05:09 . 2012-08-18 06:19 426184 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-08-16 05:09 . 2012-08-18 06:19 70344 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 20:20 . 2012-08-21 04:41 -------- d-----w- c:\program files\FreeHideIP
2012-08-12 08:24 . 2012-08-12 08:24 -------- d-----w- c:\documents and settings\Jack King\Application Data\FreeHideIP
2012-08-12 08:24 . 2012-08-12 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeHideIP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 05:50 . 2012-07-20 03:05 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-07-23 06:44 . 2012-07-23 06:45 687600 ------w- c:\windows\system32\deployJava1.dll
2012-07-06 13:58 . 2003-07-16 16:19 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-06 02:07 . 2012-07-23 06:45 143872 ------w- c:\windows\system32\javacpl.cpl
2012-07-06 02:06 . 2012-07-23 06:45 772544 ------w- c:\windows\system32\npDeployJava1.dll
2012-07-04 14:05 . 2011-04-04 22:03 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 17:46 . 2012-07-19 01:55 22344 ------w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2003-07-16 16:45 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 03:19 . 2009-03-08 08:39 11111424 ------w- c:\windows\system32\ieframe(2)(2).dll
2012-07-02 17:49 . 2003-07-16 16:45 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2003-07-16 16:45 916992 ------w- c:\windows\system32\wininet(2)(2).dll
2012-07-02 17:49 . 2003-07-16 16:43 1212416 ------w- c:\windows\system32\urlmon(2)(2).dll
2012-07-02 17:49 . 2003-07-16 16:43 105984 ------w- c:\windows\system32\url(2)(2).dll
2012-07-02 17:49 . 2009-03-08 08:32 2000384 ------w- c:\windows\system32\iertutil(2)(2).dll
2012-07-02 17:49 . 2003-07-16 16:26 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2003-07-16 16:24 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-06-15 20:39 . 2012-07-18 05:17 169744 ------w- c:\windows\system32\ztvunrar36.dll
2012-06-15 20:35 . 2012-07-18 05:17 185616 ------w- c:\windows\system32\ztvunrar39.dll
2012-06-15 20:33 . 2012-07-18 05:17 605968 ------w- c:\windows\system32\ztv7z.dll
2012-06-15 20:33 . 2012-07-18 05:17 77072 ------w- c:\windows\system32\ztvcabinet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-01_08.27.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-07 21:21 . 2012-09-07 21:21 16384 c:\windows\Temp\Perflib_Perfdata_684.dat
+ 2012-09-07 21:20 . 2012-09-07 21:20 16384 c:\windows\Temp\Perflib_Perfdata_4c0.dat
+ 2003-07-16 16:38 . 2009-02-06 17:14 110592 c:\windows\system32\Services.exe
- 2003-07-16 16:38 . 2009-02-06 11:11 110592 c:\windows\system32\services.exe
+ 2012-04-30 16:52 . 2012-09-07 21:08 1713088 c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2007-08-12 1465280]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 1867888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWPTOOLBOX"="c:\program files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe" [2004-11-26 327680]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-06-08 3784704]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-07-13 384232]
.
c:\documents and settings\Jack King\Start Menu\Programs\Startup\
Dialog Helper.lnk - c:\program files\VCOM\PowerDesk\pddlghlp.exe [2004-8-2 40960]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Jack King\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [12/31/1979 8:00 PM 251194]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008030.006\SymEFA.sys [10/10/2011 8:49 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008030.006\BHDrvx86.sys [10/10/2011 8:49 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008030.006\cchpx86.sys [10/10/2011 8:48 PM 467592]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120901.001\IDSXpx86.sys [9/1/2012 12:32 AM 373728]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [10/10/2011 8:49 PM 117648]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [3/9/2011 11:07 AM 238592]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [3/9/2011 11:18 AM 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [3/9/2011 11:16 AM 484352]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/9/2012 6:20 AM 106656]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [4/4/2011 9:58 PM 19056]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4/6/2011 1:24 AM 47360]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [8/15/2012 12:43 AM 250056]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [3/20/2012 10:48 PM 11520]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [8/5/2011 12:30 PM 268512]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PBFILTER
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 06:19]
.
2012-09-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=65.111.167.103:3128;ftp=65.111.167.103:3128;https=65.111.167.103:3128;
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-07 17:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-1647877149-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3796)
c:\windows\system32\WININET.dll
c:\program files\VCOM\PowerDesk\pddlghlp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\spkrmon.exe
c:\program files\Zune\ZuneBusEnum.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-09-07 17:24:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-07 21:24
ComboFix2.txt 2012-09-07 20:42
ComboFix3.txt 2012-09-07 20:27
ComboFix4.txt 2006-03-15 06:23
ComboFix5.txt 2012-09-07 21:13
.
Pre-Run: 54,907,170,816 bytes free
Post-Run: 54,887,378,944 bytes free
.
- - End Of File - - 165A39F77CB71D38DD2D7A7E1883A90B

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,010 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:17 PM

Posted 13 September 2012 - 10:46 AM

Greetings BeatlesFanatic9,

Thank you for allowing me some time to review your information.

Please complete the following.


===================================================


Reinstalling ComboFix and Running a Combofix Script

-------------------

  • Right click on the ComboFix Icon Posted Image on your desktop and select Delete.
    Please download ComboFix from one of these locations and save it to your desktop:

    Bleepingcomputer
    ForoSpyware

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text below into the Notepad document

    DDS::
    uInternet Settings,ProxyServer = http=65.111.167.103:3128;ftp=65.111.167.103:3128;https=65.111.167.103:3128;
  • Save this on your desktop as CFScript.txt.


    Posted Image

  • Refering to the picture above, drag CFScript.txt into ComboFix.exe
  • When finished, it will create a log for you at C:\ComboFix.txt. Please copy/paste the information in your next reply.

===================================================


Run TDSSKiller by Kaspersky on XP

--------------------

  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Double-click on TDSSKiller.exe.
  • When the program opens, click the Start Scan button.


    Posted Image

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.


    Posted Image

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!


    Posted Image

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis. Please submit these results with your next reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    Posted Image
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    Posted Image
  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Combofix.txt
  • TDSSKiller log
  • aswMBR log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 BeatlesFanatic9

BeatlesFanatic9
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 13 September 2012 - 03:12 PM

ComboFix 12-09-13.01 - Jack King 09/13/2012 13:13:10.10.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1324 [GMT -4:00]
Running from: c:\documents and settings\Jack King\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jack King\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Internet Explorer\SET9.tmp
c:\program files\Internet Explorer\SETA.tmp
c:\windows\system32\SET10.tmp
c:\windows\system32\SET11.tmp
c:\windows\system32\SET13.tmp
c:\windows\system32\SET14.tmp
c:\windows\system32\SET15.tmp
c:\windows\system32\SET16.tmp
c:\windows\system32\SET19.tmp
c:\windows\system32\SET1A.tmp
c:\windows\system32\SET1B.tmp
c:\windows\system32\SET1D.tmp
c:\windows\system32\SET1F.tmp
c:\windows\system32\SET20.tmp
c:\windows\system32\SET21.tmp
c:\windows\system32\SET22.tmp
c:\windows\system32\SET23.tmp
c:\windows\system32\SET24.tmp
c:\windows\system32\SET25.tmp
c:\windows\system32\SET26.tmp
c:\windows\system32\SET27.tmp
c:\windows\system32\SET28.tmp
c:\windows\system32\SET29.tmp
c:\windows\system32\SET2A.tmp
c:\windows\system32\SET2B.tmp
c:\windows\system32\SET2C.tmp
c:\windows\system32\SET2D.tmp
c:\windows\system32\SET2E.tmp
c:\windows\system32\SET2F.tmp
c:\windows\system32\SET30.tmp
c:\windows\system32\SET31.tmp
c:\windows\system32\SET32.tmp
c:\windows\system32\SET33.tmp
c:\windows\system32\SET34.tmp
c:\windows\system32\SETD.tmp
c:\windows\system32\SETE.tmp
c:\windows\system32\SETF.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_COMSYSAPP
-------\Service_COMSysApp
.
.
((((((((((((((((((((((((( Files Created from 2012-08-13 to 2012-09-13 )))))))))))))))))))))))))))))))
.
.
2012-09-13 06:20 . 2012-09-13 06:20 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{0AF3156B-86D1-452C-BFBF-C6719C75072A}\offreg.dll
2012-09-11 16:24 . 2012-08-28 05:50 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{0AF3156B-86D1-452C-BFBF-C6719C75072A}\mpengine.dll
2012-09-11 08:20 . 2012-09-11 08:20 -------- d-----w- c:\program files\Sol Edit
2012-09-08 00:43 . 2012-09-08 00:43 -------- d-----w- c:\windows\system32\wbem\Repository
2012-09-07 21:23 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2012-09-07 20:01 . 2012-09-07 20:01 -------- d-----w- c:\documents and settings\Jack King\Application Data\ElevatedDiagnostics
2012-09-01 08:07 . 2012-09-01 08:07 -------- d-----w- c:\program files\Java
2012-09-01 08:07 . 2012-09-01 08:07 -------- d-----w- c:\program files\Common Files\Java
2012-09-01 08:06 . 2012-09-01 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2012-08-30 22:56 . 2012-08-30 22:56 -------- d-----w- c:\program files\VS Revo Group
2012-08-24 04:34 . 2012-08-24 04:34 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2012-08-24 04:16 . 2012-08-24 04:16 -------- d-----w- c:\program files\Radical Games
2012-08-21 04:24 . 2012-08-21 04:34 -------- d-----w- c:\program files\Ask.com
2012-08-21 04:24 . 2012-08-21 04:27 -------- d-----w- c:\documents and settings\Jack King\Local Settings\Application Data\AskToolbar
2012-08-18 04:35 . 2012-08-18 04:35 -------- d-----w- c:\program files\CCleaner
2012-08-18 02:44 . 2012-08-18 02:44 -------- d-----w- c:\program files\Warecentral
2012-08-17 04:10 . 2012-08-18 00:36 -------- d-----w- c:\windows\nview
2012-08-16 05:09 . 2012-08-18 06:19 426184 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-08-16 05:09 . 2012-08-18 06:19 70344 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 20:20 . 2012-08-21 04:41 -------- d-----w- c:\program files\FreeHideIP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 05:50 . 2012-07-20 03:05 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-07-23 06:44 . 2012-07-23 06:45 687600 ------w- c:\windows\system32\deployJava1.dll
2012-07-06 13:58 . 2003-07-16 16:19 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-06 02:07 . 2012-07-23 06:45 143872 ------w- c:\windows\system32\javacpl.cpl
2012-07-06 02:06 . 2012-07-23 06:45 772544 ------w- c:\windows\system32\npDeployJava1.dll
2012-07-04 14:05 . 2011-04-04 22:03 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 17:46 . 2012-07-19 01:55 22344 ------w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2003-07-16 16:45 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 03:19 . 2009-03-08 08:39 11111424 ------w- c:\windows\system32\ieframe(2)(2).dll
2012-07-02 17:49 . 2003-07-16 16:45 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2003-07-16 16:45 916992 ------w- c:\windows\system32\wininet(2)(2).dll
2012-07-02 17:49 . 2003-07-16 16:43 1212416 ------w- c:\windows\system32\urlmon(2)(2).dll
2012-07-02 17:49 . 2003-07-16 16:43 105984 ------w- c:\windows\system32\url(2)(2).dll
2012-07-02 17:49 . 2009-03-08 08:32 2000384 ------w- c:\windows\system32\iertutil(2)(2).dll
2012-07-02 17:49 . 2003-07-16 16:26 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2003-07-16 16:24 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-06-15 20:39 . 2012-07-18 05:17 169744 ------w- c:\windows\system32\ztvunrar36.dll
2012-06-15 20:35 . 2012-07-18 05:17 185616 ------w- c:\windows\system32\ztvunrar39.dll
2012-06-15 20:33 . 2012-07-18 05:17 605968 ------w- c:\windows\system32\ztv7z.dll
2012-06-15 20:33 . 2012-07-18 05:17 77072 ------w- c:\windows\system32\ztvcabinet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-01_08.27.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-13 17:22 . 2012-09-13 17:22 16384 c:\windows\Temp\Perflib_Perfdata_560.dat
+ 2012-09-13 17:22 . 2012-09-13 17:22 16384 c:\windows\Temp\Perflib_Perfdata_350.dat
+ 2012-04-30 16:52 . 2012-09-08 00:43 143056 c:\windows\system32\Restore\rstrlog.dat
+ 2011-04-04 23:02 . 2012-09-13 07:00 62164608 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2007-08-12 1465280]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 1867888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWPTOOLBOX"="c:\program files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe" [2004-11-26 327680]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-06-08 3784704]
.
c:\documents and settings\Jack King\Start Menu\Programs\Startup\
Dialog Helper.lnk - c:\program files\VCOM\PowerDesk\pddlghlp.exe [2004-8-2 40960]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Jack King\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [12/31/1979 8:00 PM 251194]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008030.006\SymEFA.sys [10/10/2011 8:49 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008030.006\BHDrvx86.sys [10/10/2011 8:49 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008030.006\cchpx86.sys [10/10/2011 8:48 PM 467592]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120912.001\IDSXpx86.sys [9/12/2012 8:08 PM 373728]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [10/10/2011 8:49 PM 117648]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [3/9/2011 11:07 AM 238592]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [3/9/2011 11:18 AM 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [3/9/2011 11:16 AM 484352]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/9/2012 6:20 AM 106656]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [4/4/2011 9:58 PM 19056]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4/6/2011 1:24 AM 47360]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [8/15/2012 12:43 AM 250056]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [3/20/2012 10:48 PM 11520]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [8/5/2011 12:30 PM 268512]
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 06:19]
.
2012-09-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-13 13:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-1647877149-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3616)
c:\windows\system32\WININET.dll
c:\program files\VCOM\PowerDesk\pddlghlp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\spkrmon.exe
c:\program files\Zune\ZuneBusEnum.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-09-13 13:25:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-13 17:25
ComboFix2.txt 2012-09-07 23:08
ComboFix3.txt 2012-09-07 21:24
ComboFix4.txt 2012-09-07 20:42
ComboFix5.txt 2012-09-13 17:11
.
Pre-Run: 52,595,339,264 bytes free
Post-Run: 54,002,933,760 bytes free
.
- - End Of File - - 23A6074DFF4A25B4885527512100B765

13:36:10.0640 2744 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
13:36:12.0640 2744 ============================================================
13:36:12.0640 2744 Current date / time: 2012/09/13 13:36:12.0640
13:36:12.0640 2744 SystemInfo:
13:36:12.0640 2744
13:36:12.0640 2744 OS Version: 5.1.2600 ServicePack: 3.0
13:36:12.0640 2744 Product type: Workstation
13:36:12.0640 2744 ComputerName: JACKWS
13:36:12.0640 2744 UserName: Jack King
13:36:12.0640 2744 Windows directory: C:\WINDOWS
13:36:12.0640 2744 System windows directory: C:\WINDOWS
13:36:12.0640 2744 Processor architecture: Intel x86
13:36:12.0640 2744 Number of processors: 2
13:36:12.0640 2744 Page size: 0x1000
13:36:12.0640 2744 Boot type: Normal boot
13:36:12.0640 2744 ============================================================
13:36:13.0734 2744 Drive \Device\Harddisk0\DR0 - Size: 0x222EE65000 (136.73 Gb), SectorSize: 0x200, Cylinders: 0x45B9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
13:36:13.0734 2744 ============================================================
13:36:13.0734 2744 \Device\Harddisk0\DR0:
13:36:13.0734 2744 MBR partitions:
13:36:13.0734 2744 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11171F79
13:36:13.0734 2744 ============================================================
13:36:13.0750 2744 C: <-> \Device\Harddisk0\DR0\Partition1
13:36:13.0750 2744 ============================================================
13:36:13.0750 2744 Initialize success
13:36:13.0750 2744 ============================================================
13:36:29.0437 0440 ============================================================
13:36:29.0437 0440 Scan started
13:36:29.0437 0440 Mode: Manual;
13:36:29.0437 0440 ============================================================
13:36:30.0359 0440 ================ Scan system memory ========================
13:36:30.0359 0440 System memory - ok
13:36:30.0359 0440 ================ Scan services =============================
13:36:30.0437 0440 [ 03452F97489B3528C57B4344FDE6DFC9 ] a320raid C:\WINDOWS\system32\drivers\a320raid.sys
13:36:30.0437 0440 a320raid - ok
13:36:30.0437 0440 Abiosdsk - ok
13:36:30.0453 0440 abp480n5 - ok
13:36:30.0468 0440 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:36:30.0468 0440 ACPI - ok
13:36:30.0484 0440 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:36:30.0515 0440 ACPIEC - ok
13:36:30.0546 0440 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:36:30.0625 0440 AdobeFlashPlayerUpdateSvc - ok
13:36:30.0640 0440 adpu160m - ok
13:36:30.0656 0440 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
13:36:30.0656 0440 aeaudio - ok
13:36:30.0671 0440 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:36:30.0671 0440 aec - ok
13:36:30.0703 0440 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:36:30.0703 0440 AFD - ok
13:36:30.0703 0440 Aha154x - ok
13:36:30.0718 0440 aic78u2 - ok
13:36:30.0718 0440 aic78xx - ok
13:36:30.0734 0440 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:36:30.0750 0440 Alerter - ok
13:36:30.0765 0440 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
13:36:30.0765 0440 ALG - ok
13:36:30.0765 0440 AliIde - ok
13:36:30.0781 0440 amsint - ok
13:36:30.0796 0440 [ 593E7FFEDB1037BB559DD25B66A3A1B5 ] AnyDVD C:\WINDOWS\system32\Drivers\AnyDVD.sys
13:36:30.0812 0440 AnyDVD - ok
13:36:30.0843 0440 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
13:36:30.0859 0440 AppMgmt - ok
13:36:30.0890 0440 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:36:30.0890 0440 Arp1394 - ok
13:36:30.0890 0440 asc - ok
13:36:30.0906 0440 asc3350p - ok
13:36:30.0906 0440 asc3550 - ok
13:36:30.0937 0440 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:36:31.0000 0440 aspnet_state - ok
13:36:31.0015 0440 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:36:31.0015 0440 AsyncMac - ok
13:36:31.0031 0440 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:36:31.0031 0440 atapi - ok
13:36:31.0031 0440 Atdisk - ok
13:36:31.0046 0440 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:36:31.0062 0440 Atmarpc - ok
13:36:31.0078 0440 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:36:31.0078 0440 AudioSrv - ok
13:36:31.0093 0440 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:36:31.0109 0440 audstub - ok
13:36:31.0125 0440 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:36:31.0140 0440 Beep - ok
13:36:31.0171 0440 [ 76154FA6A742C613B44BB636B1A7C057 ] BHDrvx86 C:\WINDOWS\System32\Drivers\NIS\1008030.006\BHDrvx86.sys
13:36:31.0171 0440 BHDrvx86 - ok
13:36:31.0203 0440 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
13:36:31.0218 0440 BITS - ok
13:36:31.0234 0440 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
13:36:31.0234 0440 Browser - ok
13:36:31.0234 0440 catchme - ok
13:36:31.0265 0440 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:36:31.0265 0440 cbidf2k - ok
13:36:31.0296 0440 [ 3182B846490DC4D71FABD4A8CB6B73EA ] ccHP C:\WINDOWS\System32\Drivers\NIS\1008030.006\ccHPx86.sys
13:36:31.0312 0440 ccHP - ok
13:36:31.0312 0440 cd20xrnt - ok
13:36:31.0328 0440 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:36:31.0328 0440 Cdaudio - ok
13:36:31.0359 0440 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:36:31.0359 0440 Cdfs - ok
13:36:31.0375 0440 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:36:31.0390 0440 Cdrom - ok
13:36:31.0390 0440 Changer - ok
13:36:31.0406 0440 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:36:31.0421 0440 CiSvc - ok
13:36:31.0453 0440 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:36:31.0453 0440 ClipSrv - ok
13:36:31.0484 0440 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:36:31.0531 0440 clr_optimization_v2.0.50727_32 - ok
13:36:31.0531 0440 CmdIde - ok
13:36:31.0546 0440 Cpqarray - ok
13:36:31.0593 0440 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:36:31.0593 0440 CryptSvc - ok
13:36:31.0609 0440 dac2w2k - ok
13:36:31.0609 0440 dac960nt - ok
13:36:31.0640 0440 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:36:31.0640 0440 DcomLaunch - ok
13:36:31.0656 0440 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:36:31.0671 0440 Dhcp - ok
13:36:31.0671 0440 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:36:31.0671 0440 Disk - ok
13:36:31.0687 0440 dmadmin - ok
13:36:31.0703 0440 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:36:31.0734 0440 dmboot - ok
13:36:31.0750 0440 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:36:31.0750 0440 dmio - ok
13:36:31.0765 0440 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:36:31.0765 0440 dmload - ok
13:36:31.0781 0440 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:36:31.0781 0440 dmserver - ok
13:36:31.0812 0440 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:36:31.0828 0440 DMusic - ok
13:36:31.0890 0440 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:36:31.0890 0440 Dnscache - ok
13:36:31.0906 0440 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:36:31.0937 0440 Dot3svc - ok
13:36:31.0937 0440 dpti2o - ok
13:36:31.0953 0440 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:36:31.0953 0440 drmkaud - ok
13:36:31.0984 0440 [ BB98A47FAF8B6A99202290C1E7D49D36 ] E1000 C:\WINDOWS\system32\DRIVERS\e1000325.sys
13:36:32.0000 0440 E1000 - ok
13:36:32.0015 0440 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:36:32.0031 0440 EapHost - ok
13:36:32.0078 0440 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
13:36:32.0078 0440 eeCtrl - ok
13:36:32.0093 0440 [ AAA8999A169E39FB8B48AE49CD6AC30A ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
13:36:32.0109 0440 ElbyCDIO - ok
13:36:32.0125 0440 [ DF9957DB3BFE5136AAD3C2C101806C98 ] ElbyDelay C:\WINDOWS\system32\Drivers\ElbyDelay.sys
13:36:32.0140 0440 ElbyDelay - ok
13:36:32.0140 0440 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:36:32.0156 0440 EraserUtilRebootDrv - ok
13:36:32.0171 0440 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:36:32.0171 0440 ERSvc - ok
13:36:32.0187 0440 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
13:36:32.0203 0440 Eventlog - ok
13:36:32.0218 0440 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
13:36:32.0234 0440 EventSystem - ok
13:36:32.0234 0440 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:36:32.0265 0440 Fastfat - ok
13:36:32.0281 0440 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:36:32.0296 0440 FastUserSwitchingCompatibility - ok
13:36:32.0296 0440 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
13:36:32.0296 0440 Fdc - ok
13:36:32.0328 0440 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:36:32.0328 0440 Fips - ok
13:36:32.0328 0440 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:36:32.0343 0440 Flpydisk - ok
13:36:32.0359 0440 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:36:32.0375 0440 FltMgr - ok
13:36:32.0390 0440 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:36:32.0406 0440 FontCache3.0.0.0 - ok
13:36:32.0421 0440 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:36:32.0421 0440 Fs_Rec - ok
13:36:32.0437 0440 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:36:32.0437 0440 Ftdisk - ok
13:36:32.0453 0440 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:36:32.0453 0440 Gpc - ok
13:36:32.0484 0440 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:36:32.0484 0440 helpsvc - ok
13:36:32.0500 0440 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
13:36:32.0515 0440 HidServ - ok
13:36:32.0515 0440 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:36:32.0515 0440 hidusb - ok
13:36:32.0562 0440 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:36:32.0640 0440 hkmsvc - ok
13:36:32.0640 0440 hpn - ok
13:36:32.0875 0440 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:36:32.0875 0440 HTTP - ok
13:36:32.0890 0440 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:36:32.0906 0440 HTTPFilter - ok
13:36:32.0921 0440 i2omgmt - ok
13:36:32.0921 0440 i2omp - ok
13:36:32.0937 0440 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
13:36:32.0953 0440 i8042prt - ok
13:36:32.0984 0440 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
13:36:33.0015 0440 IDriverT - ok
13:36:33.0062 0440 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:36:33.0109 0440 idsvc - ok
13:36:33.0171 0440 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20120912.001\IDSxpx86.sys
13:36:33.0187 0440 IDSxpx86 - ok
13:36:33.0187 0440 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:36:33.0203 0440 Imapi - ok
13:36:33.0218 0440 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
13:36:33.0218 0440 ImapiService - ok
13:36:33.0234 0440 ini910u - ok
13:36:33.0234 0440 IntelIde - ok
13:36:33.0265 0440 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:36:33.0265 0440 intelppm - ok
13:36:33.0281 0440 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
13:36:33.0281 0440 ip6fw - ok
13:36:33.0312 0440 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:36:33.0328 0440 IpFilterDriver - ok
13:36:33.0328 0440 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:36:33.0343 0440 IpInIp - ok
13:36:33.0359 0440 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:36:33.0359 0440 IpNat - ok
13:36:33.0375 0440 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:36:33.0375 0440 IPSec - ok
13:36:33.0390 0440 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:36:33.0406 0440 IRENUM - ok
13:36:33.0421 0440 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:36:33.0421 0440 isapnp - ok
13:36:33.0453 0440 [ 4F2143570D2250CA4C4A4C98553C82CD ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
13:36:33.0500 0440 JavaQuickStarterService - ok
13:36:33.0515 0440 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:36:33.0515 0440 Kbdclass - ok
13:36:33.0531 0440 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:36:33.0531 0440 kbdhid - ok
13:36:33.0546 0440 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:36:33.0546 0440 kmixer - ok
13:36:33.0578 0440 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:36:33.0578 0440 KSecDD - ok
13:36:33.0593 0440 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
13:36:33.0609 0440 lanmanserver - ok
13:36:33.0640 0440 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:36:33.0656 0440 lanmanworkstation - ok
13:36:33.0656 0440 lbrtfdc - ok
13:36:33.0671 0440 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:36:33.0671 0440 LmHosts - ok
13:36:33.0703 0440 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
13:36:33.0703 0440 MDM - ok
13:36:33.0718 0440 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:36:33.0734 0440 Messenger - ok
13:36:33.0750 0440 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:36:33.0765 0440 mnmdd - ok
13:36:33.0781 0440 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
13:36:33.0796 0440 mnmsrvc - ok
13:36:33.0812 0440 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:36:33.0828 0440 Modem - ok
13:36:33.0843 0440 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:36:33.0843 0440 Mouclass - ok
13:36:33.0859 0440 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:36:33.0859 0440 mouhid - ok
13:36:33.0875 0440 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:36:33.0875 0440 MountMgr - ok
13:36:33.0890 0440 mraid35x - ok
13:36:33.0890 0440 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:36:33.0890 0440 MRxDAV - ok
13:36:33.0921 0440 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:36:33.0921 0440 MRxSmb - ok
13:36:33.0953 0440 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
13:36:33.0968 0440 MSDTC - ok
13:36:33.0968 0440 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:36:33.0968 0440 Msfs - ok
13:36:33.0984 0440 MSIServer - ok
13:36:33.0984 0440 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:36:34.0000 0440 MSKSSRV - ok
13:36:34.0000 0440 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:36:34.0015 0440 MSPCLOCK - ok
13:36:34.0031 0440 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:36:34.0046 0440 MSPQM - ok
13:36:34.0046 0440 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:36:34.0062 0440 mssmbios - ok
13:36:34.0062 0440 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:36:34.0078 0440 Mup - ok
13:36:34.0093 0440 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:36:34.0125 0440 napagent - ok
13:36:34.0156 0440 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120912.036\NAVENG.SYS
13:36:34.0171 0440 NAVENG - ok
13:36:34.0203 0440 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120912.036\NAVEX15.SYS
13:36:34.0234 0440 NAVEX15 - ok
13:36:34.0250 0440 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:36:34.0250 0440 NDIS - ok
13:36:34.0265 0440 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:36:34.0265 0440 NdisTapi - ok
13:36:34.0281 0440 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:36:34.0296 0440 Ndisuio - ok
13:36:34.0296 0440 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:36:34.0312 0440 NdisWan - ok
13:36:34.0328 0440 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:36:34.0328 0440 NDProxy - ok
13:36:34.0343 0440 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:36:34.0343 0440 NetBIOS - ok
13:36:34.0359 0440 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:36:34.0375 0440 NetBT - ok
13:36:34.0390 0440 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
13:36:34.0421 0440 NetDDE - ok
13:36:34.0421 0440 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:36:34.0421 0440 NetDDEdsdm - ok
13:36:34.0437 0440 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:36:34.0437 0440 Netlogon - ok
13:36:34.0453 0440 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
13:36:34.0453 0440 Netman - ok
13:36:34.0468 0440 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:36:34.0500 0440 NetTcpPortSharing - ok
13:36:34.0515 0440 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:36:34.0515 0440 NIC1394 - ok
13:36:34.0546 0440 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
13:36:34.0546 0440 Nla - ok
13:36:34.0609 0440 [ 64C89DB40949FD0E7C8FF303676A91F1 ] Norton Internet Security C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
13:36:34.0609 0440 Norton Internet Security - ok
13:36:34.0609 0440 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:36:34.0609 0440 Npfs - ok
13:36:34.0625 0440 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:36:34.0640 0440 Ntfs - ok
13:36:34.0656 0440 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
13:36:34.0656 0440 NtLmSsp - ok
13:36:34.0671 0440 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:36:34.0703 0440 NtmsSvc - ok
13:36:34.0718 0440 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
13:36:34.0718 0440 NuidFltr - ok
13:36:34.0734 0440 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:36:34.0734 0440 Null - ok
13:36:34.0781 0440 [ 074922194144C3B48C65C3392DA42209 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:36:34.0828 0440 nv - ok
13:36:34.0859 0440 [ 25C8A8149BB541F35EA2F5733221FD6A ] NVSvc C:\WINDOWS\System32\nvsvc32.exe
13:36:34.0859 0440 NVSvc - ok
13:36:34.0875 0440 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:36:34.0890 0440 NwlnkFlt - ok
13:36:34.0906 0440 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:36:34.0921 0440 NwlnkFwd - ok
13:36:34.0937 0440 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:36:34.0937 0440 ohci1394 - ok
13:36:34.0937 0440 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
13:36:34.0953 0440 OMCI - ok
13:36:34.0968 0440 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:36:35.0000 0440 ose - ok
13:36:35.0000 0440 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
13:36:35.0015 0440 Parport - ok
13:36:35.0015 0440 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:36:35.0015 0440 PartMgr - ok
13:36:35.0031 0440 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:36:35.0031 0440 ParVdm - ok
13:36:35.0062 0440 [ 61A5701E3F543861B21BBE0932C4CC03 ] pbfilter C:\Program Files\PeerBlock\pbfilter.sys
13:36:35.0078 0440 pbfilter - ok
13:36:35.0093 0440 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:36:35.0093 0440 PCI - ok
13:36:35.0109 0440 PCIDump - ok
13:36:35.0109 0440 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:36:35.0109 0440 PCIIde - ok
13:36:35.0125 0440 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:36:35.0140 0440 Pcmcia - ok
13:36:35.0171 0440 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
13:36:35.0187 0440 pcouffin - ok
13:36:35.0187 0440 PDCOMP - ok
13:36:35.0203 0440 PDFRAME - ok
13:36:35.0203 0440 PDRELI - ok
13:36:35.0203 0440 PDRFRAME - ok
13:36:35.0218 0440 perc2 - ok
13:36:35.0218 0440 perc2hib - ok
13:36:35.0250 0440 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
13:36:35.0250 0440 PlugPlay - ok
13:36:35.0281 0440 [ F9D3BB81BDF8B279E1F37282CD52A9B5 ] Pml Driver HPZ12 C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
13:36:35.0296 0440 Pml Driver HPZ12 - ok
13:36:35.0312 0440 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:36:35.0312 0440 PolicyAgent - ok
13:36:35.0328 0440 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:36:35.0343 0440 PptpMiniport - ok
13:36:35.0359 0440 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
13:36:35.0359 0440 Processor - ok
13:36:35.0375 0440 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:36:35.0375 0440 ProtectedStorage - ok
13:36:35.0375 0440 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:36:35.0375 0440 PSched - ok
13:36:35.0390 0440 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:36:35.0406 0440 Ptilink - ok
13:36:35.0421 0440 [ B5DFB86A6CAEAE9B2BF3DEDB43BE6393 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:36:35.0421 0440 PxHelp20 - ok
13:36:35.0421 0440 ql1080 - ok
13:36:35.0437 0440 Ql10wnt - ok
13:36:35.0437 0440 ql12160 - ok
13:36:35.0437 0440 ql1240 - ok
13:36:35.0453 0440 ql1280 - ok
13:36:35.0468 0440 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:36:35.0468 0440 RasAcd - ok
13:36:35.0484 0440 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:36:35.0500 0440 RasAuto - ok
13:36:35.0515 0440 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:36:35.0515 0440 Rasl2tp - ok
13:36:35.0531 0440 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:36:35.0546 0440 RasMan - ok
13:36:35.0546 0440 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:36:35.0562 0440 RasPppoe - ok
13:36:35.0578 0440 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:36:35.0578 0440 Raspti - ok
13:36:35.0593 0440 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:36:35.0593 0440 Rdbss - ok
13:36:35.0609 0440 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:36:35.0609 0440 RDPCDD - ok
13:36:35.0640 0440 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:36:35.0640 0440 rdpdr - ok
13:36:35.0656 0440 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:36:35.0671 0440 RDPWD - ok
13:36:35.0687 0440 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:36:35.0718 0440 RDSessMgr - ok
13:36:35.0734 0440 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:36:35.0734 0440 redbook - ok
13:36:35.0750 0440 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:36:35.0765 0440 RemoteAccess - ok
13:36:35.0796 0440 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
13:36:35.0796 0440 RemoteRegistry - ok
13:36:35.0796 0440 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
13:36:35.0812 0440 RpcLocator - ok
13:36:35.0828 0440 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
13:36:35.0843 0440 RpcSs - ok
13:36:35.0859 0440 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
13:36:35.0890 0440 RSVP - ok
13:36:35.0906 0440 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
13:36:35.0906 0440 SamSs - ok
13:36:35.0921 0440 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:36:35.0937 0440 SCardSvr - ok
13:36:35.0953 0440 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:36:35.0968 0440 Schedule - ok
13:36:35.0984 0440 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:36:36.0000 0440 Secdrv - ok
13:36:36.0015 0440 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:36:36.0015 0440 seclogon - ok
13:36:36.0031 0440 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
13:36:36.0046 0440 SENS - ok
13:36:36.0062 0440 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:36:36.0062 0440 serenum - ok
13:36:36.0078 0440 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:36:36.0078 0440 Serial - ok
13:36:36.0093 0440 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:36:36.0093 0440 Sfloppy - ok
13:36:36.0125 0440 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:36:36.0140 0440 SharedAccess - ok
13:36:36.0140 0440 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:36:36.0140 0440 ShellHWDetection - ok
13:36:36.0156 0440 Simbad - ok
13:36:36.0187 0440 [ 4AA922332433CDEB8B82C072C212E32E ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
13:36:36.0203 0440 smwdm - ok
13:36:36.0203 0440 Sparrow - ok
13:36:36.0234 0440 [ 4A205D78D17E6234986DDCD0DA2761E9 ] spkrmon C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
13:36:36.0250 0440 spkrmon - ok
13:36:36.0250 0440 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:36:36.0265 0440 splitter - ok
13:36:36.0281 0440 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:36:36.0281 0440 Spooler - ok
13:36:36.0296 0440 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:36:36.0312 0440 sr - ok
13:36:36.0328 0440 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
13:36:36.0328 0440 srservice - ok
13:36:36.0343 0440 [ E81F6CAEAB9AD5732E94C07C97866AA2 ] SRTSP C:\WINDOWS\System32\Drivers\NIS\1008030.006\SRTSP.SYS
13:36:36.0359 0440 SRTSP - ok
13:36:36.0375 0440 [ E28DE499D942B08058BFFAC69D4122B6 ] SRTSPX C:\WINDOWS\system32\drivers\NIS\1008030.006\SRTSPX.SYS
13:36:36.0375 0440 SRTSPX - ok
13:36:36.0406 0440 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:36:36.0406 0440 Srv - ok
13:36:36.0421 0440 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:36:36.0437 0440 SSDPSRV - ok
13:36:36.0453 0440 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:36:36.0468 0440 stisvc - ok
13:36:36.0484 0440 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:36:36.0484 0440 swenum - ok
13:36:36.0500 0440 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:36:36.0515 0440 swmidi - ok
13:36:36.0531 0440 SwPrv - ok
13:36:36.0531 0440 symc810 - ok
13:36:36.0546 0440 symc8xx - ok
13:36:36.0546 0440 SYMDNS - ok
13:36:36.0578 0440 [ D0885F6E24259A6C65E68D6AD749910A ] SymEFA C:\WINDOWS\system32\drivers\NIS\1008030.006\SYMEFA.SYS
13:36:36.0609 0440 SymEFA - ok
13:36:36.0625 0440 [ A54FF04BD6E75DC4D8CB6F3E352635E0 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
13:36:36.0625 0440 SymEvent - ok
13:36:36.0625 0440 [ A8C45C36309EE066F9191E511F88ED76 ] SYMFW C:\WINDOWS\System32\Drivers\NIS\1008030.006\SYMFW.SYS
13:36:36.0640 0440 SYMFW - ok
13:36:36.0640 0440 [ F4DB00BC0C25BE3E05D4BBB8637CC3A3 ] SYMIDS C:\WINDOWS\System32\Drivers\NIS\1008030.006\SYMIDS.SYS
13:36:36.0656 0440 SYMIDS - ok
13:36:36.0671 0440 [ C6DB9F873B09C63F5CB1DE10C08BF6F9 ] SymIM C:\WINDOWS\system32\DRIVERS\SymIM.sys
13:36:36.0671 0440 SymIM - ok
13:36:36.0671 0440 [ C6DB9F873B09C63F5CB1DE10C08BF6F9 ] SymIMMP C:\WINDOWS\system32\DRIVERS\SymIM.sys
13:36:36.0671 0440 SymIMMP - ok
13:36:36.0687 0440 [ 06A8ECFC68D61A26A67F0E96FF1CA9CC ] SYMNDIS C:\WINDOWS\System32\Drivers\NIS\1008030.006\SYMNDIS.SYS
13:36:36.0687 0440 SYMNDIS - ok
13:36:36.0703 0440 SYMREDRV - ok
13:36:36.0718 0440 [ 26BC80EC79D7BA478249C266CBDF17B4 ] SYMTDI C:\WINDOWS\System32\Drivers\NIS\1008030.006\SYMTDI.SYS
13:36:36.0734 0440 SYMTDI - ok
13:36:36.0734 0440 sym_hi - ok
13:36:36.0734 0440 sym_u3 - ok
13:36:36.0750 0440 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:36:36.0750 0440 sysaudio - ok
13:36:36.0765 0440 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:36:36.0796 0440 SysmonLog - ok
13:36:36.0812 0440 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:36:36.0828 0440 TapiSrv - ok
13:36:36.0843 0440 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:36:36.0859 0440 Tcpip - ok
13:36:36.0875 0440 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:36:36.0875 0440 TDPIPE - ok
13:36:36.0890 0440 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:36:36.0906 0440 TDTCP - ok
13:36:36.0921 0440 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:36:36.0921 0440 TermDD - ok
13:36:36.0937 0440 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
13:36:36.0953 0440 TermService - ok
13:36:36.0953 0440 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
13:36:36.0953 0440 Themes - ok
13:36:36.0968 0440 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
13:36:37.0000 0440 TlntSvr - ok
13:36:37.0000 0440 TosIde - ok
13:36:37.0031 0440 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:36:37.0031 0440 TrkWks - ok
13:36:37.0046 0440 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:36:37.0046 0440 Udfs - ok
13:36:37.0046 0440 ultra - ok
13:36:37.0062 0440 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:36:37.0078 0440 Update - ok
13:36:37.0109 0440 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:36:37.0125 0440 upnphost - ok
13:36:37.0140 0440 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
13:36:37.0156 0440 UPS - ok
13:36:37.0156 0440 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:36:37.0171 0440 usbccgp - ok
13:36:37.0187 0440 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:36:37.0187 0440 usbehci - ok
13:36:37.0203 0440 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:36:37.0203 0440 usbhub - ok
13:36:37.0218 0440 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:36:37.0218 0440 USBSTOR - ok
13:36:37.0250 0440 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:36:37.0250 0440 usbuhci - ok
13:36:37.0265 0440 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:36:37.0265 0440 VgaSave - ok
13:36:37.0265 0440 ViaIde - ok
13:36:37.0281 0440 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:36:37.0281 0440 VolSnap - ok
13:36:37.0296 0440 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
13:36:37.0312 0440 VSS - ok
13:36:37.0328 0440 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
13:36:37.0328 0440 W32Time - ok
13:36:37.0359 0440 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:36:37.0375 0440 Wanarp - ok
13:36:37.0390 0440 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
13:36:37.0406 0440 WDC_SAM - ok
13:36:37.0421 0440 [ BF847A3972CC6B5CE26E0EA742DD52D9 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
13:36:37.0421 0440 WDDMService - ok
13:36:37.0453 0440 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
13:36:37.0453 0440 Wdf01000 - ok
13:36:37.0500 0440 [ B5966F1DFF6E20576F3C8C2D93D129FD ] WDFME C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
13:36:37.0515 0440 WDFME - ok
13:36:37.0515 0440 WDICA - ok
13:36:37.0531 0440 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:36:37.0531 0440 wdmaud - ok
13:36:37.0546 0440 [ 92F0088CA18BB08BB596EF2608256F8A ] WDSC C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
13:36:37.0578 0440 WDSC - ok
13:36:37.0609 0440 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:36:37.0609 0440 WebClient - ok
13:36:37.0640 0440 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
13:36:37.0640 0440 WinDefend - ok
13:36:37.0671 0440 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:36:37.0687 0440 winmgmt - ok
13:36:37.0703 0440 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
13:36:37.0718 0440 WinUSB - ok
13:36:37.0734 0440 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:36:37.0750 0440 WmdmPmSN - ok
13:36:37.0765 0440 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
13:36:37.0765 0440 Wmi - ok
13:36:37.0781 0440 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
13:36:37.0796 0440 WmiApSrv - ok
13:36:37.0843 0440 [ 017695393AFFFED8DE58ABD1B085BE6D ] WMZuneComm c:\Program Files\Zune\WMZuneComm.exe
13:36:37.0890 0440 WMZuneComm - ok
13:36:37.0906 0440 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:36:37.0906 0440 WS2IFSL - ok
13:36:37.0921 0440 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:36:37.0937 0440 wscsvc - ok
13:36:37.0953 0440 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:36:37.0968 0440 wuauserv - ok
13:36:37.0984 0440 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:36:37.0984 0440 WudfPf - ok
13:36:38.0000 0440 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:36:38.0000 0440 WudfRd - ok
13:36:38.0031 0440 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:36:38.0046 0440 WudfSvc - ok
13:36:38.0062 0440 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:36:38.0078 0440 WZCSVC - ok
13:36:38.0093 0440 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:36:38.0109 0440 xmlprov - ok
13:36:38.0125 0440 [ AE279CD76B38FC079EEC3CA6D65A5926 ] zumbus C:\WINDOWS\system32\DRIVERS\zumbus.sys
13:36:38.0140 0440 zumbus - ok
13:36:38.0156 0440 [ 37F339B64F19E2775284ED7161B96683 ] ZuneBusEnum c:\Program Files\Zune\ZuneBusEnum.exe
13:36:38.0156 0440 ZuneBusEnum - ok
13:36:38.0281 0440 [ 1076DF9ADE4E13EA3BF39D2165AEB903 ] ZuneNetworkSvc c:\Program Files\Zune\ZuneNss.exe
13:36:38.0515 0440 ZuneNetworkSvc - ok
13:36:38.0546 0440 [ DE1CDB333A402B279F04D627122FA08E ] ZuneWlanCfgSvc c:\Program Files\Zune\ZuneWlanCfgSvc.exe
13:36:38.0593 0440 ZuneWlanCfgSvc - ok
13:36:38.0593 0440 ================ Scan global ===============================
13:36:38.0625 0440 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:36:38.0640 0440 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:36:38.0671 0440 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:36:38.0671 0440 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
13:36:38.0671 0440 [Global] - ok
13:36:38.0671 0440 ================ Scan MBR ==================================
13:36:38.0687 0440 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
13:36:38.0781 0440 \Device\Harddisk0\DR0 - ok
13:36:38.0781 0440 ================ Scan VBR ==================================
13:36:38.0796 0440 [ 60E1A313285547F0F1FA29A0E0A2D6C9 ] \Device\Harddisk0\DR0\Partition1
13:36:38.0796 0440 \Device\Harddisk0\DR0\Partition1 - ok
13:36:38.0796 0440 ============================================================
13:36:38.0796 0440 Scan finished
13:36:38.0796 0440 ============================================================
13:36:38.0812 3900 Detected object count: 0
13:36:38.0812 3900 Actual detected object count: 0
13:37:34.0000 3500 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-13 13:43:07
-----------------------------
13:43:07.187 OS Version: Windows 5.1.2600 Service Pack 3
13:43:07.187 Number of processors: 2 586 0x401
13:43:07.187 ComputerName: JACKWS UserName:
13:43:07.656 Initialize success
13:45:14.500 AVAST engine defs: 12091300
13:45:35.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\a320raid1Port2Path0Target0Lun0
13:45:35.578 Disk 0 Vendor: FUJITSU_ 5E03 Size: 140014MB BusType: 1
13:45:35.593 Disk 0 MBR read successfully
13:45:35.593 Disk 0 MBR scan
13:45:35.609 Disk 0 Windows XP default MBR code
13:45:35.609 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 140003 MB offset 63
13:45:35.609 Disk 0 scanning sectors +286728120
13:45:35.656 Disk 0 scanning C:\WINDOWS\system32\drivers
13:45:43.562 Service scanning
13:45:54.593 Modules scanning
13:45:57.609 Disk 0 trace - called modules:
13:45:57.609 ntkrnlpa.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll a320raid.sys
13:45:57.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d5c878]
13:45:58.109 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Scsi\a320raid1Port2Path0Target0Lun0[0x89d4aa38]
13:45:58.515 AVAST engine scan C:\WINDOWS
13:46:05.953 AVAST engine scan C:\WINDOWS\system32
13:48:17.078 AVAST engine scan C:\WINDOWS\system32\drivers
13:48:33.187 AVAST engine scan C:\Documents and Settings\Jack King
13:50:28.515 AVAST engine scan C:\Documents and Settings\All Users
13:52:08.656 Scan finished successfully
13:52:32.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jack King\Desktop\MBR.dat"
13:52:32.906 The log file has been saved successfully to "C:\Documents and Settings\Jack King\Desktop\aswMBR.txt"


How is your computer running? So far still can't open internet options. I did not try to reinstall IE8 though. I hope this helps.

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,010 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:17 PM

Posted 13 September 2012 - 03:37 PM

Greetings BeatlesFanatic9,

You are still getting reinfected. I would like you to run TDSSKiller again but this time a little differently.


===================================================


Running TDSSKiller with Changed Parameters

--------------------

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    Posted Image

  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • Click OK


    Posted Image

  • Click Start Scan and allow the scan process to run


    Posted Image

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    Posted Image

  • Click Reboot computer
  • Please copy and paste the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 BeatlesFanatic9

BeatlesFanatic9
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 13 September 2012 - 04:22 PM

17:15:19.0828 3572 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
17:15:21.0843 3572 ============================================================
17:15:21.0843 3572 Current date / time: 2012/09/13 17:15:21.0843
17:15:21.0843 3572 SystemInfo:
17:15:21.0843 3572
17:15:21.0843 3572 OS Version: 5.1.2600 ServicePack: 3.0
17:15:21.0843 3572 Product type: Workstation
17:15:21.0843 3572 ComputerName: JACKWS
17:15:21.0843 3572 UserName: Jack King
17:15:21.0843 3572 Windows directory: C:\WINDOWS
17:15:21.0843 3572 System windows directory: C:\WINDOWS
17:15:21.0843 3572 Processor architecture: Intel x86
17:15:21.0843 3572 Number of processors: 2
17:15:21.0843 3572 Page size: 0x1000
17:15:21.0843 3572 Boot type: Normal boot
17:15:21.0843 3572 ============================================================
17:15:23.0765 3572 BG loaded
17:15:24.0109 3572 Drive \Device\Harddisk0\DR0 - Size: 0x222EE65000 (136.73 Gb), SectorSize: 0x200, Cylinders: 0x45B9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
17:15:24.0125 3572 ============================================================
17:15:24.0125 3572 \Device\Harddisk0\DR0:
17:15:24.0125 3572 MBR partitions:
17:15:24.0125 3572 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11171F79
17:15:24.0125 3572 ============================================================
17:15:24.0156 3572 C: <-> \Device\Harddisk0\DR0\Partition1
17:15:24.0187 3572 ============================================================
17:15:24.0187 3572 Initialize success
17:15:24.0187 3572 ============================================================
17:15:46.0781 3404 ============================================================
17:15:46.0781 3404 Scan started
17:15:46.0781 3404 Mode: Manual; SigCheck; TDLFS;
17:15:46.0781 3404 ============================================================
17:15:46.0984 3404 ================ Scan system memory ========================
17:15:46.0984 3404 System memory - ok
17:15:47.0000 3404 ================ Scan services =============================
17:15:47.0062 3404 [ 03452F97489B3528C57B4344FDE6DFC9 ] a320raid C:\WINDOWS\system32\drivers\a320raid.sys
17:15:47.0890 3404 a320raid - ok
17:15:47.0890 3404 Abiosdsk - ok
17:15:47.0906 3404 abp480n5 - ok
17:15:47.0921 3404 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:15:48.0468 3404 ACPI - ok
17:15:48.0484 3404 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:15:48.0656 3404 ACPIEC - ok
17:15:48.0687 3404 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:15:48.0765 3404 AdobeFlashPlayerUpdateSvc - ok
17:15:48.0781 3404 adpu160m - ok
17:15:48.0796 3404 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
17:15:48.0843 3404 aeaudio - ok
17:15:48.0859 3404 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:15:49.0000 3404 aec - ok
17:15:49.0015 3404 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:15:49.0078 3404 AFD - ok
17:15:49.0078 3404 Aha154x - ok
17:15:49.0093 3404 aic78u2 - ok
17:15:49.0093 3404 aic78xx - ok
17:15:49.0109 3404 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:15:49.0265 3404 Alerter - ok
17:15:49.0281 3404 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:15:49.0359 3404 ALG - ok
17:15:49.0359 3404 AliIde - ok
17:15:49.0375 3404 amsint - ok
17:15:49.0390 3404 [ 593E7FFEDB1037BB559DD25B66A3A1B5 ] AnyDVD C:\WINDOWS\system32\Drivers\AnyDVD.sys
17:15:49.0468 3404 AnyDVD - ok
17:15:49.0484 3404 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:15:49.0593 3404 AppMgmt - ok
17:15:49.0609 3404 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:15:49.0765 3404 Arp1394 - ok
17:15:49.0765 3404 asc - ok
17:15:49.0781 3404 asc3350p - ok
17:15:49.0781 3404 asc3550 - ok
17:15:49.0828 3404 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:15:49.0953 3404 aspnet_state - ok
17:15:49.0968 3404 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:15:50.0109 3404 AsyncMac - ok
17:15:50.0125 3404 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:15:50.0281 3404 atapi - ok
17:15:50.0296 3404 Atdisk - ok
17:15:50.0312 3404 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:15:50.0468 3404 Atmarpc - ok
17:15:50.0484 3404 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:15:50.0625 3404 AudioSrv - ok
17:15:50.0656 3404 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:15:50.0796 3404 audstub - ok
17:15:50.0828 3404 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:15:50.0953 3404 Beep - ok
17:15:50.0984 3404 [ 76154FA6A742C613B44BB636B1A7C057 ] BHDrvx86 C:\WINDOWS\System32\Drivers\NIS\1008030.006\BHDrvx86.sys
17:15:51.0015 3404 BHDrvx86 - ok
17:15:51.0046 3404 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:15:51.0312 3404 BITS - ok
17:15:51.0328 3404 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
17:15:51.0375 3404 Browser - ok
17:15:51.0375 3404 catchme - ok
17:15:51.0406 3404 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:15:51.0562 3404 cbidf2k - ok
17:15:51.0593 3404 [ 3182B846490DC4D71FABD4A8CB6B73EA ] ccHP C:\WINDOWS\System32\Drivers\NIS\1008030.006\ccHPx86.sys
17:15:51.0625 3404 ccHP - ok
17:15:51.0640 3404 cd20xrnt - ok
17:15:51.0656 3404 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:15:51.0796 3404 Cdaudio - ok
17:15:51.0812 3404 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:15:51.0953 3404 Cdfs - ok
17:15:51.0968 3404 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:15:52.0015 3404 Cdrom - ok
17:15:52.0031 3404 Changer - ok
17:15:52.0046 3404 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:15:52.0187 3404 CiSvc - ok
17:15:52.0218 3404 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:15:52.0375 3404 ClipSrv - ok
17:15:52.0390 3404 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:15:52.0515 3404 clr_optimization_v2.0.50727_32 - ok
17:15:52.0515 3404 CmdIde - ok
17:15:52.0531 3404 Cpqarray - ok
17:15:52.0546 3404 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:15:52.0671 3404 CryptSvc - ok
17:15:52.0687 3404 dac2w2k - ok
17:15:52.0687 3404 dac960nt - ok
17:15:52.0718 3404 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:15:52.0781 3404 DcomLaunch - ok
17:15:52.0796 3404 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:15:52.0937 3404 Dhcp - ok
17:15:52.0953 3404 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:15:53.0093 3404 Disk - ok
17:15:53.0093 3404 dmadmin - ok
17:15:53.0125 3404 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:15:53.0390 3404 dmboot - ok
17:15:53.0406 3404 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:15:53.0562 3404 dmio - ok
17:15:53.0578 3404 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:15:53.0718 3404 dmload - ok
17:15:53.0734 3404 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:15:53.0890 3404 dmserver - ok
17:15:53.0906 3404 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:15:54.0031 3404 DMusic - ok
17:15:54.0062 3404 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:15:54.0125 3404 Dnscache - ok
17:15:54.0156 3404 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:15:54.0312 3404 Dot3svc - ok
17:15:54.0328 3404 dpti2o - ok
17:15:54.0343 3404 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:15:54.0468 3404 drmkaud - ok
17:15:54.0484 3404 [ BB98A47FAF8B6A99202290C1E7D49D36 ] E1000 C:\WINDOWS\system32\DRIVERS\e1000325.sys
17:15:54.0546 3404 E1000 - ok
17:15:54.0578 3404 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:15:54.0750 3404 EapHost - ok
17:15:54.0828 3404 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:15:54.0875 3404 eeCtrl - ok
17:15:54.0890 3404 [ AAA8999A169E39FB8B48AE49CD6AC30A ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
17:15:54.0921 3404 ElbyCDIO - ok
17:15:54.0937 3404 [ DF9957DB3BFE5136AAD3C2C101806C98 ] ElbyDelay C:\WINDOWS\system32\Drivers\ElbyDelay.sys
17:15:54.0968 3404 ElbyDelay ( UnsignedFile.Multi.Generic ) - warning
17:15:54.0968 3404 ElbyDelay - detected UnsignedFile.Multi.Generic (1)
17:15:54.0984 3404 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:15:55.0000 3404 EraserUtilRebootDrv - ok
17:15:55.0015 3404 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:15:55.0156 3404 ERSvc - ok
17:15:55.0171 3404 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
17:15:55.0203 3404 Eventlog - ok
17:15:55.0218 3404 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
17:15:55.0281 3404 EventSystem - ok
17:15:55.0296 3404 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:15:55.0453 3404 Fastfat - ok
17:15:55.0468 3404 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:15:55.0531 3404 FastUserSwitchingCompatibility - ok
17:15:55.0546 3404 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:15:55.0687 3404 Fdc - ok
17:15:55.0703 3404 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:15:55.0843 3404 Fips - ok
17:15:55.0859 3404 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:15:56.0000 3404 Flpydisk - ok
17:15:56.0015 3404 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:15:56.0171 3404 FltMgr - ok
17:15:56.0203 3404 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:15:56.0250 3404 FontCache3.0.0.0 - ok
17:15:56.0250 3404 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:15:56.0390 3404 Fs_Rec - ok
17:15:56.0390 3404 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:15:56.0531 3404 Ftdisk - ok
17:15:56.0546 3404 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:15:56.0703 3404 Gpc - ok
17:15:56.0718 3404 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:15:56.0859 3404 helpsvc - ok
17:15:56.0875 3404 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:15:57.0015 3404 HidServ - ok
17:15:57.0031 3404 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:15:57.0171 3404 hidusb - ok
17:15:57.0187 3404 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:15:57.0343 3404 hkmsvc - ok
17:15:57.0359 3404 hpn - ok
17:15:57.0375 3404 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:15:57.0421 3404 HTTP - ok
17:15:57.0437 3404 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:15:57.0593 3404 HTTPFilter - ok
17:15:57.0593 3404 i2omgmt - ok
17:15:57.0609 3404 i2omp - ok
17:15:57.0609 3404 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
17:15:57.0750 3404 i8042prt - ok
17:15:57.0796 3404 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:15:57.0828 3404 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:15:57.0828 3404 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:15:57.0890 3404 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:15:58.0000 3404 idsvc - ok
17:15:58.0062 3404 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20120912.001\IDSxpx86.sys
17:15:58.0218 3404 IDSxpx86 - ok
17:15:58.0234 3404 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:15:58.0390 3404 Imapi - ok
17:15:58.0406 3404 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:15:58.0546 3404 ImapiService - ok
17:15:58.0562 3404 ini910u - ok
17:15:58.0562 3404 IntelIde - ok
17:15:58.0593 3404 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:15:58.0734 3404 intelppm - ok
17:15:58.0750 3404 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:15:58.0906 3404 ip6fw - ok
17:15:58.0921 3404 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:15:59.0062 3404 IpFilterDriver - ok
17:15:59.0078 3404 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:15:59.0234 3404 IpInIp - ok
17:15:59.0250 3404 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:15:59.0406 3404 IpNat - ok
17:15:59.0406 3404 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:15:59.0562 3404 IPSec - ok
17:15:59.0593 3404 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:15:59.0671 3404 IRENUM - ok
17:15:59.0687 3404 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:15:59.0828 3404 isapnp - ok
17:15:59.0875 3404 [ 4F2143570D2250CA4C4A4C98553C82CD ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
17:15:59.0921 3404 JavaQuickStarterService - ok
17:15:59.0953 3404 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:16:00.0093 3404 Kbdclass - ok
17:16:00.0093 3404 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:16:00.0234 3404 kbdhid - ok
17:16:00.0250 3404 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:16:00.0406 3404 kmixer - ok
17:16:00.0421 3404 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:16:00.0468 3404 KSecDD - ok
17:16:00.0484 3404 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:16:00.0531 3404 lanmanserver - ok
17:16:00.0562 3404 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:16:00.0609 3404 lanmanworkstation - ok
17:16:00.0609 3404 lbrtfdc - ok
17:16:00.0625 3404 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:16:00.0765 3404 LmHosts - ok
17:16:00.0796 3404 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:16:00.0828 3404 MDM - ok
17:16:00.0843 3404 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:16:01.0000 3404 Messenger - ok
17:16:01.0031 3404 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:16:01.0171 3404 mnmdd - ok
17:16:01.0187 3404 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
17:16:01.0343 3404 mnmsrvc - ok
17:16:01.0359 3404 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:16:01.0500 3404 Modem - ok
17:16:01.0515 3404 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:16:01.0656 3404 Mouclass - ok
17:16:01.0656 3404 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:16:01.0812 3404 mouhid - ok
17:16:01.0828 3404 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:16:01.0953 3404 MountMgr - ok
17:16:01.0968 3404 mraid35x - ok
17:16:01.0968 3404 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:16:02.0093 3404 MRxDAV - ok
17:16:02.0125 3404 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:16:02.0171 3404 MRxSmb - ok
17:16:02.0187 3404 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
17:16:02.0343 3404 MSDTC - ok
17:16:02.0343 3404 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:16:02.0484 3404 Msfs - ok
17:16:02.0484 3404 MSIServer - ok
17:16:02.0500 3404 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:16:02.0656 3404 MSKSSRV - ok
17:16:02.0656 3404 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:16:02.0796 3404 MSPCLOCK - ok
17:16:02.0812 3404 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:16:02.0953 3404 MSPQM - ok
17:16:02.0968 3404 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:16:03.0109 3404 mssmbios - ok
17:16:03.0125 3404 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:16:03.0156 3404 Mup - ok
17:16:03.0187 3404 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:16:03.0390 3404 napagent - ok
17:16:03.0437 3404 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120913.002\NAVENG.SYS
17:16:03.0468 3404 NAVENG - ok
17:16:03.0546 3404 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120913.002\NAVEX15.SYS
17:16:03.0703 3404 NAVEX15 - ok
17:16:03.0718 3404 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:16:03.0890 3404 NDIS - ok
17:16:03.0906 3404 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:16:03.0953 3404 NdisTapi - ok
17:16:03.0968 3404 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:16:04.0109 3404 Ndisuio - ok
17:16:04.0125 3404 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:16:04.0281 3404 NdisWan - ok
17:16:04.0296 3404 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:16:04.0343 3404 NDProxy - ok
17:16:04.0343 3404 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:16:04.0484 3404 NetBIOS - ok
17:16:04.0500 3404 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:16:04.0640 3404 NetBT - ok
17:16:04.0671 3404 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:16:04.0843 3404 NetDDE - ok
17:16:04.0859 3404 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:16:04.0984 3404 NetDDEdsdm - ok
17:16:05.0000 3404 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:16:05.0140 3404 Netlogon - ok
17:16:05.0156 3404 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:16:05.0296 3404 Netman - ok
17:16:05.0312 3404 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:16:05.0375 3404 NetTcpPortSharing - ok
17:16:05.0390 3404 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:16:05.0531 3404 NIC1394 - ok
17:16:05.0546 3404 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
17:16:05.0609 3404 Nla - ok
17:16:05.0640 3404 [ 64C89DB40949FD0E7C8FF303676A91F1 ] Norton Internet Security C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
17:16:05.0687 3404 Norton Internet Security - ok
17:16:05.0703 3404 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:16:05.0843 3404 Npfs - ok
17:16:05.0859 3404 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:16:06.0015 3404 Ntfs - ok
17:16:06.0031 3404 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
17:16:06.0171 3404 NtLmSsp - ok
17:16:06.0187 3404 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:16:06.0359 3404 NtmsSvc - ok
17:16:06.0375 3404 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
17:16:06.0421 3404 NuidFltr - ok
17:16:06.0437 3404 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:16:06.0562 3404 Null - ok
17:16:06.0609 3404 [ 074922194144C3B48C65C3392DA42209 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:16:06.0703 3404 nv - ok
17:16:06.0718 3404 [ 25C8A8149BB541F35EA2F5733221FD6A ] NVSvc C:\WINDOWS\System32\nvsvc32.exe
17:16:06.0750 3404 NVSvc - ok
17:16:06.0765 3404 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:16:06.0921 3404 NwlnkFlt - ok
17:16:06.0937 3404 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:16:07.0109 3404 NwlnkFwd - ok
17:16:07.0125 3404 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:16:07.0265 3404 ohci1394 - ok
17:16:07.0296 3404 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
17:16:07.0312 3404 OMCI ( UnsignedFile.Multi.Generic ) - warning
17:16:07.0312 3404 OMCI - detected UnsignedFile.Multi.Generic (1)
17:16:07.0328 3404 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:16:07.0375 3404 ose - ok
17:16:07.0406 3404 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:16:07.0531 3404 Parport - ok
17:16:07.0546 3404 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:16:07.0718 3404 PartMgr - ok
17:16:07.0734 3404 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:16:07.0875 3404 ParVdm - ok
17:16:07.0890 3404 [ 61A5701E3F543861B21BBE0932C4CC03 ] pbfilter C:\Program Files\PeerBlock\pbfilter.sys
17:16:07.0921 3404 pbfilter - ok
17:16:07.0937 3404 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:16:08.0078 3404 PCI - ok
17:16:08.0093 3404 PCIDump - ok
17:16:08.0109 3404 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:16:08.0234 3404 PCIIde - ok
17:16:08.0250 3404 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:16:08.0406 3404 Pcmcia - ok
17:16:08.0421 3404 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
17:16:08.0453 3404 pcouffin ( UnsignedFile.Multi.Generic ) - warning
17:16:08.0453 3404 pcouffin - detected UnsignedFile.Multi.Generic (1)
17:16:08.0453 3404 PDCOMP - ok
17:16:08.0468 3404 PDFRAME - ok
17:16:08.0468 3404 PDRELI - ok
17:16:08.0484 3404 PDRFRAME - ok
17:16:08.0484 3404 perc2 - ok
17:16:08.0484 3404 perc2hib - ok
17:16:08.0515 3404 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
17:16:08.0546 3404 PlugPlay - ok
17:16:08.0609 3404 [ F9D3BB81BDF8B279E1F37282CD52A9B5 ] Pml Driver HPZ12 C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
17:16:08.0687 3404 Pml Driver HPZ12 - ok
17:16:08.0703 3404 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:16:08.0843 3404 PolicyAgent - ok
17:16:08.0859 3404 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:16:09.0000 3404 PptpMiniport - ok
17:16:09.0015 3404 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
17:16:09.0156 3404 Processor - ok
17:16:09.0171 3404 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:16:09.0312 3404 ProtectedStorage - ok
17:16:09.0312 3404 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:16:09.0453 3404 PSched - ok
17:16:09.0468 3404 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:16:09.0593 3404 Ptilink - ok
17:16:09.0625 3404 [ B5DFB86A6CAEAE9B2BF3DEDB43BE6393 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:16:09.0640 3404 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
17:16:09.0640 3404 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
17:16:09.0640 3404 ql1080 - ok
17:16:09.0656 3404 Ql10wnt - ok
17:16:09.0656 3404 ql12160 - ok
17:16:09.0671 3404 ql1240 - ok
17:16:09.0671 3404 ql1280 - ok
17:16:09.0687 3404 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:16:09.0812 3404 RasAcd - ok
17:16:09.0828 3404 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:16:09.0984 3404 RasAuto - ok
17:16:10.0000 3404 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:16:10.0140 3404 Rasl2tp - ok
17:16:10.0156 3404 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:16:10.0296 3404 RasMan - ok
17:16:10.0296 3404 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:16:10.0437 3404 RasPppoe - ok
17:16:10.0453 3404 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:16:10.0593 3404 Raspti - ok
17:16:10.0609 3404 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:16:10.0750 3404 Rdbss - ok
17:16:10.0765 3404 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:16:10.0890 3404 RDPCDD - ok
17:16:10.0921 3404 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:16:11.0062 3404 rdpdr - ok
17:16:11.0093 3404 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:16:11.0140 3404 RDPWD - ok
17:16:11.0171 3404 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:16:11.0328 3404 RDSessMgr - ok
17:16:11.0343 3404 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:16:11.0484 3404 redbook - ok
17:16:11.0500 3404 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:16:11.0640 3404 RemoteAccess - ok
17:16:11.0671 3404 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:16:11.0828 3404 RemoteRegistry - ok
17:16:11.0843 3404 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
17:16:11.0984 3404 RpcLocator - ok
17:16:12.0000 3404 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
17:16:12.0046 3404 RpcSs - ok
17:16:12.0078 3404 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
17:16:12.0234 3404 RSVP - ok
17:16:12.0250 3404 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:16:12.0390 3404 SamSs - ok
17:16:12.0406 3404 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:16:12.0562 3404 SCardSvr - ok
17:16:12.0578 3404 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:16:12.0718 3404 Schedule - ok
17:16:12.0750 3404 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:16:12.0828 3404 Secdrv - ok
17:16:12.0859 3404 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:16:12.0984 3404 seclogon - ok
17:16:13.0000 3404 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:16:13.0156 3404 SENS - ok
17:16:13.0156 3404 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:16:13.0296 3404 serenum - ok
17:16:13.0328 3404 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:16:13.0515 3404 Serial - ok
17:16:13.0546 3404 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:16:13.0703 3404 Sfloppy - ok
17:16:13.0718 3404 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:16:13.0875 3404 SharedAccess - ok
17:16:13.0890 3404 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:16:13.0921 3404 ShellHWDetection - ok
17:16:13.0937 3404 Simbad - ok
17:16:13.0968 3404 [ 4AA922332433CDEB8B82C072C212E32E ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
17:16:14.0015 3404 smwdm - ok
17:16:14.0015 3404 Sparrow - ok
17:16:14.0031 3404 [ 4A205D78D17E6234986DDCD0DA2761E9 ] spkrmon C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
17:16:14.0062 3404 spkrmon ( UnsignedFile.Multi.Generic ) - warning
17:16:14.0062 3404 spkrmon - detected UnsignedFile.Multi.Generic (1)
17:16:14.0062 3404 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:16:14.0218 3404 splitter - ok
17:16:14.0234 3404 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:16:14.0281 3404 Spooler - ok
17:16:14.0296 3404 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:16:14.0375 3404 sr - ok
17:16:14.0390 3404 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
17:16:14.0468 3404 srservice - ok
17:16:14.0484 3404 [ E81F6CAEAB9AD5732E94C07C97866AA2 ] SRTSP C:\WINDOWS\System32\Drivers\NIS\1008030.006\SRTSP.SYS
17:16:14.0515 3404 SRTSP - ok
17:16:14.0531 3404 [ E28DE499D942B08058BFFAC69D4122B6 ] SRTSPX C:\WINDOWS\system32\drivers\NIS\1008030.006\SRTSPX.SYS
17:16:14.0562 3404 SRTSPX - ok
17:16:14.0609 3404 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:16:14.0671 3404 Srv - ok
17:16:14.0687 3404 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:16:14.0765 3404 SSDPSRV - ok
17:16:14.0796 3404 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:16:14.0953 3404 stisvc - ok
17:16:14.0968 3404 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:16:15.0109 3404 swenum - ok
17:16:15.0125 3404 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:16:15.0250 3404 swmidi - ok
17:16:15.0265 3404 SwPrv - ok
17:16:15.0265 3404 symc810 - ok
17:16:15.0281 3404 symc8xx - ok
17:16:15.0281 3404 SYMDNS - ok
17:16:15.0312 3404 [ D0885F6E24259A6C65E68D6AD749910A ] SymEFA C:\WINDOWS\system32\drivers\NIS\1008030.006\SYMEFA.SYS
17:16:15.0375 3404 SymEFA - ok
17:16:15.0390 3404 [ A54FF04BD6E75DC4D8CB6F3E352635E0 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
17:16:15.0421 3404 SymEvent - ok
17:16:15.0437 3404 [ A8C45C36309EE066F9191E511F88ED76 ] SYMFW C:\WINDOWS\System32\Drivers\NIS\1008030.006\SYMFW.SYS
17:16:15.0468 3404 SYMFW - ok
17:16:15.0484 3404 [ F4DB00BC0C25BE3E05D4BBB8637CC3A3 ] SYMIDS C:\WINDOWS\System32\Drivers\NIS\1008030.006\SYMIDS.SYS
17:16:15.0500 3404 SYMIDS - ok
17:16:15.0515 3404 [ C6DB9F873B09C63F5CB1DE10C08BF6F9 ] SymIM C:\WINDOWS\system32\DRIVERS\SymIM.sys
17:16:15.0546 3404 SymIM - ok
17:16:15.0562 3404 [ C6DB9F873B09C63F5CB1DE10C08BF6F9 ] SymIMMP C:\WINDOWS\system32\DRIVERS\SymIM.sys
17:16:15.0578 3404 SymIMMP - ok
17:16:15.0593 3404 [ 06A8ECFC68D61A26A67F0E96FF1CA9CC ] SYMNDIS C:\WINDOWS\System32\Drivers\NIS\1008030.006\SYMNDIS.SYS
17:16:15.0625 3404 SYMNDIS - ok
17:16:15.0625 3404 SYMREDRV - ok
17:16:15.0640 3404 [ 26BC80EC79D7BA478249C266CBDF17B4 ] SYMTDI C:\WINDOWS\System32\Drivers\NIS\1008030.006\SYMTDI.SYS
17:16:15.0671 3404 SYMTDI - ok
17:16:15.0671 3404 sym_hi - ok
17:16:15.0687 3404 sym_u3 - ok
17:16:15.0687 3404 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:16:15.0828 3404 sysaudio - ok
17:16:15.0859 3404 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:16:16.0015 3404 SysmonLog - ok
17:16:16.0046 3404 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:16:16.0187 3404 TapiSrv - ok
17:16:16.0203 3404 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:16:16.0250 3404 Tcpip - ok
17:16:16.0265 3404 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:16:16.0406 3404 TDPIPE - ok
17:16:16.0421 3404 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:16:16.0578 3404 TDTCP - ok
17:16:16.0593 3404 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:16:16.0734 3404 TermDD - ok
17:16:16.0750 3404 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:16:16.0906 3404 TermService - ok
17:16:16.0921 3404 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
17:16:16.0953 3404 Themes - ok
17:16:16.0968 3404 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
17:16:17.0062 3404 TlntSvr - ok
17:16:17.0078 3404 TosIde - ok
17:16:17.0109 3404 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:16:17.0234 3404 TrkWks - ok
17:16:17.0250 3404 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:16:17.0390 3404 Udfs - ok
17:16:17.0390 3404 ultra - ok
17:16:17.0421 3404 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:16:17.0578 3404 Update - ok
17:16:17.0609 3404 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:16:17.0718 3404 upnphost - ok
17:16:17.0734 3404 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:16:17.0875 3404 UPS - ok
17:16:17.0890 3404 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:16:18.0031 3404 usbccgp - ok
17:16:18.0046 3404 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:16:18.0171 3404 usbehci - ok
17:16:18.0187 3404 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:16:18.0343 3404 usbhub - ok
17:16:18.0359 3404 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:16:18.0484 3404 USBSTOR - ok
17:16:18.0515 3404 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:16:18.0656 3404 usbuhci - ok
17:16:18.0671 3404 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:16:18.0812 3404 VgaSave - ok
17:16:18.0812 3404 ViaIde - ok
17:16:18.0843 3404 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:16:18.0968 3404 VolSnap - ok
17:16:19.0000 3404 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:16:19.0093 3404 VSS - ok
17:16:19.0109 3404 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
17:16:19.0265 3404 W32Time - ok
17:16:19.0281 3404 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:16:19.0421 3404 Wanarp - ok
17:16:19.0437 3404 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
17:16:19.0484 3404 WDC_SAM - ok
17:16:19.0500 3404 [ BF847A3972CC6B5CE26E0EA742DD52D9 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
17:16:19.0531 3404 WDDMService ( UnsignedFile.Multi.Generic ) - warning
17:16:19.0531 3404 WDDMService - detected UnsignedFile.Multi.Generic (1)
17:16:19.0562 3404 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:16:19.0609 3404 Wdf01000 - ok
17:16:19.0671 3404 [ B5966F1DFF6E20576F3C8C2D93D129FD ] WDFME C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
17:16:19.0718 3404 WDFME ( UnsignedFile.Multi.Generic ) - warning
17:16:19.0718 3404 WDFME - detected UnsignedFile.Multi.Generic (1)
17:16:19.0734 3404 WDICA - ok
17:16:19.0750 3404 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:16:19.0875 3404 wdmaud - ok
17:16:19.0890 3404 [ 92F0088CA18BB08BB596EF2608256F8A ] WDSC C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
17:16:19.0906 3404 WDSC ( UnsignedFile.Multi.Generic ) - warning
17:16:19.0906 3404 WDSC - detected UnsignedFile.Multi.Generic (1)
17:16:19.0921 3404 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:16:20.0078 3404 WebClient - ok
17:16:20.0203 3404 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
17:16:20.0234 3404 WinDefend - ok
17:16:20.0265 3404 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:16:20.0406 3404 winmgmt - ok
17:16:20.0437 3404 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
17:16:20.0468 3404 WinUSB - ok
17:16:20.0484 3404 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:16:20.0546 3404 WmdmPmSN - ok
17:16:20.0593 3404 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:16:20.0640 3404 Wmi - ok
17:16:20.0656 3404 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
17:16:20.0812 3404 WmiApSrv - ok
17:16:20.0859 3404 [ 017695393AFFFED8DE58ABD1B085BE6D ] WMZuneComm c:\Program Files\Zune\WMZuneComm.exe
17:16:20.0968 3404 WMZuneComm - ok
17:16:20.0984 3404 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:16:21.0109 3404 WS2IFSL - ok
17:16:21.0125 3404 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:16:21.0265 3404 wscsvc - ok
17:16:21.0281 3404 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:16:21.0421 3404 wuauserv - ok
17:16:21.0437 3404 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:16:21.0484 3404 WudfPf - ok
17:16:21.0500 3404 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:16:21.0546 3404 WudfRd - ok
17:16:21.0578 3404 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:16:21.0609 3404 WudfSvc - ok
17:16:21.0625 3404 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:16:21.0828 3404 WZCSVC - ok
17:16:21.0843 3404 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:16:22.0031 3404 xmlprov - ok
17:16:22.0046 3404 [ AE279CD76B38FC079EEC3CA6D65A5926 ] zumbus C:\WINDOWS\system32\DRIVERS\zumbus.sys
17:16:22.0140 3404 zumbus - ok
17:16:22.0156 3404 [ 37F339B64F19E2775284ED7161B96683 ] ZuneBusEnum c:\Program Files\Zune\ZuneBusEnum.exe
17:16:22.0218 3404 ZuneBusEnum - ok
17:16:22.0328 3404 [ 1076DF9ADE4E13EA3BF39D2165AEB903 ] ZuneNetworkSvc c:\Program Files\Zune\ZuneNss.exe
17:16:23.0078 3404 ZuneNetworkSvc - ok
17:16:23.0125 3404 [ DE1CDB333A402B279F04D627122FA08E ] ZuneWlanCfgSvc c:\Program Files\Zune\ZuneWlanCfgSvc.exe
17:16:23.0171 3404 ZuneWlanCfgSvc - ok
17:16:23.0171 3404 ================ Scan global ===============================
17:16:23.0203 3404 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:16:23.0218 3404 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:16:23.0234 3404 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:16:23.0250 3404 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:16:23.0250 3404 [Global] - ok
17:16:23.0250 3404 ================ Scan MBR ==================================
17:16:23.0265 3404 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:16:23.0406 3404 \Device\Harddisk0\DR0 - ok
17:16:23.0406 3404 ================ Scan VBR ==================================
17:16:23.0406 3404 [ 60E1A313285547F0F1FA29A0E0A2D6C9 ] \Device\Harddisk0\DR0\Partition1
17:16:23.0421 3404 \Device\Harddisk0\DR0\Partition1 - ok
17:16:23.0421 3404 ================ Scan active images ========================
17:16:23.0421 3404 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
17:16:23.0421 3404 C:\WINDOWS\system32\drivers\intelppm.sys - ok
17:16:23.0421 3404 [ BB98A47FAF8B6A99202290C1E7D49D36 ] C:\WINDOWS\system32\drivers\e1000325.sys
17:16:23.0421 3404 C:\WINDOWS\system32\drivers\e1000325.sys - ok
17:16:23.0437 3404 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
17:16:23.0437 3404 C:\WINDOWS\system32\drivers\videoprt.sys - ok
17:16:23.0437 3404 [ 074922194144C3B48C65C3392DA42209 ] C:\WINDOWS\system32\drivers\nv4_mini.sys
17:16:23.0437 3404 C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
17:16:23.0437 3404 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
17:16:23.0437 3404 C:\WINDOWS\system32\drivers\usbport.sys - ok
17:16:23.0453 3404 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
17:16:23.0453 3404 C:\WINDOWS\system32\drivers\usbuhci.sys - ok
17:16:23.0453 3404 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
17:16:23.0453 3404 C:\WINDOWS\system32\drivers\fdc.sys - ok
17:16:23.0453 3404 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] C:\WINDOWS\system32\drivers\nic1394.sys
17:16:23.0453 3404 C:\WINDOWS\system32\drivers\nic1394.sys - ok
17:16:23.0468 3404 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
17:16:23.0468 3404 C:\WINDOWS\system32\drivers\parport.sys - ok
17:16:23.0468 3404 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
17:16:23.0468 3404 C:\WINDOWS\system32\drivers\usbehci.sys - ok
17:16:23.0484 3404 [ 593E7FFEDB1037BB559DD25B66A3A1B5 ] C:\WINDOWS\system32\drivers\AnyDVD.sys
17:16:23.0484 3404 C:\WINDOWS\system32\drivers\AnyDVD.sys - ok
17:16:23.0484 3404 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] C:\WINDOWS\system32\drivers\cdrom.sys
17:16:23.0484 3404 C:\WINDOWS\system32\drivers\cdrom.sys - ok
17:16:23.0484 3404 [ DF9957DB3BFE5136AAD3C2C101806C98 ] C:\WINDOWS\system32\drivers\ElbyDelay.sys
17:16:23.0484 3404 C:\WINDOWS\system32\drivers\ElbyDelay.sys - ok
17:16:23.0500 3404 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
17:16:23.0500 3404 C:\WINDOWS\system32\drivers\imapi.sys - ok
17:16:23.0500 3404 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys
17:16:23.0500 3404 C:\WINDOWS\system32\drivers\serenum.sys - ok
17:16:23.0515 3404 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
17:16:23.0515 3404 C:\WINDOWS\system32\drivers\serial.sys - ok
17:16:23.0515 3404 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
17:16:23.0515 3404 C:\WINDOWS\system32\drivers\ks.sys - ok
17:16:23.0515 3404 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
17:16:23.0515 3404 C:\WINDOWS\system32\drivers\redbook.sys - ok
17:16:23.0531 3404 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
17:16:23.0531 3404 C:\WINDOWS\system32\drivers\drmk.sys - ok
17:16:23.0531 3404 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
17:16:23.0531 3404 C:\WINDOWS\system32\drivers\portcls.sys - ok
17:16:23.0531 3404 [ 4AA922332433CDEB8B82C072C212E32E ] C:\WINDOWS\system32\drivers\smwdm.sys
17:16:23.0531 3404 C:\WINDOWS\system32\drivers\smwdm.sys - ok
17:16:23.0546 3404 [ 11C04B17ED2ABBB4833694BCD644AC90 ] C:\WINDOWS\system32\drivers\aeaudio.sys
17:16:23.0546 3404 C:\WINDOWS\system32\drivers\aeaudio.sys - ok
17:16:23.0546 3404 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
17:16:23.0546 3404 C:\WINDOWS\system32\drivers\audstub.sys - ok
17:16:23.0546 3404 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
17:16:23.0546 3404 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
17:16:23.0562 3404 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
17:16:23.0562 3404 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
17:16:23.0562 3404 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
17:16:23.0562 3404 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
17:16:23.0578 3404 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
17:16:23.0578 3404 C:\WINDOWS\system32\drivers\psched.sys - ok
17:16:23.0578 3404 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
17:16:23.0578 3404 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
17:16:23.0578 3404 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
17:16:23.0578 3404 C:\WINDOWS\system32\drivers\raspptp.sys - ok
17:16:23.0593 3404 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
17:16:23.0593 3404 C:\WINDOWS\system32\drivers\tdi.sys - ok
17:16:23.0593 3404 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
17:16:23.0593 3404 C:\WINDOWS\system32\drivers\msgpc.sys - ok
17:16:23.0609 3404 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
17:16:23.0609 3404 C:\WINDOWS\system32\drivers\ptilink.sys - ok
17:16:23.0609 3404 [ 5B6C11DE7E839C05248CED8825470FEF ] C:\WINDOWS\system32\drivers\pcouffin.sys
17:16:23.0609 3404 C:\WINDOWS\system32\drivers\pcouffin.sys - ok
17:16:23.0609 3404 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
17:16:23.0609 3404 C:\WINDOWS\system32\drivers\raspti.sys - ok
17:16:23.0625 3404 [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
17:16:23.0625 3404 C:\WINDOWS\system32\drivers\rdpdr.sys - ok
17:16:23.0625 3404 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
17:16:23.0625 3404 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
17:16:23.0625 3404 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
17:16:23.0625 3404 C:\WINDOWS\system32\drivers\mouclass.sys - ok
17:16:23.0640 3404 [ C6DB9F873B09C63F5CB1DE10C08BF6F9 ] C:\WINDOWS\system32\drivers\SymIM.sys
17:16:23.0640 3404 C:\WINDOWS\system32\drivers\SymIM.sys - ok
17:16:23.0640 3404 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
17:16:23.0640 3404 C:\WINDOWS\system32\drivers\termdd.sys - ok
17:16:23.0656 3404 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
17:16:23.0656 3404 C:\WINDOWS\system32\drivers\swenum.sys - ok
17:16:23.0656 3404 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
17:16:23.0656 3404 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
17:16:23.0656 3404 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
17:16:23.0656 3404 C:\WINDOWS\system32\drivers\update.sys - ok
17:16:23.0671 3404 [ 399C974DDA25FD3E59F22BAB787F662B ] C:\WINDOWS\system32\drivers\wdfldr.sys
17:16:23.0671 3404 C:\WINDOWS\system32\drivers\wdfldr.sys - ok
17:16:23.0671 3404 [ AE279CD76B38FC079EEC3CA6D65A5926 ] C:\WINDOWS\system32\drivers\zumbus.sys
17:16:23.0671 3404 C:\WINDOWS\system32\drivers\zumbus.sys - ok
17:16:23.0687 3404 [ D918617B46457B9AC28027722E30F647 ] C:\WINDOWS\system32\drivers\wdf01000.sys
17:16:23.0687 3404 C:\WINDOWS\system32\drivers\wdf01000.sys - ok
17:16:23.0687 3404 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
17:16:23.0687 3404 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
17:16:23.0687 3404 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
17:16:23.0687 3404 C:\WINDOWS\system32\drivers\usbd.sys - ok
17:16:23.0703 3404 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
17:16:23.0703 3404 C:\WINDOWS\system32\drivers\usbhub.sys - ok
17:16:23.0703 3404 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
17:16:23.0703 3404 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
17:16:23.0703 3404 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
17:16:23.0703 3404 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
17:16:23.0718 3404 [ E81F6CAEAB9AD5732E94C07C97866AA2 ] C:\WINDOWS\system32\drivers\NIS\1008030.006\srtsp.sys
17:16:23.0718 3404 C:\WINDOWS\system32\drivers\NIS\1008030.006\srtsp.sys - ok
17:16:23.0718 3404 [ 826F699B69E88A3920C70F344DD42D88 ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120913.002\navex15.sys
17:16:23.0718 3404 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120913.002\navex15.sys - ok
17:16:23.0734 3404 [ A54FF04BD6E75DC4D8CB6F3E352635E0 ] C:\WINDOWS\system32\drivers\SYMEVENT.SYS
17:16:23.0734 3404 C:\WINDOWS\system32\drivers\SYMEVENT.SYS - ok
17:16:23.0734 3404 [ 8E4C77AD9BB279900C00F870CC0C674B ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120913.002\naveng.sys
17:16:23.0734 3404 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120913.002\naveng.sys - ok
17:16:23.0734 3404 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
17:16:23.0734 3404 C:\WINDOWS\system32\drivers\hidparse.sys - ok
17:16:23.0750 3404 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
17:16:23.0750 3404 C:\WINDOWS\system32\drivers\hidclass.sys - ok
17:16:23.0750 3404 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
17:16:23.0750 3404 C:\WINDOWS\system32\drivers\hidusb.sys - ok
17:16:23.0765 3404 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
17:16:23.0765 3404 C:\WINDOWS\system32\drivers\mouhid.sys - ok
17:16:23.0765 3404 [ CF7E041663119E09D2E118521ADA9300 ] C:\WINDOWS\system32\drivers\nuidfltr.sys
17:16:23.0765 3404 C:\WINDOWS\system32\drivers\nuidfltr.sys - ok
17:16:23.0765 3404 [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
17:16:23.0765 3404 C:\WINDOWS\system32\drivers\usbccgp.sys - ok
17:16:23.0781 3404 [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
17:16:23.0781 3404 C:\WINDOWS\system32\drivers\kbdhid.sys - ok
17:16:23.0781 3404 [ E28DE499D942B08058BFFAC69D4122B6 ] C:\WINDOWS\system32\drivers\NIS\1008030.006\srtspx.sys
17:16:23.0781 3404 C:\WINDOWS\system32\drivers\NIS\1008030.006\srtspx.sys - ok
17:16:23.0781 3404 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
17:16:23.0781 3404 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
17:16:23.0796 3404 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
17:16:23.0796 3404 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
17:16:23.0796 3404 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
17:16:23.0796 3404 C:\WINDOWS\system32\drivers\null.sys - ok
17:16:23.0796 3404 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
17:16:23.0796 3404 C:\WINDOWS\system32\drivers\beep.sys - ok
17:16:23.0812 3404 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
17:16:23.0812 3404 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
17:16:23.0812 3404 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
17:16:23.0812 3404 C:\WINDOWS\system32\drivers\vga.sys - ok
17:16:23.0828 3404 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
17:16:23.0828 3404 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
17:16:23.0828 3404 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
17:16:23.0828 3404 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
17:16:23.0828 3404 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
17:16:23.0828 3404 C:\WINDOWS\system32\drivers\msfs.sys - ok
17:16:23.0843 3404 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
17:16:23.0843 3404 C:\WINDOWS\system32\drivers\npfs.sys - ok
17:16:23.0843 3404 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
17:16:23.0843 3404 C:\WINDOWS\system32\drivers\ipsec.sys - ok
17:16:23.0843 3404 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
17:16:23.0859 3404 C:\WINDOWS\system32\drivers\rasacd.sys - ok
17:16:23.0859 3404 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
17:16:23.0859 3404 C:\WINDOWS\system32\drivers\tcpip.sys - ok
17:16:23.0859 3404 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
17:16:23.0859 3404 C:\WINDOWS\system32\drivers\ipnat.sys - ok
17:16:23.0875 3404 [ 26BC80EC79D7BA478249C266CBDF17B4 ] C:\WINDOWS\system32\drivers\NIS\1008030.006\symtdi.sys
17:16:23.0875 3404 C:\WINDOWS\system32\drivers\NIS\1008030.006\symtdi.sys - ok
17:16:23.0875 3404 [ B5B8A80875C1DEDEDA8B02765642C32F ] C:\WINDOWS\system32\drivers\arp1394.sys
17:16:23.0875 3404 C:\WINDOWS\system32\drivers\arp1394.sys - ok
17:16:23.0875 3404 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
17:16:23.0875 3404 C:\WINDOWS\system32\drivers\wanarp.sys - ok
17:16:23.0890 3404 [ A8C45C36309EE066F9191E511F88ED76 ] C:\WINDOWS\system32\drivers\NIS\1008030.006\symfw.sys
17:16:23.0890 3404 C:\WINDOWS\system32\drivers\NIS\1008030.006\symfw.sys - ok
17:16:23.0890 3404 [ 06A8ECFC68D61A26A67F0E96FF1CA9CC ] C:\WINDOWS\system32\drivers\NIS\1008030.006\symndis.sys
17:16:23.0890 3404 C:\WINDOWS\system32\drivers\NIS\1008030.006\symndis.sys - ok
17:16:23.0906 3404 [ F4DB00BC0C25BE3E05D4BBB8637CC3A3 ] C:\WINDOWS\system32\drivers\NIS\1008030.006\symids.sys
17:16:23.0906 3404 C:\WINDOWS\system32\drivers\NIS\1008030.006\symids.sys - ok
17:16:23.0906 3404 [ C19BF2A07BE972A110220DF6B1E89D14 ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120912.001\IDSXpx86.sys
17:16:23.0906 3404 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120912.001\IDSXpx86.sys - ok
17:16:23.0906 3404 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
17:16:23.0906 3404 C:\WINDOWS\system32\drivers\netbt.sys - ok
17:16:23.0921 3404 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
17:16:23.0921 3404 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
17:16:23.0921 3404 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
17:16:23.0921 3404 C:\WINDOWS\system32\drivers\afd.sys - ok
17:16:23.0921 3404 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
17:16:23.0921 3404 C:\WINDOWS\system32\drivers\netbios.sys - ok
17:16:23.0937 3404 [ A32BEBAF723557681BFC6BD93E98BD26 ] C:\WINDOWS\system32\drivers\processr.sys
17:16:23.0937 3404 C:\WINDOWS\system32\drivers\processr.sys - ok
17:16:23.0937 3404 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
17:16:23.0937 3404 C:\WINDOWS\system32\drivers\rdbss.sys - ok
17:16:23.0953 3404 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] C:\WINDOWS\system32\drivers\omci.sys
17:16:23.0953 3404 C:\WINDOWS\system32\drivers\omci.sys - ok
17:16:23.0953 3404 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
17:16:23.0953 3404 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
17:16:23.0953 3404 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
17:16:23.0953 3404 C:\WINDOWS\system32\drivers\fips.sys - ok
17:16:23.0968 3404 [ 85B8B4032A895A746D46A288A9B30DED ] C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:16:23.0968 3404 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys - ok
17:16:23.0968 3404 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:16:23.0968 3404 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys - ok
17:16:23.0968 3404 [ 3182B846490DC4D71FABD4A8CB6B73EA ] C:\WINDOWS\system32\drivers\NIS\1008030.006\cchpx86.sys
17:16:23.0968 3404 C:\WINDOWS\system32\drivers\NIS\1008030.006\cchpx86.sys - ok
17:16:23.0984 3404 [ 76154FA6A742C613B44BB636B1A7C057 ] C:\WINDOWS\system32\drivers\NIS\1008030.006\BHDrvx86.sys
17:16:23.0984 3404 C:\WINDOWS\system32\drivers\NIS\1008030.006\BHDrvx86.sys - ok
17:16:23.0984 3404 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
17:16:23.0984 3404 C:\WINDOWS\system32\smss.exe - ok
17:16:24.0000 3404 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
17:16:24.0000 3404 C:\WINDOWS\system32\ntdll.dll - ok
17:16:24.0000 3404 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
17:16:24.0000 3404 C:\WINDOWS\system32\autochk.exe - ok
17:16:24.0000 3404 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
17:16:24.0000 3404 C:\WINDOWS\system32\sfcfiles.dll - ok
17:16:24.0015 3404 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
17:16:24.0015 3404 C:\WINDOWS\system32\drivers\cdfs.sys - ok
17:16:24.0015 3404 [ E65E2353A5D74EA89971CB918EEEB2F6 ] C:\WINDOWS\system32\drivers\diskdump.sys
17:16:24.0015 3404 C:\WINDOWS\system32\drivers\diskdump.sys - ok
17:16:24.0015 3404 [ 03452F97489B3528C57B4344FDE6DFC9 ] C:\WINDOWS\system32\drivers\a320raid.sys
17:16:24.0015 3404 C:\WINDOWS\system32\drivers\a320raid.sys - ok
17:16:24.0031 3404 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
17:16:24.0031 3404 C:\WINDOWS\system32\drivers\dxapi.sys - ok
17:16:24.0031 3404 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
17:16:24.0031 3404 C:\WINDOWS\system32\watchdog.sys - ok
17:16:24.0031 3404 [ D6F934A361D7F0BE8271673988D4E7FD ] C:\WINDOWS\system32\win32k.sys
17:16:24.0031 3404 C:\WINDOWS\system32\win32k.sys - ok
17:16:24.0046 3404 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
17:16:24.0046 3404 C:\WINDOWS\system32\csrss.exe - ok
17:16:24.0046 3404 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
17:16:24.0046 3404 C:\WINDOWS\system32\csrsrv.dll - ok
17:16:24.0046 3404 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:16:24.0046 3404 C:\WINDOWS\system32\basesrv.dll - ok
17:16:24.0062 3404 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:16:24.0062 3404 C:\WINDOWS\system32\winsrv.dll - ok
17:16:24.0062 3404 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
17:16:24.0062 3404 C:\WINDOWS\system32\gdi32.dll - ok
17:16:24.0078 3404 [ B921FB870C9AC0D509B2CCABBBBE95F3 ] C:\WINDOWS\system32\kernel32.dll
17:16:24.0078 3404 C:\WINDOWS\system32\kernel32.dll - ok
17:16:24.0078 3404 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
17:16:24.0078 3404 C:\WINDOWS\system32\user32.dll - ok
17:16:24.0078 3404 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
17:16:24.0078 3404 C:\WINDOWS\system32\drivers\dxg.sys - ok
17:16:24.0093 3404 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
17:16:24.0093 3404 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
17:16:24.0093 3404 [ 13533801417BB9C274EEA9728B72310A ] C:\WINDOWS\system32\nv4_disp.dll
17:16:24.0093 3404 C:\WINDOWS\system32\nv4_disp.dll - ok
17:16:24.0109 3404 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
17:16:24.0109 3404 C:\WINDOWS\system32\vga.dll - ok
17:16:24.0109 3404 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
17:16:24.0109 3404 C:\WINDOWS\system32\winlogon.exe - ok
17:16:24.0109 3404 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
17:16:24.0109 3404 C:\WINDOWS\system32\advapi32.dll - ok
17:16:24.0125 3404 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
17:16:24.0125 3404 C:\WINDOWS\system32\rpcrt4.dll - ok
17:16:24.0125 3404 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
17:16:24.0125 3404 C:\WINDOWS\system32\secur32.dll - ok
17:16:24.0125 3404 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
17:16:24.0125 3404 C:\WINDOWS\system32\authz.dll - ok
17:16:24.0140 3404 [ 64416C6E07606720C1ECE6DD374BDFFD ] C:\WINDOWS\system32\crypt32.dll
17:16:24.0140 3404 C:\WINDOWS\system32\crypt32.dll - ok
17:16:24.0140 3404 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
17:16:24.0140 3404 C:\WINDOWS\system32\msvcrt.dll - ok
17:16:24.0156 3404 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
17:16:24.0156 3404 C:\WINDOWS\system32\msasn1.dll - ok
17:16:24.0156 3404 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
17:16:24.0156 3404 C:\WINDOWS\system32\nddeapi.dll - ok
17:16:24.0156 3404 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
17:16:24.0156 3404 C:\WINDOWS\system32\profmap.dll - ok
17:16:24.0171 3404 [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
17:16:24.0171 3404 C:\WINDOWS\system32\netapi32.dll - ok
17:16:24.0171 3404 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
17:16:24.0171 3404 C:\WINDOWS\system32\userenv.dll - ok
17:16:24.0171 3404 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
17:16:24.0171 3404 C:\WINDOWS\system32\psapi.dll - ok
17:16:24.0187 3404 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
17:16:24.0187 3404 C:\WINDOWS\system32\regapi.dll - ok
17:16:24.0187 3404 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
17:16:24.0187 3404 C:\WINDOWS\system32\setupapi.dll - ok
17:16:24.0203 3404 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
17:16:24.0203 3404 C:\WINDOWS\system32\version.dll - ok
17:16:24.0203 3404 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
17:16:24.0203 3404 C:\WINDOWS\system32\imagehlp.dll - ok
17:16:24.0203 3404 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
17:16:24.0203 3404 C:\WINDOWS\system32\winsta.dll - ok
17:16:24.0218 3404 [ 95F5C420E9BDD4C3569602911420A774 ] C:\WINDOWS\system32\wintrust.dll
17:16:24.0218 3404 C:\WINDOWS\system32\wintrust.dll - ok
17:16:24.0218 3404 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
17:16:24.0218 3404 C:\WINDOWS\system32\ws2help.dll - ok
17:16:24.0218 3404 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
17:16:24.0218 3404 C:\WINDOWS\system32\ws2_32.dll - ok
17:16:24.0234 3404 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
17:16:24.0234 3404 C:\WINDOWS\system32\imm32.dll - ok
17:16:24.0234 3404 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
17:16:24.0234 3404 C:\WINDOWS\system32\kbdus.dll - ok
17:16:24.0250 3404 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
17:16:24.0250 3404 C:\WINDOWS\system32\msgina.dll - ok
17:16:24.0250 3404 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
17:16:24.0250 3404 C:\WINDOWS\system32\comctl32.dll - ok
17:16:24.0250 3404 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
17:16:24.0250 3404 C:\WINDOWS\system32\comdlg32.dll - ok
17:16:24.0265 3404 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
17:16:24.0265 3404 C:\WINDOWS\system32\odbc32.dll - ok
17:16:24.0265 3404 [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
17:16:24.0265 3404 C:\WINDOWS\system32\shell32.dll - ok
17:16:24.0265 3404 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
17:16:24.0265 3404 C:\WINDOWS\system32\shlwapi.dll - ok
17:16:24.0281 3404 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
17:16:24.0281 3404 C:\WINDOWS\system32\sxs.dll - ok
17:16:24.0281 3404 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
17:16:24.0281 3404 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
17:16:24.0281 3404 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
17:16:24.0281 3404 C:\WINDOWS\system32\odbcint.dll - ok
17:16:24.0296 3404 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
17:16:24.0296 3404 C:\WINDOWS\system32\shsvcs.dll - ok
17:16:24.0296 3404 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
17:16:24.0296 3404 C:\WINDOWS\system32\sfc.dll - ok
17:16:24.0296 3404 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
17:16:24.0296 3404 C:\WINDOWS\system32\ole32.dll - ok
17:16:24.0312 3404 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
17:16:24.0312 3404 C:\WINDOWS\system32\sfc_os.dll - ok
17:16:24.0312 3404 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
17:16:24.0312 3404 C:\WINDOWS\system32\apphelp.dll - ok
17:16:24.0328 3404 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:16:24.0328 3404 C:\WINDOWS\system32\services.exe - ok
17:16:24.0328 3404 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
17:16:24.0328 3404 C:\WINDOWS\system32\lsasrv.dll - ok
17:16:24.0328 3404 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
17:16:24.0328 3404 C:\WINDOWS\system32\lsass.exe - ok
17:16:24.0343 3404 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
17:16:24.0343 3404 C:\WINDOWS\system32\msvcp60.dll - ok
17:16:24.0343 3404 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
17:16:24.0343 3404 C:\WINDOWS\system32\ncobjapi.dll - ok
17:16:24.0343 3404 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
17:16:24.0343 3404 C:\WINDOWS\system32\scesrv.dll - ok
17:16:24.0359 3404 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
17:16:24.0359 3404 C:\WINDOWS\system32\mpr.dll - ok
17:16:24.0359 3404 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
17:16:24.0359 3404 C:\WINDOWS\system32\umpnpmgr.dll - ok
17:16:24.0375 3404 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
17:16:24.0375 3404 C:\WINDOWS\system32\dnsapi.dll - ok
17:16:24.0375 3404 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
17:16:24.0375 3404 C:\WINDOWS\system32\ntdsapi.dll - ok
17:16:24.0375 3404 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
17:16:24.0375 3404 C:\WINDOWS\system32\shimeng.dll - ok
17:16:24.0390 3404 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
17:16:24.0390 3404 C:\WINDOWS\AppPatch\acadproc.dll - ok
17:16:24.0390 3404 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
17:16:24.0390 3404 C:\WINDOWS\system32\wldap32.dll - ok
17:16:24.0390 3404 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
17:16:24.0390 3404 C:\WINDOWS\system32\samlib.dll - ok
17:16:24.0406 3404 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
17:16:24.0406 3404 C:\WINDOWS\system32\samsrv.dll - ok
17:16:24.0406 3404 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
17:16:24.0406 3404 C:\WINDOWS\system32\cryptdll.dll - ok
17:16:24.0421 3404 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
17:16:24.0421 3404 C:\WINDOWS\AppPatch\acgenral.dll - ok
17:16:24.0421 3404 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
17:16:24.0421 3404 C:\WINDOWS\system32\winmm.dll - ok
17:16:24.0421 3404 [ 1B2BE5777F69A71778F52FFEE1C798D6 ] C:\WINDOWS\system32\oleaut32.dll
17:16:24.0421 3404 C:\WINDOWS\system32\oleaut32.dll - ok
17:16:24.0437 3404 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
17:16:24.0437 3404 C:\WINDOWS\system32\msacm32.dll - ok
17:16:24.0437 3404 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
17:16:24.0437 3404 C:\WINDOWS\system32\uxtheme.dll - ok
17:16:24.0437 3404 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
17:16:24.0437 3404 C:\WINDOWS\system32\msapsspc.dll - ok
17:16:24.0453 3404 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
17:16:24.0453 3404 C:\WINDOWS\system32\msvcrt40.dll - ok
17:16:24.0453 3404 [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
17:16:24.0453 3404 C:\WINDOWS\system32\schannel.dll - ok
17:16:24.0468 3404 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
17:16:24.0468 3404 C:\WINDOWS\system32\digest.dll - ok
17:16:24.0468 3404 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
17:16:24.0468 3404 C:\WINDOWS\system32\msnsspc.dll - ok
17:16:24.0468 3404 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime
17:16:24.0468 3404 C:\WINDOWS\system32\msctfime.ime - ok
17:16:24.0484 3404 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
17:16:24.0484 3404 C:\WINDOWS\system32\msprivs.dll - ok
17:16:24.0484 3404 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
17:16:24.0484 3404 C:\WINDOWS\system32\kerberos.dll - ok
17:16:24.0500 3404 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
17:16:24.0500 3404 C:\WINDOWS\system32\msv1_0.dll - ok
17:16:24.0500 3404 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
17:16:24.0500 3404 C:\WINDOWS\system32\iphlpapi.dll - ok
17:16:24.0515 3404 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
17:16:24.0515 3404 C:\WINDOWS\system32\netlogon.dll - ok
17:16:24.0515 3404 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
17:16:24.0515 3404 C:\WINDOWS\system32\w32time.dll - ok
17:16:24.0515 3404 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
17:16:24.0515 3404 C:\WINDOWS\system32\wdigest.dll - ok
17:16:24.0531 3404 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
17:16:24.0531 3404 C:\WINDOWS\system32\rsaenh.dll - ok
17:16:24.0531 3404 [ 1E644E3533DCE2B580A663AE1ACBD539 ] C:\WINDOWS\system32\atmfd.dll
17:16:24.0531 3404 C:\WINDOWS\system32\atmfd.dll - ok
17:16:24.0531 3404 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
17:16:24.0531 3404 C:\WINDOWS\system32\scecli.dll - ok
17:16:24.0546 3404 [ EAA6324F51214D2F6718977EC9CE0DEF ] C:\WINDOWS\system32\drivers\WudfPf.sys
17:16:24.0546 3404 C:\WINDOWS\system32\drivers\WudfPf.sys - ok
17:16:24.0546 3404 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
17:16:24.0546 3404 C:\WINDOWS\system32\svchost.exe - ok
17:16:24.0562 3404 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
17:16:24.0562 3404 C:\WINDOWS\system32\ntmarta.dll - ok
17:16:24.0562 3404 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
17:16:24.0562 3404 C:\WINDOWS\system32\rpcss.dll - ok
17:16:24.0562 3404 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
17:16:24.0562 3404 C:\WINDOWS\system32\xpsp2res.dll - ok
17:16:24.0578 3404 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
17:16:24.0578 3404 C:\WINDOWS\system32\eventlog.dll - ok
17:16:24.0578 3404 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
17:16:24.0578 3404 C:\WINDOWS\system32\winscard.dll - ok
17:16:24.0578 3404 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
17:16:24.0578 3404 C:\WINDOWS\system32\wtsapi32.dll - ok
17:16:24.0593 3404 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
17:16:24.0593 3404 C:\WINDOWS\system32\logonui.exe - ok
17:16:24.0593 3404 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
17:16:24.0593 3404 C:\WINDOWS\system32\duser.dll - ok
17:16:24.0609 3404 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
17:16:24.0609 3404 C:\WINDOWS\system32\msimg32.dll - ok
17:16:24.0609 3404 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
17:16:24.0609 3404 C:\WINDOWS\system32\oleacc.dll - ok
17:16:24.0609 3404 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
17:16:24.0609 3404 C:\WINDOWS\system32\mswsock.dll - ok
17:16:24.0625 3404 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
17:16:24.0625 3404 C:\WINDOWS\system32\hnetcfg.dll - ok
17:16:24.0625 3404 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
17:16:24.0625 3404 C:\WINDOWS\system32\clbcatq.dll - ok
17:16:24.0625 3404 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
17:16:24.0625 3404 C:\WINDOWS\system32\wshtcpip.dll - ok
17:16:24.0640 3404 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
17:16:24.0640 3404 C:\WINDOWS\system32\winrnr.dll - ok
17:16:24.0640 3404 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
17:16:24.0640 3404 C:\WINDOWS\system32\comres.dll - ok
17:16:24.0656 3404 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
17:16:24.0656 3404 C:\WINDOWS\system32\rasadhlp.dll - ok
17:16:24.0656 3404 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
17:16:24.0656 3404 C:\WINDOWS\system32\shgina.dll - ok
17:16:24.0656 3404 [ F45DD1E1365D857DD08BC23563370D0E ] C:\Program Files\Windows Defender\MsMpEng.exe
17:16:24.0656 3404 C:\Program Files\Windows Defender\MsMpEng.exe - ok
17:16:24.0671 3404 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
17:16:24.0671 3404 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
17:16:24.0671 3404 [ 64898BEA32C12BADDA4218BE88DBD595 ] C:\Program Files\Windows Defender\MpSvc.dll
17:16:24.0671 3404 C:\Program Files\Windows Defender\MpSvc.dll - ok
17:16:24.0671 3404 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
17:16:24.0671 3404 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
17:16:24.0687 3404 [ 6F44DD636C791B70ADE78FE974BE0A1D ] C:\Program Files\Windows Defender\MpClient.dll
17:16:24.0687 3404 C:\Program Files\Windows Defender\MpClient.dll - ok
17:16:24.0687 3404 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] C:\WINDOWS\system32\WudfSvc.dll
17:16:24.0687 3404 C:\WINDOWS\system32\WudfSvc.dll - ok
17:16:24.0703 3404 [ 708E6997420592E033CF01B60E6E4223 ] C:\WINDOWS\system32\WudfPlatform.dll
17:16:24.0703 3404 C:\WINDOWS\system32\WudfPlatform.dll - ok
17:16:24.0703 3404 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
17:16:24.0703 3404 C:\WINDOWS\system32\dhcpcsvc.dll - ok
17:16:24.0703 3404 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
17:16:24.0703 3404 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
17:16:24.0718 3404 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
17:16:24.0718 3404 C:\WINDOWS\system32\dnsrslvr.dll - ok
17:16:24.0718 3404 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
17:16:24.0718 3404 C:\WINDOWS\system32\cscdll.dll - ok
17:16:24.0734 3404 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
17:16:24.0734 3404 C:\WINDOWS\system32\dimsntfy.dll - ok
17:16:24.0734 3404 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
17:16:24.0734 3404 C:\WINDOWS\system32\wlnotify.dll - ok
17:16:24.0734 3404 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
17:16:24.0734 3404 C:\WINDOWS\system32\winspool.drv - ok
17:16:24.0750 3404 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
17:16:24.0750 3404 C:\WINDOWS\system32\wzcsvc.dll - ok
17:16:24.0750 3404 [ 02CF580510234E519736559A7F19EA20 ] C:\WINDOWS\system32\WgaLogon.dll
17:16:24.0750 3404 C:\WINDOWS\system32\WgaLogon.dll - ok
17:16:24.0765 3404 [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
17:16:24.0765 3404 C:\WINDOWS\system32\lmhsvc.dll - ok
17:16:24.0765 3404 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
17:16:24.0765 3404 C:\WINDOWS\system32\rtutils.dll - ok
17:16:24.0765 3404 [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
17:16:24.0765 3404 C:\WINDOWS\system32\msxml3.dll - ok
17:16:24.0781 3404 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
17:16:24.0781 3404 C:\WINDOWS\system32\wmi.dll - ok
17:16:24.0781 3404 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
17:16:24.0781 3404 C:\WINDOWS\system32\eapolqec.dll - ok
17:16:24.0781 3404 [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
17:16:24.0781 3404 C:\WINDOWS\system32\atl.dll - ok
17:16:24.0796 3404 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
17:16:24.0796 3404 C:\WINDOWS\system32\qutil.dll - ok
17:16:24.0796 3404 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
17:16:24.0796 3404 C:\WINDOWS\system32\dot3api.dll - ok
17:16:24.0812 3404 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
17:16:24.0812 3404 C:\WINDOWS\system32\esent.dll - ok
17:16:24.0812 3404 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
17:16:24.0812 3404 C:\WINDOWS\system32\rastls.dll - ok
17:16:24.0812 3404 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
17:16:24.0812 3404 C:\WINDOWS\system32\cryptui.dll - ok
17:16:24.0828 3404 [ C4300CB4D20B1159DC77E01E8A2525EC ] C:\WINDOWS\system32\wininet.dll
17:16:24.0828 3404 C:\WINDOWS\system32\wininet.dll - ok
17:16:24.0828 3404 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
17:16:24.0828 3404 C:\WINDOWS\system32\normaliz.dll - ok
17:16:24.0828 3404 [ C9335D5B07E6A930BD561D35C431A0AF ] C:\WINDOWS\system32\urlmon.dll
17:16:24.0828 3404 C:\WINDOWS\system32\urlmon.dll - ok
17:16:24.0843 3404 [ 46485AE6433AF77F237C792D3DA11F48 ] C:\WINDOWS\system32\iertutil.dll
17:16:24.0843 3404 C:\WINDOWS\system32\iertutil.dll - ok
17:16:24.0843 3404 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
17:16:24.0843 3404 C:\WINDOWS\system32\mprapi.dll - ok
17:16:24.0859 3404 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
17:16:24.0859 3404 C:\WINDOWS\system32\activeds.dll - ok
17:16:24.0859 3404 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
17:16:24.0859 3404 C:\WINDOWS\system32\adsldpc.dll - ok
17:16:24.0859 3404 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
17:16:24.0859 3404 C:\WINDOWS\system32\rasapi32.dll - ok
17:16:24.0875 3404 [ 664CC3CC6A19BE437AAEF2EB4333F5DC ] C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{0AF3156B-86D1-452C-BFBF-C6719C75072A}\mpengine.dll
17:16:24.0875 3404 C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{0AF3156B-86D1-452C-BFBF-C6719C75072A}\mpengine.dll - ok
17:16:24.0875 3404 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
17:16:24.0875 3404 C:\WINDOWS\system32\rasman.dll - ok
17:16:24.0875 3404 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
17:16:24.0875 3404 C:\WINDOWS\system32\tapi32.dll - ok
17:16:24.0890 3404 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
17:16:24.0890 3404 C:\WINDOWS\system32\riched20.dll - ok
17:16:24.0890 3404 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
17:16:24.0890 3404 C:\WINDOWS\system32\schedsvc.dll - ok
17:16:24.0906 3404 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
17:16:24.0906 3404 C:\WINDOWS\system32\raschap.dll - ok
17:16:24.0906 3404 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
17:16:24.0906 3404 C:\WINDOWS\system32\msidle.dll - ok
17:16:24.0906 3404 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
17:16:24.0906 3404 C:\WINDOWS\system32\spoolsv.exe - ok
17:16:24.0921 3404 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
17:16:24.0921 3404 C:\WINDOWS\system32\audiosrv.dll - ok
17:16:24.0921 3404 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
17:16:24.0921 3404 C:\WINDOWS\system32\wkssvc.dll - ok
17:16:24.0921 3404 [ 84C07D29912726032A583AEA2FF29B7D ] C:\Program Files\Windows Defender\MpRtPlug.dll
17:16:24.0921 3404 C:\Program Files\Windows Defender\MpRtPlug.dll - ok
17:16:24.0937 3404 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
17:16:24.0937 3404 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
17:16:24.0937 3404 [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
17:16:24.0937 3404 C:\WINDOWS\system32\webclnt.dll - ok
17:16:24.0953 3404 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
17:16:24.0953 3404 C:\WINDOWS\system32\cryptsvc.dll - ok
17:16:24.0953 3404 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] C:\WINDOWS\system32\drivers\parvdm.sys
17:16:24.0953 3404 C:\WINDOWS\system32\drivers\parvdm.sys - ok
17:16:24.0953 3404 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
17:16:24.0953 3404 C:\WINDOWS\system32\certcli.dll - ok
17:16:24.0968 3404 [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
17:16:24.0968 3404 C:\WINDOWS\system32\dmserver.dll - ok
17:16:24.0968 3404 [ AAA8999A169E39FB8B48AE49CD6AC30A ] C:\WINDOWS\system32\drivers\ElbyCDIO.sys
17:16:24.0968 3404 C:\WINDOWS\system32\drivers\ElbyCDIO.sys - ok
17:16:24.0968 3404 [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
17:16:24.0968 3404 C:\WINDOWS\system32\ersvc.dll - ok
17:16:24.0984 3404 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
17:16:24.0984 3404 C:\WINDOWS\system32\es.dll - ok
17:16:24.0984 3404 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:16:24.0984 3404 C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll - ok
17:16:25.0000 3404 [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
17:16:25.0000 3404 C:\WINDOWS\system32\hidserv.dll - ok
17:16:25.0000 3404 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
17:16:25.0000 3404 C:\WINDOWS\system32\hid.dll - ok
17:16:25.0000 3404 [ 4F2143570D2250CA4C4A4C98553C82CD ] C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
17:16:25.0000 3404 C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe - ok
17:16:25.0015 3404 [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\msvcr100.dll
17:16:25.0015 3404 C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\msvcr100.dll - ok
17:16:25.0015 3404 [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
17:16:25.0015 3404 C:\WINDOWS\system32\pdh.dll - ok
17:16:25.0031 3404 [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
17:16:25.0031 3404 C:\WINDOWS\system32\odbcbcp.dll - ok
17:16:25.0031 3404 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
17:16:25.0031 3404 C:\WINDOWS\system32\srvsvc.dll - ok
17:16:25.0031 3404 [ 11F714F85530A2BD134074DC30E99FCA ] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:16:25.0031 3404 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE - ok
17:16:25.0031 3404 [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
17:16:25.0031 3404 C:\WINDOWS\system32\perfos.dll - ok
17:16:25.0046 3404 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
17:16:25.0046 3404 C:\WINDOWS\system32\netmsg.dll - ok
17:16:25.0046 3404 [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
17:16:25.0046 3404 C:\WINDOWS\system32\perfdisk.dll - ok
17:16:25.0062 3404 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
17:16:25.0062 3404 C:\WINDOWS\system32\drivers\srv.sys - ok
17:16:25.0062 3404 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
17:16:25.0062 3404 C:\WINDOWS\system32\netman.dll - ok
17:16:25.0062 3404 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
17:16:25.0062 3404 C:\WINDOWS\system32\netshell.dll - ok
17:16:25.0078 3404 [ 64C89DB40949FD0E7C8FF303676A91F1 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
17:16:25.0078 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe - ok
17:16:25.0078 3404 [ 9E95363FFD92C19BFD5DFAD317BF2589 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccL80U.dll
17:16:25.0078 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccL80U.dll - ok
17:16:25.0093 3404 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
17:16:25.0093 3404 C:\WINDOWS\system32\credui.dll - ok
17:16:25.0093 3404 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
17:16:25.0093 3404 C:\WINDOWS\system32\dot3dlg.dll - ok
17:16:25.0093 3404 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
17:16:25.0093 3404 C:\WINDOWS\system32\onex.dll - ok
17:16:25.0109 3404 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
17:16:25.0109 3404 C:\WINDOWS\system32\eappcfg.dll - ok
17:16:25.0109 3404 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
17:16:25.0109 3404 C:\WINDOWS\system32\eappprxy.dll - ok
17:16:25.0109 3404 [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
17:16:25.0109 3404 C:\WINDOWS\system32\dbghelp.dll - ok
17:16:25.0125 3404 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
17:16:25.0125 3404 C:\WINDOWS\system32\wzcsapi.dll - ok
17:16:25.0125 3404 [ 8664C9A3B0CBF8E45ABFA48BB7DFE0E3 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccVrTrst.dll
17:16:25.0125 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccVrTrst.dll - ok
17:16:25.0140 3404 [ D3FA6D7F2A1AD28AF9B2D2F02D8AF67A ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\EFACli.dll
17:16:25.0140 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\EFACli.dll - ok
17:16:25.0140 3404 [ B667E7643D459234C8A5D87DC80462C1 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\SymNeti.dll
17:16:25.0140 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\SymNeti.dll - ok
17:16:25.0140 3404 [ FA7CCBBC0D643818DCBE8D2C10D64A33 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvc.dll
17:16:25.0140 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvc.dll - ok
17:16:25.0156 3404 [ 25C8A8149BB541F35EA2F5733221FD6A ] C:\WINDOWS\system32\nvsvc32.exe
17:16:25.0156 3404 C:\WINDOWS\system32\nvsvc32.exe - ok
17:16:25.0156 3404 [ 10EE7B8092FCAD11BEBDB10D602BA05B ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\Srtsp32.dll
17:16:25.0156 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\Srtsp32.dll - ok
17:16:25.0156 3404 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
17:16:25.0156 3404 C:\WINDOWS\system32\powrprof.dll - ok
17:16:25.0171 3404 [ 9B15623C57D07D3C3024BEB7C1447527 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccIPC.dll
17:16:25.0171 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccIPC.dll - ok
17:16:25.0171 3404 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
17:16:25.0171 3404 C:\WINDOWS\system32\ipsecsvc.dll - ok
17:16:25.0187 3404 [ 5B19B557B0C188210A56A6B699D90B8F ] C:\WINDOWS\system32\regsvc.dll
17:16:25.0187 3404 C:\WINDOWS\system32\regsvc.dll - ok
17:16:25.0187 3404 [ 316D61616582C5F0745A60E692C34C14 ] C:\WINDOWS\system32\nvcpl.dll
17:16:25.0187 3404 C:\WINDOWS\system32\nvcpl.dll - ok
17:16:25.0187 3404 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
17:16:25.0187 3404 C:\WINDOWS\system32\oakley.dll - ok
17:16:25.0203 3404 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
17:16:25.0203 3404 C:\WINDOWS\system32\seclogon.dll - ok
17:16:25.0203 3404 [ B6B56EEA6FFE7D5DDD8756E68F2DF8F4 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll
17:16:25.0203 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll - ok
17:16:25.0203 3404 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
17:16:25.0203 3404 C:\WINDOWS\system32\sens.dll - ok
17:16:25.0218 3404 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
17:16:25.0218 3404 C:\WINDOWS\system32\winipsec.dll - ok
17:16:25.0218 3404 [ 4A205D78D17E6234986DDCD0DA2761E9 ] C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
17:16:25.0218 3404 C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe - ok
17:16:25.0234 3404 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
17:16:25.0234 3404 C:\WINDOWS\system32\pstorsvc.dll - ok
17:16:25.0234 3404 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
17:16:25.0234 3404 C:\WINDOWS\system32\wdmaud.drv - ok
17:16:25.0234 3404 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
17:16:25.0234 3404 C:\WINDOWS\system32\winhttp.dll - ok
17:16:25.0250 3404 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
17:16:25.0250 3404 C:\WINDOWS\system32\srsvc.dll - ok
17:16:25.0250 3404 [ BF847A3972CC6B5CE26E0EA742DD52D9 ] C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
17:16:25.0250 3404 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe - ok
17:16:25.0250 3404 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
17:16:25.0250 3404 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
17:16:25.0265 3404 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
17:16:25.0265 3404 C:\WINDOWS\system32\psbase.dll - ok
17:16:25.0265 3404 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
17:16:25.0265 3404 C:\WINDOWS\system32\dssenh.dll - ok
17:16:25.0281 3404 [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
17:16:25.0281 3404 C:\WINDOWS\system32\trkwks.dll - ok
17:16:25.0281 3404 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
17:16:25.0281 3404 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
17:16:25.0281 3404 [ 8182208C50D7256DF8A03CFB6A488DBB ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSet.dll
17:16:25.0281 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSet.dll - ok
17:16:25.0281 3404 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
17:16:25.0281 3404 C:\WINDOWS\system32\drivers\splitter.sys - ok
17:16:25.0296 3404 [ E8C28635AC4E946DD5653D77132BD7D1 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSPlug.dll
17:16:25.0296 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSPlug.dll - ok
17:16:25.0296 3404 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
17:16:25.0296 3404 C:\WINDOWS\system32\drivers\aec.sys - ok
17:16:25.0312 3404 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
17:16:25.0312 3404 C:\WINDOWS\system32\drivers\swmidi.sys - ok
17:16:25.0312 3404 [ 422D691C7795AB22ECAD8600B724F2A3 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\uiPerfsv.dll
17:16:25.0312 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\uiPerfsv.dll - ok
17:16:25.0312 3404 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
17:16:25.0312 3404 C:\WINDOWS\system32\drivers\dmusic.sys - ok
17:16:25.0328 3404 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
17:16:25.0328 3404 C:\WINDOWS\system32\drivers\kmixer.sys - ok
17:16:25.0328 3404 [ FA4B19EF00299ABA267658ABBBA9EA7E ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccJobMgr.dll
17:16:25.0328 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccJobMgr.dll - ok
17:16:25.0343 3404 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
17:16:25.0343 3404 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
17:16:25.0343 3404 [ 14D289F63D9538306CB560C4CD12172F ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120912.001\IDSxpx86.dll
17:16:25.0343 3404 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120912.001\IDSxpx86.dll - ok
17:16:25.0343 3404 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
17:16:25.0343 3404 C:\WINDOWS\system32\msacm32.drv - ok
17:16:25.0359 3404 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
17:16:25.0359 3404 C:\WINDOWS\system32\midimap.dll - ok
17:16:25.0359 3404 [ D3F9C2CD46A4D5E49AD3E22F6923869C ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\FWCore.dll
17:16:25.0359 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\FWCore.dll - ok
17:16:25.0359 3404 [ 4D31D7E31749BB4965E0FF59BFC62F0B ] C:\Program Files\Analog Devices\SoundMAX\spkrmonx.exe
17:16:25.0359 3404 C:\Program Files\Analog Devices\SoundMAX\spkrmonx.exe - ok
17:16:25.0375 3404 [ 4D83ED8BDDEC431FC8AD907B47CFB6E3 ] C:\WINDOWS\system32\dsound.dll
17:16:25.0375 3404 C:\WINDOWS\system32\dsound.dll - ok
17:16:25.0375 3404 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
17:16:25.0375 3404 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
17:16:25.0390 3404 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
17:16:25.0390 3404 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
17:16:25.0390 3404 [ 70DE615623555A16EE8FA63F96C6B9E6 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccGEvt.dll
17:16:25.0390 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccGEvt.dll - ok
17:16:25.0390 3404 [ B5966F1DFF6E20576F3C8C2D93D129FD ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
17:16:25.0390 3404 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe - ok
17:16:25.0406 3404 [ 9B9F1C38D559047B8AC0DBA2D5FEBDE9 ] C:\WINDOWS\system32\ksuser.dll
17:16:25.0406 3404 C:\WINDOWS\system32\ksuser.dll - ok
17:16:25.0406 3404 [ 93659F3B85CFED41825F609161CBF7FB ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\htec.dll
17:16:25.0406 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\htec.dll - ok
17:16:25.0406 3404 [ 08A73B0E7EE6E32983B5F9E540A8E380 ] C:\WINDOWS\system32\mscoree.dll
17:16:25.0406 3404 C:\WINDOWS\system32\mscoree.dll - ok
17:16:25.0421 3404 [ 5CC40498D6EA2D2E82D7617D06FE77EB ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ncwTrust.dll
17:16:25.0421 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ncwTrust.dll - ok
17:16:25.0421 3404 [ EEDDEF1A7623619FBED118E6A3A27DED ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSubEng.dll
17:16:25.0421 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSubEng.dll - ok
17:16:25.0437 3404 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
17:16:25.0437 3404 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll - ok
17:16:25.0437 3404 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
17:16:25.0437 3404 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll - ok
17:16:25.0437 3404 [ C371BD0997CE47CA32301D82BDCBF8DB ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\AVPSVC32.dll
17:16:25.0437 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\AVPSVC32.dll - ok
17:16:25.0453 3404 [ 50F76323253CE77DE6664AAAFAB02985 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\BHSvcPlg.dll
17:16:25.0453 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\BHSvcPlg.dll - ok
17:16:25.0453 3404 [ D34A527493F39AF4491B3E909DC697CA ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
17:16:25.0453 3404 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll - ok
17:16:25.0453 3404 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
17:16:25.0453 3404 C:\WINDOWS\system32\msi.dll - ok
17:16:25.0468 3404 [ 1C88CF5977C016A37BFAC1178DAA7822 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
17:16:25.0468 3404 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
17:16:25.0468 3404 [ 016E71D45E5421483CB262419E71DFD3 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccGLog.dll
17:16:25.0468 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccGLog.dll - ok
17:16:25.0484 3404 [ 3BC6F51501B1F96AB4B03AA2B5D032E5 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\SNDSvc.dll
17:16:25.0484 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\SNDSvc.dll - ok
17:16:25.0484 3404 [ BBF9D987A16A9CDA18DAF8CAA070A1D0 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coSvcPlg.dll
17:16:25.0484 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coSvcPlg.dll - ok
17:16:25.0484 3404 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
17:16:25.0484 3404 C:\WINDOWS\system32\cabinet.dll - ok
17:16:25.0500 3404 [ 91AD0140701CF93DE6FF520F32AF8078 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\isDataPr.dll
17:16:25.0500 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\isDataPr.dll - ok
17:16:25.0500 3404 [ DEC7885B2EF0966EA285C9A40E7AFBA4 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
17:16:25.0500 3404 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll - ok
17:16:25.0500 3404 [ 262C6C64BE5BC4B1E97A9675A562DBC4 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\cltLMC.dll
17:16:25.0500 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\cltLMC.dll - ok
17:16:25.0515 3404 [ 731F30A150DCDFA3C43DDDC3A639EC0F ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ISDataSv.dll
17:16:25.0515 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ISDataSv.dll - ok
17:16:25.0515 3404 [ 73C2FB42BD4040A90B683569AB633044 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CLTLMS.DLL
17:16:25.0515 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CLTLMS.DLL - ok
17:16:25.0531 3404 [ 9EB748E241AF1759C98F85FEAF15FBB7 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\FWGenPlg.dll
17:16:25.0531 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\FWGenPlg.dll - ok
17:16:25.0531 3404 [ E074D8EAD6CCD082295D1F4E6A1DADC8 ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
17:16:25.0531 3404 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll - ok
17:16:25.0531 3404 [ 03685E9EED7DC017F4986930ECE84BBB ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\SymRdrSv.dll
17:16:25.0531 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\SymRdrSv.dll - ok
17:16:25.0546 3404 [ 8B59FBBCE13B9A0BCFDCFAFAC962F621 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\AppMgr32.dll
17:16:25.0546 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\AppMgr32.dll - ok
17:16:25.0546 3404 [ E6A9C015DCB58D66E4E71FD74A008FF6 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\FWSetup.dll
17:16:25.0546 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\FWSetup.dll - ok
17:16:25.0546 3404 [ A1E45589FAC353D48CF8C342BFCBDDA3 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\hncore.dll
17:16:25.0546 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\hncore.dll - ok
17:16:25.0562 3404 [ EA1EA603902B1F5E30C2EEBCC974E799 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\AVModule.dll
17:16:25.0562 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\AVModule.dll - ok
17:16:25.0562 3404 [ 8C7D907F45B9799DB815600EDE58E7C7 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\FWHelper.dll
17:16:25.0562 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\FWHelper.dll - ok
17:16:25.0578 3404 [ 077F067C69073D1EBC84984E7FE5BA44 ] C:\WINDOWS\system32\msjetoledb40.dll
17:16:25.0578 3404 C:\WINDOWS\system32\msjetoledb40.dll - ok
17:16:25.0578 3404 [ B560A085EED4D5D72B039929F9AE4991 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
17:16:25.0578 3404 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
17:16:25.0578 3404 [ 9E70016C950B1F8FDEAA6F067E2E25A8 ] C:\WINDOWS\system32\msjet40.dll
17:16:25.0578 3404 C:\WINDOWS\system32\msjet40.dll - ok
17:16:25.0593 3404 [ AFDC647D16B285B9AE6140335B3B3255 ] C:\WINDOWS\system32\mswstr10.dll
17:16:25.0593 3404 C:\WINDOWS\system32\mswstr10.dll - ok
17:16:25.0593 3404 [ 0D14F07B29FBF0D750AA2495DD72B968 ] C:\WINDOWS\system32\msjter40.dll
17:16:25.0593 3404 C:\WINDOWS\system32\msjter40.dll - ok
17:16:25.0593 3404 [ 7E2B58CE8C4013287371667880B1080D ] C:\WINDOWS\system32\msjint40.dll
17:16:25.0593 3404 C:\WINDOWS\system32\msjint40.dll - ok
17:16:25.0609 3404 [ DC095DB6D468CB5B653E05F865487E57 ] C:\Program Files\Common Files\System\Ole DB\oledb32.dll
17:16:25.0609 3404 C:\Program Files\Common Files\System\Ole DB\oledb32.dll - ok
17:16:25.0609 3404 [ 7B37F8EC25C9AD853E8126C1D0992201 ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\msvcm90.dll
17:16:25.0609 3404 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\msvcm90.dll - ok
17:16:25.0625 3404 [ 01F0CBEB457CAE7EF0CA52C7CCA5B0E8 ] C:\WINDOWS\system32\msdart.dll
17:16:25.0625 3404 C:\WINDOWS\system32\msdart.dll - ok
17:16:25.0625 3404 [ F86A2C7C279C746D5C5E06941ED4C337 ] C:\Program Files\Common Files\System\Ole DB\oledb32r.dll
17:16:25.0625 3404 C:\Program Files\Common Files\System\Ole DB\oledb32r.dll - ok
17:16:25.0625 3404 [ 6F413C1D9581FFBC27DFBAF8D1E358B5 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\cltLMJ.dll
17:16:25.0625 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\cltLMJ.dll - ok
17:16:25.0640 3404 [ AA5607632A1A84ABD82EAA5929800F62 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\DefUtDCD.dll
17:16:25.0640 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\DefUtDCD.dll - ok
17:16:25.0640 3404 [ E5DE87DDDB8CBE4687EADF296E58452A ] C:\WINDOWS\system32\msjtes40.dll
17:16:25.0640 3404 C:\WINDOWS\system32\msjtes40.dll - ok
17:16:25.0656 3404 [ 8EE84D6B8CCB808834D7E41713520A9D ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ducclib.dll
17:16:25.0656 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ducclib.dll - ok
17:16:25.0656 3404 [ 72CADF7EE0722DAE4A6B98EEFEAC06BC ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
17:16:25.0656 3404 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll - ok
17:16:25.0656 3404 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
17:16:25.0656 3404 C:\WINDOWS\system32\cscui.dll - ok
17:16:25.0671 3404 [ CAFBD14F56A68E6C1A55C0EAC7E487FA ] C:\WINDOWS\system32\vbajet32.dll
17:16:25.0671 3404 C:\WINDOWS\system32\vbajet32.dll - ok
17:16:25.0671 3404 [ BE87245CE60329B31C94F1B4236E5832 ] C:\WINDOWS\system32\expsrv.dll
17:16:25.0671 3404 C:\WINDOWS\system32\expsrv.dll - ok
17:16:25.0671 3404 [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll
17:16:25.0671 3404 C:\WINDOWS\system32\dpcdll.dll - ok
17:16:25.0687 3404 [ 23DC7C3D5C991720CC0F0CA4FD77F77F ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\AVifc.dll
17:16:25.0687 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\AVifc.dll - ok
17:16:25.0687 3404 [ 2C2BE6006C058AD0D5031B0D1867959F ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\BHClient.dll
17:16:25.0687 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\BHClient.dll - ok
17:16:25.0703 3404 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
17:16:25.0703 3404 C:\WINDOWS\system32\userinit.exe - ok
17:16:25.0703 3404 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
17:16:25.0703 3404 C:\WINDOWS\system32\spoolss.dll - ok
17:16:25.0703 3404 [ B1296D52B0D2096EC4759EEEB806D759 ] C:\WINDOWS\system32\WgaTray.exe
17:16:25.0703 3404 C:\WINDOWS\system32\WgaTray.exe - ok
17:16:25.0718 3404 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
17:16:25.0718 3404 C:\WINDOWS\explorer.exe - ok
17:16:25.0718 3404 [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
17:16:25.0718 3404 C:\WINDOWS\system32\localspl.dll - ok
17:16:25.0734 3404 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
17:16:25.0734 3404 C:\WINDOWS\system32\cnbjmon.dll - ok
17:16:25.0734 3404 [ B7A48556EB302CD02A725D2D425F2D0C ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
17:16:25.0734 3404 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll - ok
17:16:25.0734 3404 [ A00AD60B3A58868FCACC04F9EBD4F291 ] C:\WINDOWS\system32\hptcpmon.dll
17:16:25.0734 3404 C:\WINDOWS\system32\hptcpmon.dll - ok
17:16:25.0750 3404 [ D102AD7C62914BAB318C57D4080A0F8B ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\uiHost.dll
17:16:25.0750 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\uiHost.dll - ok
17:16:25.0750 3404 [ 9B36E3D7EC78BA7512C54D9FE725B11B ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\NPCTray.dll
17:16:25.0750 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\NPCTray.dll - ok
17:16:25.0750 3404 [ 80CAECD939497A17BD8CEEDD94691B40 ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFMEIPC.dll
17:16:25.0750 3404 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFMEIPC.dll - ok
17:16:25.0765 3404 [ 46517ABDF6EDA06B6469E234E0AE2527 ] C:\WINDOWS\system32\hpzjsn01.dll
17:16:25.0765 3404 C:\WINDOWS\system32\hpzjsn01.dll - ok
17:16:25.0765 3404 [ 4D03CA609E68F4C90CF66515218017F8 ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\msvcr90.dll
17:16:25.0765 3404 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\msvcr90.dll - ok
17:16:25.0781 3404 [ 81D072F09D6243824F7DE6C4A430CFDE ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\AVPAPP32.dll
17:16:25.0781 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\AVPAPP32.dll - ok
17:16:25.0781 3404 [ 92F0088CA18BB08BB596EF2608256F8A ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
17:16:25.0781 3404 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe - ok
17:16:25.0781 3404 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
17:16:25.0781 3404 C:\WINDOWS\system32\wsock32.dll - ok
17:16:25.0796 3404 [ DFCFD79107AAF8676C93B828D1767067 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coDataPr.dll
17:16:25.0796 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coDataPr.dll - ok
17:16:25.0796 3404 [ DE515A126F211B054413C0BDD034B55D ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\asOEHook.dll
17:16:25.0796 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\asOEHook.dll - ok
17:16:25.0796 3404 [ 277F3E3333F1D10CA428568197FCCE70 ] C:\WINDOWS\system32\wsnmp32.dll
17:16:25.0796 3404 C:\WINDOWS\system32\wsnmp32.dll - ok
17:16:25.0812 3404 [ FE06336D43CEB0267D6A4C602736DE73 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccEmlPxy.dll
17:16:25.0812 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccEmlPxy.dll - ok
17:16:25.0812 3404 [ 76848CB1AA5818DB47D5F5986E0A7485 ] C:\WINDOWS\system32\mfc42.dll
17:16:25.0812 3404 C:\WINDOWS\system32\mfc42.dll - ok
17:16:25.0812 3404 [ 00C143D93BDD790EFF4677BD6D7C0927 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\cltAlDis.dll
17:16:25.0812 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\cltAlDis.dll - ok
17:16:25.0828 3404 [ 4D03CA609E68F4C90CF66515218017F8 ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\msvcr90.dll
17:16:25.0828 3404 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\msvcr90.dll - ok
17:16:25.0828 3404 [ 49C3DD09BD9FC7EFE89B5C2F2DE88313 ] C:\WINDOWS\system32\browseui.dll
17:16:25.0828 3404 C:\WINDOWS\system32\browseui.dll - ok
17:16:25.0843 3404 [ 3FBCF53FB4E70C2BAB7E22CF252A6019 ] C:\Program Files\Norton Internet Security\MUI\16.8.0.41\09\01\cltRes.loc
17:16:25.0843 3404 C:\Program Files\Norton Internet Security\MUI\16.8.0.41\09\01\cltRes.loc - ok
17:16:25.0843 3404 [ 643A8A3F3A94E7E6D0B41E9932D1013A ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\SymRedir.dll
17:16:25.0843 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\SymRedir.dll - ok
17:16:25.0843 3404 [ 0EBC66039AE6D33E2542D0F8C8B6E305 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
17:16:25.0843 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll - ok
17:16:25.0859 3404 [ 594FE8289EA3D62A27DE73D3F4FE23B1 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\FWSesAl.dll
17:16:25.0859 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\FWSesAl.dll - ok
17:16:25.0859 3404 [ 807A60A2DDC40299EF8CF5F4FE6462CC ] C:\WINDOWS\system32\shdocvw.dll
17:16:25.0859 3404 C:\WINDOWS\system32\shdocvw.dll - ok
17:16:25.0859 3404 [ B31A568075685F11B0883890DC541A2B ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\AcctMgr.dll
17:16:25.0859 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\AcctMgr.dll - ok
17:16:25.0875 3404 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
17:16:25.0875 3404 C:\WINDOWS\system32\cryptnet.dll - ok
17:16:25.0875 3404 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
17:16:25.0875 3404 C:\WINDOWS\system32\sensapi.dll - ok
17:16:25.0890 3404 [ 04D9B4C1065103B4A636EC264B875CC9 ] C:\WINDOWS\system32\hpzjfw01.dll
17:16:25.0890 3404 C:\WINDOWS\system32\hpzjfw01.dll - ok
17:16:25.0890 3404 [ BC87DB4759083525F96A159861670C5E ] C:\WINDOWS\system32\dinput.dll
17:16:25.0890 3404 C:\WINDOWS\system32\dinput.dll - ok
17:16:25.0890 3404 [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
17:16:25.0890 3404 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
17:16:25.0906 3404 [ CC26451A90025F6C55F64146C333DEA5 ] C:\WINDOWS\system32\LegitCheckControl.dll
17:16:25.0906 3404 C:\WINDOWS\system32\LegitCheckControl.dll - ok
17:16:25.0906 3404 [ 7B37F8EC25C9AD853E8126C1D0992201 ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\msvcm90.dll
17:16:25.0906 3404 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\msvcm90.dll - ok
17:16:25.0906 3404 [ 23B5E7F5C4C71D7143A50DDF67071D7A ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\SDKCmn.dll
17:16:25.0906 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\SDKCmn.dll - ok
17:16:25.0921 3404 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
17:16:25.0921 3404 C:\WINDOWS\system32\desk.cpl - ok
17:16:25.0921 3404 [ 1AFBDE72E62E51B30C0B0F47946CE0DB ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\asFilter.dll
17:16:25.0921 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\asFilter.dll - ok
17:16:25.0937 3404 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
17:16:25.0937 3404 C:\WINDOWS\system32\themeui.dll - ok
17:16:25.0937 3404 [ 471D9B5EA8F341A9D0ADD802C2D6B026 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\asUniPlg.dll
17:16:25.0937 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\asUniPlg.dll - ok
17:16:25.0937 3404 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
17:16:25.0937 3404 C:\WINDOWS\system32\actxprxy.dll - ok
17:16:25.0953 3404 [ 88F0C369A517FB29D6D4B84FCA5ECC4C ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
17:16:25.0953 3404 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll - ok
17:16:25.0953 3404 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
17:16:25.0953 3404 C:\WINDOWS\system32\shfolder.dll - ok
17:16:25.0953 3404 [ 6D16B419539602E71DC3078B6B906633 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\uiAlert.dll
17:16:25.0953 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\uiAlert.dll - ok
17:16:25.0968 3404 [ F9D82B82F1B7C0B2D2606A987073F58C ] C:\PROGRA~1\WIFD1F~1\MpShHook.dll
17:16:25.0968 3404 C:\PROGRA~1\WIFD1F~1\MpShHook.dll - ok
17:16:25.0968 3404 [ 1ECF67C541730A6A11378857D002A887 ] C:\WINDOWS\system32\hptcpmui.dll
17:16:25.0968 3404 C:\WINDOWS\system32\hptcpmui.dll - ok
17:16:25.0984 3404 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
17:16:25.0984 3404 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
17:16:25.0984 3404 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
17:16:25.0984 3404 C:\WINDOWS\system32\vssapi.dll - ok
17:16:25.0984 3404 [ 37F339B64F19E2775284ED7161B96683 ] C:\Program Files\Zune\ZuneBusEnum.exe
17:16:25.0984 3404 C:\Program Files\Zune\ZuneBusEnum.exe - ok
17:16:26.0000 3404 [ D1E18F4AE94FFEC7270BE0A10C0B295E ] C:\WINDOWS\system32\xmllite.dll
17:16:26.0000 3404 C:\WINDOWS\system32\xmllite.dll - ok
17:16:26.0000 3404 [ 2849F13593D2712CCB97FFBDD3C1232E ] C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
17:16:26.0000 3404 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - ok
17:16:26.0000 3404 [ D959AAFC3AB1291534FF564403C49CF4 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\NPCStatus.dll
17:16:26.0000 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\NPCStatus.dll - ok
17:16:26.0015 3404 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
17:16:26.0015 3404 C:\WINDOWS\system32\wuauserv.dll - ok
17:16:26.0015 3404 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
17:16:26.0015 3404 C:\WINDOWS\system32\wuaueng.dll - ok
17:16:26.0031 3404 [ 80CAECD939497A17BD8CEEDD94691B40 ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFMEIPC.dll
17:16:26.0031 3404 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFMEIPC.dll - ok
17:16:26.0031 3404 [ EAC42C5C98AC7E90313065C195655161 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\AVMail.dll
17:16:26.0031 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\AVMail.dll - ok
17:16:26.0031 3404 [ 58A2C50790F4D39BCE7843A64E6CAAC2 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\hsui.dll
17:16:26.0031 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\hsui.dll - ok
17:16:26.0046 3404 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
17:16:26.0046 3404 C:\WINDOWS\system32\mspatcha.dll - ok
17:16:26.0046 3404 [ 27D461B6E801CE63180B172A8BD542BA ] C:\WINDOWS\system32\msvcr71.dll
17:16:26.0046 3404 C:\WINDOWS\system32\msvcr71.dll - ok
17:16:26.0046 3404 [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
17:16:26.0046 3404 C:\WINDOWS\system32\ipnathlp.dll - ok
17:16:26.0062 3404 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
17:16:26.0062 3404 C:\WINDOWS\system32\comsvcs.dll - ok
17:16:26.0062 3404 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
17:16:26.0062 3404 C:\WINDOWS\system32\colbact.dll - ok
17:16:26.0062 3404 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
17:16:26.0062 3404 C:\WINDOWS\system32\cmd.exe - ok
17:16:26.0078 3404 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
17:16:26.0078 3404 C:\WINDOWS\system32\mtxclu.dll - ok
17:16:26.0078 3404 [ 315C344EA1EC71AE6DB4BB4567D912EF ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\XP\Shadow.dll
17:16:26.0078 3404 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\XP\Shadow.dll - ok
17:16:26.0093 3404 [ DF14AE992FB2D699251844548E75D7DF ] C:\WINDOWS\system32\hptcpmib.dll
17:16:26.0093 3404 C:\WINDOWS\system32\hptcpmib.dll - ok
17:16:26.0093 3404 [ 7C7DAC44271CC9BC18A35922DEED4559 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\cltui.dll
17:16:26.0093 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\cltui.dll - ok
17:16:26.0093 3404 [ 16F96C1496CBD0965285AB19A9271D02 ] C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
17:16:26.0093 3404 C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - ok
17:16:26.0109 3404 [ CE5BC065C74C0A49486664CF71E0CA0A ] C:\WINDOWS\system32\ieframe.dll
17:16:26.0109 3404 C:\WINDOWS\system32\ieframe.dll - ok
17:16:26.0109 3404 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
17:16:26.0109 3404 C:\WINDOWS\system32\clusapi.dll - ok
17:16:26.0109 3404 [ 1E744353BD534405187A404667DA3DC3 ] C:\WINDOWS\system32\mgmtapi.dll
17:16:26.0109 3404 C:\WINDOWS\system32\mgmtapi.dll - ok
17:16:26.0125 3404 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
17:16:26.0125 3404 C:\WINDOWS\system32\resutils.dll - ok
17:16:26.0125 3404 [ 5C1F0537E61F87B435F56E00B4F20EE8 ] C:\WINDOWS\system32\snmpapi.dll
17:16:26.0125 3404 C:\WINDOWS\system32\snmpapi.dll - ok
17:16:26.0140 3404 [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
17:16:26.0140 3404 C:\WINDOWS\system32\wscsvc.dll - ok
17:16:26.0140 3404 [ 322FD75A97DBA67FC8F97A9957F857F1 ] C:\WINDOWS\system32\mdimon.dll
17:16:26.0140 3404 C:\WINDOWS\system32\mdimon.dll - ok
17:16:26.0140 3404 [ 2B8B64AA14F817BDF3E3204FB041A61D ] C:\WINDOWS\system32\mtxoci.dll
17:16:26.0140 3404 C:\WINDOWS\system32\mtxoci.dll - ok
17:16:26.0156 3404 [ 991396D824FAC404820759F6E1809134 ] C:\WINDOWS\system32\hpz3l043.dll
17:16:26.0156 3404 C:\WINDOWS\system32\hpz3l043.dll - ok
17:16:26.0156 3404 [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
17:16:26.0156 3404 C:\WINDOWS\system32\browser.dll - ok
17:16:26.0156 3404 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
17:16:26.0156 3404 C:\WINDOWS\system32\pjlmon.dll - ok
17:16:26.0171 3404 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
17:16:26.0171 3404 C:\WINDOWS\system32\tcpmon.dll - ok
17:16:26.0171 3404 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
17:16:26.0171 3404 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
17:16:26.0187 3404 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
17:16:26.0187 3404 C:\WINDOWS\system32\usbmon.dll - ok
17:16:26.0187 3404 [ 6B184BDCECB71A4EB7081CF3C9196587 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\isPwd.dll
17:16:26.0187 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\isPwd.dll - ok
17:16:26.0187 3404 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
17:16:26.0187 3404 C:\WINDOWS\system32\wbem\esscli.dll - ok
17:16:26.0203 3404 [ 0AE4D7DA96EEE23F81C279466EA74232 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp043.dll
17:16:26.0203 3404 C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp043.dll - ok
17:16:26.0203 3404 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
17:16:26.0203 3404 C:\WINDOWS\system32\wbem\fastprox.dll - ok
17:16:26.0203 3404 [ 710F40CF88AA7A1FE5A15BA09EDB8DD7 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\SymHTML.dll
17:16:26.0203 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\SymHTML.dll - ok
17:16:26.0218 3404 [ EA8647A21BCB56C5F15712D4B7407501 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
17:16:26.0218 3404 C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok
17:16:26.0218 3404 [ 397D3EF4842D6454FA68218438165A5D ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
17:16:26.0218 3404 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll - ok
17:16:26.0234 3404 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
17:16:26.0234 3404 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
17:16:26.0234 3404 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
17:16:26.0234 3404 C:\WINDOWS\system32\win32spl.dll - ok
17:16:26.0234 3404 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
17:16:26.0234 3404 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
17:16:26.0250 3404 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
17:16:26.0250 3404 C:\WINDOWS\system32\wups.dll - ok
17:16:26.0250 3404 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
17:16:26.0250 3404 C:\WINDOWS\system32\netrap.dll - ok
17:16:26.0250 3404 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
17:16:26.0250 3404 C:\WINDOWS\system32\wups2.dll - ok
17:16:26.0265 3404 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
17:16:26.0265 3404 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
17:16:26.0265 3404 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
17:16:26.0265 3404 C:\WINDOWS\system32\inetpp.dll - ok
17:16:26.0281 3404 [ 9E03DC5AB51CFD0190541CE2038D819D ] C:\WINDOWS\system32\usp10.dll
17:16:26.0281 3404 C:\WINDOWS\system32\usp10.dll - ok
17:16:26.0281 3404 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
17:16:26.0281 3404 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
17:16:26.0281 3404 [ 35A936C7C029A5B705D3FFD40518D660 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
17:16:26.0281 3404 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll - ok
17:16:26.0296 3404 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
17:16:26.0296 3404 C:\WINDOWS\system32\wuauclt.exe - ok
17:16:26.0296 3404 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
17:16:26.0296 3404 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
17:16:26.0296 3404 [ 1793CC660605F63B14FB96C7707F75BA ] C:\WINDOWS\system32\perfproc.dll
17:16:26.0296 3404 C:\WINDOWS\system32\perfproc.dll - ok
17:16:26.0312 3404 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
17:16:26.0312 3404 C:\WINDOWS\system32\wbem\wbemess.dll - ok
17:16:26.0312 3404 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
17:16:26.0312 3404 C:\WINDOWS\system32\linkinfo.dll - ok
17:16:26.0312 3404 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
17:16:26.0312 3404 C:\WINDOWS\system32\ntshrui.dll - ok
17:16:26.0328 3404 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
17:16:26.0328 3404 C:\WINDOWS\system32\wuapi.dll - ok
17:16:26.0328 3404 [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
17:16:26.0328 3404 C:\WINDOWS\system32\termsrv.dll - ok
17:16:26.0343 3404 [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
17:16:26.0343 3404 C:\WINDOWS\system32\icaapi.dll - ok
17:16:26.0343 3404 [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
17:16:26.0343 3404 C:\WINDOWS\system32\mstlsapi.dll - ok
17:16:26.0343 3404 [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
17:16:26.0343 3404 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
17:16:26.0359 3404 [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
17:16:26.0359 3404 C:\WINDOWS\system32\alg.exe - ok
17:16:26.0359 3404 [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe
17:16:26.0359 3404 C:\WINDOWS\system32\rundll32.exe - ok
17:16:26.0359 3404 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
17:16:26.0359 3404 C:\WINDOWS\system32\wbem\ncprov.dll - ok
17:16:26.0375 3404 [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
17:16:26.0375 3404 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
17:16:26.0375 3404 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
17:16:26.0375 3404 C:\WINDOWS\system32\netcfgx.dll - ok
17:16:26.0390 3404 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
17:16:26.0390 3404 C:\WINDOWS\system32\wbem\framedyn.dll - ok
17:16:26.0390 3404 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
17:16:26.0390 3404 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
17:16:26.0390 3404 [ 6895427873D6C37A6D6DA7C3DB37DA14 ] C:\WINDOWS\system32\licwmi.dll
17:16:26.0390 3404 C:\WINDOWS\system32\licwmi.dll - ok
17:16:26.0406 3404 [ A693A49A67673F2C8D76797EA9A628D0 ] C:\WINDOWS\system32\licdll.dll
17:16:26.0406 3404 C:\WINDOWS\system32\licdll.dll - ok
17:16:26.0406 3404 [ 9892E0D72EEDF3DA1CDCFDAC318D556C ] C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
17:16:26.0406 3404 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll - ok
17:16:26.0406 3404 [ 17F178E166DB05459414CA343AAC7665 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
17:16:26.0406 3404 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll - ok
17:16:26.0421 3404 [ F054572A92573CA32D5F3AA8C15D2BAC ] C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
17:16:26.0421 3404 C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll - ok
17:16:26.0421 3404 [ A0AE7F043497C9971E9D7FE291099D40 ] C:\WINDOWS\system32\msxml6.dll
17:16:26.0421 3404 C:\WINDOWS\system32\msxml6.dll - ok
17:16:26.0437 3404 [ 4EE9F3D2FDE794FBEDEC0C93AA76473C ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll
17:16:26.0437 3404 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll - ok
17:16:26.0437 3404 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
17:16:26.0437 3404 C:\WINDOWS\system32\cfgmgr32.dll - ok
17:16:26.0437 3404 [ 8563F5A4F6342BA64E7C398F7EFCC350 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
17:16:26.0437 3404 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll - ok
17:16:26.0453 3404 [ ABBA57E1E6AD1F3F8E7287C045185A06 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\badd66e1d2b8416e9bb868ad059203c6\System.Configuration.Install.ni.dll
17:16:26.0453 3404 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\badd66e1d2b8416e9bb868ad059203c6\System.Configuration.Install.ni.dll - ok
17:16:26.0453 3404 [ F030692775552FBF2337B45FCC985B40 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\f00a18225430e7531135589688d650a1\Microsoft.VisualC.ni.dll
17:16:26.0453 3404 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\f00a18225430e7531135589688d650a1\Microsoft.VisualC.ni.dll - ok
17:16:26.0453 3404 [ 1D52BCAF65EC439C735ED109431D1C09 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
17:16:26.0453 3404 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll - ok
17:16:26.0468 3404 [ 3B347F16CB6CB646BFB1F1558F013DF2 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
17:16:26.0468 3404 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll - ok
17:16:26.0468 3404 [ 2BEC840EEE66B691E355F3F53DA22DFF ] C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\deploy.dll
17:16:26.0468 3404 C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\deploy.dll - ok
17:16:26.0484 3404 [ FE0605AD6C19F84CF10CE0F6F24BB376 ] C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2native.dll
17:16:26.0484 3404 C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2native.dll - ok
17:16:26.0484 3404 [ AD6B1A69B0CCCF27A792F4C00740D24D ] C:\DOCUME~1\JACKKI~1\LOCALS~1\temp\C7D8B1B4-38A4-43C5-B1AB-5BC325C5CC80.exe
17:16:26.0484 3404 C:\DOCUME~1\JACKKI~1\LOCALS~1\temp\C7D8B1B4-38A4-43C5-B1AB-5BC325C5CC80.exe - ok
17:16:26.0484 3404 [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
17:16:26.0484 3404 C:\WINDOWS\system32\msutb.dll - ok
17:16:26.0500 3404 [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\msctf.dll
17:16:26.0500 3404 C:\WINDOWS\system32\msctf.dll - ok
17:16:26.0500 3404 [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
17:16:26.0500 3404 C:\WINDOWS\system32\verclsid.exe - ok
17:16:26.0500 3404 [ F962048521364AD7CA99A02626474B56 ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccScanw.dll
17:16:26.0500 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccScanw.dll - ok
17:16:26.0515 3404 [ 67F5A45225F4A322E96CEE25825A512D ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ecmldr32.DLL
17:16:26.0515 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ecmldr32.DLL - ok
17:16:26.0515 3404 [ 9EC8510AB428F079BFCC96A7B2F8709C ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120913.002\ecmsvr32.dll
17:16:26.0515 3404 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120913.002\ecmsvr32.dll - ok
17:16:26.0531 3404 [ 69F88751C739AE79908B5BFCE8D9915B ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120913.002\navex32a.dll
17:16:26.0531 3404 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120913.002\navex32a.dll - ok
17:16:26.0531 3404 [ C84A5C60883395B875F01140F48BB887 ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120913.002\naveng32.dll
17:16:26.0531 3404 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120913.002\naveng32.dll - ok
17:16:26.0531 3404 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
17:16:26.0531 3404 C:\WINDOWS\system32\upnp.dll - ok
17:16:26.0546 3404 [ 1AD744F81173A6A0CA9BE52C8F8D5CDE ] C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe
17:16:26.0546 3404 C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe - ok
17:16:26.0546 3404 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
17:16:26.0546 3404 C:\WINDOWS\system32\ssdpapi.dll - ok
17:16:26.0546 3404 [ B57B08FE0F58D6169156E6E659C59636 ] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
17:16:26.0546 3404 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe - ok
17:16:26.0562 3404 [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
17:16:26.0562 3404 C:\WINDOWS\system32\drivers\http.sys - ok
17:16:26.0562 3404 [ 5BD2DA256A68E99622D6968330DCC461 ] C:\Program Files\Zune\ZuneLauncher.exe
17:16:26.0562 3404 C:\Program Files\Zune\ZuneLauncher.exe - ok
17:16:26.0578 3404 [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
17:16:26.0578 3404 C:\WINDOWS\system32\ssdpsrv.dll - ok
17:16:26.0578 3404 [ 247DB572DC621871409F483FA87E7642 ] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
17:16:26.0578 3404 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe - ok
17:16:26.0578 3404 [ 24E8B83FA1AE7D406285B5E598A9E304 ] C:\Program Files\Zune\ZuneCfg.dll
17:16:26.0578 3404 C:\Program Files\Zune\ZuneCfg.dll - ok
17:16:26.0593 3404 [ 96755F31CEB74885F69A2132FCE91F99 ] C:\Program Files\PeerBlock\peerblock.exe
17:16:26.0593 3404 C:\Program Files\PeerBlock\peerblock.exe - ok
17:16:26.0593 3404 [ 959D1653DDFE013C85AB93B9F80D5A2B ] C:\WINDOWS\system32\nvgfx.dll
17:16:26.0593 3404 C:\WINDOWS\system32\nvgfx.dll - ok
17:16:26.0593 3404 [ 2BD3EDED27290E1DA434D056BAED8DF3 ] C:\Program Files\Zune\ZuneShellExt.dll
17:16:26.0593 3404 C:\Program Files\Zune\ZuneShellExt.dll - ok
17:16:26.0609 3404 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe
17:16:26.0609 3404 C:\WINDOWS\system32\ctfmon.exe - ok
17:16:26.0609 3404 [ 88BEEF09C654252F3E46B6167B7F4ECB ] C:\WINDOWS\system32\msisip.dll
17:16:26.0609 3404 C:\WINDOWS\system32\msisip.dll - ok
17:16:26.0625 3404 [ 3A6D465F379E5C815F4AD565391E654C ] C:\WINDOWS\system32\wshext.dll
17:16:26.0625 3404 C:\WINDOWS\system32\wshext.dll - ok
17:16:26.0625 3404 [ 9BAA2B22CC294C8136F89B80EC831405 ] C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPBUS.dll
17:16:26.0625 3404 C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPBUS.dll - ok
17:16:26.0625 3404 [ F0B2B3E5AB437D32BA5977DFA731AFD1 ] C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPC95.dll
17:16:26.0625 3404 C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPC95.dll - ok
17:16:26.0640 3404 [ 389B6B57AC3A25D2D838275D2B5FE007 ] C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPSVC.dll
17:16:26.0640 3404 C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPSVC.dll - ok
17:16:26.0640 3404 [ 61BED0E3C7A26F3954CBD3FBB0772882 ] C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\hpjcmn1.dll
17:16:26.0640 3404 C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\hpjcmn1.dll - ok
17:16:26.0640 3404 [ 69818DDB1C025BC6AB885D60EFE0A5CA ] C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\hpjpts1.dll
17:16:26.0640 3404 C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\hpjpts1.dll - ok
17:16:26.0656 3404 [ 29E799FD6CE6FA1AC08502068927A7AE ] C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\hpjsnm1.dll
17:16:26.0656 3404 C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\hpjsnm1.dll - ok
17:16:26.0656 3404 [ 40FA2F035ED88108850757CA51DAD942 ] C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL
17:16:26.0656 3404 C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL - ok
17:16:26.0671 3404 [ 63E8D944AFBEEBB243F25C4ED07E74C5 ] C:\WINDOWS\system32\inetmib1.dll
17:16:26.0671 3404 C:\WINDOWS\system32\inetmib1.dll - ok
17:16:26.0671 3404 [ 4EA92135C436D18975C2EBEC242B71DA ] C:\WINDOWS\system32\icmp.dll
17:16:26.0671 3404 C:\WINDOWS\system32\icmp.dll - ok
17:16:26.0671 3404 [ F415C0541CD53C453E61E2D7375CAF8F ] C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
17:16:26.0671 3404 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe - ok
17:16:26.0687 3404 [ B0225D4B3CB92D307E46E0DF3448C8B9 ] C:\Program Files\VCOM\PowerDesk\pddlghlp.exe
17:16:26.0687 3404 C:\Program Files\VCOM\PowerDesk\pddlghlp.exe - ok
17:16:26.0687 3404 [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\sptip.dll
17:16:26.0687 3404 C:\WINDOWS\ime\sptip.dll - ok
17:16:26.0687 3404 [ B7C7FA3BEDE83AC5F1DE03B30D494CC1 ] C:\WINDOWS\system32\httpapi.dll
17:16:26.0687 3404 C:\WINDOWS\system32\httpapi.dll - ok
17:16:26.0703 3404 [ 6FBCB6B19A77F42A2F9D9D713D3460C5 ] C:\Program Files\SlySoft\AnyDVD\AnyDialog.dll
17:16:26.0703 3404 C:\Program Files\SlySoft\AnyDVD\AnyDialog.dll - ok
17:16:26.0703 3404 [ D9A423EDB302B82E5FB0D97B2085968E ] C:\Program Files\VCOM\PowerDesk\MXPM.dll
17:16:26.0703 3404 C:\Program Files\VCOM\PowerDesk\MXPM.dll - ok
17:16:26.0718 3404 [ C4EDB78883828E664650022C67FF95F2 ] C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WdNetworkDiscovery.dll
17:16:26.0718 3404 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WdNetworkDiscovery.dll - ok
17:16:26.0718 3404 [ 6100A808600F44D999CEBDEF8841C7A3 ] C:\WINDOWS\system32\w3ssl.dll
17:16:26.0718 3404 C:\WINDOWS\system32\w3ssl.dll - ok
17:16:26.0718 3404 [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
17:16:26.0718 3404 C:\WINDOWS\system32\oledlg.dll - ok
17:16:26.0734 3404 [ 4A93B65CFB514F2EA76B59568D5F39CE ] C:\WINDOWS\system32\strmfilt.dll
17:16:26.0734 3404 C:\WINDOWS\system32\strmfilt.dll - ok
17:16:26.0734 3404 [ D6861D0ED028ED06DAE3EF30A6B4803D ] C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTRE.dll
17:16:26.0734 3404 C:\Program Files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTRE.dll - ok
17:16:26.0750 3404 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\01391060.sys
17:16:26.0750 3404 C:\WINDOWS\system32\drivers\01391060.sys - ok
17:16:26.0750 3404 [ 731F22BA402EE4B62748ADAF6363C182 ] C:\WINDOWS\system32\drivers\ipfltdrv.sys
17:16:26.0750 3404 C:\WINDOWS\system32\drivers\ipfltdrv.sys - ok
17:16:26.0750 3404 [ BA72A2E541FD909CBFAB4DC0DB9C5A1D ] C:\Program Files\VCOM\PowerDesk\pddlghlp.dll
17:16:26.0750 3404 C:\Program Files\VCOM\PowerDesk\pddlghlp.dll - ok
17:16:26.0765 3404 [ EA219C435FEF097663B8D9FCA2BF172B ] C:\WINDOWS\system32\ElbyCDIO.dll
17:16:26.0765 3404 C:\WINDOWS\system32\ElbyCDIO.dll - ok
17:16:26.0765 3404 [ 98E53CA00D3C0A2E9FAA4E59C101AEBA ] C:\WINDOWS\system32\mslbui.dll
17:16:26.0765 3404 C:\WINDOWS\system32\mslbui.dll - ok
17:16:26.0765 3404 [ 61A5701E3F543861B21BBE0932C4CC03 ] C:\Program Files\PeerBlock\pbfilter.sys
17:16:26.0765 3404 C:\Program Files\PeerBlock\pbfilter.sys - ok
17:16:26.0781 3404 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
17:16:26.0781 3404 C:\WINDOWS\system32\webcheck.dll - ok
17:16:26.0781 3404 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
17:16:26.0781 3404 C:\WINDOWS\system32\mlang.dll - ok
17:16:26.0781 3404 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
17:16:26.0781 3404 C:\WINDOWS\system32\stobject.dll - ok
17:16:26.0796 3404 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
17:16:26.0796 3404 C:\WINDOWS\system32\batmeter.dll - ok
17:16:26.0796 3404 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\system32\imapi.exe
17:16:26.0796 3404 C:\WINDOWS\system32\imapi.exe - ok
17:16:26.0812 3404 [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
17:16:26.0812 3404 C:\WINDOWS\system32\WPDShServiceObj.dll - ok
17:16:26.0812 3404 [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
17:16:26.0812 3404 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
17:16:26.0812 3404 [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
17:16:26.0812 3404 C:\WINDOWS\system32\PortableDeviceApi.dll - ok
17:16:26.0828 3404 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
17:16:26.0828 3404 C:\WINDOWS\system32\rasdlg.dll - ok
17:16:26.0828 3404 [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
17:16:26.0828 3404 C:\WINDOWS\system32\tapisrv.dll - ok
17:16:26.0828 3404 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
17:16:26.0828 3404 C:\WINDOWS\system32\rasmans.dll - ok
17:16:26.0843 3404 [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
17:16:26.0843 3404 C:\WINDOWS\system32\rastapi.dll - ok
17:16:26.0843 3404 [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
17:16:26.0843 3404 C:\WINDOWS\system32\unimdm.tsp - ok
17:16:26.0859 3404 [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
17:16:26.0859 3404 C:\WINDOWS\system32\uniplat.dll - ok
17:16:26.0859 3404 [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
17:16:26.0859 3404 C:\WINDOWS\system32\kmddsp.tsp - ok
17:16:26.0859 3404 [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
17:16:26.0859 3404 C:\WINDOWS\system32\ndptsp.tsp - ok
17:16:26.0875 3404 [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
17:16:26.0875 3404 C:\WINDOWS\system32\security.dll - ok
17:16:26.0875 3404 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
17:16:26.0875 3404 C:\WINDOWS\system32\ipconf.tsp - ok
17:16:26.0875 3404 [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
17:16:26.0875 3404 C:\WINDOWS\system32\h323.tsp - ok
17:16:26.0890 3404 [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
17:16:26.0890 3404 C:\WINDOWS\system32\hidphone.tsp - ok
17:16:26.0890 3404 [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
17:16:26.0890 3404 C:\WINDOWS\system32\rasppp.dll - ok
17:16:26.0906 3404 [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
17:16:26.0906 3404 C:\WINDOWS\system32\ntlsapi.dll - ok
17:16:26.0906 3404 [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll
17:16:26.0906 3404 C:\WINDOWS\system32\wbem\wmipcima.dll - ok
17:16:26.0906 3404 [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
17:16:26.0906 3404 C:\WINDOWS\system32\rasqec.dll - ok
17:16:26.0921 3404 [ F775C71952D199D4FCE688702B73343C ] C:\Program Files\Norton Internet Security\Engine\16.8.3.6\QBackup.dll
17:16:26.0921 3404 C:\Program Files\Norton Internet Security\Engine\16.8.3.6\QBackup.dll - ok
17:16:26.0921 3404 ============================================================
17:16:26.0921 3404 Scan finished
17:16:26.0921 3404 ============================================================
17:16:27.0031 2612 Detected object count: 9
17:16:27.0031 2612 Actual detected object count: 9
17:17:32.0828 2612 ElbyDelay ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:32.0828 2612 ElbyDelay ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:32.0828 2612 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:32.0828 2612 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:32.0828 2612 OMCI ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:32.0828 2612 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:32.0828 2612 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:32.0828 2612 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:32.0828 2612 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:32.0828 2612 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:32.0828 2612 spkrmon ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:32.0828 2612 spkrmon ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:32.0843 2612 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:32.0843 2612 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:32.0843 2612 WDFME ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:32.0843 2612 WDFME ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:32.0843 2612 WDSC ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:32.0843 2612 WDSC ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:20:35.0687 3520 Deinitialize success

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,010 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:17 PM

Posted 13 September 2012 - 05:02 PM

Greetings BeatlesFanatic9,

It is necessary to dig a little deeper into your computer.

Please do this.


===================================================


xPUD MBR Report

--------------------

Start this from a clean computer. You will need a USB drive with no less than 64 mb of space.

  • Insert your USB drive. Caution: The next step will remove all information from your USB device.
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Download xPUD 0.9.2 iso, saving the file to your Desktop. (please allow a few seconds for the download window to appear)
  • Download UNetbootin and save it to your Desktop as well. (please allow a few seconds for the download window to appear)
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded.
  • Press Run
  • Select the Diskimage Option then click the Browse Button located on the right side of the textbox field.


    Posted Image

  • Browse to and double click the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot, instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Right click this dumpit link, select "save link/target as", and save the file directly to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Use the arrow down key on your keyboard to highlight USB, the press Enter
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Click on sdb1 (sdb1 represents the USB drive). If it is not there remove the USB device for 5 seconds then reinsert.
  • Double click on the Dumpit file
  • A black window will pop-up and it will dump and zip the MBR to your USB drive.
  • Press Enter to exit the black window.
  • Click on HOME tab and choose Power Off to turn off xPUD.
  • Remove the USB drive and insert it back on your working computer.
  • Locate the mbr.zip file in your USB drive and attach it when you reply.

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • mbr.zip

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 BeatlesFanatic9

BeatlesFanatic9
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 13 September 2012 - 10:34 PM

Will not boot from USB Drive. Followed all your instructions and even re-did the USB Drive twice. When I boot from the USB Drive the xPUD appears brief for about a second then goes into all kind of error messages. I pulled the USB Device out for 5 seconds and plugged it in. Then a __ blinks forever and nothing else happens. Is there a way that I can post the contents of the USB Drive to be sure it is correct? I am running a DELL Workstation with a SCSI HardDrive. Could this be one of the reasons why it won't boot?

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,010 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:17 PM

Posted 14 September 2012 - 09:21 AM

Greetings BeatlesFanatic9,

Rather than do battle with xPUD on the USB device we will burn it to a CD and see if things go more smoothly.

Please do it this way.


===================================================


GET xPUD

--------------------

For this step you will need a USB device (please reformat it) and a blank CD. I have provided step by step instructions for this process in order to simplify the detailed task.

  • Download GETxPUD.exe to the desktop of your clean computer
  • Double click the Posted Image icon
  • Click Run
  • Double click the Posted Image folder which should now be on your desktop
  • Double click on Posted Image
  • The program will download xpud_0.9.2.iso, and when it is finished it will open a BurnCDCC window

    Posted Image
  • Click on Start, insert a blank CD when instructed, then click OK
  • When completed, the CD will eject for removal
  • Remove the CD and insert that and your USB device into the infected computer
  • Boot the infected computer with the CD you just burned
  • As the computer boots up gently tap F12 and choose to boot from the CD by using the keyboard arrow keys to highlight CD/DVD and then hit Enter
  • At the first screen select English
  • A Welcome to xPUD screen will appear
  • Press File
  • Under File System on the left hand side click on the triangle symbol to expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Double click on the folder that represents your USB drive (sdb1 ?).
  • If you do not see it, please remove the USB device, wait about 5 seconds, reinsert it, then click on the Refresh icon to the left of the house icon near the top of your screen. It should be added under mnt
  • On the top bar select Tool then select Open Terminal
  • Type the following then press Enter: Makes sure there is a space between the different colors.

    dd if=/dev/sda of=mbr.bin bs=512 count=1
  • After it has finished (within just a few seconds) a file will be located on your USB drive named mbr.bin. Please ensure the file is there
  • Remove the USB drive, insert it back in your working computer
  • Navigate to mbr.bin, zip the file, and attach it to your next reply. If you do not zip it you will be prohibited from attaching the file.
This will allow me to have a look at the Master Boot Record (MBR) of your drive and see if it is infected.


===================================================


Things I would like to see in your next reply. :thumbsup2:

  • mbr.zip

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 BeatlesFanatic9

BeatlesFanatic9
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 14 September 2012 - 02:49 PM

We followed the instructions to the exact, booted from CD Rom, went to a white page where I selected English. Then the same thing happened as last time when I used the USB Drive. A black page came up said starting xPUD then went to error messages starting with kernel something.

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,010 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:17 PM

Posted 14 September 2012 - 04:47 PM

Greetings BeatlesFanatic9,

OK, hang in there. We are going to try the same thing with a different program. Please do this.


===================================================


Booting from Ubuntu Live from a USB Device

--------------

  • Please remove any existing information from your USB device
  • Download Ubuntu Live to your USB device (or if necessary do so from a working computer). This is a large file so allow it some time to download
  • With the USB device inserted into the infected computer restart your computer
  • If your computer does not automatically boot from the USB device please see here
  • Once the Ubuntu desktop is loaded please select English and then Try Ubuntu

    Posted Image
  • Type terminal in the search box
  • Click on the frirst Terminal icon that is displayed - this will open a command prompt window
  • Type the following line and press EnterMakes sure there is a space between the different colors.

    sudo dd if=/dev/sda of=mbr.bin bs=512 count=1
  • Access the Home folder by clicking the third icon from the top in the left panel (Home Folder). You will see some folders there, as well as the mbr.bin file you just created
  • Copy and paste the mbr.bin file to your USB device.
  • Remove the USB device while you reboot your computer then reinsert it
  • Right click on the mbr.bin file on your USB device, rename it to mbr.txt (ignore any warning) and attach it to your reply

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • mbr.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 BeatlesFanatic9

BeatlesFanatic9
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 14 September 2012 - 07:02 PM

Downloaded Ubuntu Live directly to USB Drive on a clean computer. After download was complete I hit close. I put the USB into infected computer then booted using F12 to select USB Device. An error popped up this time that said Disk Error press any key to reboot. Pressing any key only made the same error message come up again and again for everytime I hit any key. Before when booting to USB Device it would say starting xPUD then go to error messages. This is the first time it ever said disk error. Went into BIOS and made USB Device the first boot device and still got the same message. Is there a step I am missing?

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,010 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:17 PM

Posted 14 September 2012 - 07:06 PM

Greetings BeatlesFanatic9,

Please reformat the USB device and attempt it again.

Press Start > My Computer > right click your USB drive > choose Format > Quick format


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users