Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to remove syshost.exe et al


  • Please log in to reply
8 replies to this topic

#1 SqanticP

SqanticP

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 21 February 2013 - 08:46 AM

Windows xp home pc infected with trojan.

I have identified three  files 

c:\windows\installer\{BF8B97AB-1D7E-BEB8-3D55-AF7-F1B36DE43}\syshost.exe

c:\windows\system32\drivers\1455094.sys

c:\windows\system32\drivers\63a9e79ebe0aa8c2.sys

All my attempts to remove have failed.

tried Norton, Autoruns and via dos in safe mode.

always get access denied or similar.

 

Any ideas ?

thx



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:29 AM

Posted 21 February 2013 - 08:47 AM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters




  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now




  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue




  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.



  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.



  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the   button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results



#3 SqanticP

SqanticP
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 22 February 2013 - 12:07 PM

Thanks for the quick reply.

Instructions above carried out.

In addition to logs that follow two things to note:

On running TDSSkiller it reported "Can't load driver error".

After running aswMBR I re-enabled Norton's anti virus and it reported

"Auto-protect has removed Trojan.Gen"

Logs as requested follow:

TDSSKiller log:

13:57:24.0828 1324  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:57:26.0906 1324  ============================================================
13:57:26.0906 1324  Current date / time: 2013/02/22 13:57:26.0906
13:57:26.0906 1324  SystemInfo:
13:57:26.0906 1324 
13:57:26.0906 1324  OS Version: 5.1.2600 ServicePack: 3.0
13:57:26.0906 1324  Product type: Workstation
13:57:26.0906 1324  ComputerName: MAPS0001
13:57:26.0906 1324  UserName: Pappy
13:57:26.0906 1324  Windows directory: C:\windows
13:57:26.0906 1324  System windows directory: C:\windows
13:57:26.0906 1324  Processor architecture: Intel x86
13:57:26.0906 1324  Number of processors: 2
13:57:26.0906 1324  Page size: 0x1000
13:57:26.0906 1324  Boot type: Normal boot
13:57:26.0906 1324  ============================================================
13:58:08.0921 1324  BG loaded
13:58:18.0406 1324  !crdlk
13:58:20.0203 1324  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
13:58:20.0546 1324  ============================================================
13:58:20.0546 1324  \Device\Harddisk0\DR0:
13:58:20.0609 1324  MBR partitions:
13:58:20.0609 1324  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x950A60, BlocksNum 0xD63EEA0
13:58:20.0609 1324  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x950A21
13:58:20.0609 1324  ============================================================
13:58:21.0109 1324  C: <-> \Device\Harddisk0\DR0\Partition1
13:58:21.0218 1324  D: <-> \Device\Harddisk0\DR0\Partition2
13:58:22.0593 1324  ============================================================
13:58:22.0593 1324  Initialize success
13:58:22.0593 1324  ============================================================
14:04:36.0796 2484  ============================================================
14:04:36.0812 2484  Scan started
14:04:36.0812 2484  Mode: Manual; TDLFS;
14:04:36.0812 2484  ============================================================
14:04:37.0343 2484  ================ Scan system memory ========================
14:04:37.0375 2484  System memory - ok
14:04:37.0375 2484  ================ Scan services =============================
14:04:37.0437 2484  Suspicious service (NoAccess): 63a9e79ebe0aa8c2
14:04:37.0671 2484  [ FE93D3BD6F5808FF6BC9536802B49BBB ] 63a9e79ebe0aa8c2 C:\windows\System32\Drivers\63a9e79ebe0aa8c2.sys
14:04:37.0671 2484  Suspicious file (NoAccess): C:\windows\System32\Drivers\63a9e79ebe0aa8c2.sys. md5: FE93D3BD6F5808FF6BC9536802B49BBB
14:04:39.0265 2484  63a9e79ebe0aa8c2 ( Rootkit.Win32.Necurs.gen ) - infected
14:04:39.0281 2484  63a9e79ebe0aa8c2 - detected Rootkit.Win32.Necurs.gen (0)
14:04:39.0312 2484  Abiosdsk - ok
14:04:39.0375 2484  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\windows\system32\DRIVERS\ABP480N5.SYS
14:04:39.0390 2484  abp480n5 - ok
14:04:39.0453 2484  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\windows\system32\DRIVERS\ACPI.sys
14:04:39.0453 2484  ACPI - ok
14:04:39.0500 2484  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\windows\system32\drivers\ACPIEC.sys
14:04:39.0500 2484  ACPIEC - ok
14:04:39.0562 2484  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\windows\system32\DRIVERS\adpu160m.sys
14:04:39.0609 2484  adpu160m - ok
14:04:39.0671 2484  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\windows\system32\drivers\aec.sys
14:04:39.0687 2484  aec - ok
14:04:39.0734 2484  [ 7E775010EF291DA96AD17CA4B17137D7 ] AFD             C:\windows\System32\drivers\afd.sys
14:04:39.0734 2484  AFD - ok
14:04:39.0796 2484  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\windows\system32\DRIVERS\agp440.sys
14:04:39.0796 2484  agp440 - ok
14:04:39.0828 2484  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\windows\system32\DRIVERS\agpCPQ.sys
14:04:39.0828 2484  agpCPQ - ok
14:04:39.0875 2484  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\windows\system32\DRIVERS\aha154x.sys
14:04:39.0875 2484  Aha154x - ok
14:04:39.0890 2484  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\windows\system32\DRIVERS\aic78u2.sys
14:04:39.0906 2484  aic78u2 - ok
14:04:39.0937 2484  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\windows\system32\DRIVERS\aic78xx.sys
14:04:39.0937 2484  aic78xx - ok
14:04:40.0000 2484  [ 0940030D5A5869067CCC03E3B0B8DEC7 ] alcan5wn        C:\windows\system32\DRIVERS\alcan5wn.sys
14:04:40.0000 2484  alcan5wn - ok
14:04:40.0046 2484  [ 4C9577888C53243E2991456F510488A1 ] alcaudsl        C:\windows\system32\DRIVERS\alcaudsl.sys
14:04:40.0046 2484  alcaudsl - ok
14:04:40.0109 2484  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\windows\system32\alrsvc.dll
14:04:40.0109 2484  Alerter - ok
14:04:40.0140 2484  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\windows\System32\alg.exe
14:04:40.0156 2484  ALG - ok
14:04:40.0187 2484  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\windows\system32\DRIVERS\aliide.sys
14:04:40.0187 2484  AliIde - ok
14:04:40.0218 2484  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\windows\system32\DRIVERS\alim1541.sys
14:04:40.0218 2484  alim1541 - ok
14:04:40.0250 2484  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\windows\system32\DRIVERS\amdagp.sys
14:04:40.0250 2484  amdagp - ok
14:04:40.0296 2484  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\windows\system32\DRIVERS\amsint.sys
14:04:40.0296 2484  amsint - ok
14:04:40.0421 2484  [ 1961CB10BB48EB4D97E37DB6373E9E63 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
14:04:40.0453 2484  Apple Mobile Device - ok
14:04:40.0531 2484  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\windows\System32\appmgmts.dll
14:04:40.0531 2484  AppMgmt - ok
14:04:40.0593 2484  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\windows\system32\DRIVERS\arp1394.sys
14:04:40.0593 2484  Arp1394 - ok
14:04:40.0656 2484  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\windows\system32\DRIVERS\asc.sys
14:04:40.0671 2484  asc - ok
14:04:40.0687 2484  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\windows\system32\DRIVERS\asc3350p.sys
14:04:40.0703 2484  asc3350p - ok
14:04:40.0718 2484  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\windows\system32\DRIVERS\asc3550.sys
14:04:40.0718 2484  asc3550 - ok
14:04:40.0890 2484  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:04:40.0921 2484  aspnet_state - ok
14:04:40.0984 2484  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
14:04:40.0984 2484  AsyncMac - ok
14:04:41.0031 2484  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\windows\system32\DRIVERS\atapi.sys
14:04:41.0031 2484  atapi - ok
14:04:41.0062 2484  Atdisk - ok
14:04:41.0125 2484  [ B526ECD7FC8309AAFF61A5198671E480 ] Ati HotKey Poller C:\windows\system32\Ati2evxx.exe
14:04:41.0140 2484  Ati HotKey Poller - ok
14:04:41.0187 2484  [ 7970DF1F4BEF2EE5E3F88B66D470CCDA ] ATI Smart       C:\WINDOWS\system32\ati2sgag.exe
14:04:41.0218 2484  ATI Smart - ok
14:04:41.0312 2484  [ 9CF018B4D7A31F7AE0BD386D491E6DBF ] ati2mtag        C:\windows\system32\DRIVERS\ati2mtag.sys
14:04:41.0359 2484  ati2mtag - ok
14:04:41.0421 2484  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\windows\system32\DRIVERS\atmarpc.sys
14:04:41.0421 2484  Atmarpc - ok
14:04:41.0500 2484  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\windows\System32\audiosrv.dll
14:04:41.0500 2484  AudioSrv - ok
14:04:41.0562 2484  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\windows\system32\DRIVERS\audstub.sys
14:04:41.0609 2484  audstub - ok
14:04:41.0640 2484  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\windows\system32\drivers\Beep.sys
14:04:41.0640 2484  Beep - ok
14:04:41.0937 2484  [ D2A55F5FE6B716913FB573872F2E5944 ] BHDrvx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130208.001\BHDrvx86.sys
14:04:41.0968 2484  BHDrvx86 - ok
14:04:42.0093 2484  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
14:04:42.0187 2484  BITS - ok
14:04:42.0265 2484  [ 5FF9A3F3476D726AE62DA82D5DA94C36 ] BlueletAudio    C:\windows\system32\DRIVERS\blueletaudio.sys
14:04:42.0281 2484  BlueletAudio - ok
14:04:42.0328 2484  [ BD91AFC523FD59F881E1763C38FB772F ] BlueletSCOAudio C:\windows\system32\DRIVERS\BlueletSCOAudio.sys
14:04:42.0328 2484  BlueletSCOAudio - ok
14:04:42.0421 2484  [ 2D3DB4A520AAAD4BFF4D18A5F98C91A8 ] BlueSoleil Hid Service C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
14:04:42.0421 2484  BlueSoleil Hid Service - ok
14:04:42.0500 2484  [ CFD4C3352E29A8B729536648466E8DF5 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:04:42.0500 2484  Bonjour Service - ok
14:04:42.0578 2484  [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser         C:\windows\System32\browser.dll
14:04:42.0578 2484  Browser - ok
14:04:42.0656 2484  [ C5CCE2B26F73F8CF7F3C82159E79AA08 ] BT              C:\windows\system32\DRIVERS\btnetdrv.sys
14:04:42.0656 2484  BT - ok
14:04:42.0703 2484  [ FB2ABC6D08D9F8D5ED8E02CBD18B39BB ] Btcsrusb        C:\windows\system32\Drivers\btcusb.sys
14:04:42.0703 2484  Btcsrusb - ok
14:04:42.0734 2484  [ CE643D0918123D76A5CAAB008FCA9663 ] BTHidEnum       C:\windows\system32\Drivers\vbtenum.sys
14:04:42.0750 2484  BTHidEnum - ok
14:04:42.0765 2484  [ DFCA4FE4C8AEC786B4D0F432EB730F48 ] BTHidMgr        C:\windows\system32\Drivers\BTHidMgr.sys
14:04:42.0765 2484  BTHidMgr - ok
14:04:42.0843 2484  [ 4F26303BECBB7CC5CA8FF39593124CF2 ] BTNetFilter     C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
14:04:42.0843 2484  BTNetFilter - ok
14:04:42.0921 2484  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\windows\system32\DRIVERS\cbidf2k.sys
14:04:42.0921 2484  cbidf - ok
14:04:42.0953 2484  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\windows\system32\drivers\cbidf2k.sys
14:04:42.0953 2484  cbidf2k - ok
14:04:43.0000 2484  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\windows\system32\DRIVERS\cd20xrnt.sys
14:04:43.0000 2484  cd20xrnt - ok
14:04:43.0031 2484  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\windows\system32\drivers\Cdaudio.sys
14:04:43.0031 2484  Cdaudio - ok
14:04:43.0062 2484  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\windows\system32\drivers\Cdfs.sys
14:04:43.0062 2484  Cdfs - ok
14:04:43.0109 2484  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\windows\system32\DRIVERS\cdrom.sys
14:04:43.0109 2484  Cdrom - ok
14:04:43.0125 2484  Changer - ok
14:04:43.0187 2484  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\windows\system32\cisvc.exe
14:04:43.0187 2484  CiSvc - ok
14:04:43.0234 2484  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\windows\system32\clipsrv.exe
14:04:43.0234 2484  ClipSrv - ok
14:04:43.0296 2484  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:04:43.0484 2484  clr_optimization_v2.0.50727_32 - ok
14:04:43.0562 2484  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\windows\system32\DRIVERS\cmdide.sys
14:04:43.0562 2484  CmdIde - ok
14:04:43.0578 2484  COMSysApp - ok
14:04:43.0625 2484  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\windows\system32\DRIVERS\cpqarray.sys
14:04:43.0625 2484  Cpqarray - ok
14:04:43.0687 2484  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\windows\System32\cryptsvc.dll
14:04:43.0687 2484  CryptSvc - ok
14:04:43.0734 2484  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\windows\system32\DRIVERS\dac2w2k.sys
14:04:43.0750 2484  dac2w2k - ok
14:04:43.0781 2484  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\windows\system32\DRIVERS\dac960nt.sys
14:04:43.0781 2484  dac960nt - ok
14:04:43.0890 2484  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\windows\system32\rpcss.dll
14:04:43.0906 2484  DcomLaunch - ok
14:04:44.0015 2484  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\windows\System32\dhcpcsvc.dll
14:04:44.0015 2484  Dhcp - ok
14:04:44.0093 2484  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\windows\system32\DRIVERS\disk.sys
14:04:44.0109 2484  Disk - ok
14:04:44.0125 2484  dmadmin - ok
14:04:44.0187 2484  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\windows\system32\drivers\dmboot.sys
14:04:44.0203 2484  dmboot - ok
14:04:44.0265 2484  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\windows\system32\drivers\dmio.sys
14:04:44.0265 2484  dmio - ok
14:04:44.0312 2484  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\windows\system32\drivers\dmload.sys
14:04:44.0312 2484  dmload - ok
14:04:44.0406 2484  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\windows\System32\dmserver.dll
14:04:44.0406 2484  dmserver - ok
14:04:44.0437 2484  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\windows\system32\drivers\DMusic.sys
14:04:44.0437 2484  DMusic - ok
14:04:44.0500 2484  [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache        C:\windows\System32\dnsrslvr.dll
14:04:44.0500 2484  Dnscache - ok
14:04:44.0578 2484  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\windows\System32\dot3svc.dll
14:04:44.0578 2484  Dot3svc - ok
14:04:44.0625 2484  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\windows\system32\DRIVERS\dpti2o.sys
14:04:44.0640 2484  dpti2o - ok
14:04:44.0671 2484  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
14:04:44.0671 2484  drmkaud - ok
14:04:44.0750 2484  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\windows\System32\eapsvc.dll
14:04:44.0765 2484  EapHost - ok
14:04:44.0890 2484  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:04:44.0906 2484  eeCtrl - ok
14:04:45.0062 2484  [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr         C:\WINDOWS\eHome\ehRecvr.exe
14:04:45.0093 2484  ehRecvr - ok
14:04:45.0125 2484  [ A53243709439AC2A4C216B817F8D7411 ] ehSched         C:\WINDOWS\eHome\ehSched.exe
14:04:45.0125 2484  ehSched - ok
14:04:45.0203 2484  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:04:45.0203 2484  EraserUtilRebootDrv - ok
14:04:45.0281 2484  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\windows\System32\ersvc.dll
14:04:45.0281 2484  ERSvc - ok
14:04:45.0343 2484  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\windows\system32\services.exe
14:04:45.0359 2484  Eventlog - ok
14:04:45.0421 2484  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
14:04:45.0437 2484  EventSystem - ok
14:04:45.0500 2484  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\windows\system32\drivers\Fastfat.sys
14:04:45.0500 2484  Fastfat - ok
14:04:45.0578 2484  [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\windows\System32\shsvcs.dll
14:04:45.0578 2484  FastUserSwitchingCompatibility - ok
14:04:45.0640 2484  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\windows\system32\fxssvc.exe
14:04:45.0703 2484  Fax - ok
14:04:45.0734 2484  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\windows\system32\DRIVERS\fdc.sys
14:04:45.0734 2484  Fdc - ok
14:04:45.0765 2484  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\windows\system32\drivers\Fips.sys
14:04:45.0765 2484  Fips - ok
14:04:45.0812 2484  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\windows\system32\drivers\Flpydisk.sys
14:04:45.0828 2484  Flpydisk - ok
14:04:45.0875 2484  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
14:04:45.0875 2484  FltMgr - ok
14:04:45.0968 2484  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:04:45.0968 2484  FontCache3.0.0.0 - ok
14:04:46.0046 2484  [ C6EE3A87FE609D3E1DB9DBD072A248DE ] fssfltr         C:\windows\system32\DRIVERS\fssfltr_tdi.sys
14:04:46.0046 2484  fssfltr - ok
14:04:46.0187 2484  [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
14:04:46.0234 2484  fsssvc - ok
14:04:46.0296 2484  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
14:04:46.0296 2484  Fs_Rec - ok
14:04:46.0343 2484  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\windows\system32\DRIVERS\ftdisk.sys
14:04:46.0343 2484  Ftdisk - ok
14:04:46.0406 2484  [ 5AE3A887ECE5BBB72CFAB273C2FD1CFA ] GEARAspiWDM     C:\windows\system32\Drivers\GEARAspiWDM.sys
14:04:46.0453 2484  GEARAspiWDM - ok
14:04:46.0531 2484  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\windows\system32\DRIVERS\msgpc.sys
14:04:46.0531 2484  Gpc - ok
14:04:46.0578 2484  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
14:04:46.0578 2484  HDAudBus - ok
14:04:46.0687 2484  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:04:46.0703 2484  helpsvc - ok
14:04:46.0781 2484  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\windows\System32\hidserv.dll
14:04:46.0781 2484  HidServ - ok
14:04:46.0828 2484  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
14:04:46.0828 2484  HidUsb - ok
14:04:46.0890 2484  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\windows\System32\kmsvc.dll
14:04:46.0890 2484  hkmsvc - ok
14:04:46.0984 2484  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\windows\system32\DRIVERS\hpn.sys
14:04:46.0984 2484  hpn - ok
14:04:47.0046 2484  [ 863CC3A82C63C9F60ACF2E85D5310620 ] HPZid412        C:\windows\system32\DRIVERS\HPZid412.sys
14:04:47.0046 2484  HPZid412 - ok
14:04:47.0109 2484  [ 08CB72E95DD75B61F2966B311D0E4366 ] HPZipr12        C:\windows\system32\DRIVERS\HPZipr12.sys
14:04:47.0109 2484  HPZipr12 - ok
14:04:47.0125 2484  [ CA990306ED4EF732AF9695BFF24FC96F ] HPZius12        C:\windows\system32\DRIVERS\HPZius12.sys
14:04:47.0125 2484  HPZius12 - ok
14:04:47.0218 2484  [ F3E718604C5A8A28003280D861D96C19 ] HSFHWBS2        C:\windows\system32\DRIVERS\HSFHWBS2.sys
14:04:47.0234 2484  HSFHWBS2 - ok
14:04:47.0281 2484  [ 4290713B7C3289EF87EE5CA474B21221 ] HSF_DPV         C:\windows\system32\DRIVERS\HSF_DPV.sys
14:04:47.0328 2484  HSF_DPV - ok
14:04:47.0406 2484  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\windows\system32\Drivers\HTTP.sys
14:04:47.0421 2484  HTTP - ok
14:04:47.0484 2484  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\windows\System32\w3ssl.dll
14:04:47.0484 2484  HTTPFilter - ok
14:04:47.0562 2484  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\windows\system32\drivers\i2omgmt.sys
14:04:47.0562 2484  i2omgmt - ok
14:04:47.0593 2484  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\windows\system32\DRIVERS\i2omp.sys
14:04:47.0593 2484  i2omp - ok
14:04:47.0609 2484  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
14:04:47.0609 2484  i8042prt - ok
14:04:47.0718 2484  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:04:47.0750 2484  idsvc - ok
14:04:47.0890 2484  [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130216.001\IDSxpx86.sys
14:04:47.0937 2484  IDSxpx86 - ok
14:04:48.0000 2484  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\windows\system32\DRIVERS\imapi.sys
14:04:48.0000 2484  Imapi - ok
14:04:48.0062 2484  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
14:04:48.0062 2484  ImapiService - ok
14:04:48.0140 2484  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\windows\system32\DRIVERS\ini910u.sys
14:04:48.0140 2484  ini910u - ok
14:04:48.0359 2484  [ 6D6B57808C923A4D79CC8F47307753C9 ] IntcAzAudAddService C:\windows\system32\drivers\RtkHDAud.sys
14:04:48.0500 2484  IntcAzAudAddService - ok
14:04:48.0578 2484  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\windows\system32\DRIVERS\intelide.sys
14:04:48.0578 2484  IntelIde - ok
14:04:48.0640 2484  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
14:04:48.0640 2484  intelppm - ok
14:04:48.0671 2484  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\windows\system32\drivers\ip6fw.sys
14:04:48.0671 2484  Ip6Fw - ok
14:04:48.0718 2484  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
14:04:48.0718 2484  IpFilterDriver - ok
14:04:48.0796 2484  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\windows\system32\DRIVERS\ipinip.sys
14:04:48.0796 2484  IpInIp - ok
14:04:48.0843 2484  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\windows\system32\DRIVERS\ipnat.sys
14:04:48.0843 2484  IpNat - ok
14:04:48.0921 2484  [ 1CB96E83FD76EB5580451CEF29E24303 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:04:48.0953 2484  iPod Service - ok
14:04:49.0015 2484  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\windows\system32\DRIVERS\ipsec.sys
14:04:49.0015 2484  IPSec - ok
14:04:49.0062 2484  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\windows\system32\DRIVERS\irenum.sys
14:04:49.0062 2484  IRENUM - ok
14:04:49.0109 2484  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\windows\system32\DRIVERS\isapnp.sys
14:04:49.0109 2484  isapnp - ok
14:04:49.0140 2484  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
14:04:49.0140 2484  Kbdclass - ok
14:04:49.0171 2484  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
14:04:49.0171 2484  kbdhid - ok
14:04:49.0250 2484  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\windows\system32\drivers\kmixer.sys
14:04:49.0250 2484  kmixer - ok
14:04:49.0312 2484  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\windows\system32\drivers\KSecDD.sys
14:04:49.0312 2484  KSecDD - ok
14:04:49.0375 2484  KService - ok
14:04:49.0453 2484  [ F385F4B02C535BFFE1D70CAB80838123 ] lanmanserver    C:\windows\System32\srvsvc.dll
14:04:49.0453 2484  lanmanserver - ok
14:04:49.0515 2484  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\windows\System32\wkssvc.dll
14:04:49.0531 2484  lanmanworkstation - ok
14:04:49.0546 2484  lbrtfdc - ok
14:04:49.0593 2484  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\windows\System32\lmhsvc.dll
14:04:49.0593 2484  LmHosts - ok
14:04:49.0671 2484  [ 98312C9EAB656053BE1ACA3A8A5912B3 ] MASPINT         C:\windows\system32\drivers\MASPINT.sys
14:04:49.0671 2484  MASPINT - ok
14:04:49.0750 2484  [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc         C:\WINDOWS\ehome\mcrdsvc.exe
14:04:49.0750 2484  McrdSvc - ok
14:04:49.0781 2484  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\windows\system32\DRIVERS\mdmxsdk.sys
14:04:49.0781 2484  mdmxsdk - ok
14:04:49.0843 2484  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\windows\System32\msgsvc.dll
14:04:49.0843 2484  Messenger - ok
14:04:49.0875 2484  [ B7521F69C0A9B29D356157229376FB21 ] MHN             C:\windows\System32\mhn.dll
14:04:49.0890 2484  MHN - ok
14:04:49.0953 2484  [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV          C:\windows\system32\DRIVERS\mhndrv.sys
14:04:49.0953 2484  MHNDRV - ok
14:04:50.0000 2484  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\windows\system32\drivers\mnmdd.sys
14:04:50.0000 2484  mnmdd - ok
14:04:50.0046 2484  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
14:04:50.0046 2484  mnmsrvc - ok
14:04:50.0109 2484  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\windows\system32\drivers\Modem.sys
14:04:50.0109 2484  Modem - ok
14:04:50.0171 2484  [ C741717B0A18813DD7D12085937CEE72 ] motccgp         C:\windows\system32\DRIVERS\motccgp.sys
14:04:50.0171 2484  motccgp - ok
14:04:50.0187 2484  [ B812DA6605CAF02641312F1F65C75419 ] motccgpfl       C:\windows\system32\DRIVERS\motccgpfl.sys
14:04:50.0203 2484  motccgpfl - ok
14:04:50.0265 2484  [ E190ED75BCC7928143F8F2AF4C34D91D ] MotDev          C:\windows\system32\DRIVERS\motodrv.sys
14:04:50.0265 2484  MotDev - ok
14:04:50.0328 2484  [ 0064B0A000D87A79E01331B8EC5A5CAB ] motmodem        C:\windows\system32\DRIVERS\motmodem.sys
14:04:50.0328 2484  motmodem - ok
14:04:50.0390 2484  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\windows\system32\DRIVERS\mouclass.sys
14:04:50.0390 2484  Mouclass - ok
14:04:50.0453 2484  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
14:04:50.0453 2484  mouhid - ok
14:04:50.0484 2484  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\windows\system32\drivers\MountMgr.sys
14:04:50.0484 2484  MountMgr - ok
14:04:50.0531 2484  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\windows\system32\DRIVERS\mraid35x.sys
14:04:50.0531 2484  mraid35x - ok
14:04:50.0593 2484  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\windows\system32\DRIVERS\mrxdav.sys
14:04:50.0593 2484  MRxDAV - ok
14:04:50.0687 2484  [ F3AEFB11ABC521122B67095044169E98 ] MRxSmb          C:\windows\system32\DRIVERS\mrxsmb.sys
14:04:50.0718 2484  MRxSmb - ok
14:04:50.0765 2484  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
14:04:50.0765 2484  MSDTC - ok
14:04:50.0812 2484  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\windows\system32\drivers\Msfs.sys
14:04:50.0828 2484  Msfs - ok
14:04:50.0843 2484  MSIServer - ok
14:04:50.0890 2484  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
14:04:50.0890 2484  MSKSSRV - ok
14:04:50.0984 2484  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
14:04:50.0984 2484  MSPCLOCK - ok
14:04:51.0015 2484  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
14:04:51.0015 2484  MSPQM - ok
14:04:51.0062 2484  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
14:04:51.0062 2484  mssmbios - ok
14:04:51.0093 2484  [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup             C:\windows\system32\drivers\Mup.sys
14:04:51.0093 2484  Mup - ok
14:04:51.0203 2484  [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360            C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
14:04:51.0203 2484  N360 - ok
14:04:51.0265 2484  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\windows\System32\qagentrt.dll
14:04:51.0281 2484  napagent - ok
14:04:51.0437 2484  [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG          C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130218.025\NAVENG.SYS
14:04:51.0437 2484  NAVENG - ok
14:04:51.0531 2484  [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15         C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130218.025\NAVEX15.SYS
14:04:51.0578 2484  NAVEX15 - ok
14:04:51.0640 2484  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\windows\system32\drivers\NDIS.sys
14:04:51.0640 2484  NDIS - ok
14:04:51.0687 2484  [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
14:04:51.0703 2484  NdisTapi - ok
14:04:51.0718 2484  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
14:04:51.0718 2484  Ndisuio - ok
14:04:51.0750 2484  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
14:04:51.0750 2484  NdisWan - ok
14:04:51.0781 2484  [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
14:04:51.0781 2484  NDProxy - ok
14:04:51.0843 2484  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
14:04:51.0843 2484  NetBIOS - ok
14:04:51.0906 2484  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
14:04:51.0906 2484  NetBT - ok
14:04:51.0953 2484  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\windows\system32\netdde.exe
14:04:51.0968 2484  NetDDE - ok
14:04:51.0984 2484  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\windows\system32\netdde.exe
14:04:51.0984 2484  NetDDEdsdm - ok
14:04:52.0031 2484  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\windows\system32\lsass.exe
14:04:52.0031 2484  Netlogon - ok
14:04:52.0109 2484  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\windows\System32\netman.dll
14:04:52.0125 2484  Netman - ok
14:04:52.0171 2484  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:04:52.0187 2484  NetTcpPortSharing - ok
14:04:52.0250 2484  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\windows\system32\DRIVERS\nic1394.sys
14:04:52.0250 2484  NIC1394 - ok
14:04:52.0328 2484  [ 832E4DD8964AB7ACC880B2837CB1ED20 ] Nla             C:\windows\System32\mswsock.dll
14:04:52.0343 2484  Nla - ok
14:04:52.0406 2484  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\windows\system32\drivers\Npfs.sys
14:04:52.0406 2484  Npfs - ok
14:04:52.0453 2484  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
14:04:52.0484 2484  Ntfs - ok
14:04:52.0515 2484  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\windows\system32\lsass.exe
14:04:52.0515 2484  NtLmSsp - ok
14:04:52.0593 2484  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\windows\system32\ntmssvc.dll
14:04:52.0609 2484  NtmsSvc - ok
14:04:52.0687 2484  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\windows\system32\drivers\Null.sys
14:04:52.0687 2484  Null - ok
14:04:52.0781 2484  [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv              C:\windows\system32\DRIVERS\nv4_mini.sys
14:04:52.0828 2484  nv - ok
14:04:52.0875 2484  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\windows\system32\DRIVERS\nwlnkflt.sys
14:04:52.0875 2484  NwlnkFlt - ok
14:04:52.0937 2484  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\windows\system32\DRIVERS\nwlnkfwd.sys
14:04:52.0937 2484  NwlnkFwd - ok
14:04:52.0968 2484  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\windows\system32\DRIVERS\ohci1394.sys
14:04:52.0984 2484  ohci1394 - ok
14:04:53.0078 2484  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:04:53.0093 2484  ose - ok
14:04:53.0171 2484  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\windows\system32\DRIVERS\parport.sys
14:04:53.0171 2484  Parport - ok
14:04:53.0187 2484  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\windows\system32\drivers\PartMgr.sys
14:04:53.0187 2484  PartMgr - ok
14:04:53.0250 2484  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\windows\system32\drivers\ParVdm.sys
14:04:53.0250 2484  ParVdm - ok
14:04:53.0265 2484  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\windows\system32\DRIVERS\pci.sys
14:04:53.0281 2484  PCI - ok
14:04:53.0296 2484  PCIDump - ok
14:04:53.0328 2484  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\windows\system32\DRIVERS\pciide.sys
14:04:53.0328 2484  PCIIde - ok
14:04:53.0390 2484  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\windows\system32\drivers\Pcmcia.sys
14:04:53.0390 2484  Pcmcia - ok
14:04:53.0468 2484  [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin        C:\windows\system32\Drivers\pcouffin.sys
14:04:53.0468 2484  pcouffin - ok
14:04:53.0500 2484  PDCOMP - ok
14:04:53.0515 2484  PDFRAME - ok
14:04:53.0531 2484  PDRELI - ok
14:04:53.0546 2484  PDRFRAME - ok
14:04:53.0593 2484  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\windows\system32\DRIVERS\perc2.sys
14:04:53.0593 2484  perc2 - ok
14:04:53.0656 2484  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\windows\system32\DRIVERS\perc2hib.sys
14:04:53.0656 2484  perc2hib - ok
14:04:53.0718 2484  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\windows\system32\services.exe
14:04:53.0718 2484  PlugPlay - ok
14:04:53.0781 2484  [ FB03F341FF5380394BF2EE52F1979925 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
14:04:53.0796 2484  Pml Driver HPZ12 - ok
14:04:53.0921 2484  pnicml - ok
14:04:53.0984 2484  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\windows\system32\lsass.exe
14:04:53.0984 2484  PolicyAgent - ok
14:04:54.0046 2484  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
14:04:54.0046 2484  PptpMiniport - ok
14:04:54.0109 2484  [ 33D7285F12D934268A34206DFC4AD1B3 ] PrismXL         C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
14:04:54.0109 2484  PrismXL - ok
14:04:54.0156 2484  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\windows\system32\lsass.exe
14:04:54.0156 2484  ProtectedStorage - ok
14:04:54.0187 2484  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\windows\system32\DRIVERS\psched.sys
14:04:54.0187 2484  PSched - ok
14:04:54.0203 2484  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\windows\system32\DRIVERS\ptilink.sys
14:04:54.0203 2484  Ptilink - ok
14:04:54.0265 2484  [ 617ACCADA2E0A0F43EC6030BBAC49513 ] PxHelp20        C:\windows\system32\Drivers\PxHelp20.sys
14:04:54.0265 2484  PxHelp20 - ok
14:04:54.0296 2484  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\windows\system32\DRIVERS\ql1080.sys
14:04:54.0296 2484  ql1080 - ok
14:04:54.0312 2484  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\windows\system32\DRIVERS\ql10wnt.sys
14:04:54.0312 2484  Ql10wnt - ok
14:04:54.0343 2484  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\windows\system32\DRIVERS\ql12160.sys
14:04:54.0343 2484  ql12160 - ok
14:04:54.0375 2484  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\windows\system32\DRIVERS\ql1240.sys
14:04:54.0375 2484  ql1240 - ok
14:04:54.0421 2484  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\windows\system32\DRIVERS\ql1280.sys
14:04:54.0421 2484  ql1280 - ok
14:04:54.0453 2484  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
14:04:54.0453 2484  RasAcd - ok
14:04:54.0515 2484  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\windows\System32\rasauto.dll
14:04:54.0515 2484  RasAuto - ok
14:04:54.0546 2484  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
14:04:54.0562 2484  Rasl2tp - ok
14:04:54.0625 2484  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\windows\System32\rasmans.dll
14:04:54.0625 2484  RasMan - ok
14:04:54.0671 2484  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
14:04:54.0671 2484  RasPppoe - ok
14:04:54.0718 2484  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\windows\system32\DRIVERS\raspti.sys
14:04:54.0718 2484  Raspti - ok
14:04:54.0781 2484  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\windows\system32\DRIVERS\rdbss.sys
14:04:54.0781 2484  Rdbss - ok
14:04:54.0796 2484  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
14:04:54.0812 2484  RDPCDD - ok
14:04:54.0843 2484  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\windows\system32\DRIVERS\rdpdr.sys
14:04:54.0843 2484  rdpdr - ok
14:04:54.0906 2484  [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
14:04:54.0921 2484  RDPWD - ok
14:04:54.0984 2484  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
14:04:55.0000 2484  RDSessMgr - ok
14:04:55.0015 2484  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\windows\system32\DRIVERS\redbook.sys
14:04:55.0015 2484  redbook - ok
14:04:55.0078 2484  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\windows\System32\mprdim.dll
14:04:55.0093 2484  RemoteAccess - ok
14:04:55.0156 2484  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\windows\system32\regsvc.dll
14:04:55.0171 2484  RemoteRegistry - ok
14:04:55.0250 2484  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM       C:\windows\system32\Drivers\RootMdm.sys
14:04:55.0250 2484  ROOTMODEM - ok
14:04:55.0296 2484  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\windows\system32\locator.exe
14:04:55.0296 2484  RpcLocator - ok
14:04:55.0375 2484  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\windows\system32\rpcss.dll
14:04:55.0390 2484  RpcSs - ok
14:04:55.0453 2484  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\windows\system32\rsvp.exe
14:04:55.0453 2484  RSVP - ok
14:04:55.0515 2484  [ ABDC839BD1C53F9C17449B10221CB942 ] RT73            C:\windows\system32\DRIVERS\rt73.sys
14:04:55.0531 2484  RT73 - ok
14:04:55.0625 2484  [ 8E34400FFC7D647946D9C820678775AF ] RTL8023xp       C:\windows\system32\DRIVERS\Rtnicxp.sys
14:04:55.0625 2484  RTL8023xp - ok
14:04:55.0671 2484  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\windows\system32\DRIVERS\RTL8139.SYS
14:04:55.0671 2484  rtl8139 - ok
14:04:55.0734 2484  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\windows\system32\lsass.exe
14:04:55.0734 2484  SamSs - ok
14:04:55.0765 2484  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\windows\System32\SCardSvr.exe
14:04:55.0765 2484  SCardSvr - ok
14:04:55.0828 2484  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\windows\system32\schedsvc.dll
14:04:55.0843 2484  Schedule - ok
14:04:55.0937 2484  [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
14:04:55.0968 2484  SeaPort - ok
14:04:56.0046 2484  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\windows\system32\DRIVERS\secdrv.sys
14:04:56.0062 2484  Secdrv - ok
14:04:56.0125 2484  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\windows\System32\seclogon.dll
14:04:56.0125 2484  seclogon - ok
14:04:56.0187 2484  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\windows\system32\sens.dll
14:04:56.0187 2484  SENS - ok
14:04:56.0250 2484  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\windows\system32\DRIVERS\serenum.sys
14:04:56.0250 2484  serenum - ok
14:04:56.0328 2484  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\windows\system32\DRIVERS\serial.sys
14:04:56.0328 2484  Serial - ok
14:04:56.0375 2484  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\windows\system32\drivers\Sfloppy.sys
14:04:56.0375 2484  Sfloppy - ok
14:04:56.0453 2484  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\windows\System32\ipnathlp.dll
14:04:56.0468 2484  SharedAccess - ok
14:04:56.0546 2484  [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\windows\System32\shsvcs.dll
14:04:56.0546 2484  ShellHWDetection - ok
14:04:56.0578 2484  Simbad - ok
14:04:56.0625 2484  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\windows\system32\DRIVERS\sisagp.sys
14:04:56.0625 2484  sisagp - ok
14:04:56.0671 2484  SMR311 - ok
14:04:56.0718 2484  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\windows\system32\DRIVERS\sparrow.sys
14:04:56.0734 2484  Sparrow - ok
14:04:56.0765 2484  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\windows\system32\drivers\splitter.sys
14:04:56.0765 2484  splitter - ok
14:04:56.0828 2484  [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] Spooler         C:\windows\system32\spoolsv.exe
14:04:56.0843 2484  Spooler - ok
14:04:56.0953 2484  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\windows\system32\DRIVERS\sr.sys
14:04:56.0953 2484  sr - ok
14:04:57.0031 2484  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
14:04:57.0031 2484  srservice - ok
14:04:57.0218 2484  [ 83726CF02ECED69138948083E06B6EAC ] SRTSP           C:\windows\System32\Drivers\N360\0502020.003\SRTSP.SYS
14:04:57.0218 2484  SRTSP - ok
14:04:57.0312 2484  [ 4E7EAB2E5615D39CF1F1DF9C71E5E225 ] SRTSPX          C:\windows\system32\drivers\N360\0502020.003\SRTSPX.SYS
14:04:57.0312 2484  SRTSPX - ok
14:04:57.0390 2484  [ 89220B427890AA1DFFD1A02648AE51C3 ] Srv             C:\windows\system32\DRIVERS\srv.sys
14:04:57.0406 2484  Srv - ok
14:04:57.0468 2484  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
14:04:57.0468 2484  SSDPSRV - ok
14:04:57.0562 2484  [ 972C24CD7FF2C1BA19A89B990539B0EC ] Start BT in service C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
14:04:57.0562 2484  Start BT in service - ok
14:04:57.0640 2484  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\windows\system32\wiaservc.dll
14:04:57.0640 2484  stisvc - ok
14:04:57.0687 2484  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\windows\system32\DRIVERS\swenum.sys
14:04:57.0687 2484  swenum - ok
14:04:57.0750 2484  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\windows\system32\drivers\swmidi.sys
14:04:57.0750 2484  swmidi - ok
14:04:57.0781 2484  SwPrv - ok
14:04:57.0843 2484  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\windows\system32\DRIVERS\symc810.sys
14:04:57.0843 2484  symc810 - ok
14:04:57.0875 2484  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\windows\system32\DRIVERS\symc8xx.sys
14:04:57.0875 2484  symc8xx - ok
14:04:57.0953 2484  [ 9BBEB8C6258E72D62E7560E6667AAD39 ] SymDS           C:\windows\system32\drivers\N360\0502020.003\SYMDS.SYS
14:04:57.0968 2484  SymDS - ok
14:04:58.0046 2484  [ D5C02629C02A820A7E71BCA3D44294A3 ] SymEFA          C:\windows\system32\drivers\N360\0502020.003\SYMEFA.SYS
14:04:58.0078 2484  SymEFA - ok
14:04:58.0171 2484  [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
14:04:58.0203 2484  SymEvent - ok
14:04:58.0234 2484  [ A73399804D5D4A8B20BA60FCF70C9F1F ] SymIRON         C:\windows\system32\drivers\N360\0502020.003\Ironx86.SYS
14:04:58.0234 2484  SymIRON - ok
14:04:58.0312 2484  [ 336CACE58F0359D5CBB1AE6B8A2FB205 ] SYMTDI          C:\windows\System32\Drivers\N360\0502020.003\SYMTDI.SYS
14:04:58.0328 2484  SYMTDI - ok
14:04:58.0375 2484  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\windows\system32\DRIVERS\sym_hi.sys
14:04:58.0375 2484  sym_hi - ok
14:04:58.0406 2484  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\windows\system32\DRIVERS\sym_u3.sys
14:04:58.0406 2484  sym_u3 - ok
14:04:58.0437 2484  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\windows\system32\drivers\sysaudio.sys
14:04:58.0437 2484  sysaudio - ok
14:04:58.0500 2484  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\windows\system32\smlogsvc.exe
14:04:58.0500 2484  SysmonLog - ok
14:04:58.0578 2484  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\windows\System32\tapisrv.dll
14:04:58.0593 2484  TapiSrv - ok
14:04:58.0640 2484  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\windows\system32\DRIVERS\tcpip.sys
14:04:58.0671 2484  Tcpip - ok
14:04:58.0718 2484  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\windows\system32\drivers\TDPIPE.sys
14:04:58.0718 2484  TDPIPE - ok
14:04:58.0765 2484  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\windows\system32\drivers\TDTCP.sys
14:04:58.0765 2484  TDTCP - ok
14:04:58.0812 2484  [ 88155247177638048422893737429D9E ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
14:04:58.0812 2484  TermDD - ok
14:04:58.0890 2484  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\windows\System32\termsrv.dll
14:04:58.0921 2484  TermService - ok
14:04:58.0984 2484  [ 1926899BF9FFE2602B63074971700412 ] Themes          C:\windows\System32\shsvcs.dll
14:04:58.0984 2484  Themes - ok
14:04:59.0031 2484  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
14:04:59.0031 2484  TlntSvr - ok
14:04:59.0109 2484  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\windows\system32\DRIVERS\toside.sys
14:04:59.0109 2484  TosIde - ok
14:04:59.0187 2484  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\windows\system32\trkwks.dll
14:04:59.0187 2484  TrkWks - ok
14:04:59.0250 2484  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\windows\system32\drivers\Udfs.sys
14:04:59.0250 2484  Udfs - ok
14:04:59.0312 2484  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\windows\system32\DRIVERS\ultra.sys
14:04:59.0312 2484  ultra - ok
14:04:59.0390 2484  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\windows\system32\DRIVERS\update.sys
14:04:59.0406 2484  Update - ok
14:04:59.0468 2484  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\windows\System32\upnphost.dll
14:04:59.0484 2484  upnphost - ok
14:04:59.0546 2484  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\windows\System32\ups.exe
14:04:59.0546 2484  UPS - ok
14:04:59.0625 2484  [ F340199E8CB097E1ACD58A967C665919 ] USBAAPL         C:\windows\system32\Drivers\usbaapl.sys
14:04:59.0625 2484  USBAAPL - ok
14:04:59.0687 2484  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
14:04:59.0703 2484  usbccgp - ok
14:04:59.0765 2484  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
14:04:59.0765 2484  usbehci - ok
14:04:59.0812 2484  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
14:04:59.0812 2484  usbhub - ok
14:04:59.0859 2484  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\windows\system32\DRIVERS\usbohci.sys
14:04:59.0859 2484  usbohci - ok
14:04:59.0953 2484  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
14:04:59.0953 2484  usbprint - ok
14:05:00.0000 2484  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
14:05:00.0000 2484  usbscan - ok
14:05:00.0093 2484  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\windows\system32\DRIVERS\USBSTOR.SYS
14:05:00.0093 2484  usbstor - ok
14:05:00.0140 2484  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\windows\system32\DRIVERS\usbuhci.sys
14:05:00.0140 2484  usbuhci - ok
14:05:00.0218 2484  [ 51750B0539986186C6931FC40D171521 ] VComm           C:\windows\system32\DRIVERS\VComm.sys
14:05:00.0218 2484  VComm - ok
14:05:00.0281 2484  [ 6D9C891C0A761AFED1F3609C2E56F2B9 ] VcommMgr        C:\windows\system32\Drivers\VcommMgr.sys
14:05:00.0296 2484  VcommMgr - ok
14:05:00.0359 2484  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\windows\System32\drivers\vga.sys
14:05:00.0359 2484  VgaSave - ok
14:05:00.0421 2484  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\windows\system32\DRIVERS\viaagp.sys
14:05:00.0421 2484  viaagp - ok
14:05:00.0453 2484  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\windows\system32\DRIVERS\viaide.sys
14:05:00.0453 2484  ViaIde - ok
14:05:00.0500 2484  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\windows\system32\drivers\VolSnap.sys
14:05:00.0500 2484  VolSnap - ok
14:05:00.0546 2484  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\windows\System32\vssvc.exe
14:05:00.0578 2484  VSS - ok
14:05:00.0625 2484  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
14:05:00.0640 2484  W32Time - ok
14:05:00.0687 2484  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\windows\system32\DRIVERS\wanarp.sys
14:05:00.0687 2484  Wanarp - ok
14:05:00.0765 2484  [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000        C:\windows\system32\Drivers\wdf01000.sys
14:05:00.0781 2484  Wdf01000 - ok
14:05:00.0828 2484  WDICA - ok
14:05:00.0890 2484  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\windows\system32\drivers\wdmaud.sys
14:05:00.0906 2484  wdmaud - ok
14:05:00.0968 2484  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\windows\System32\webclnt.dll
14:05:00.0968 2484  WebClient - ok
14:05:01.0062 2484  [ CB2DC26DE2C815FC2309566F92D22ED4 ] winachsf        C:\windows\system32\DRIVERS\HSF_CNXT.sys
14:05:01.0078 2484  winachsf - ok
14:05:01.0187 2484  [ 097A8291DF541F9B9AF2C500797CDCAA ] WinDriver6      C:\windows\system32\drivers\windrvr6.sys
14:05:01.0203 2484  WinDriver6 - ok
14:05:01.0312 2484  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\windows\system32\wbem\WMIsvc.dll
14:05:01.0328 2484  winmgmt - ok
14:05:01.0406 2484  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
14:05:01.0406 2484  WmdmPmSN - ok
14:05:01.0500 2484  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\windows\System32\advapi32.dll
14:05:01.0515 2484  Wmi - ok
14:05:01.0609 2484  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:05:01.0609 2484  WmiApSrv - ok
14:05:01.0718 2484  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
14:05:01.0750 2484  WMPNetworkSvc - ok
14:05:01.0843 2484  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\windows\system32\wscsvc.dll
14:05:01.0843 2484  wscsvc - ok
14:05:01.0906 2484  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
14:05:01.0937 2484  wuauserv - ok
14:05:02.0000 2484  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\windows\system32\DRIVERS\WudfPf.sys
14:05:02.0015 2484  WudfPf - ok
14:05:02.0109 2484  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\windows\System32\WUDFSvc.dll
14:05:02.0109 2484  WudfSvc - ok
14:05:02.0203 2484  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\windows\System32\wzcsvc.dll
14:05:02.0234 2484  WZCSVC - ok
14:05:02.0312 2484  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\windows\System32\xmlprov.dll
14:05:02.0312 2484  xmlprov - ok
14:05:02.0390 2484  ================ Scan global ===============================
14:05:02.0484 2484  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\windows\system32\basesrv.dll
14:05:02.0531 2484  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\windows\system32\winsrv.dll
14:05:02.0562 2484  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\windows\system32\winsrv.dll
14:05:02.0578 2484  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\windows\system32\services.exe
14:05:02.0578 2484  [Global] - ok
14:05:02.0578 2484  ================ Scan MBR ==================================
14:05:02.0609 2484  [ B20939CD98B7710036274839082AE757 ] \Device\Harddisk0\DR0
14:05:03.0687 2484  \Device\Harddisk0\DR0 - ok
14:05:03.0687 2484  ================ Scan VBR ==================================
14:05:03.0718 2484  [ 7414F28C6926A1C17E7C0390E89B18B6 ] \Device\Harddisk0\DR0\Partition1
14:05:03.0734 2484  \Device\Harddisk0\DR0\Partition1 - ok
14:05:03.0750 2484  [ E4E66E35E6A7E0697F0A3A88C1E7F21D ] \Device\Harddisk0\DR0\Partition2
14:05:03.0750 2484  \Device\Harddisk0\DR0\Partition2 - ok
14:05:03.0750 2484  ================ Scan active images ========================
14:05:03.0765 2484  [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
14:05:03.0765 2484  C:\WINDOWS\system32\drivers\intelppm.sys - ok
14:05:03.0765 2484  [ 9CF018B4D7A31F7AE0BD386D491E6DBF ] C:\WINDOWS\system32\drivers\ati2mtag.sys
14:05:03.0765 2484  C:\WINDOWS\system32\drivers\ati2mtag.sys - ok
14:05:03.0781 2484  [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
14:05:03.0781 2484  C:\WINDOWS\system32\drivers\videoprt.sys - ok
14:05:03.0781 2484  [ 0DAECCE65366EA32B162F85F07C6753B ] C:\WINDOWS\system32\drivers\usbohci.sys
14:05:03.0781 2484  C:\WINDOWS\system32\drivers\usbohci.sys - ok
14:05:03.0796 2484  [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
14:05:03.0796 2484  C:\WINDOWS\system32\drivers\usbport.sys - ok
14:05:03.0796 2484  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
14:05:03.0796 2484  C:\WINDOWS\system32\drivers\usbehci.sys - ok
14:05:03.0812 2484  [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
14:05:03.0812 2484  C:\WINDOWS\system32\drivers\imapi.sys - ok
14:05:03.0812 2484  [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
14:05:03.0812 2484  C:\WINDOWS\system32\drivers\cdrom.sys - ok
14:05:03.0828 2484  [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
14:05:03.0828 2484  C:\WINDOWS\system32\drivers\ks.sys - ok
14:05:03.0828 2484  [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
14:05:03.0828 2484  C:\WINDOWS\system32\drivers\redbook.sys - ok
14:05:03.0843 2484  [ 5AE3A887ECE5BBB72CFAB273C2FD1CFA ] C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
14:05:03.0843 2484  C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - ok
14:05:03.0843 2484  [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
14:05:03.0843 2484  C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
14:05:03.0859 2484  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
14:05:03.0859 2484  C:\WINDOWS\system32\drivers\fdc.sys - ok
14:05:03.0859 2484  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
14:05:03.0859 2484  C:\WINDOWS\system32\drivers\parport.sys - ok
14:05:03.0875 2484  [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
14:05:03.0875 2484  C:\WINDOWS\system32\drivers\i8042prt.sys - ok
14:05:03.0875 2484  [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
14:05:03.0875 2484  C:\WINDOWS\system32\drivers\kbdclass.sys - ok
14:05:03.0890 2484  [ F3E718604C5A8A28003280D861D96C19 ] C:\WINDOWS\system32\drivers\HSFHWBS2.sys
14:05:03.0890 2484  C:\WINDOWS\system32\drivers\HSFHWBS2.sys - ok
14:05:03.0890 2484  [ 4290713B7C3289EF87EE5CA474B21221 ] C:\WINDOWS\system32\drivers\HSF_DPV.sys
14:05:03.0890 2484  C:\WINDOWS\system32\drivers\HSF_DPV.sys - ok
14:05:03.0906 2484  [ CB2DC26DE2C815FC2309566F92D22ED4 ] C:\WINDOWS\system32\drivers\HSF_CNXT.sys
14:05:03.0906 2484  C:\WINDOWS\system32\drivers\HSF_CNXT.sys - ok
14:05:03.0906 2484  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] C:\WINDOWS\system32\drivers\modem.sys
14:05:03.0906 2484  C:\WINDOWS\system32\drivers\modem.sys - ok
14:05:03.0921 2484  [ 8E34400FFC7D647946D9C820678775AF ] C:\WINDOWS\system32\drivers\Rtnicxp.sys
14:05:03.0921 2484  C:\WINDOWS\system32\drivers\Rtnicxp.sys - ok
14:05:03.0921 2484  [ 6D9C891C0A761AFED1F3609C2E56F2B9 ] C:\WINDOWS\system32\drivers\VcommMgr.sys
14:05:03.0921 2484  C:\WINDOWS\system32\drivers\VcommMgr.sys - ok
14:05:03.0937 2484  [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
14:05:03.0937 2484  C:\WINDOWS\system32\drivers\drmk.sys - ok
14:05:03.0937 2484  [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
14:05:03.0937 2484  C:\WINDOWS\system32\drivers\portcls.sys - ok
14:05:03.0953 2484  [ BD91AFC523FD59F881E1763C38FB772F ] C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys
14:05:03.0953 2484  C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys - ok
14:05:03.0953 2484  [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
14:05:03.0953 2484  C:\WINDOWS\system32\drivers\audstub.sys - ok
14:05:03.0968 2484  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] C:\WINDOWS\system32\drivers\rootmdm.sys
14:05:03.0968 2484  C:\WINDOWS\system32\drivers\rootmdm.sys - ok
14:05:03.0968 2484  [ 1AB3D00C991AB086E69DB84B6C0ED78F ] C:\WINDOWS\system32\drivers\ndistapi.sys
14:05:03.0968 2484  C:\WINDOWS\system32\drivers\ndistapi.sys - ok
14:05:03.0984 2484  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
14:05:03.0984 2484  C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
14:05:03.0984 2484  [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
14:05:03.0984 2484  C:\WINDOWS\system32\drivers\ndiswan.sys - ok
14:05:04.0000 2484  [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
14:05:04.0000 2484  C:\WINDOWS\system32\drivers\raspppoe.sys - ok
14:05:04.0000 2484  [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
14:05:04.0000 2484  C:\WINDOWS\system32\drivers\psched.sys - ok
14:05:04.0015 2484  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
14:05:04.0015 2484  C:\WINDOWS\system32\drivers\raspptp.sys - ok
14:05:04.0031 2484  [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
14:05:04.0031 2484  C:\WINDOWS\system32\drivers\tdi.sys - ok
14:05:04.0031 2484  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
14:05:04.0031 2484  C:\WINDOWS\system32\drivers\msgpc.sys - ok
14:05:04.0046 2484  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
14:05:04.0046 2484  C:\WINDOWS\system32\drivers\ptilink.sys - ok
14:05:04.0062 2484  [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
14:05:04.0062 2484  C:\WINDOWS\system32\drivers\raspti.sys - ok
14:05:04.0078 2484  [ 5B6C11DE7E839C05248CED8825470FEF ] C:\WINDOWS\system32\drivers\pcouffin.sys
14:05:04.0078 2484  C:\WINDOWS\system32\drivers\pcouffin.sys - ok
14:05:04.0093 2484  [ 51750B0539986186C6931FC40D171521 ] C:\WINDOWS\system32\drivers\VComm.sys
14:05:04.0093 2484  C:\WINDOWS\system32\drivers\VComm.sys - ok
14:05:04.0093 2484  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys
14:05:04.0093 2484  C:\WINDOWS\system32\drivers\serenum.sys - ok
14:05:04.0109 2484  [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
14:05:04.0109 2484  C:\WINDOWS\system32\drivers\rdpdr.sys - ok
14:05:04.0109 2484  [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
14:05:04.0109 2484  C:\WINDOWS\system32\drivers\termdd.sys - ok
14:05:04.0125 2484  [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
14:05:04.0125 2484  C:\WINDOWS\system32\drivers\mouclass.sys - ok
14:05:04.0125 2484  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
14:05:04.0125 2484  C:\WINDOWS\system32\drivers\swenum.sys - ok
14:05:04.0140 2484  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
14:05:04.0140 2484  C:\WINDOWS\system32\drivers\update.sys - ok
14:05:04.0140 2484  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
14:05:04.0140 2484  C:\WINDOWS\system32\drivers\mssmbios.sys - ok
14:05:04.0156 2484  [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
14:05:04.0156 2484  C:\WINDOWS\system32\drivers\usbd.sys - ok
14:05:04.0156 2484  [ 097A8291DF541F9B9AF2C500797CDCAA ] C:\WINDOWS\system32\drivers\windrvr6.sys
14:05:04.0156 2484  C:\WINDOWS\system32\drivers\windrvr6.sys - ok
14:05:04.0156 2484  [ 6215023940CFD3702B46ABC304E1D45A ] C:\WINDOWS\system32\drivers\ndproxy.sys
14:05:04.0156 2484  C:\WINDOWS\system32\drivers\ndproxy.sys - ok
14:05:04.0171 2484  [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
14:05:04.0171 2484  C:\WINDOWS\system32\drivers\usbhub.sys - ok
14:05:04.0171 2484  [ 6D6B57808C923A4D79CC8F47307753C9 ] C:\WINDOWS\system32\drivers\RtkHDAud.Sys
14:05:04.0171 2484  C:\WINDOWS\system32\drivers\RtkHDAud.Sys - ok
14:05:04.0187 2484  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
14:05:04.0187 2484  C:\WINDOWS\system32\drivers\flpydisk.sys - ok
14:05:04.0187 2484  [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
14:05:04.0187 2484  C:\WINDOWS\system32\drivers\sfloppy.sys - ok
14:05:04.0187 2484  [ 9368670BD426EBEA5E8B18A62416EC28 ] C:\WINDOWS\system32\drivers\i2omgmt.sys
14:05:04.0187 2484  C:\WINDOWS\system32\drivers\i2omgmt.sys - ok
14:05:04.0203 2484  [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
14:05:04.0203 2484  C:\WINDOWS\system32\drivers\cdaudio.sys - ok
14:05:04.0203 2484  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
14:05:04.0203 2484  C:\WINDOWS\system32\drivers\fs_rec.sys - ok
14:05:04.0203 2484  [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
14:05:04.0203 2484  C:\WINDOWS\system32\drivers\beep.sys - ok
14:05:04.0218 2484  [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
14:05:04.0218 2484  C:\WINDOWS\system32\drivers\hidparse.sys - ok
14:05:04.0218 2484  [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
14:05:04.0218 2484  C:\WINDOWS\system32\drivers\kbdhid.sys - ok
14:05:04.0218 2484  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
14:05:04.0218 2484  C:\WINDOWS\system32\drivers\null.sys - ok
14:05:04.0250 2484  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
14:05:04.0250 2484  C:\WINDOWS\system32\drivers\vga.sys - ok
14:05:04.0250 2484  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
14:05:04.0250 2484  C:\WINDOWS\system32\drivers\mnmdd.sys - ok
14:05:04.0250 2484  [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
14:05:04.0250 2484  C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
14:05:04.0265 2484  [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
14:05:04.0265 2484  C:\WINDOWS\system32\drivers\msfs.sys - ok
14:05:04.0265 2484  [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
14:05:04.0265 2484  C:\WINDOWS\system32\drivers\npfs.sys - ok
14:05:04.0265 2484  [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
14:05:04.0265 2484  C:\WINDOWS\system32\drivers\ipsec.sys - ok
14:05:04.0281 2484  [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
14:05:04.0281 2484  C:\WINDOWS\system32\drivers\rasacd.sys - ok
14:05:04.0281 2484  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
14:05:04.0281 2484  C:\WINDOWS\system32\drivers\tcpip.sys - ok
14:05:04.0296 2484  [ 336CACE58F0359D5CBB1AE6B8A2FB205 ] C:\WINDOWS\system32\drivers\N360\0502020.003\symtdi.sys
14:05:04.0296 2484  C:\WINDOWS\system32\drivers\N360\0502020.003\symtdi.sys - ok
14:05:04.0296 2484  [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
14:05:04.0296 2484  C:\WINDOWS\system32\drivers\ipnat.sys - ok
14:05:04.0296 2484  [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
14:05:04.0296 2484  C:\WINDOWS\system32\drivers\wanarp.sys - ok
14:05:04.0312 2484  [ AB33C3B196197CA467CBDDA717860DBA ] C:\WINDOWS\system32\drivers\SYMEVENT.SYS
14:05:04.0312 2484  C:\WINDOWS\system32\drivers\SYMEVENT.SYS - ok
14:05:04.0312 2484  [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
14:05:04.0312 2484  C:\WINDOWS\system32\drivers\hidclass.sys - ok
14:05:04.0312 2484  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
14:05:04.0312 2484  C:\WINDOWS\system32\drivers\hidusb.sys - ok
14:05:04.0328 2484  [ A32426D9B14A089EAA1D922E0C5801A9 ] C:\WINDOWS\system32\drivers\usbstor.sys
14:05:04.0328 2484  C:\WINDOWS\system32\drivers\usbstor.sys - ok
14:05:04.0328 2484  [ C19BF2A07BE972A110220DF6B1E89D14 ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130216.001\IDSXpx86.sys
14:05:04.0328 2484  C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130216.001\IDSXpx86.sys - ok
14:05:04.0343 2484  [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
14:05:04.0343 2484  C:\WINDOWS\system32\drivers\mouhid.sys - ok
14:05:04.0343 2484  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
14:05:04.0343 2484  C:\WINDOWS\system32\drivers\netbt.sys - ok
14:05:04.0343 2484  [ 7E775010EF291DA96AD17CA4B17137D7 ] C:\WINDOWS\system32\drivers\afd.sys
14:05:04.0343 2484  C:\WINDOWS\system32\drivers\afd.sys - ok
14:05:04.0359 2484  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
14:05:04.0359 2484  C:\WINDOWS\system32\drivers\netbios.sys - ok
14:05:04.0359 2484  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
14:05:04.0359 2484  C:\WINDOWS\system32\drivers\serial.sys - ok
14:05:04.0375 2484  [ A73399804D5D4A8B20BA60FCF70C9F1F ] C:\WINDOWS\system32\drivers\N360\0502020.003\ironx86.sys
14:05:04.0375 2484  C:\WINDOWS\system32\drivers\N360\0502020.003\ironx86.sys - ok
14:05:04.0375 2484  [ 4E7EAB2E5615D39CF1F1DF9C71E5E225 ] C:\WINDOWS\system32\drivers\N360\0502020.003\srtspx.sys
14:05:04.0375 2484  C:\WINDOWS\system32\drivers\N360\0502020.003\srtspx.sys - ok
14:05:04.0390 2484  [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
14:05:04.0390 2484  C:\WINDOWS\system32\drivers\rdbss.sys - ok
14:05:04.0390 2484  [ F3AEFB11ABC521122B67095044169E98 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
14:05:04.0390 2484  C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
14:05:04.0390 2484  [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
14:05:04.0390 2484  C:\WINDOWS\system32\drivers\fips.sys - ok
14:05:04.0406 2484  [ 85B8B4032A895A746D46A288A9B30DED ] C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:05:04.0406 2484  C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys - ok
14:05:04.0406 2484  [ D2A55F5FE6B716913FB573872F2E5944 ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130208.001\BHDrvx86.sys
14:05:04.0406 2484  C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130208.001\BHDrvx86.sys - ok
14:05:04.0421 2484  [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
14:05:04.0421 2484  C:\WINDOWS\system32\smss.exe - ok
14:05:04.0421 2484  [ 911DDF2E16761643A47225F654D811E5 ] C:\WINDOWS\system32\ntdll.dll
14:05:04.0421 2484  C:\WINDOWS\system32\ntdll.dll - ok
14:05:04.0421 2484  [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
14:05:04.0421 2484  C:\WINDOWS\system32\autochk.exe - ok
14:05:04.0437 2484  [ 38D332A6D56AF32635675F132548343E ] C:\WINDOWS\system32\drivers\fastfat.sys
14:05:04.0437 2484  C:\WINDOWS\system32\drivers\fastfat.sys - ok
14:05:04.0437 2484  [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
14:05:04.0437 2484  C:\WINDOWS\system32\sfcfiles.dll - ok
14:05:04.0437 2484  [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
14:05:04.0437 2484  C:\WINDOWS\system32\drivers\wmilib.sys - ok
14:05:04.0453 2484  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
14:05:04.0453 2484  C:\WINDOWS\system32\drivers\atapi.sys - ok
14:05:04.0453 2484  [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
14:05:04.0453 2484  C:\WINDOWS\system32\drivers\dxapi.sys - ok
14:05:04.0468 2484  [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
14:05:04.0468 2484  C:\WINDOWS\system32\watchdog.sys - ok
14:05:04.0468 2484  [ 716ED09D8D9A9E1E4A03549B32B68186 ] C:\WINDOWS\system32\win32k.sys
14:05:04.0468 2484  C:\WINDOWS\system32\win32k.sys - ok
14:05:04.0468 2484  [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
14:05:04.0468 2484  C:\WINDOWS\system32\csrss.exe - ok
14:05:04.0484 2484  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:05:04.0484 2484  C:\WINDOWS\system32\basesrv.dll - ok
14:05:04.0484 2484  [ 51C5B2BC37AE9EC5FED75B4AEEE04B18 ] C:\WINDOWS\system32\csrsrv.dll
14:05:04.0484 2484  C:\WINDOWS\system32\csrsrv.dll - ok
14:05:04.0484 2484  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
14:05:04.0484 2484  C:\WINDOWS\system32\winsrv.dll - ok
14:05:04.0500 2484  [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
14:05:04.0500 2484  C:\WINDOWS\system32\gdi32.dll - ok
14:05:04.0500 2484  [ B921FB870C9AC0D509B2CCABBBBE95F3 ] C:\WINDOWS\system32\kernel32.dll
14:05:04.0500 2484  C:\WINDOWS\system32\kernel32.dll - ok
14:05:04.0500 2484  [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
14:05:04.0500 2484  C:\WINDOWS\system32\user32.dll - ok
14:05:04.0515 2484  [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
14:05:04.0515 2484  C:\WINDOWS\system32\drivers\dxg.sys - ok
14:05:04.0515 2484  [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
14:05:04.0515 2484  C:\WINDOWS\system32\drivers\dxgthk.sys - ok
14:05:04.0531 2484  [ 140261B4ACB09CB0D65A42E9A06BF253 ] C:\WINDOWS\system32\ati2dvag.dll
14:05:04.0531 2484  C:\WINDOWS\system32\ati2dvag.dll - ok
14:05:04.0531 2484  [ F39961E0CCBFCBB06A00473F19DCCB48 ] C:\WINDOWS\system32\ati2cqag.dll
14:05:04.0531 2484  C:\WINDOWS\system32\ati2cqag.dll - ok
14:05:04.0531 2484  [ A6A99001BBAC5AACB0BAD19BCBBA1727 ] C:\WINDOWS\system32\atikvmag.dll
14:05:04.0531 2484  C:\WINDOWS\system32\atikvmag.dll - ok
14:05:04.0546 2484  [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
14:05:04.0546 2484  C:\WINDOWS\system32\vga.dll - ok
14:05:04.0546 2484  [ 77F3BED0EE438C6B41E5F0BE9269A28A ] C:\WINDOWS\system32\ati3duag.dll
14:05:04.0546 2484  C:\WINDOWS\system32\ati3duag.dll - ok
14:05:04.0546 2484  [ 03AE55CF7F6644FF2C42C100180CA7C4 ] C:\WINDOWS\system32\ativvaxx.dll
14:05:04.0546 2484  C:\WINDOWS\system32\ativvaxx.dll - ok
14:05:04.0562 2484  [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
14:05:04.0562 2484  C:\WINDOWS\system32\winlogon.exe - ok
14:05:04.0562 2484  [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
14:05:04.0562 2484  C:\WINDOWS\system32\advapi32.dll - ok
14:05:04.0578 2484  [ 2193C150DE9C29649B1503093F0C6569 ] C:\WINDOWS\system32\rpcrt4.dll
14:05:04.0578 2484  C:\WINDOWS\system32\rpcrt4.dll - ok
14:05:04.0578 2484  [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
14:05:04.0578 2484  C:\WINDOWS\system32\secur32.dll - ok
14:05:04.0578 2484  [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
14:05:04.0578 2484  C:\WINDOWS\system32\authz.dll - ok
14:05:04.0593 2484  [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
14:05:04.0593 2484  C:\WINDOWS\system32\msvcrt.dll - ok
14:05:04.0593 2484  [ BDAAF79DD63F194434D31A74B9BB8B77 ] C:\WINDOWS\system32\crypt32.dll
14:05:04.0593 2484  C:\WINDOWS\system32\crypt32.dll - ok
14:05:04.0609 2484  [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
14:05:04.0609 2484  C:\WINDOWS\system32\msasn1.dll - ok
14:05:04.0609 2484  [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
14:05:04.0609 2484  C:\WINDOWS\system32\nddeapi.dll - ok
14:05:04.0609 2484  [ 318230E845919255EF3C5D5E1E863631 ] C:\WINDOWS\system32\netapi32.dll
14:05:04.0609 2484  C:\WINDOWS\system32\netapi32.dll - ok
14:05:04.0625 2484  [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
14:05:04.0625 2484  C:\WINDOWS\system32\profmap.dll - ok
14:05:04.0625 2484  [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
14:05:04.0625 2484  C:\WINDOWS\system32\userenv.dll - ok
14:05:04.0625 2484  [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
14:05:04.0625 2484  C:\WINDOWS\system32\psapi.dll - ok
14:05:04.0640 2484  [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
14:05:04.0640 2484  C:\WINDOWS\system32\regapi.dll - ok
14:05:04.0640 2484  [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
14:05:04.0640 2484  C:\WINDOWS\system32\setupapi.dll - ok
14:05:04.0656 2484  [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
14:05:04.0656 2484  C:\WINDOWS\system32\version.dll - ok
14:05:04.0656 2484  [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
14:05:04.0656 2484  C:\WINDOWS\system32\winsta.dll - ok
14:05:04.0656 2484  [ AEADC4FE32D6D60F36D9B9ACE5C642A2 ] C:\WINDOWS\system32\wintrust.dll
14:05:04.0656 2484  C:\WINDOWS\system32\wintrust.dll - ok
14:05:04.0671 2484  [ CA648BD638245EB83F971FF71B031BEC ] C:\WINDOWS\system32\imagehlp.dll
14:05:04.0671 2484  C:\WINDOWS\system32\imagehlp.dll - ok
14:05:04.0671 2484  [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
14:05:04.0671 2484  C:\WINDOWS\system32\ws2_32.dll - ok
14:05:04.0687 2484  [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
14:05:04.0687 2484  C:\WINDOWS\system32\ws2help.dll - ok
14:05:04.0687 2484  [ DAB9952E3626D84E74CBF4958B1B1F52 ] C:\WINDOWS\system32\kbduk.dll
14:05:04.0687 2484  C:\WINDOWS\system32\kbduk.dll - ok
14:05:04.0687 2484  [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
14:05:04.0687 2484  C:\WINDOWS\system32\msgina.dll - ok
14:05:04.0703 2484  [ 06F247492BC786CE5C24A23E178C711A ] C:\WINDOWS\system32\comctl32.dll
14:05:04.0703 2484  C:\WINDOWS\system32\comctl32.dll - ok
14:05:04.0703 2484  [ 52A5A388661FF3A889593185367B7226 ] C:\WINDOWS\system32\odbc32.dll
14:05:04.0703 2484  C:\WINDOWS\system32\odbc32.dll - ok
14:05:04.0718 2484  [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
14:05:04.0718 2484  C:\WINDOWS\system32\comdlg32.dll - ok
14:05:04.0718 2484  [ 08B99916C98E15F6C28D24D73E53B45A ] C:\WINDOWS\system32\shell32.dll
14:05:04.0718 2484  C:\WINDOWS\system32\shell32.dll - ok
14:05:04.0718 2484  [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
14:05:04.0718 2484  C:\WINDOWS\system32\shlwapi.dll - ok
14:05:04.0734 2484  [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
14:05:04.0734 2484  C:\WINDOWS\system32\sxs.dll - ok
14:05:04.0734 2484  [ BD38D1EBE24A46BD3EDA059560AFBA12 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
14:05:04.0734 2484  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll - ok
14:05:04.0734 2484  [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
14:05:04.0734 2484  C:\WINDOWS\system32\odbcint.dll - ok
14:05:04.0750 2484  [ 1926899BF9FFE2602B63074971700412 ] C:\WINDOWS\system32\shsvcs.dll
14:05:04.0750 2484  C:\WINDOWS\system32\shsvcs.dll - ok
14:05:04.0750 2484  [ ECCE74BC6168375016450A86A164D976 ] C:\WINDOWS\system32\ole32.dll
14:05:04.0750 2484  C:\WINDOWS\system32\ole32.dll - ok
14:05:04.0765 2484  [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
14:05:04.0765 2484  C:\WINDOWS\system32\sfc.dll - ok
14:05:04.0765 2484  [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
14:05:04.0765 2484  C:\WINDOWS\system32\sfc_os.dll - ok
14:05:04.0765 2484  [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
14:05:04.0765 2484  C:\WINDOWS\system32\apphelp.dll - ok
14:05:04.0781 2484  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:05:04.0781 2484  C:\WINDOWS\system32\services.exe - ok
14:05:04.0781 2484  [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
14:05:04.0781 2484  C:\WINDOWS\system32\lsass.exe - ok
14:05:04.0781 2484  [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
14:05:04.0781 2484  C:\WINDOWS\system32\ncobjapi.dll - ok
14:05:04.0796 2484  [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
14:05:04.0796 2484  C:\WINDOWS\system32\msvcp60.dll - ok
14:05:04.0796 2484  [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
14:05:04.0796 2484  C:\WINDOWS\system32\scesrv.dll - ok
14:05:04.0812 2484  [ 6A77C91890CFE08135301574BB29559F ] C:\WINDOWS\system32\lsasrv.dll
14:05:04.0812 2484  C:\WINDOWS\system32\lsasrv.dll - ok
14:05:04.0812 2484  [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
14:05:04.0812 2484  C:\WINDOWS\system32\shimeng.dll - ok
14:05:04.0812 2484  [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
14:05:04.0812 2484  C:\WINDOWS\system32\umpnpmgr.dll - ok
14:05:04.0828 2484  [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
14:05:04.0828 2484  C:\WINDOWS\AppPatch\acadproc.dll - ok
14:05:04.0828 2484  [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
14:05:04.0828 2484  C:\WINDOWS\system32\mpr.dll - ok
14:05:04.0843 2484  [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
14:05:04.0843 2484  C:\WINDOWS\system32\ntdsapi.dll - ok
14:05:04.0843 2484  [ 5D3FDE8FB2801A2041D1B965372C4928 ] C:\WINDOWS\system32\dnsapi.dll
14:05:04.0843 2484  C:\WINDOWS\system32\dnsapi.dll - ok
14:05:04.0843 2484  [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
14:05:04.0843 2484  C:\WINDOWS\system32\wldap32.dll - ok
14:05:04.0859 2484  [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
14:05:04.0859 2484  C:\WINDOWS\system32\samlib.dll - ok
14:05:04.0859 2484  [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
14:05:04.0859 2484  C:\WINDOWS\system32\samsrv.dll - ok
14:05:04.0875 2484  [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
14:05:04.0875 2484  C:\WINDOWS\AppPatch\acgenral.dll - ok
14:05:04.0875 2484  [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
14:05:04.0875 2484  C:\WINDOWS\system32\cryptdll.dll - ok
14:05:04.0875 2484  [ F1300D0B4C40754A01DF16F350F0EF60 ] C:\WINDOWS\system32\winmm.dll
14:05:04.0875 2484  C:\WINDOWS\system32\winmm.dll - ok
14:05:04.0890 2484  [ 387006CF9983000BAB76DD250D424045 ] C:\WINDOWS\system32\oleaut32.dll
14:05:04.0890 2484  C:\WINDOWS\system32\oleaut32.dll - ok
14:05:04.0890 2484  [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
14:05:04.0890 2484  C:\WINDOWS\system32\msacm32.dll - ok
14:05:04.0890 2484  [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
14:05:04.0890 2484  C:\WINDOWS\system32\uxtheme.dll - ok
14:05:04.0906 2484  [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
14:05:04.0906 2484  C:\WINDOWS\system32\msapsspc.dll - ok
14:05:04.0906 2484  [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
14:05:04.0906 2484  C:\WINDOWS\system32\msvcrt40.dll - ok
14:05:04.0921 2484  [ BFDECE69E293E6DB4E25DEF862418428 ] C:\WINDOWS\system32\schannel.dll
14:05:04.0921 2484  C:\WINDOWS\system32\schannel.dll - ok
14:05:04.0921 2484  [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
14:05:04.0921 2484  C:\WINDOWS\system32\digest.dll - ok
14:05:04.0921 2484  [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
14:05:04.0921 2484  C:\WINDOWS\system32\msnsspc.dll - ok
14:05:04.0937 2484  [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
14:05:04.0937 2484  C:\WINDOWS\system32\msprivs.dll - ok
14:05:04.0937 2484  [ 99EA6AC9B3FEE42E0438A3A24720EE3F ] C:\WINDOWS\system32\kerberos.dll
14:05:04.0937 2484  C:\WINDOWS\system32\kerberos.dll - ok
14:05:04.0937 2484  [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
14:05:04.0953 2484  C:\WINDOWS\system32\msv1_0.dll - ok
14:05:04.0953 2484  [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
14:05:04.0953 2484  C:\WINDOWS\system32\iphlpapi.dll - ok
14:05:04.0953 2484  [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
14:05:04.0953 2484  C:\WINDOWS\system32\netlogon.dll - ok
14:05:04.0968 2484  [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
14:05:04.0968 2484  C:\WINDOWS\system32\w32time.dll - ok
14:05:04.0968 2484  [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
14:05:04.0968 2484  C:\WINDOWS\system32\wdigest.dll - ok
14:05:04.0968 2484  [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
14:05:04.0968 2484  C:\WINDOWS\system32\rsaenh.dll - ok
14:05:04.0984 2484  [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
14:05:04.0984 2484  C:\WINDOWS\system32\winscard.dll - ok
14:05:04.0984 2484  [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
14:05:04.0984 2484  C:\WINDOWS\system32\wtsapi32.dll - ok
14:05:04.0984 2484  [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
14:05:04.0984 2484  C:\WINDOWS\system32\scecli.dll - ok
14:05:05.0000 2484  [ 34EF4739A4D9D09A96069198F42B8D99 ] C:\WINDOWS\system32\atmfd.dll
14:05:05.0000 2484  C:\WINDOWS\system32\atmfd.dll - ok
14:05:05.0000 2484  [ B526ECD7FC8309AAFF61A5198671E480 ] C:\WINDOWS\system32\ati2evxx.exe
14:05:05.0000 2484  C:\WINDOWS\system32\ati2evxx.exe - ok
14:05:05.0015 2484  [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
14:05:05.0015 2484  C:\WINDOWS\system32\svchost.exe - ok
14:05:05.0015 2484  [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
14:05:05.0015 2484  C:\WINDOWS\system32\ntmarta.dll - ok
14:05:05.0015 2484  [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
14:05:05.0015 2484  C:\WINDOWS\system32\rpcss.dll - ok
14:05:05.0031 2484  [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
14:05:05.0031 2484  C:\WINDOWS\system32\xpsp2res.dll - ok
14:05:05.0031 2484  [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
14:05:05.0031 2484  C:\WINDOWS\system32\eventlog.dll - ok
14:05:05.0031 2484  [ 832E4DD8964AB7ACC880B2837CB1ED20 ] C:\WINDOWS\system32\mswsock.dll
14:05:05.0031 2484  C:\WINDOWS\system32\mswsock.dll - ok
14:05:05.0046 2484  [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
14:05:05.0046 2484  C:\WINDOWS\system32\hnetcfg.dll - ok
14:05:05.0046 2484  [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
14:05:05.0046 2484  C:\WINDOWS\system32\wshtcpip.dll - ok
14:05:05.0062 2484  [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
14:05:05.0062 2484  C:\WINDOWS\system32\winrnr.dll - ok
14:05:05.0062 2484  [ EDDEC321B128328BC370A5447F7F8D69 ] C:\Program Files\Bonjour\mdnsNSP.dll
14:05:05.0062 2484  C:\Program Files\Bonjour\mdnsNSP.dll - ok
14:05:05.0062 2484  [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
14:05:05.0062 2484  C:\WINDOWS\system32\logonui.exe - ok
14:05:05.0078 2484  [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
14:05:05.0078 2484  C:\WINDOWS\system32\rasadhlp.dll - ok
14:05:05.0078 2484  [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
14:05:05.0078 2484  C:\WINDOWS\system32\duser.dll - ok
14:05:05.0078 2484  [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
14:05:05.0078 2484  C:\WINDOWS\system32\msimg32.dll - ok
14:05:05.0093 2484  [ 5F2DBE3CB563741C8084657BF956CE64 ] C:\WINDOWS\system32\oleacc.dll
14:05:05.0093 2484  C:\WINDOWS\system32\oleacc.dll - ok
14:05:05.0093 2484  [ C6EE3A87FE609D3E1DB9DBD072A248DE ] C:\WINDOWS\system32\drivers\fssfltr_tdi.sys
14:05:05.0093 2484  C:\WINDOWS\system32\drivers\fssfltr_tdi.sys - ok
14:05:05.0109 2484  [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
14:05:05.0109 2484  C:\WINDOWS\system32\drivers\ndisuio.sys - ok
14:05:05.0109 2484  [ 1F0EF2F0ABBEA0E25FD923FBB5E12BD4 ] C:\WINDOWS\system32\ati2evxx.dll
14:05:05.0109 2484  C:\WINDOWS\system32\ati2evxx.dll - ok
14:05:05.0109 2484  [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
14:05:05.0109 2484  C:\WINDOWS\system32\cscdll.dll - ok
14:05:05.0125 2484  [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
14:05:05.0125 2484  C:\WINDOWS\system32\dhcpcsvc.dll - ok
14:05:05.0125 2484  [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
14:05:05.0125 2484  C:\WINDOWS\system32\dimsntfy.dll - ok
14:05:05.0140 2484  [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
14:05:05.0140 2484  C:\WINDOWS\system32\wlnotify.dll - ok
14:05:05.0140 2484  [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
14:05:05.0140 2484  C:\WINDOWS\system32\winspool.drv - ok
14:05:05.0140 2484  [ 474B4DC3983173E4B4C9740B0DAC98A6 ] C:\WINDOWS\system32\dnsrslvr.dll
14:05:05.0140 2484  C:\WINDOWS\system32\dnsrslvr.dll - ok
14:05:05.0156 2484  [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
14:05:05.0156 2484  C:\WINDOWS\system32\clbcatq.dll - ok
14:05:05.0156 2484  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
14:05:05.0156 2484  C:\WINDOWS\system32\wzcsvc.dll - ok
14:05:05.0156 2484  [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
14:05:05.0156 2484  C:\WINDOWS\system32\comres.dll - ok
14:05:05.0171 2484  [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
14:05:05.0171 2484  C:\WINDOWS\system32\rtutils.dll - ok
14:05:05.0171 2484  [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
14:05:05.0171 2484  C:\WINDOWS\system32\wmi.dll - ok
14:05:05.0187 2484  [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
14:05:05.0187 2484  C:\WINDOWS\system32\eapolqec.dll - ok
14:05:05.0187 2484  [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
14:05:05.0187 2484  C:\WINDOWS\system32\atl.dll - ok
14:05:05.0187 2484  [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
14:05:05.0187 2484  C:\WINDOWS\system32\qutil.dll - ok
14:05:05.0203 2484  [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
14:05:05.0203 2484  C:\WINDOWS\system32\dot3api.dll - ok
14:05:05.0203 2484  [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
14:05:05.0203 2484  C:\WINDOWS\system32\shgina.dll - ok
14:05:05.0203 2484  [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
14:05:05.0203 2484  C:\WINDOWS\system32\esent.dll - ok
14:05:05.0218 2484  [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
14:05:05.0218 2484  C:\WINDOWS\system32\rastls.dll - ok
14:05:05.0218 2484  [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
14:05:05.0218 2484  C:\WINDOWS\system32\cryptui.dll - ok
14:05:05.0218 2484  [ 7A42CFED96CDA7F2FB1A26D1F9F65775 ] C:\WINDOWS\system32\wininet.dll
14:05:05.0218 2484  C:\WINDOWS\system32\wininet.dll - ok
14:05:05.0250 2484  [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
14:05:05.0250 2484  C:\WINDOWS\system32\normaliz.dll - ok
14:05:05.0250 2484  [ 9C56C8C957F6AC4C7FA1378E108C42EA ] C:\WINDOWS\system32\urlmon.dll
14:05:05.0250 2484  C:\WINDOWS\system32\urlmon.dll - ok
14:05:05.0250 2484  [ 95825F207451C184CF341255B2212249 ] C:\WINDOWS\system32\iertutil.dll
14:05:05.0250 2484  C:\WINDOWS\system32\iertutil.dll - ok
14:05:05.0265 2484  [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
14:05:05.0265 2484  C:\WINDOWS\system32\mprapi.dll - ok
14:05:05.0265 2484  [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
14:05:05.0265 2484  C:\WINDOWS\system32\activeds.dll - ok
14:05:05.0265 2484  [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
14:05:05.0265 2484  C:\WINDOWS\system32\adsldpc.dll - ok
14:05:05.0281 2484  [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
14:05:05.0281 2484  C:\WINDOWS\system32\rasapi32.dll - ok
14:05:05.0281 2484  [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
14:05:05.0281 2484  C:\WINDOWS\system32\rasman.dll - ok
14:05:05.0296 2484  [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
14:05:05.0296 2484  C:\WINDOWS\system32\tapi32.dll - ok
14:05:05.0296 2484  [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
14:05:05.0296 2484  C:\WINDOWS\system32\riched20.dll - ok
14:05:05.0296 2484  [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
14:05:05.0296 2484  C:\WINDOWS\system32\raschap.dll - ok
14:05:05.0312 2484  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
14:05:05.0312 2484  C:\WINDOWS\system32\schedsvc.dll - ok
14:05:05.0312 2484  [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
14:05:05.0312 2484  C:\WINDOWS\system32\msidle.dll - ok
14:05:05.0312 2484  [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] C:\WINDOWS\system32\spoolsv.exe
14:05:05.0312 2484  C:\WINDOWS\system32\spoolsv.exe - ok
14:05:05.0328 2484  [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
14:05:05.0328 2484  C:\WINDOWS\system32\audiosrv.dll - ok
14:05:05.0328 2484  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] C:\WINDOWS\system32\drivers\parvdm.sys
14:05:05.0328 2484  C:\WINDOWS\system32\drivers\parvdm.sys - ok
14:05:05.0343 2484  [ 7970DF1F4BEF2EE5E3F88B66D470CCDA ] C:\WINDOWS\system32\ati2sgag.exe
14:05:05.0343 2484  C:\WINDOWS\system32\ati2sgag.exe - ok
14:05:05.0343 2484  [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
14:05:05.0343 2484  C:\WINDOWS\system32\cryptsvc.dll - ok
14:05:05.0343 2484  [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
14:05:05.0343 2484  C:\WINDOWS\system32\drivers\http.sys - ok
14:05:05.0359 2484  [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
14:05:05.0359 2484  C:\WINDOWS\system32\certcli.dll - ok
14:05:05.0359 2484  [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
14:05:05.0359 2484  C:\WINDOWS\system32\es.dll - ok
14:05:05.0359 2484  [ 98312C9EAB656053BE1ACA3A8A5912B3 ] C:\WINDOWS\system32\drivers\MASPINT.SYS
14:05:05.0375 2484  C:\WINDOWS\system32\drivers\MASPINT.SYS - ok
14:05:05.0375 2484  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] C:\WINDOWS\system32\drivers\mdmxsdk.sys
14:05:05.0375 2484  C:\WINDOWS\system32\drivers\mdmxsdk.sys - ok
14:05:05.0375 2484  [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
14:05:05.0375 2484  C:\WINDOWS\system32\hidserv.dll - ok
14:05:05.0390 2484  [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
14:05:05.0390 2484  C:\WINDOWS\system32\hid.dll - ok
14:05:05.0390 2484  [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
14:05:05.0390 2484  C:\WINDOWS\system32\dmserver.dll - ok
14:05:05.0390 2484  [ E78A365CC3E0FBFC018A33DCE01909F8 ] C:\Program Files\Norton 360\Engine\5.2.2.3\ccsvchst.exe
14:05:05.0390 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\ccsvchst.exe - ok
14:05:05.0406 2484  [ F385F4B02C535BFFE1D70CAB80838123 ] C:\WINDOWS\system32\srvsvc.dll
14:05:05.0406 2484  C:\WINDOWS\system32\srvsvc.dll - ok
14:05:05.0406 2484  [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
14:05:05.0406 2484  C:\WINDOWS\system32\netmsg.dll - ok
14:05:05.0421 2484  [ B2EEE3DEE31F50E082E9C720A6D7757D ] C:\Program Files\Norton 360\Engine\5.2.2.3\microsoft.vc90.crt\msvcp90.dll
14:05:05.0421 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\microsoft.vc90.crt\msvcp90.dll - ok
14:05:05.0421 2484  [ 89220B427890AA1DFFD1A02648AE51C3 ] C:\WINDOWS\system32\drivers\srv.sys
14:05:05.0421 2484  C:\WINDOWS\system32\drivers\srv.sys - ok
14:05:05.0421 2484  [ 7538050656FE5D63CB4B80349DD1CFE3 ] C:\Program Files\Norton 360\Engine\5.2.2.3\microsoft.vc90.crt\msvcr90.dll
14:05:05.0421 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\microsoft.vc90.crt\msvcr90.dll - ok
14:05:05.0437 2484  [ 7A03683FDEC05543A5CF7AA968129A1F ] C:\Program Files\Norton 360\Engine\5.2.2.3\ccl100u.dll
14:05:05.0437 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\ccl100u.dll - ok
14:05:05.0437 2484  [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
14:05:05.0437 2484  C:\WINDOWS\system32\dbghelp.dll - ok
14:05:05.0437 2484  [ ABFF5F1E970DBC68E2CAE682378DC717 ] C:\Program Files\Norton 360\Engine\5.2.2.3\ccvrtrst.dll
14:05:05.0437 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\ccvrtrst.dll - ok
14:05:05.0453 2484  [ 177364F26F682529220AF4906131DC2A ] C:\Program Files\Norton 360\Engine\5.2.2.3\efacli.dll
14:05:05.0453 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\efacli.dll - ok
14:05:05.0453 2484  [ 1286F9939CC963D379F87A0FB05F6184 ] C:\Program Files\Norton 360\Engine\5.2.2.3\symneti.dll
14:05:05.0453 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\symneti.dll - ok
14:05:05.0468 2484  [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
14:05:05.0468 2484  C:\WINDOWS\system32\ipsecsvc.dll - ok
14:05:05.0468 2484  [ 33D7285F12D934268A34206DFC4AD1B3 ] C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
14:05:05.0468 2484  C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS - ok
14:05:05.0468 2484  [ 2CA0B0C4460898ED5371E4988954F466 ] C:\Program Files\Norton 360\Engine\5.2.2.3\ccsvc.dll
14:05:05.0468 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\ccsvc.dll - ok
14:05:05.0484 2484  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
14:05:05.0484 2484  C:\WINDOWS\system32\netman.dll - ok
14:05:05.0484 2484  [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
14:05:05.0484 2484  C:\WINDOWS\system32\oakley.dll - ok
14:05:05.0484 2484  [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
14:05:05.0484 2484  C:\WINDOWS\system32\cscui.dll - ok
14:05:05.0500 2484  [ 39D6403ADF3E02248C42F8AB6D940AF5 ] C:\Program Files\Norton 360\Engine\5.2.2.3\srtsp32.dll
14:05:05.0500 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\srtsp32.dll - ok
14:05:05.0500 2484  [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
14:05:05.0500 2484  C:\WINDOWS\system32\winipsec.dll - ok
14:05:05.0515 2484  [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
14:05:05.0515 2484  C:\WINDOWS\system32\powrprof.dll - ok
14:05:05.0515 2484  [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
14:05:05.0515 2484  C:\WINDOWS\system32\pstorsvc.dll - ok
14:05:05.0515 2484  [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll
14:05:05.0515 2484  C:\WINDOWS\system32\dpcdll.dll - ok
14:05:05.0531 2484  [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
14:05:05.0531 2484  C:\WINDOWS\system32\psbase.dll - ok
14:05:05.0531 2484  [ DB7951146CA1E218E1D3BCFF115848A3 ] C:\Program Files\Norton 360\Engine\5.2.2.3\ccipc.dll
14:05:05.0531 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\ccipc.dll - ok
14:05:05.0531 2484  [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
14:05:05.0531 2484  C:\WINDOWS\system32\dssenh.dll - ok
14:05:05.0546 2484  [ 972E0F9D74FA23C0F5B0044A77C6C37E ] C:\Program Files\Norton 360\Engine\5.2.2.3\dimaster.dll
14:05:05.0546 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\dimaster.dll - ok
14:05:05.0546 2484  [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
14:05:05.0546 2484  C:\WINDOWS\system32\userinit.exe - ok
14:05:05.0562 2484  [ 6FEE15B53D624E06D86759258E1F6A9C ] C:\Program Files\Norton 360\Engine\5.2.2.3\ccset.dll
14:05:05.0562 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\ccset.dll - ok
14:05:05.0562 2484  [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
14:05:05.0562 2484  C:\WINDOWS\system32\netshell.dll - ok
14:05:05.0562 2484  [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
14:05:05.0562 2484  C:\WINDOWS\explorer.exe - ok
14:05:05.0578 2484  [ 79128EF15A21117F4423230F08B1CB38 ] C:\Program Files\Norton 360\Engine\5.2.2.3\distrptr.dll
14:05:05.0578 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\distrptr.dll - ok
14:05:05.0578 2484  [ 8C77ECF3C7DCBB926312B7ECED6ECA75 ] C:\WINDOWS\system32\winhttp.dll
14:05:05.0578 2484  C:\WINDOWS\system32\winhttp.dll - ok
14:05:05.0578 2484  [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
14:05:05.0578 2484  C:\WINDOWS\system32\wdmaud.drv - ok
14:05:05.0593 2484  [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
14:05:05.0593 2484  C:\WINDOWS\system32\drivers\wdmaud.sys - ok
14:05:05.0593 2484  [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
14:05:05.0593 2484  C:\WINDOWS\system32\credui.dll - ok
14:05:05.0609 2484  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
14:05:05.0609 2484  C:\WINDOWS\system32\drivers\sysaudio.sys - ok
14:05:05.0609 2484  [ 2E5A72F5CF986088081B84ADD6AD458C ] C:\Program Files\Norton 360\Engine\5.2.2.3\cosvcplg.dll
14:05:05.0609 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\cosvcplg.dll - ok
14:05:05.0609 2484  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
14:05:05.0609 2484  C:\WINDOWS\system32\drivers\splitter.sys - ok
14:05:05.0625 2484  [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
14:05:05.0625 2484  C:\WINDOWS\system32\dot3dlg.dll - ok
14:05:05.0625 2484  [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
14:05:05.0625 2484  C:\WINDOWS\system32\browseui.dll - ok
14:05:05.0640 2484  [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
14:05:05.0640 2484  C:\WINDOWS\system32\drivers\aec.sys - ok
14:05:05.0640 2484  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
14:05:05.0640 2484  C:\WINDOWS\system32\drivers\swmidi.sys - ok
14:05:05.0640 2484  [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
14:05:05.0640 2484  C:\WINDOWS\system32\onex.dll - ok
14:05:05.0656 2484  [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
14:05:05.0656 2484  C:\WINDOWS\system32\ssdpsrv.dll - ok
14:05:05.0656 2484  [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
14:05:05.0656 2484  C:\WINDOWS\system32\drivers\dmusic.sys - ok
14:05:05.0656 2484  [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
14:05:05.0656 2484  C:\WINDOWS\system32\drivers\kmixer.sys - ok
14:05:05.0671 2484  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
14:05:05.0671 2484  C:\WINDOWS\system32\drivers\drmkaud.sys - ok
14:05:05.0671 2484  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
14:05:05.0671 2484  C:\WINDOWS\system32\wiaservc.dll - ok
14:05:05.0687 2484  [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
14:05:05.0687 2484  C:\WINDOWS\system32\eappcfg.dll - ok
14:05:05.0687 2484  [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
14:05:05.0687 2484  C:\WINDOWS\system32\eappprxy.dll - ok
14:05:05.0687 2484  [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
14:05:05.0687 2484  C:\WINDOWS\system32\cfgmgr32.dll - ok
14:05:05.0703 2484  [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
14:05:05.0703 2484  C:\WINDOWS\system32\msacm32.drv - ok
14:05:05.0703 2484  [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
14:05:05.0703 2484  C:\WINDOWS\system32\wzcsapi.dll - ok
14:05:05.0718 2484  [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
14:05:05.0718 2484  C:\WINDOWS\system32\midimap.dll - ok
14:05:05.0718 2484  [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
14:05:05.0718 2484  C:\WINDOWS\system32\mscms.dll - ok
14:05:05.0718 2484  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
14:05:05.0718 2484  C:\WINDOWS\system32\sens.dll - ok
14:05:05.0734 2484  [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
14:05:05.0734 2484  C:\WINDOWS\system32\srsvc.dll - ok
14:05:05.0734 2484  [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
14:05:05.0734 2484  C:\WINDOWS\system32\actxprxy.dll - ok
14:05:05.0750 2484  [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
14:05:05.0750 2484  C:\WINDOWS\system32\wbem\wmisvc.dll - ok
14:05:05.0750 2484  [ EF4E4231057F9887CDA435A0697A8334 ] C:\Program Files\Norton 360\Engine\5.2.2.3\ccgevt.dll
14:05:05.0750 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\ccgevt.dll - ok
14:05:05.0750 2484  [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
14:05:05.0750 2484  C:\WINDOWS\system32\vssapi.dll - ok
14:05:05.0765 2484  [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll
14:05:05.0765 2484  C:\WINDOWS\system32\shdocvw.dll - ok
14:05:05.0765 2484  [ F9AC3D7E84F7A996E921D9B2DA084F7D ] C:\Program Files\Norton 360\Engine\5.2.2.3\ccglog.dll
14:05:05.0765 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\ccglog.dll - ok
14:05:05.0765 2484  [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
14:05:05.0765 2484  C:\WINDOWS\system32\ipnathlp.dll - ok
14:05:05.0781 2484  [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
14:05:05.0781 2484  C:\WINDOWS\system32\termsrv.dll - ok
14:05:05.0781 2484  [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
14:05:05.0781 2484  C:\WINDOWS\system32\icaapi.dll - ok
14:05:05.0796 2484  [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
14:05:05.0796 2484  C:\WINDOWS\system32\comsvcs.dll - ok
14:05:05.0796 2484  [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
14:05:05.0796 2484  C:\WINDOWS\system32\mstlsapi.dll - ok
14:05:05.0796 2484  [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
14:05:05.0796 2484  C:\WINDOWS\system32\colbact.dll - ok
14:05:05.0812 2484  [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
14:05:05.0812 2484  C:\WINDOWS\system32\mtxclu.dll - ok
14:05:05.0812 2484  [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
14:05:05.0812 2484  C:\WINDOWS\system32\wsock32.dll - ok
14:05:05.0812 2484  [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
14:05:05.0812 2484  C:\WINDOWS\system32\clusapi.dll - ok
14:05:05.0828 2484  [ 2F33AF526667313ECC13D85DA103CC2E ] C:\Program Files\Norton 360\Engine\5.2.2.3\ccjobmgr.dll
14:05:05.0828 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\ccjobmgr.dll - ok
14:05:05.0828 2484  [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
14:05:05.0828 2484  C:\WINDOWS\system32\resutils.dll - ok
14:05:05.0843 2484  [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
14:05:05.0843 2484  C:\WINDOWS\system32\wbem\wbemprox.dll - ok
14:05:05.0843 2484  [ 80E0AEB8CE31678CF5020FBA203A441B ] C:\Program Files\Norton 360\Engine\5.2.2.3\bushell.dll
14:05:05.0843 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\bushell.dll - ok
14:05:05.0843 2484  [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
14:05:05.0843 2484  C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
14:05:05.0859 2484  [ C59F4FC0C28C236BDDE2FD35167DE054 ] C:\Program Files\Norton 360\Engine\5.2.2.3\ccsubeng.dll
14:05:05.0859 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\ccsubeng.dll - ok
14:05:05.0859 2484  [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
14:05:05.0859 2484  C:\WINDOWS\system32\imm32.dll - ok
14:05:05.0875 2484  [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
14:05:05.0875 2484  C:\WINDOWS\system32\wbem\wbemcore.dll - ok
14:05:05.0875 2484  [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll
14:05:05.0875 2484  C:\WINDOWS\system32\mydocs.dll - ok
14:05:05.0875 2484  [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
14:05:05.0875 2484  C:\WINDOWS\system32\ntshrui.dll - ok
14:05:05.0890 2484  [ 939F327171B94A14D43A54D4BBF2129B ] C:\Program Files\Norton 360\Engine\5.2.2.3\ccemlpxy.dll
14:05:05.0890 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\ccemlpxy.dll - ok
14:05:05.0890 2484  [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
14:05:05.0890 2484  C:\WINDOWS\system32\wbem\esscli.dll - ok
14:05:05.0890 2484  [ 4721AB485E0C29CD1617A5F296B9CC47 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
14:05:05.0890 2484  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll - ok
14:05:05.0906 2484  [ 291FF480EE525B23575FE9D4DED60FAE ] C:\Program Files\Norton 360\Engine\5.2.2.3\iron.dll
14:05:05.0906 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\iron.dll - ok
14:05:05.0906 2484  [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
14:05:05.0906 2484  C:\WINDOWS\system32\wbem\fastprox.dll - ok
14:05:05.0921 2484  [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
14:05:05.0921 2484  C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
14:05:05.0921 2484  [ A4A6CC47F54E193D3610D422669FF995 ] C:\Program Files\Norton 360\Engine\5.2.2.3\sndsvc.dll
14:05:05.0921 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\sndsvc.dll - ok
14:05:05.0921 2484  [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
14:05:05.0921 2484  C:\WINDOWS\system32\wbem\wmiutils.dll - ok
14:05:05.0937 2484  [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
14:05:05.0937 2484  C:\WINDOWS\system32\desk.cpl - ok
14:05:05.0937 2484  [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
14:05:05.0937 2484  C:\WINDOWS\system32\themeui.dll - ok
14:05:05.0953 2484  [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
14:05:05.0953 2484  C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
14:05:05.0953 2484  [ 266AA534FDB2224395B4C9BE6F5BD7F0 ] C:\Program Files\Norton 360\Engine\5.2.2.3\symredir.dll
14:05:05.0953 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\symredir.dll - ok
14:05:05.0953 2484  [ 8AA98F07E442A9D9293CFF3CB3DC8F88 ] C:\Program Files\Norton 360\Engine\5.2.2.3\coFFPlgn.dll
14:05:05.0953 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\coFFPlgn.dll - ok
14:05:05.0968 2484  [ 721487B5FE3D97D54D36122DB2FE8E1B ] C:\Program Files\Norton 360\Engine\5.2.2.3\symrdrsv.dll
14:05:05.0968 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\symrdrsv.dll - ok
14:05:05.0968 2484  [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
14:05:05.0968 2484  C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
14:05:05.0968 2484  [ 436B0D62726D579B409F5C5AF4BC747A ] C:\Program Files\Norton 360\Engine\5.2.2.3\hncore.dll
14:05:05.0968 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\hncore.dll - ok
14:05:05.0984 2484  [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
14:05:05.0984 2484  C:\WINDOWS\system32\wbem\wbemess.dll - ok
14:05:05.0984 2484  [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
14:05:05.0984 2484  C:\WINDOWS\system32\cmd.exe - ok
14:05:05.0984 2484  [ 0D5C62E6462FEE517C7FB3B64A58EF1B ] C:\WINDOWS\system32\ieframe.dll
14:05:05.0984 2484  C:\WINDOWS\system32\ieframe.dll - ok
14:05:06.0000 2484  [ 782CB63CA75FFEF178B0BBD7F8BAC17B ] C:\Program Files\Norton 360\Engine\5.2.2.3\appmgr32.dll
14:05:06.0000 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\appmgr32.dll - ok
14:05:06.0000 2484  [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
14:05:06.0000 2484  C:\WINDOWS\system32\alg.exe - ok
14:05:06.0015 2484  [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
14:05:06.0015 2484  C:\WINDOWS\system32\spoolss.dll - ok
14:05:06.0015 2484  [ 935F3CB0C17C661D103570BA361B5DD9 ] C:\Program Files\Norton 360\Engine\5.2.2.3\isdatapr.dll
14:05:06.0015 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\isdatapr.dll - ok
14:05:06.0015 2484  [ AA897735D5AB916297A6823A9B2D61B1 ] C:\WINDOWS\system32\localspl.dll
14:05:06.0015 2484  C:\WINDOWS\system32\localspl.dll - ok
14:05:06.0031 2484  [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
14:05:06.0031 2484  C:\WINDOWS\system32\cnbjmon.dll - ok
14:05:06.0031 2484  [ 6D59EC87391A45019D95841AF590D890 ] C:\WINDOWS\system32\E_FLBEFE.DLL
14:05:06.0031 2484  C:\WINDOWS\system32\E_FLBEFE.DLL - ok
14:05:06.0031 2484  [ 451A47AC3AF27DAC986B3C18267E2C2F ] C:\Program Files\Norton 360\Engine\5.2.2.3\avmodule.dll
14:05:06.0031 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\avmodule.dll - ok
14:05:06.0046 2484  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
14:05:06.0046 2484  C:\WINDOWS\system32\rasmans.dll - ok
14:05:06.0046 2484  [ FB44C8568224451A43B745C39C182406 ] C:\WINDOWS\system32\hpzsnt07.dll
14:05:06.0046 2484  C:\WINDOWS\system32\hpzsnt07.dll - ok
14:05:06.0062 2484  [ A4EA2410022EE77E4373EE80E56AD766 ] C:\WINDOWS\system32\mdimon.dll
14:05:06.0062 2484  C:\WINDOWS\system32\mdimon.dll - ok
14:05:06.0062 2484  [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
14:05:06.0062 2484  C:\WINDOWS\system32\netcfgx.dll - ok
14:05:06.0062 2484  [ 1C4D0F52B4238B9388F2A28DD0903588 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
14:05:06.0062 2484  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll - ok
14:05:06.0078 2484  [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
14:05:06.0078 2484  C:\WINDOWS\system32\tapisrv.dll - ok
14:05:06.0078 2484  [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
14:05:06.0078 2484  C:\WINDOWS\system32\msi.dll - ok
14:05:06.0093 2484  [ 2F5D445AB96764D0A9EB26DFA0D0F5A3 ] C:\Program Files\Norton 360\Engine\5.2.2.3\defutdcd.dll
14:05:06.0093 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\defutdcd.dll - ok
14:05:06.0093 2484  [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
14:05:06.0093 2484  C:\WINDOWS\system32\rastapi.dll - ok
14:05:06.0093 2484  [ 20429EBE00CD72682860F7F00CD50354 ] C:\Program Files\Norton 360\Engine\5.2.2.3\ducclib.dll
14:05:06.0093 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\ducclib.dll - ok
14:05:06.0109 2484  [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
14:05:06.0109 2484  C:\WINDOWS\system32\unimdm.tsp - ok
14:05:06.0109 2484  [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
14:05:06.0109 2484  C:\WINDOWS\system32\uniplat.dll - ok
14:05:06.0109 2484  [ 73EC60501FE247C811B640F69E0FAE6B ] C:\Program Files\Norton 360\Engine\5.2.2.3\cltlmc.dll
14:05:06.0109 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\cltlmc.dll - ok
14:05:06.0125 2484  [ 19AE6CBA05B9005698A6DEDCC88F202E ] C:\WINDOWS\system32\unimdmat.dll
14:05:06.0125 2484  C:\WINDOWS\system32\unimdmat.dll - ok
14:05:06.0125 2484  [ 69D7A6CA044CD44AF388D05B540F73EC ] C:\Program Files\Norton 360\Engine\5.2.2.3\ncw.dll
14:05:06.0125 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\ncw.dll - ok
14:05:06.0140 2484  [ FE4A73CDBC882A19D070F1C01586E81A ] C:\WINDOWS\system32\modemui.dll
14:05:06.0140 2484  C:\WINDOWS\system32\modemui.dll - ok
14:05:06.0140 2484  [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
14:05:06.0140 2484  C:\WINDOWS\system32\kmddsp.tsp - ok
14:05:06.0140 2484  [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
14:05:06.0140 2484  C:\WINDOWS\system32\ndptsp.tsp - ok
14:05:06.0156 2484  [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
14:05:06.0156 2484  C:\WINDOWS\system32\ipconf.tsp - ok
14:05:06.0156 2484  [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
14:05:06.0156 2484  C:\WINDOWS\system32\h323.tsp - ok
14:05:06.0171 2484  [ CC6292CA575E851E5B74BF8883AB967A ] C:\WINDOWS\system32\fxsmon.dll
14:05:06.0171 2484  C:\WINDOWS\system32\fxsmon.dll - ok
14:05:06.0171 2484  [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
14:05:06.0171 2484  C:\WINDOWS\system32\hidphone.tsp - ok
14:05:06.0171 2484  [ BDB83C844EDEC9BD01A94750D2C38DDF ] C:\WINDOWS\system32\fxsevent.dll
14:05:06.0171 2484  C:\WINDOWS\system32\fxsevent.dll - ok
14:05:06.0187 2484  [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
14:05:06.0187 2484  C:\WINDOWS\system32\rasppp.dll - ok
14:05:06.0187 2484  [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
14:05:06.0187 2484  C:\WINDOWS\system32\pjlmon.dll - ok
14:05:06.0187 2484  [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
14:05:06.0187 2484  C:\WINDOWS\system32\tcpmon.dll - ok
14:05:06.0203 2484  [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
14:05:06.0203 2484  C:\WINDOWS\system32\ntlsapi.dll - ok
14:05:06.0203 2484  [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
14:05:06.0203 2484  C:\WINDOWS\system32\usbmon.dll - ok
14:05:06.0218 2484  [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
14:05:06.0218 2484  C:\WINDOWS\system32\rasqec.dll - ok
14:05:06.0218 2484  [ 777B4C176D4DE9D5667545B027D17FDA ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
14:05:06.0218 2484  C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok
14:05:06.0218 2484  [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
14:05:06.0218 2484  C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
14:05:06.0234 2484  [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
14:05:06.0234 2484  C:\WINDOWS\system32\win32spl.dll - ok
14:05:06.0234 2484  [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
14:05:06.0234 2484  C:\WINDOWS\system32\netrap.dll - ok
14:05:06.0250 2484  [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
14:05:06.0250 2484  C:\WINDOWS\system32\wkssvc.dll - ok
14:05:06.0250 2484  [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
14:05:06.0250 2484  C:\WINDOWS\system32\inetpp.dll - ok
14:05:06.0250 2484  [ 44C71034567D1D98C49281F28B8D2BA4 ] C:\Program Files\Norton 360\Engine\5.2.2.3\avpsvc32.dll
14:05:06.0250 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\avpsvc32.dll - ok
14:05:06.0265 2484  [ 757DD68F6010AA31FA87C93C942FDC37 ] C:\Program Files\Norton 360\Engine\5.2.2.3\asengine.dll
14:05:06.0265 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\asengine.dll - ok
14:05:06.0265 2484  [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
14:05:06.0265 2484  C:\WINDOWS\system32\cryptnet.dll - ok
14:05:06.0281 2484  [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
14:05:06.0281 2484  C:\WINDOWS\system32\sensapi.dll - ok
14:05:06.0281 2484  [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
14:05:06.0281 2484  C:\WINDOWS\system32\cabinet.dll - ok
14:05:06.0281 2484  [ 3656CEB53172661E261C95EC71944FB4 ] C:\Program Files\Norton 360\Engine\5.2.2.3\coieplg.dll
14:05:06.0281 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\coieplg.dll - ok
14:05:06.0296 2484  [ 3AB96E38084CAFC4C113BC3FD085B3DC ] C:\Program Files\Norton 360\Engine\5.2.2.3\avmail.dll
14:05:06.0296 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\avmail.dll - ok
14:05:06.0296 2484  [ 37F1F5CCD06334EE9D9C1E8FC986DD72 ] C:\Program Files\Norton 360\Engine\5.2.2.3\iserror.dll
14:05:06.0296 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\iserror.dll - ok
14:05:06.0296 2484  [ 7FACFBA8AC9069B2D5DF44CA626F0D05 ] C:\Program Files\Norton 360\Engine\5.2.2.3\qsplugin.dll
14:05:06.0296 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\qsplugin.dll - ok
14:05:06.0312 2484  [ FCB82479AE5DC880AD85B9DFCA4C2D45 ] C:\Program Files\Norton 360\Engine\5.2.2.3\cltlms.dll
14:05:06.0312 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\cltlms.dll - ok
14:05:06.0312 2484  [ BECAE02803277EFEC3FFB6C31FECA370 ] C:\Program Files\Norton 360\Engine\5.2.2.3\bhsvcplg.dll
14:05:06.0312 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\bhsvcplg.dll - ok
14:05:06.0328 2484  [ 4D60424AC15265E476AAD2F2F5779D6D ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\CLT\cltLMSx.dll
14:05:06.0328 2484  C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\CLT\cltLMSx.dll - ok
14:05:06.0328 2484  [ 9447EE089B4C9D338AF9BAA5F13B8752 ] C:\Program Files\Norton 360\Engine\5.2.2.3\busvc.dll
14:05:06.0328 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\busvc.dll - ok
14:05:06.0328 2484  [ B13C4C668D1449F7022E79253FDF2F99 ] C:\Program Files\Norton 360\Engine\5.2.2.3\bucomm.dll
14:05:06.0328 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\bucomm.dll - ok
14:05:06.0343 2484  [ F4BD53A9BEB8FD507C2DEF4F05D7F662 ] C:\Program Files\Norton 360\Engine\5.2.2.3\bueng.dll
14:05:06.0343 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\bueng.dll - ok
14:05:06.0343 2484  [ 0137C7150F01DB5C2C36C3D98841BE07 ] C:\Program Files\Norton 360\Engine\5.2.2.3\dscli.dll
14:05:06.0343 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\dscli.dll - ok
14:05:06.0343 2484  [ D7D83E545351C4FB3213FF515FA2E9DA ] C:\Program Files\Norton 360\Engine\5.2.2.3\tudatapr.dll
14:05:06.0359 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\tudatapr.dll - ok
14:05:06.0359 2484  [ EDBDE5BE736E77A64D8D47069B536299 ] C:\Program Files\Norton 360\Engine\5.2.2.3\ipsplug.dll
14:05:06.0359 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\ipsplug.dll - ok
14:05:06.0359 2484  [ D724A1367B79F9BDD150BA0DC11DEDF1 ] C:\Program Files\Norton 360\Engine\5.2.2.3\isdatasv.dll
14:05:06.0359 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\isdatasv.dll - ok
14:05:06.0375 2484  [ 14D289F63D9538306CB560C4CD12172F ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130216.001\IDSxpx86.dll
14:05:06.0375 2484  C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130216.001\IDSxpx86.dll - ok
14:05:06.0375 2484  [ 4F44EE5DCC36A26E02A9235D69CDE359 ] C:\Program Files\Norton 360\Engine\5.2.2.3\fwcore.dll
14:05:06.0375 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\fwcore.dll - ok
14:05:06.0375 2484  [ 169EFEBE66BD1041A9D5B518E8D71687 ] C:\Program Files\Norton 360\Engine\5.2.2.3\avifc.dll
14:05:06.0375 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\avifc.dll - ok
14:05:06.0390 2484  [ 83726CF02ECED69138948083E06B6EAC ] C:\WINDOWS\system32\drivers\N360\0502020.003\srtsp.sys
14:05:06.0390 2484  C:\WINDOWS\system32\drivers\N360\0502020.003\srtsp.sys - ok
14:05:06.0390 2484  [ A4ADF68950E010EDD6A643C2F4EC436B ] C:\Program Files\Norton 360\Engine\5.2.2.3\fwgenplg.dll
14:05:06.0390 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\fwgenplg.dll - ok
14:05:06.0406 2484  [ A06CE3399D16DB864F55FAEB1F1927A9 ] C:\WINDOWS\system32\browser.dll
14:05:06.0406 2484  C:\WINDOWS\system32\browser.dll - ok
14:05:06.0406 2484  [ 33C3A5CD1D4F95AED46D6C6081EDD3F3 ] C:\Program Files\Norton 360\Engine\5.2.2.3\bhclient.dll
14:05:06.0406 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\bhclient.dll - ok
14:05:06.0406 2484  [ 0A828405EDC5A4FB8558BB685356B1E8 ] C:\Program Files\Norton 360\Engine\5.2.2.3\npctray.dll
14:05:06.0406 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\npctray.dll - ok
14:05:06.0421 2484  [ BF1BE2625743A3B02D829572FA810C79 ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130208.001\BHEngine.dll
14:05:06.0421 2484  C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130208.001\BHEngine.dll - ok
14:05:06.0421 2484  [ 0881FAF791DB7CE3182B13F967D54104 ] C:\Program Files\Norton 360\Engine\5.2.2.3\ashelper.dll
14:05:06.0421 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\ashelper.dll - ok
14:05:06.0421 2484  [ 6ACE34A451E8C5BB5379790D9FB1B60A ] C:\Program Files\Norton 360\Engine\5.2.2.3\asoehook.dll
14:05:06.0437 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\asoehook.dll - ok
14:05:06.0437 2484  [ 6E565B2C8ED3C8AF520851929973D38F ] C:\Program Files\Norton 360\Engine\5.2.2.3\npc360ui.dll
14:05:06.0437 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\npc360ui.dll - ok
14:05:06.0437 2484  [ 9046CB953A6F4FBEDD399C87E31D1A0E ] C:\Program Files\Norton 360\Engine\5.2.2.3\fwsetup.dll
14:05:06.0437 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\fwsetup.dll - ok
14:05:06.0453 2484  [ 79D9B274803E2FF54EBE52BBC56DD7B1 ] C:\Program Files\Norton 360\Engine\5.2.2.3\budatacl.dll
14:05:06.0453 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\budatacl.dll - ok
14:05:06.0453 2484  [ BF2AD535B7BC7CCC0CF96CD422286E60 ] C:\Program Files\Norton 360\Engine\5.2.2.3\avpapp32.dll
14:05:06.0453 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\avpapp32.dll - ok
14:05:06.0453 2484  [ 30A946421711C6E1B462388972761BF2 ] C:\Program Files\Norton 360\Engine\5.2.2.3\buuiplg.dll
14:05:06.0453 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\buuiplg.dll - ok
14:05:06.0468 2484  [ C003991FCE02E03FAC432378F28084DC ] C:\Program Files\Norton 360\Engine\5.2.2.3\codatapr.dll
14:05:06.0468 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\codatapr.dll - ok
14:05:06.0468 2484  [ 5815E0AFC8C671C26D1516C30E0887C6 ] C:\Program Files\Norton 360\Engine\5.2.2.3\cltelprv.dll
14:05:06.0468 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\cltelprv.dll - ok
14:05:06.0468 2484  [ F5879CC8C94CB87E0B9E3A7EAD4E5DC8 ] C:\Program Files\Norton 360\Engine\5.2.2.3\cltaldis.dll
14:05:06.0468 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\cltaldis.dll - ok
14:05:06.0484 2484  [ E9F81031963175D9270923C7350F2A8C ] C:\Program Files\Norton 360\Engine\5.2.2.3\ispwd.dll
14:05:06.0484 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\ispwd.dll - ok
14:05:06.0484 2484  [ DA40159AB82A2E9AF64F4E30B1BF05F0 ] C:\Program Files\Norton 360\MUI\5.2.2.3\09\01\cltres.loc
14:05:06.0484 2484  C:\Program Files\Norton 360\MUI\5.2.2.3\09\01\cltres.loc - ok
14:05:06.0500 2484  [ 62FC11FE13DBF81F5AC6B91781962051 ] C:\Program Files\Norton 360\Engine\5.2.2.3\buprov.dll
14:05:06.0500 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\buprov.dll - ok
14:05:06.0500 2484  [ FCD164F995FA2960E3916191EB6C4552 ] C:\Program Files\Norton 360\Engine\5.2.2.3\gwrks32.dll
14:05:06.0500 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\gwrks32.dll - ok
14:05:06.0500 2484  [ 9A7EAFFBC2BFDB27608BE7E417764FE3 ] C:\Program Files\Norton 360\Engine\5.2.2.3\fwsesal.dll
14:05:06.0500 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\fwsesal.dll - ok
14:05:06.0515 2484  [ A7E13703339A3A65DFC56584FE835C03 ] C:\Program Files\Norton 360\Engine\5.2.2.3\gearaw32.dll
14:05:06.0515 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\gearaw32.dll - ok
14:05:06.0515 2484  [ 169193C626E22A1C215E9C370CDF8E3C ] C:\Program Files\Norton 360\Engine\5.2.2.3\acctmgr.dll
14:05:06.0515 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\acctmgr.dll - ok
14:05:06.0515 2484  [ BC87DB4759083525F96A159861670C5E ] C:\WINDOWS\system32\dinput.dll
14:05:06.0515 2484  C:\WINDOWS\system32\dinput.dll - ok
14:05:06.0531 2484  [ 70512B221F1A69DD768C8555B0967F70 ] C:\Program Files\Norton 360\Engine\5.2.2.3\sdkcmn.dll
14:05:06.0531 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\sdkcmn.dll - ok
14:05:06.0531 2484  [ 42A1455259C73A84903FE7D1574920F4 ] C:\Program Files\Norton 360\Engine\5.2.2.3\uialert.dll
14:05:06.0531 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\uialert.dll - ok
14:05:06.0546 2484  [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
14:05:06.0546 2484  C:\WINDOWS\system32\drivers\cdfs.sys - ok
14:05:06.0546 2484  [ 33DBBF33E684C3876145A26196A50620 ] C:\Program Files\Norton 360\Engine\5.2.2.3\fwhelper.dll
14:05:06.0546 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\fwhelper.dll - ok
14:05:06.0546 2484  [ 79F0E458E5B79C1EB51535E8B990BEAD ] C:\Program Files\Norton 360\Engine\5.2.2.3\cltnahd.dll
14:05:06.0546 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\cltnahd.dll - ok
14:05:06.0562 2484  [ F8A6AC9ED41D4F79F49759762126C1F9 ] C:\Program Files\Norton 360\Engine\5.2.2.3\cltwzhlp.dll
14:05:06.0562 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\cltwzhlp.dll - ok
14:05:06.0562 2484  [ 845360521E44B93913FBA4FBAD58A63B ] C:\Program Files\Norton 360\Engine\5.2.2.3\cltrdurl.dll
14:05:06.0562 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\cltrdurl.dll - ok
14:05:06.0578 2484  [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\Pappy\LOCALS~1\Temp\7340AF12-6004-40A6-94FA-0112FFFEAAE9.exe
14:05:06.0578 2484  C:\DOCUME~1\Pappy\LOCALS~1\Temp\7340AF12-6004-40A6-94FA-0112FFFEAAE9.exe - ok
14:05:06.0578 2484  [ 0E3D30F8CDD82E7E64938459CA90D9F0 ] C:\PROGRA~1\WINDOW~3\wmpband.dll
14:05:06.0578 2484  C:\PROGRA~1\WINDOW~3\wmpband.dll - ok
14:05:06.0578 2484  [ 2F26EF0396AE2D2B43A174A4BF3D28BC ] C:\Program Files\Norton 360\Engine\5.2.2.3\ccscanw.dll
14:05:06.0578 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\ccscanw.dll - ok
14:05:06.0593 2484  [ AE60B9A32E648E65CB2C831D9E38C230 ] C:\Program Files\Norton 360\Engine\5.2.2.3\ecmldr32.dll
14:05:06.0593 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\ecmldr32.dll - ok
14:05:06.0593 2484  [ D66D82989DCF0D0C269DC21E413E2208 ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130218.025\ECMSVR32.DLL
14:05:06.0593 2484  C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130218.025\ECMSVR32.DLL - ok
14:05:06.0593 2484  [ 956019F9950947A06389BAA6BE8438CA ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130218.025\NAVEX32A.DLL
14:05:06.0593 2484  C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130218.025\NAVEX32A.DLL - ok
14:05:06.0609 2484  [ 876AFFC7ED37A39109E85E32947ABBF7 ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130218.025\NAVENG32.DLL
14:05:06.0609 2484  C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130218.025\NAVENG32.DLL - ok
14:05:06.0609 2484  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\85261656.sys
14:05:06.0609 2484  C:\WINDOWS\system32\drivers\85261656.sys - ok
14:05:06.0625 2484  [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
14:05:06.0625 2484  C:\WINDOWS\system32\verclsid.exe - ok
14:05:06.0625 2484  [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
14:05:06.0625 2484  C:\WINDOWS\system32\linkinfo.dll - ok
14:05:06.0625 2484  [ D3CC7A3813123E955B3A497C04B404E2 ] C:\WINDOWS\SMINST\Recguard.exe
14:05:06.0625 2484  C:\WINDOWS\SMINST\Recguard.exe - ok
14:05:06.0640 2484  [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
14:05:06.0640 2484  C:\WINDOWS\system32\oledlg.dll - ok
14:05:06.0640 2484  [ 5652F6CE1D9E9D8068B9D29BC21B5409 ] C:\WINDOWS\system32\olepro32.dll
14:05:06.0640 2484  C:\WINDOWS\system32\olepro32.dll - ok
14:05:06.0656 2484  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\system32\imapi.exe
14:05:06.0656 2484  C:\WINDOWS\system32\imapi.exe - ok
14:05:06.0656 2484  [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
14:05:06.0656 2484  C:\WINDOWS\system32\webcheck.dll - ok
14:05:06.0656 2484  [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
14:05:06.0656 2484  C:\WINDOWS\system32\mlang.dll - ok
14:05:06.0671 2484  [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
14:05:06.0671 2484  C:\WINDOWS\system32\stobject.dll - ok
14:05:06.0671 2484  [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
14:05:06.0671 2484  C:\WINDOWS\system32\upnp.dll - ok
14:05:06.0687 2484  [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
14:05:06.0687 2484  C:\WINDOWS\system32\batmeter.dll - ok
14:05:06.0687 2484  [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
14:05:06.0687 2484  C:\WINDOWS\system32\ssdpapi.dll - ok
14:05:06.0687 2484  [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
14:05:06.0687 2484  C:\WINDOWS\system32\WPDShServiceObj.dll - ok
14:05:06.0703 2484  [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
14:05:06.0703 2484  C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
14:05:06.0703 2484  [ 6DF76965A0FB8237E9C3B3CAB9815EC2 ] C:\Program Files\QuickTime\QTTask.exe
14:05:06.0703 2484  C:\Program Files\QuickTime\QTTask.exe - ok
14:05:06.0718 2484  [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
14:05:06.0718 2484  C:\WINDOWS\system32\PortableDeviceApi.dll - ok
14:05:06.0718 2484  [ 8E16BF5600797E678EA97051CF93E6BF ] C:\WINDOWS\system32\dumprep.exe
14:05:06.0718 2484  C:\WINDOWS\system32\dumprep.exe - ok
14:05:06.0718 2484  [ 2C3E7260A4D8FD5B37EEC7D0852F5085 ] C:\WINDOWS\system32\msxml3.dll
14:05:06.0718 2484  C:\WINDOWS\system32\msxml3.dll - ok
14:05:06.0734 2484  [ 0099D24356585743B0B35C222092FD8F ] C:\WINDOWS\system32\faultrep.dll
14:05:06.0734 2484  C:\WINDOWS\system32\faultrep.dll - ok
14:05:06.0734 2484  [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
14:05:06.0734 2484  C:\WINDOWS\system32\rasdlg.dll - ok
14:05:06.0734 2484  [ B7C7FA3BEDE83AC5F1DE03B30D494CC1 ] C:\WINDOWS\system32\httpapi.dll
14:05:06.0734 2484  C:\WINDOWS\system32\httpapi.dll - ok
14:05:06.0750 2484  [ 6100A808600F44D999CEBDEF8841C7A3 ] C:\WINDOWS\system32\w3ssl.dll
14:05:06.0750 2484  C:\WINDOWS\system32\w3ssl.dll - ok
14:05:06.0750 2484  [ 4A93B65CFB514F2EA76B59568D5F39CE ] C:\WINDOWS\system32\strmfilt.dll
14:05:06.0750 2484  C:\WINDOWS\system32\strmfilt.dll - ok
14:05:06.0750 2484  [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
14:05:06.0750 2484  C:\WINDOWS\system32\wbem\ncprov.dll - ok
14:05:06.0765 2484  [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
14:05:06.0765 2484  C:\WINDOWS\system32\wbem\wbemcons.dll - ok
14:05:06.0765 2484  [ 90A9B542C9300E540864D9FE1C42A130 ] C:\WINDOWS\system32\fxsst.dll
14:05:06.0765 2484  C:\WINDOWS\system32\fxsst.dll - ok
14:05:06.0781 2484  [ 0329D0A4F230094B669A87BB3B85606E ] C:\WINDOWS\system32\fxsapi.dll
14:05:06.0781 2484  C:\WINDOWS\system32\fxsapi.dll - ok
14:05:06.0781 2484  [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
14:05:06.0781 2484  C:\WINDOWS\system32\pdh.dll - ok
14:05:06.0781 2484  [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
14:05:06.0781 2484  C:\WINDOWS\system32\odbcbcp.dll - ok
14:05:06.0796 2484  [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\system32\drprov.dll
14:05:06.0796 2484  C:\WINDOWS\system32\drprov.dll - ok
14:05:06.0796 2484  [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll
14:05:06.0796 2484  C:\WINDOWS\system32\ntlanman.dll - ok
14:05:06.0796 2484  [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll
14:05:06.0796 2484  C:\WINDOWS\system32\netui0.dll - ok
14:05:06.0812 2484  [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll
14:05:06.0812 2484  C:\WINDOWS\system32\netui1.dll - ok
14:05:06.0812 2484  [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll
14:05:06.0812 2484  C:\WINDOWS\system32\davclnt.dll - ok
14:05:06.0828 2484  [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
14:05:06.0828 2484  C:\WINDOWS\system32\perfos.dll - ok
14:05:06.0828 2484  [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
14:05:06.0828 2484  C:\WINDOWS\system32\perfdisk.dll - ok
14:05:06.0828 2484  [ BB525AB1E0312416D4223992D110C392 ] C:\Program Files\Norton 360\Engine\5.2.2.3\imcfg.dll
14:05:06.0828 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\imcfg.dll - ok
14:05:06.0843 2484  [ B60DDDD2D63CE41CB8C487FCFBB6419E ] C:\Program Files\Internet Explorer\iexplore.exe
14:05:06.0843 2484  C:\Program Files\Internet Explorer\iexplore.exe - ok
14:05:06.0843 2484  [ 5EB87BA0B93CA7E894FC8002E3CE4C2A ] C:\Program Files\Internet Explorer\sqmapi.dll
14:05:06.0843 2484  C:\Program Files\Internet Explorer\sqmapi.dll - ok
14:05:06.0859 2484  [ 91AA17D860C4903FA8D0D8C009A449F5 ] C:\Program Files\Internet Explorer\xpshims.dll
14:05:06.0859 2484  C:\Program Files\Internet Explorer\xpshims.dll - ok
14:05:06.0859 2484  [ 11734790410900D2CD6B7839020E4DD9 ] C:\WINDOWS\system32\ieui.dll
14:05:06.0859 2484  C:\WINDOWS\system32\ieui.dll - ok
14:05:06.0859 2484  [ 5696576E4E717EFC67FCB62953800064 ] C:\Program Files\Internet Explorer\ieproxy.dll
14:05:06.0859 2484  C:\Program Files\Internet Explorer\ieproxy.dll - ok
14:05:06.0875 2484  [ D1E18F4AE94FFEC7270BE0A10C0B295E ] C:\WINDOWS\system32\xmllite.dll
14:05:06.0875 2484  C:\WINDOWS\system32\xmllite.dll - ok
14:05:06.0875 2484  [ C2A855DAD96717BABF2A7CDC916D4231 ] C:\Program Files\Norton 360\Engine\5.2.2.3\cltlmh.exe
14:05:06.0875 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\cltlmh.exe - ok
14:05:06.0875 2484  [ F3370C98F4981EDA6036689D298E67B9 ] C:\WINDOWS\system32\browselc.dll
14:05:06.0875 2484  C:\WINDOWS\system32\browselc.dll - ok
14:05:06.0890 2484  [ 7D7D8501F3CB45D0408CDEFA08CDAEFF ] C:\WINDOWS\system32\usp10.dll
14:05:06.0890 2484  C:\WINDOWS\system32\usp10.dll - ok
14:05:06.0890 2484  [ FDA6B888126372205BA642775AEB486E ] C:\Program Files\Norton 360\Engine\5.2.2.3\symerr.exe
14:05:06.0890 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\symerr.exe - ok
14:05:06.0906 2484  [ 2CD1C3506A85B38E2D17E61ADED175C4 ] C:\WINDOWS\system32\taskmgr.exe
14:05:06.0906 2484  C:\WINDOWS\system32\taskmgr.exe - ok
14:05:06.0906 2484  [ 0DFA4D5E8205614EDA53394E637812E4 ] C:\WINDOWS\system32\vdmdbg.dll
14:05:06.0906 2484  C:\WINDOWS\system32\vdmdbg.dll - ok
14:05:06.0906 2484  [ 9D39D9E07C180127252E176EC2B41487 ] C:\WINDOWS\system32\utildll.dll
14:05:06.0906 2484  C:\WINDOWS\system32\utildll.dll - ok
14:05:06.0921 2484  [ 7054F6ADC9B670887659F1561603B0D0 ] C:\WINDOWS\system32\mshtml.dll
14:05:06.0921 2484  C:\WINDOWS\system32\mshtml.dll - ok
14:05:06.0921 2484  [ 2ACCD352451EC0F99AF2AD9DB6DB4439 ] C:\WINDOWS\system32\msls31.dll
14:05:06.0921 2484  C:\WINDOWS\system32\msls31.dll - ok
14:05:06.0921 2484  [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
14:05:06.0937 2484  C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
14:05:06.0937 2484  [ 66F1C930F4572816BB15C3A863590305 ] C:\WINDOWS\system32\ieapfltr.dll
14:05:06.0937 2484  C:\WINDOWS\system32\ieapfltr.dll - ok
14:05:06.0937 2484  [ 960F6D3CD9A1BA6435D7AADD102B297F ] C:\WINDOWS\system32\wbem\wmiprov.dll
14:05:06.0937 2484  C:\WINDOWS\system32\wbem\wmiprov.dll - ok
14:05:06.0953 2484  [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
14:05:06.0953 2484  C:\WINDOWS\system32\wbem\cimwin32.dll - ok
14:05:06.0953 2484  [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
14:05:06.0953 2484  C:\WINDOWS\system32\wbem\framedyn.dll - ok
14:05:06.0953 2484  [ F36F69E5A823D57F0D3F86C2EF680FD8 ] C:\WINDOWS\system32\jscript.dll
14:05:06.0953 2484  C:\WINDOWS\system32\jscript.dll - ok
14:05:06.0968 2484  [ A82D845911458D37E5643334EA246DC2 ] C:\Program Files\Norton 360\Engine\5.2.2.3\hsui.dll
14:05:06.0968 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\hsui.dll - ok
14:05:06.0968 2484  [ 7FC952EE16DCFF7B9CD10D367DBB0898 ] C:\Program Files\Norton 360\Engine\5.2.2.3\hsplayer.exe
14:05:06.0968 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\hsplayer.exe - ok
14:05:06.0968 2484  [ 42B928FC8518D793BF7A5EAFC57B1D8B ] C:\WINDOWS\system32\imgutil.dll
14:05:06.0968 2484  C:\WINDOWS\system32\imgutil.dll - ok
14:05:06.0984 2484  [ 5E1A0476E009A1930A524DFF4CA13982 ] C:\WINDOWS\system32\dxtrans.dll
14:05:06.0984 2484  C:\WINDOWS\system32\dxtrans.dll - ok
14:05:06.0984 2484  [ A47F6A13202AA54541CA46D6CED79F5F ] C:\WINDOWS\system32\ddrawex.dll
14:05:06.0984 2484  C:\WINDOWS\system32\ddrawex.dll - ok
14:05:07.0000 2484  [ A340CD71EB535A3DD751B5F28723E50C ] C:\WINDOWS\system32\ddraw.dll
14:05:07.0000 2484  C:\WINDOWS\system32\ddraw.dll - ok
14:05:07.0000 2484  [ D8B91D94ECB123862B390FDE3250D3BB ] C:\WINDOWS\system32\dciman32.dll
14:05:07.0000 2484  C:\WINDOWS\system32\dciman32.dll - ok
14:05:07.0000 2484  [ E5FA1B044DAC5F6F600A1742D73F6936 ] C:\WINDOWS\system32\pngfilt.dll
14:05:07.0000 2484  C:\WINDOWS\system32\pngfilt.dll - ok
14:05:07.0015 2484  [ 057D53F1490598D41D9D4DEE9A92B0B1 ] C:\WINDOWS\system32\dxtmsft.dll
14:05:07.0015 2484  C:\WINDOWS\system32\dxtmsft.dll - ok
14:05:07.0015 2484  [ D7636CB099E60A6D28B47CA79BDAC910 ] C:\Program Files\Norton 360\Engine\5.2.2.3\tific.ocx
14:05:07.0015 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\tific.ocx - ok
14:05:07.0015 2484  [ 56ADB11F7D4D0816C0BE1E701C1B5E52 ] C:\WINDOWS\system32\d3dim700.dll
14:05:07.0015 2484  C:\WINDOWS\system32\d3dim700.dll - ok
14:05:07.0031 2484  [ CCCA70E2161E433897FF47D86643FD1B ] C:\WINDOWS\system32\iepeers.dll
14:05:07.0031 2484  C:\WINDOWS\system32\iepeers.dll - ok
14:05:07.0031 2484  [ 93065308C1B237A9C4A021A0C5AA65CA ] C:\Program Files\Norton 360\Engine\5.2.2.3\qbackup.dll
14:05:07.0031 2484  C:\Program Files\Norton 360\Engine\5.2.2.3\qbackup.dll - ok
14:05:07.0046 2484  [ 7E57B6D3D74CB9EF3055BA4E89F038D4 ] C:\WINDOWS\system32\Macromed\Flash\Flash32_11_5_502_146.ocx
14:05:07.0046 2484  C:\WINDOWS\system32\Macromed\Flash\Flash32_11_5_502_146.ocx - ok
14:05:07.0046 2484  [ 4D83ED8BDDEC431FC8AD907B47CFB6E3 ] C:\WINDOWS\system32\dsound.dll
14:05:07.0046 2484  C:\WINDOWS\system32\dsound.dll - ok
14:05:07.0046 2484  ============================================================
14:05:07.0046 2484  Scan finished
14:05:07.0046 2484  ============================================================
14:05:07.0078 2260  Detected object count: 1
14:05:07.0078 2260  Actual detected object count: 1
14:06:18.0250 2260  C:\windows\System32\Drivers\63a9e79ebe0aa8c2.sys - copied to quarantine
14:06:18.0296 2260  HKLM\SYSTEM\ControlSet001\services\63a9e79ebe0aa8c2 - will be deleted on reboot
14:06:18.0343 2260  HKLM\SYSTEM\ControlSet003\services\63a9e79ebe0aa8c2 - will be deleted on reboot
14:06:18.0500 2260  C:\windows\System32\Drivers\63a9e79ebe0aa8c2.sys - will be deleted on reboot
14:06:18.0500 2260  63a9e79ebe0aa8c2 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
14:06:58.0156 1716  Deinitialize success
 

 

aswMBR log :

 

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-22 14:25:12
-----------------------------
14:25:12.734    OS Version: Windows 5.1.2600 Service Pack 3
14:25:12.734    Number of processors: 2 586 0x409
14:25:12.734    ComputerName: MAPS0001  UserName: Pappy
14:25:14.703    Initialize success
14:28:42.140    AVAST engine defs: 13022200
14:29:17.234    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16
14:29:17.375    Disk 0 Vendor: WDC_WD1200BB-00RDA0 20.00K20 Size: 114473MB BusType: 3
14:29:17.578    Disk 0 MBR read successfully
14:29:17.578    Disk 0 MBR scan
14:29:28.171    Disk 0 unknown MBR code
14:29:28.187    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       109693 MB offset 9767520
14:29:30.093    Disk 0 Partition 2 00     0B        FAT32 RECOVERY     4769 MB offset 63
14:29:30.656    Disk 0 scanning sectors +234420480
14:29:31.578    Disk 0 scanning C:\windows\system32\drivers
14:30:33.828    Service scanning
14:31:16.625    Modules scanning
14:31:45.640    Disk 0 trace - called modules:
14:31:45.671    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:31:45.671    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x833796b0]
14:31:45.671    3 CLASSPNP.SYS[f75a6fd7] -> nt!IofCallDriver -> \Device\000000af[0x8337c650]
14:31:45.671    5 ACPI.sys[f737f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-16[0x8337c030]
14:31:46.593    AVAST engine scan C:\windows
14:32:09.828    AVAST engine scan C:\windows\system32
14:40:29.171    AVAST engine scan C:\windows\system32\drivers
14:41:13.187    AVAST engine scan C:\Documents and Settings\Pappy
14:41:42.109    File: C:\Documents and Settings\Pappy\Application Data\Sun\Java\Deployment\cache\6.0\56\4257ee38-19c0e505  **INFECTED** Win32:Dropper-gen [Drp]
14:42:27.828    File: C:\Documents and Settings\Pappy\Local Settings\Temp\20579906.exe  **INFECTED** Win32:Rootkit-gen [Rtk]
14:44:32.375    AVAST engine scan C:\Documents and Settings\All Users
14:46:18.093    Scan finished successfully
14:46:50.281    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Pappy\Desktop\MBR.dat"
14:46:50.296    The log file has been saved successfully to "C:\Documents and Settings\Pappy\Desktop\aswMBR.txt"


 

ESET log :

 

C:\Documents and Settings\Pappy\Application Data\Sun\Java\Deployment\cache\6.0\40\4b2492a8-22f95acd a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\quar\_Q_ctfmon.lnk Win32/Reveton.J trojan cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-93242854-1296263977-923382764-1007\Dc65.lnk Win32/Reveton.J trojan cleaned by deleting - quarantined
 



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:29 AM

Posted 22 February 2013 - 12:13 PM

Restart the PC,run TDSSkiller again and post the new log

 

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.  You can also right click on the link and select Save Link As

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well


===================================================


Junkware Removal Tooll by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply


===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:


  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.


===================================================


Autoruns

--------------------

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log

 



#5 SqanticP

SqanticP
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 22 February 2013 - 02:06 PM

Thanks again for such a speedy response.

not including TDSSKiller log as it leads to "post too long" error but TDSSKiller scan found nothing.

Logs from other tools follow :

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org


 

Database version: v2013.02.22.04


 

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Pappy :: MAPS0001 [administrator]


 

22/02/2013 17:40:55
mbam-log-2013-02-22 (17-40-55).txt


 

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 270351
Time elapsed: 9 minute(s), 39 second(s)


 

Memory Processes Detected: 0
(No malicious items detected)


 

Memory Modules Detected: 0
(No malicious items detected)


 

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.


 

Registry Values Detected: 0
(No malicious items detected)


 

Registry Data Items Detected: 0
(No malicious items detected)


 

Folders Detected: 0
(No malicious items detected)


 

Files Detected: 1
C:\WINDOWS\Tasks\RegClean Scheduled Scan.job (Rogue.RegClean) -> Quarantined and deleted successfully.


 

(end)

 

 

MiniToolBox by Farbar  Version:10-01-2013
Ran by Pappy (administrator) on 22-02-2013 at 18:00:18
Running from "C:\Documents and Settings\Pappy\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************


 

========================= Flush DNS: ===================================


 


Windows IP Configuration


 

 


 

Successfully flushed the DNS Resolver Cache.


 


========================= IE Proxy Settings: ==============================


 

Proxy is not enabled.
No Proxy Server is set.


 

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


 

127.0.0.1       localhost


 

========================= IP Configuration: ================================


 

1394 Net Adapter = 1394 Connection (Disconnected)
Bluetooth PAN Network Adapter = Local Area Connection 2 (Disconnected)
Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Connected)


 


# ----------------------------------
# Interface IP Configuration        
# ----------------------------------
pushd interface ip


 


# Interface IP Configuration for "Local Area Connection"


 

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


 


popd
# End of interface IP configuration


 

 


 


Windows IP Configuration


 

 


 

        Host Name . . . . . . . . . . . . : MAPS0001


 

        Primary Dns Suffix  . . . . . . . :


 

        Node Type . . . . . . . . . . . . : Unknown


 

        IP Routing Enabled. . . . . . . . : No


 

        WINS Proxy Enabled. . . . . . . . : No


 

        DNS Suffix Search List. . . . . . : home


 

 


 

Ethernet adapter Local Area Connection:


 

 


 

        Connection-specific DNS Suffix  . : home


 

        Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC


 

        Physical Address. . . . . . . . . : 00-19-21-5A-28-D1


 

        Dhcp Enabled. . . . . . . . . . . : Yes


 

        Autoconfiguration Enabled . . . . : Yes


 

        IP Address. . . . . . . . . . . . : 192.168.1.64


 

        Subnet Mask . . . . . . . . . . . : 255.255.255.0


 

        Default Gateway . . . . . . . . . : 192.168.1.254


 

        DHCP Server . . . . . . . . . . . : 192.168.1.254


 

        DNS Servers . . . . . . . . . . . : 192.168.1.254


 

        Lease Obtained. . . . . . . . . . : 22 February 2013 17:27:10


 

        Lease Expires . . . . . . . . . . : 23 February 2013 17:27:10


 

Server:  BThomehub.home
Address:  192.168.1.254


 

Name:    google.com
Addresses:  173.194.41.102, 173.194.41.105, 173.194.41.100, 173.194.41.98
   173.194.41.99, 173.194.41.104, 173.194.41.96, 173.194.41.110, 173.194.41.103
   173.194.41.101, 173.194.41.97


 

 


 

Pinging google.com [173.194.41.96] with 32 bytes of data:


 

 


 

Reply from 173.194.41.96: bytes=32 time=17ms TTL=52


 

Reply from 173.194.41.96: bytes=32 time=16ms TTL=52


 

 


 

Ping statistics for 173.194.41.96:


 

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),


 

Approximate round trip times in milli-seconds:


 

    Minimum = 16ms, Maximum = 17ms, Average = 16ms


 

Server:  BThomehub.home
Address:  192.168.1.254


 

Name:    yahoo.com
Addresses:  98.139.183.24, 98.138.253.109, 206.190.36.45


 

 


 

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:


 

 


 

Reply from 98.138.253.109: bytes=32 time=242ms TTL=45


 

Reply from 98.138.253.109: bytes=32 time=238ms TTL=45


 

 


 

Ping statistics for 98.138.253.109:


 

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),


 

Approximate round trip times in milli-seconds:


 

    Minimum = 238ms, Maximum = 242ms, Average = 240ms


 

 


 

Pinging 127.0.0.1 with 32 bytes of data:


 

 


 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128


 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128


 

 


 

Ping statistics for 127.0.0.1:


 

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),


 

Approximate round trip times in milli-seconds:


 

    Minimum = 0ms, Maximum = 0ms, Average = 0ms


 

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 21 5a 28 d1 ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.64   20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
      192.168.1.0    255.255.255.0     192.168.1.64    192.168.1.64   20
     192.168.1.64  255.255.255.255        127.0.0.1       127.0.0.1   20
    192.168.1.255  255.255.255.255     192.168.1.64    192.168.1.64   20
        224.0.0.0        240.0.0.0     192.168.1.64    192.168.1.64   20
  255.255.255.255  255.255.255.255     192.168.1.64    192.168.1.64   1
Default Gateway:     192.168.1.254
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================


 

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)


 

========================= Event log errors: ===============================


 

Application errors:
==================
Error: (02/19/2013 09:23:47 AM) (Source: Application Error) (User: )
Description: Faulting application hsplayer.exe, version 11.5.0.12, faulting module unknown, version 0.0.0.0, fault address 0x01f52e01.
Processing media-specific event for [hsplayer.exe!ws!]


 

Error: (02/03/2013 03:51:10 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows ended GPO processing because the computer shut down or the user logged off.


 

Error: (01/29/2013 01:23:55 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [iexplore.exe!ws!]


 

Error: (01/18/2013 04:10:41 PM) (Source: Application Error) (User: )
Description: Faulting application ccsvchst.exe, version 10.1.1.16, faulting module msvcr90.dll, version 9.0.30729.4148, fault address 0x0006ccb5.
Processing media-specific event for [ccsvchst.exe!ws!]


 

Error: (12/09/2012 03:24:07 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module flash32_11_4_402_278.ocx, version 11.4.402.278, fault address 0x000bbd28.
Processing media-specific event for [iexplore.exe!ws!]


 

Error: (12/06/2012 01:45:28 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module jvm.dll, version 16.3.0.1, fault address 0x000c7ed4.
Processing media-specific event for [iexplore.exe!ws!]


 

Error: (10/25/2012 01:08:58 PM) (Source: Application Error) (User: )
Description: Faulting application paint shop pro 9.exe, version 9.0.0.0, faulting module mfc71.dll, version 7.10.3077.0, fault address 0x0003e596.
Processing media-specific event for [paint shop pro 9.exe!ws!]


 

Error: (10/17/2012 03:27:39 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x01d375fb.
Processing media-specific event for [iexplore.exe!ws!]


 

Error: (10/17/2012 03:27:33 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x01d375fb.
Processing media-specific event for [iexplore.exe!ws!]


 

Error: (10/17/2012 03:27:16 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x01d375fb.
Processing media-specific event for [iexplore.exe!ws!]


 


System errors:
=============
Error: (02/22/2013 05:28:45 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
abp480n5
adpu160m
agp440
agpCPQ
Aha154x
aic78u2
aic78xx
AliIde
alim1541
amdagp
amsint
asc
asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde


 

Error: (02/22/2013 05:28:45 PM) (Source: Service Control Manager) (User: )
Description: The KService service failed to start due to the following error:
%%2


 

Error: (02/22/2013 05:24:26 PM) (Source: Service Control Manager) (User: )
Description: The KService service failed to start due to the following error:
%%2


 

Error: (02/22/2013 02:37:15 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort4


 

Error: (02/22/2013 02:10:05 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
abp480n5
adpu160m
agp440
agpCPQ
Aha154x
aic78u2
aic78xx
AliIde
alim1541
amdagp
amsint
asc
asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde


 

Error: (02/22/2013 02:10:05 PM) (Source: Service Control Manager) (User: )
Description: The KService service failed to start due to the following error:
%%2


 

Error: (02/22/2013 02:02:01 PM) (Source: Service Control Manager) (User: )
Description: The Symantec Real Time Storage Protection service failed to start due to the following error:
%%31


 

Error: (02/22/2013 02:01:58 PM) (Source: Service Control Manager) (User: )
Description: The Symantec Real Time Storage Protection service failed to start due to the following error:
%%31


 

Error: (02/22/2013 02:01:51 PM) (Source: Service Control Manager) (User: )
Description: The Symantec Real Time Storage Protection service failed to start due to the following error:
%%31


 

Error: (02/22/2013 02:01:45 PM) (Source: Service Control Manager) (User: )
Description: The Symantec Real Time Storage Protection service failed to start due to the following error:
%%31


 


Microsoft Office Sessions:
=========================
Error: (02/19/2013 09:23:47 AM) (Source: Application Error)(User: )
Description: hsplayer.exe11.5.0.12unknown0.0.0.001f52e01


 

Error: (02/03/2013 03:51:10 PM) (Source: Userenv)(User: NT AUTHORITY)
Description:


 

Error: (01/29/2013 01:23:55 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702unknown0.0.0.000000000


 

Error: (01/18/2013 04:10:41 PM) (Source: Application Error)(User: )
Description: ccsvchst.exe10.1.1.16msvcr90.dll9.0.30729.41480006ccb5


 

Error: (12/09/2012 03:24:07 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702flash32_11_4_402_278.ocx11.4.402.278000bbd28


 

Error: (12/06/2012 01:45:28 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702jvm.dll16.3.0.1000c7ed4


 

Error: (10/25/2012 01:08:58 PM) (Source: Application Error)(User: )
Description: paint shop pro 9.exe9.0.0.0mfc71.dll7.10.3077.00003e596


 

Error: (10/17/2012 03:27:39 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702unknown0.0.0.001d375fb


 

Error: (10/17/2012 03:27:33 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702unknown0.0.0.001d375fb


 

Error: (10/17/2012 03:27:16 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702unknown0.0.0.001d375fb


 


=========================== Installed Programs ============================


 

ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)
Adobe Reader 7.0.9 (Version: 7.0.9)
Adobe Shockwave Player (Version: 10.1.4.20)
Any Audio Converter 1.0.2
Any Video Converter 2.7.5
Apple Mobile Device Support (Version: 1.1.4.7)
Apple Software Update (Version: 2.1.0.110)
ATI - Software Uninstall Utility (Version: 6.14.10.1013)
ATI Control Panel (Version: 6.14.10.5168)
ATI Display Driver (Version: 8.18-050914a1-027256C-ATI)
Bluesoleil2.7.0.8 VoIP Release 070930 (Version: 2.7.0.8 VoIP Release 070930)
Bonjour (Version: 1.0.104)
Browser Address Error Redirector
Camera RAW Plug-In for EPSON Creativity Suite (Version: 2.3.0.0)
Critical Update for Windows Media Player 11 (KB959772)
Digital Media Reader (Version: 2.01.00.02)
DVD Solution
DVDFab Gold 3.0.8.6
EPSON Attach To Email (Version: 1.01.0000)
EPSON Easy Photo Print (Version: 1.5.1.0)
EPSON File Manager (Version: 1.3.1.0)
EPSON Scan
EPSON Scan Assistant (Version: 1.10.00)
EPSON Stylus SX200 Series Printer Uninstall
EPSON Stylus SX200_SX400_TX200_TX400 Manual
EPSON Web-To-Page
ESET Online Scanner v3
FinePixViewer Ver.4.0
Free Opener (Version: 1.4)
FUJIFILM USB Driver
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
ImageMixer VCD for FinePix
InterActual Player
iTunes (Version: 7.6.2.9)
J2SE Runtime Environment 5.0 Update 2 (Version: 1.5.0.20)
Jasc Paint Shop Pro 9 (Version: 9.00.0000)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 2 (Version: 1.6.0.20)
Java™ 6 Update 20 (Version: 6.0.200)
Java™ 6 Update 7 (Version: 1.6.0.70)
Junk Mail filter update (Version: 14.0.8089.726)
K-Lite Codec Pack 7.0.0 (Standard) (Version: 7.0.0)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Map Button (Windows Live Toolbar) (Version: 03.01.0146)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Digital Image 2006 Starter Edition  (Version: 11.0.0422)
Microsoft Digital Image 2006 Starter Edition Editor (Version: 11.0.0422)
Microsoft Digital Image 2006 Starter Edition Library (Version: 11.0.0422)
Microsoft Digital Image Library 9 - Blocker (Version: 9.00.0000)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office PowerPoint 2003 Template Pack 1 (Version: 11.0.5614.0)
Microsoft Office PowerPoint 2003 Template Pack 2 (Version: 11.0.5614.0)
Microsoft Office PowerPoint 2003 Template Pack 3 (Version: 11.0.5614.0)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Search Enhancement Pack (Version: 1.3.59.0)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works (Version: 08.05.0818)
MicroStaff WINASPI NT
MSN
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Multimedia Keyboard Driver
Norton 360 (Version: 5.2.2.3)
oggcodecs 0.71.0946 (Version: 0.71.0946)
OneCare Advisor (Windows Live Toolbar) (Version: 03.01.0072)
OpenOffice.org Installer 1.0 (Version: 1.0.9221)
Popup Blocker (Windows Live Toolbar) (Version: 03.01.0146)
Power2Go 4.0
PowerDVD
QuickTime (Version: 7.4.5.67)
RAW FILE CONVERTER LE
RealPlayer
REALTEK GbE & FE Ethernet PCI NIC Driver (Version: 1.02.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5307)
Recovery Software Suite eMachines (Version: 1.00.0000)
Safari (Version: 3.525.17.0)
Segoe UI (Version: 14.0.4327.805)
Sky Broadband (Version: 1.0.0)
Smart Menus (Windows Live Toolbar) (Version: 03.01.0146)
Soft Data Fax Modem with SmartCP
Sonic Encoders (Version: 1.00)
Symantec Technical Support Web Controls (Version: 3.5.1)
U.B. Funkeys
Unity Web Player (Version: )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8098.930)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Family Safety (Version: 14.0.8093.805)
Windows Live Favorites for Windows Live Toolbar (Version: 03.01.0146)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Outlook Toolbar (Windows Live Toolbar) (Version: 03.01.0146)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Toolbar (Version: 14.0.8064.206)
Windows Live Toolbar Extension (Windows Live Toolbar) (Version: 03.01.0146)
Windows Live Toolbar Feed Detector (Windows Live Toolbar) (Version: 03.01.0146)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Media Format 11 runtime
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)


 

========================= Devices: ================================


 

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


 

Name: Bluetooth AV Audio
Description: Bluetooth AV Audio
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: IVT Corporation
Service: BlueletAudio
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


 

Name: Bluetooth PAN Network Adapter
Description: Bluetooth PAN Network Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: IVT Corporation
Service: BT
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


 


========================= Memory info: ===================================


 

Percentage of memory in use: 82%
Total physical RAM: 383.36 MB
Available physical RAM: 65.78 MB
Total Pagefile: 1490.63 MB
Available Pagefile: 941.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.5 MB


 

========================= Partitions: =====================================


 

1 Drive c: () (Fixed) (Total:107.12 GB) (Free:83.5 GB) NTFS
2 Drive d: () (Fixed) (Total:4.65 GB) (Free:3.02 GB) FAT32


 

========================= Users: ========================================


 

User accounts for \\MAPS0001


 

Administrator            ASPNET                   Guest                   
HelpAssistant            Mummy                    Pappy                   
SUPPORT_388945a0         Thorviolet              


 


**** End of log ****

 

 

Farbar Service Scanner Version: 20-02-2013
Ran by Pappy (administrator) on 22-02-2013 at 18:06:44
Running from "C:\Documents and Settings\Pappy\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************


 

Internet Services:
============


 

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


 


Windows Firewall:
=============


 

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


 


System Restore:
============


 

System Restore Disabled Policy:
========================


 


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


 


Windows Update:
============


 

Windows Autoupdate Disabled Policy:
============================


 


File Check:
========
C:\windows\system32\dhcpcsvc.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\netbt.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\Drivers\ipsec.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\netman.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\srsvc.dll => MD5 is legit
C:\windows\system32\Drivers\sr.sys => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuauserv.dll
[2006-01-14 21:16] - [2008-04-14 00:12] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A


 

C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\services.exe
[2006-01-14 19:59] - [2009-02-06 11:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315


 


Extra List:
=======
fssfltr(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(10) Tcpip(3)
0x0A000000040000000100000002000000030000000A0000000800000005000000060000000700000009000000
IpSec Tag value is correct.


 

**** End of log ****

 

# AdwCleaner v2.112 - Logfile created 02/22/2013 at 18:12:15
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Pappy - MAPS0001
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Pappy\Desktop\AdwCleaner.exe
# Option [Delete]


 


***** [Services] *****


 


***** [Files / Folders] *****


 


***** [Registry] *****


 

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E720452-B472-4954-B7AA-33069EB53906}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}


 

***** [Internet Browsers] *****


 

-\\ Internet Explorer v8.0.6001.18702


 

[OK] Registry is clean.


 

*************************


 

AdwCleaner[S1].txt - [2231 octets] - [22/02/2013 18:12:15]


 

########## EOF - C:\AdwCleaner[S1].txt - [2291 octets] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Microsoft Windows XP x86
Ran by Pappy on 22/02/2013 at 18:21:54.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


 

 


 


~~~ Services


 

 


 

~~~ Registry Values


 

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-93242854-1296263977-923382764-1007\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL


 

 


 

~~~ Registry Keys


 

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}


 

 


 

~~~ Files


 

 


 

~~~ Folders


 

 


 

 


 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/02/2013 at 18:32:25.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html


 

Program started at: 02/22/2013 06:40:50 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3


 

Checking for Windows services to stop:


 

 * No malware services found to stop.


 

Checking for processes to terminate:


 

 * No malware processes found to kill.


 

Checking Registry for malware related settings:


 

 * No issues found in the Registry.


 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.


 

Performing miscellaneous checks:


 

 * Windows Firewall Disabled


 

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000


 

Checking Windows Service Integrity:


 

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Disabled


 

Searching for Missing Digital Signatures:


 

 * No issues found.


 

Checking HOSTS File:


 

 * HOSTS file entries found:


 

  127.0.0.1       localhost


 

Program finished at: 02/22/2013 06:41:58 PM
Execution time: 0 hours(s), 1 minute(s), and 8 seconds(s)

 

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup" "" "" ""
"HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup" "" "" ""
"HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon" "" "" ""
"HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet" "" "" ""
"HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown" "" "" ""
"HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff" "" "" ""
"HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logoff" "" "" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Startup" "" "" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Shutdown" "" "" ""
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell" "" "" ""
"HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell" "" "" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell" "" "" ""
"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\InitialProgram" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "QuickTime Task" "QuickTime Task" "(Not verified) Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "Recguard" "Recguard MFC Application" "" "c:\windows\sminst\recguard.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
"C:\Documents and Settings\Pappy\Start Menu\Programs\Startup" "" "" ""
"HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load" "" "" ""
"HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" "" "" ""
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\IconServiceLib" "" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" "" "" ""
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Power2GoExpress" "" "" "File not found: NA"
"HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
"HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce" "" "" ""
"HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows CE Services\AutoStartOnConnect" "" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services\AutoStartOnConnect" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows CE Services\AutoStartOnDisconnect" "" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services\AutoStartOnDisconnect" "" "" ""
"HKCU\SOFTWARE\Classes\Protocols\Filter" "" "" ""
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
"HKCU\SOFTWARE\Classes\Protocols\Handler" "" "" ""
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "(Not verified) Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "skype4com" "Skype for COM API" "(Verified) Skype Technologies SA" "c:\windows\system32\skype4com.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler" "" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" "" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" "" "" ""
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" "" "" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "BUContextMenu" "Backup Shell" "(Verified) Symantec Corporation" "c:\program files\norton 360\engine\5.2.2.3\bushell.dll"
+ "EPPShellEx" "" "(Not verified) SEIKO EPSON CORPORATION" "c:\program files\epson\creativity suite\easy photo print\eppshell.dll"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "(Verified) Symantec Corporation" "c:\program files\norton 360\engine\5.2.2.3\navshext.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
"HKCU\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "BuPropertySheet" "Backup Shell" "(Verified) Symantec Corporation" "c:\program files\norton 360\engine\5.2.2.3\bushell.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
"HKCU\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "(Verified) Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
"HKCU\Software\Classes\AllFileSystemObjects\ShellEx\DragDropHandlers" "" "" ""
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\DragDropHandlers" "" "" ""
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\DragDropHandlers" "" "" ""
"HKCU\Software\Classes\AllFileSystemObjects\ShellEx\PropertySheetHandlers" "" "" ""
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\PropertySheetHandlers" "" "" ""
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\PropertySheetHandlers" "" "" ""
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
"HKCU\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
"HKCU\Software\Classes\Directory\Shellex\PropertySheetHandlers" "" "" ""
"HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers" "" "" ""
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\PropertySheetHandlers" "" "" ""
"HKCU\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
"HKCU\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "(Not verified) Adobe Systems, Inc." "c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
"HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "BUContextMenu" "Backup Shell" "(Verified) Symantec Corporation" "c:\program files\norton 360\engine\5.2.2.3\bushell.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "(Verified) Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "(Verified) Symantec Corporation" "c:\program files\norton 360\engine\5.2.2.3\navshext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
"HKCU\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
"HKCU\Software\Classes\Folder\ShellEx\ExtShellFolderViews" "" "" ""
"HKLM\Software\Classes\Folder\ShellEx\ExtShellFolderViews" "" "" ""
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ExtShellFolderViews" "" "" ""
"HKCU\Software\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" ""
"HKLM\Software\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" ""
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" ""
"HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "OverlayExcluded" "Backup Shell" "(Verified) Symantec Corporation" "c:\program files\norton 360\engine\5.2.2.3\bushell.dll"
+ "OverlayPending" "Backup Shell" "(Verified) Symantec Corporation" "c:\program files\norton 360\engine\5.2.2.3\bushell.dll"
+ "OverlayProtected" "Backup Shell" "(Verified) Symantec Corporation" "c:\program files\norton 360\engine\5.2.2.3\bushell.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
"HKCU\Software\Microsoft\Ctf\LangBarAddin" "" "" ""
"HKLM\Software\Microsoft\Ctf\LangBarAddin" "" "" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Reader Link Helper" "Adobe Acrobat IE Helper Version 7.0 for ActiveX" "(Verified) Adobe Systems" "c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll"
+ "CBrowserHelperObject Object" "BAE.dll" "(Not verified) Gateway Inc." "c:\windows\system32\bae.dll"
+ "EpsonToolBandKicker Class" "EPSON Web-To-Page" "(Not verified) SEIKO EPSON CORPORATION" "c:\program files\epson\epson web-to-page\epson web-to-page.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "(Verified) Sun Microsystems" "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Symantec Intrusion Prevention" "IPS Browser Helper DLL" "(Verified) Symantec Corporation" "c:\program files\norton 360\engine\5.2.2.3\ips\ipsbho.dll"
+ "Symantec NCO BHO" "coIEPlugIn" "(Verified) Symantec Corporation" "c:\program files\norton 360\engine\5.2.2.3\coieplg.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" ""
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "EPSON Web-To-Page" "EPSON Web-To-Page" "(Not Verified) SEIKO EPSON CORPORATION" "c:\program files\epson\epson web-to-page\epson web-to-page.dll"
+ "Norton Toolbar" "coIEPlugIn" "(Verified) Symantec Corporation" "c:\program files\norton 360\engine\5.2.2.3\coieplg.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
"HKCU\Software\Microsoft\Internet Explorer\Explorer Bars" "" "" ""
"HKLM\Software\Microsoft\Internet Explorer\Explorer Bars" "" "" ""
"HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars" "" "" ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars" "" "" ""
"HKCU\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
"HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
"Task Scheduler" "" "" ""
+ "AppleSoftwareUpdate.job" "Apple Software Update" "(Verified) Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "(Not verified) Apple, Inc." "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe"
+ "ATI Smart" "ATI Smart" "" "c:\windows\system32\ati2sgag.exe"
+ "BlueSoleil Hid Service" "" "(Verified) IVT SOFTWARE TECHNOLOGY Inc." "c:\program files\ivt corporation\bluesoleil\btntservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence, so that users can discover and use those services without any unnecessary manual setup or administration." "(Not verified) Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "iPod Service" "iPod hardware management services" "(Verified) Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "KService" "Delivery Manager Service" "" "File not found: C:\Program Files\Kontiki\KService.exe"
+ "MHN" "Multimedia Home Networking (MHN) is a networking platform for Audio Video (AV) streaming applications on IP home networks. MHN enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications by providing mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization." "(Not verified) Microsoft Corporation" "c:\windows\system32\mhn.dll"
+ "N360" "Norton 360" "(Verified) Symantec Corporation" "c:\program files\norton 360\engine\5.2.2.3\ccsvchst.exe"
+ "PrismXL" "PrismXL Service" "(Not verified) New Boundary Technologies, Inc." "c:\program files\common files\new boundary\prismxl\prismxl.sys"
+ "Start BT in service" "" "(Verified) IVT SOFTWARE TECHNOLOGY Inc." "c:\program files\ivt corporation\bluesoleil\startskysolsvc.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "alcan5wn" "WAN Driver" "(Not verified) THOMSON" "c:\windows\system32\drivers\alcan5wn.sys"
+ "alcaudsl" "WDM Driver" "(Not verified) THOMSON" "c:\windows\system32\drivers\alcaudsl.sys"
+ "BHDrvx86" "SONAR Engine Driver" "(Verified) Symantec Corporation" "c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20130208.001\bhdrvx86.sys"
+ "BTNetFilter" "Bluetooth Network Filter Driver" "(Verified) IVT SOFTWARE TECHNOLOGY Inc." "c:\program files\ivt corporation\bluesoleil\device\win2k\btnetfilter.sys"
+ "Changer" "" "" "File not found: C:\windows\System32\Drivers\Changer.sys"
+ "eeCtrl" "Symantec Eraser Control Driver" "(Verified) Symantec Corporation" "c:\program files\common files\symantec shared\eengine\eectrl.sys"
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "(Verified) Symantec Corporation" "c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys"
+ "GEARAspiWDM" "CD DVD Filter" "(Verified) GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "IDSxpx86" "Symantec Intrusion Prevention Driver" "(Verified) Symantec Corporation" "c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20130221.001\idsxpx86.sys"
+ "lbrtfdc" "" "" "File not found: C:\windows\System32\Drivers\lbrtfdc.sys"
+ "MASPINT" "Aspi32 Driver" "(Not verified) MicroStaff Co.,Ltd." "c:\windows\system32\drivers\maspint.sys"
+ "MHNDRV" "Multimedia Home Network component driver" "(Not verified) Microsoft Corporation" "c:\windows\system32\drivers\mhndrv.sys"
+ "NAVENG" "AV Engine" "(Verified) Symantec Corporation" "c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20130221.033\naveng.sys"
+ "NAVEX15" "AV Engine" "(Verified) Symantec Corporation" "c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20130221.033\navex15.sys"
+ "PCIDump" "" "" "File not found: C:\windows\System32\Drivers\PCIDump.sys"
+ "pcouffin" "low level access layer for CD/DVD/BD devices" "(Not verified) VSO Software" "c:\windows\system32\drivers\pcouffin.sys"
+ "PDCOMP" "" "" "File not found: C:\windows\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\windows\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\windows\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\windows\System32\Drivers\PDRFRAME.sys"
+ "pnicml" "" "" "File not found: C:\DOCUME~1\Mummy\LOCALS~1\Temp\pnicml.sys"
+ "SMR311" "" "" "File not found: System32\drivers\SMR311.SYS"
+ "SRTSP" "Symantec AutoProtect" "(Verified) Symantec Corporation" "c:\windows\system32\drivers\n360\0502020.003\srtsp.sys"
+ "SRTSPX" "Symantec AutoProtect" "(Verified) Symantec Corporation" "c:\windows\system32\drivers\n360\0502020.003\srtspx.sys"
+ "SymDS" "Symantec Data Store" "(Verified) Symantec Corporation" "c:\windows\system32\drivers\n360\0502020.003\symds.sys"
+ "SymEFA" "Symantec Extended File Attributes" "(Verified) Symantec Corporation" "c:\windows\system32\drivers\n360\0502020.003\symefa.sys"
+ "SymEvent" "Symantec Event Library" "(Verified) Symantec Corporation" "c:\windows\system32\drivers\symevent.sys"
+ "SymIRON" "Iron Driver" "(Verified) Symantec Corporation" "c:\windows\system32\drivers\n360\0502020.003\ironx86.sys"
+ "SYMTDI" "Network Dispatch Driver" "(Verified) Symantec Corporation" "c:\windows\system32\drivers\n360\0502020.003\symtdi.sys"
+ "WDICA" "" "" "File not found: C:\windows\System32\Drivers\WDICA.sys"
+ "WinDriver6" "WinDriver Device Driver 8.11" "(Not verified) Jungo" "c:\windows\system32\drivers\windrvr6.sys"
"HKCU\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.clmp3enc" "CLMP3Enc" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\power2go\clmp3enc.acm"
"HKCU\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
"HKCU\Software\Classes\Filter" "" "" ""
"HKLM\Software\Classes\Filter" "" "" ""
"HKCU\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
"HKCU\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
"HKCU\Software\Classes\CLSID\{AC757296-3522-4E11-9862-C17BE5A1767E}\Instance" "" "" ""
"HKCU\Software\Wow6432Node\Classes\CLSID\{AC757296-3522-4E11-9862-C17BE5A1767E}\Instance" "" "" ""
"HKCU\Software\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance" "" "" ""
"HKCU\Software\Wow6432Node\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance" "" "" ""
"HKCU\Software\Classes\CLSID\{ABE3B9A4-257D-4B97-BD1A-294AF496222E}\Instance" "" "" ""
"HKCU\Software\Wow6432Node\Classes\CLSID\{ABE3B9A4-257D-4B97-BD1A-294AF496222E}\Instance" "" "" ""
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "(Not verified) Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Content Based Video Analysis Filter" "Media Center Content Based Video Analyzer Filter Module" "(Not verified) Microsoft Corporation" "c:\windows\ehome\cbvafilter.dll"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\powerdvd\audiofilter\claud.ax"
+ "CyberLink Audio Effect (PDVD6)" "CyberLink Audio Effect Filter" "(Not verified) CyberLink Corporation" "c:\program files\cyberlink\powerdvd\audiofilter\claudfx.ax"
+ "CyberLink Audio Resampler" "CLAuRsmpl.ax" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\power2go\p2gaursmpl.ax"
+ "CyberLink Audio Spectrum Analyzer (PDVD6)" "CLAudSpa.ax" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\powerdvd\audiofilter\claudspa.ax"
+ "CyberLink Audio VolumeBooster" "CyberLink Audio Volume Booster Filter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\power2go\p2gvb.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\power2go\p2gaudiocd.ax"
+ "CyberLink AudioCD Filter (PDVD6)" "CyberLink AudioCD Filter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\powerdvd\audiofilter\claudiocd.ax"
+ "CyberLink Demux (PDVD6)" "MPEG-2 Dempltiplexer" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\powerdvd\navfilter\cldemuxer.ax"
+ "Cyberlink Dump Dispatch Filter" "Cyberlink File Dump Dispatch Filter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\power2go\p2gdumpdispatch.ax"
+ "Cyberlink Dump Filter" "Cyberlink File Dump Filter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\power2go\p2gdump.ax"
+ "CyberLink DVD Navigator (PDVD6)" "CyberLink DVD Navigation Filter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\powerdvd\navfilter\clnavx.ax"
+ "CyberLink Line21 Decoder (PDVD6)" "CyberLink Line21 Decoder Filter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\powerdvd\videofilter\clline21.ax"
+ "CyberLink Load Image Filter" "CLImage" "(Not verified) CyberLink" "c:\program files\cyberlink\shared files\climage.ax"
+ "CyberLink LPCM Converter" "LPCM Converter Filter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\power2go\p2glpcmcvrt.ax"
+ "CyberLink M2V Writer" "CLM2VWriter" "(Not verified) CyberLink" "c:\program files\cyberlink\power2go\p2gm2vwriter.ax"
+ "CyberLink MP3/WAV Wrapper" "CyberLink MP3 Wrapper" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\power2go\p2gmp3wrap.ax"
+ "CyberLink MPEG Decoder" "CyberLink Video/SP Filter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\power2go\p2gmvd.ax"
+ "CyberLink MPEG Muxer" "MpgMux" "(Not verified) CyberLink" "c:\program files\cyberlink\power2go\p2gmpgmux.ax"
+ "CyberLink MPEG-1 Splitter" "CyberLink MPEG Splitter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\power2go\p2gm1spliter.ax"
+ "CyberLink MPEG-2 Splitter" "CyberLink MPEG Splitter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\power2go\p2gm2spliter.ax"
+ "CyberLink PCM Wrapper" "CyberLink PCM Wrapper" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\power2go\p2gpcmenc.ax"
+ "Cyberlink SubTitle Importor (PDVD6)" "CLSubTitle.ax" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\powerdvd\videofilter\clsubtitle.ax"
+ "CyberLink TimeStretch Filter (PDVD6)" "CLAuTS.ax" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\powerdvd\audiofilter\clauts.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\powerdvd\videofilter\clvsd.ax"
+ "DirectVobSub" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "(Not verified) Gabest" "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "DirectVobSub (auto-loading version)" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "(Not Verified) Gabest" "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow DXVA Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "FinePix Color Filter" "FinePix Color Filter" "(Not verified) FUJI PHOTO FILM CO.,LTD." "c:\program files\finepixviewer\extensions\helpers\mvfilters\fxcolorft.ax"
+ "FinePix Rotate Filter" "FinePix Rotate Filter" "(Not verified) FUJI PHOTO FILM CO.,LTD." "c:\program files\finepixviewer\extensions\helpers\mvfilters\fxrotateft.ax"
+ "Fujifilm Setup Filter" "FujifilmSetupFilter" "(Not verified) FUJI PHOTO FILM CO., LTD. " "c:\program files\finepixviewer\extensions\helpers\mvfilters\fujifilmsetupfilter.ax"
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Video Renderer" "" "" "c:\program files\k-lite codec pack\filters\haali\dxr.dll"
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "madFlac Decoder" "DirectShow FLAC Decoder" "(Not verified) www.madshi.net" "c:\program files\k-lite codec pack\filters\madflac.ax"
+ "madFlac Source" "DirectShow FLAC Decoder" "(Not Verified) www.madshi.net" "c:\program files\k-lite codec pack\filters\madflac.ax"
+ "MPC - FLV Source (Gabest)" "FLV Splitter" "(Not Verified) MPC-HC Team" "c:\program files\k-lite codec pack\filters\flvsplitter.ax"
+ "MPC - FLV Splitter (Gabest)" "FLV Splitter" "(Not verified) MPC-HC Team" "c:\program files\k-lite codec pack\filters\flvsplitter.ax"
+ "MPC - MP4 Source" "MP4 Splitter" "(Not verified) MPC-HC Team" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MPC - MP4 Splitter" "MP4 Splitter" "(Not Verified) MPC-HC Team" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MPC - Mpeg Source (Gabest)" "Mpeg Splitter" "(Not verified) MPC-HC Team" "c:\program files\k-lite codec pack\filters\mpegsplitter.ax"
+ "MPC - Mpeg Splitter (Gabest)" "Mpeg Splitter" "(Not Verified) MPC-HC Team" "c:\program files\k-lite codec pack\filters\mpegsplitter.ax"
+ "MPC - MPEG4 Video Source" "MP4 Splitter" "(Not Verified) MPC-HC Team" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MPC - MPEG4 Video Splitter" "MP4 Splitter" "(Not Verified) MPC-HC Team" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "P2G Audio Decoder" "CyberLink Audio Decoder Filter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\power2go\p2gaud.ax"
+ "P2G Audio Encoder" "CyberLink Audio Encoder Filter" "(Not verified) Cyberlink Corp." "c:\program files\cyberlink\power2go\p2gaudenc.ax"
+ "P2G MPEG Video Encoder" "CyberLink MPEG Video Encoder                               " "(Not verified) CyberLink Corp.                                            " "c:\program files\cyberlink\power2go\p2gmpgvenc.ax"
+ "P2G Video Regulator" "CyberLink Video Regulator" "(Not verified) CyberLink" "c:\program files\cyberlink\power2go\p2gresample.ax"
+ "PIX Photo Story Source Filter" "Photo Story DShow Filters Dll" "(Not verified) Microsoft Corporation" "c:\program files\microsoft digital image 2006\pixpssourcefilter.dll"
+ "PIX Photo Story WAV Dest" "Photo Story DShow Filters Dll" "(Not verified) Microsoft Corporation" "c:\program files\microsoft digital image 2006\pixwavdest.dll"
+ "RealPlayer Audio Filter" "Audio Filter Plugin" "(Verified) RealNetworks" "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter" "Audio Filter Plugin" "(Verified) RealNetworks" "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter" "Audio Filter Plugin" "(Verified) RealNetworks" "c:\program files\real\realplayer\rdsf3260.dll"
+ "WavPack Audio Decoder" "WavPack Audio DirectShow Decoder" "(Not verified) -" "c:\program files\k-lite codec pack\filters\wavpackdsdecoder.ax"
+ "WavPack Audio Splitter" "WavPack Audio DirectShow Splitter" "(Not verified) -" "c:\program files\k-lite codec pack\filters\wavpackdssplitter.ax"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
"HKLM\Software\Classes\CLSID\{AC757296-3522-4E11-9862-C17BE5A1767E}\Instance" "" "" ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{AC757296-3522-4E11-9862-C17BE5A1767E}\Instance" "" "" ""
"HKLM\Software\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance" "" "" ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance" "" "" ""
"HKLM\Software\Classes\CLSID\{ABE3B9A4-257D-4B97-BD1A-294AF496222E}\Instance" "" "" ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{ABE3B9A4-257D-4B97-BD1A-294AF496222E}\Instance" "" "" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute" "" "" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\Execute" "" "" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\S0InitialCommand" "" "" ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" "" "" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" "" "" ""
"HKLM\Software\Microsoft\Command Processor\Autorun" "" "" ""
"HKLM\Software\Wow6432Node\Microsoft\Command Processor\Autorun" "" "" ""
"HKCU\Software\Microsoft\Command Processor\Autorun" "" "" ""
"HKCU\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)" "" "" ""
"HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)" "" "" ""
"HKLM\Software\Classes\.exe" "" "" ""
"HKCU\Software\Classes\.exe" "" "" ""
"HKLM\Software\Classes\.cmd" "" "" ""
"HKCU\Software\Classes\.cmd" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls" "" "" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ServiceControllerStart" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LsaStart" "" "" ""
"HKLM\SYSTEM\Setup\CmdLine" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SaveDumpStart" "" "" ""
"HKCU\SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop\Scrnsave.exe" "" "" ""
"HKCU\Control Panel\Desktop\Scrnsave.exe" "" "" ""
+ "C:\windows\system32\f3PSSavr.scr" "" "" "File not found: C:\windows\system32\f3PSSavr.scr"
"HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath" "" "" ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries" "" "" ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "(Not verified) Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64" "" "" ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "hpzsnt07" "" "(Not verified) HP" "c:\windows\system32\hpzsnt07.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders" "" "" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages" "" "" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages" "" "" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages" "" "" ""
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
 



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:29 AM

Posted 22 February 2013 - 02:32 PM

Junkware and adware cleaner log?

 

Autoruns log looks incomplete.Please allow it to load the entries and then export it to a text file.



#7 SqanticP

SqanticP
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 22 February 2013 - 02:47 PM

Sorry - reposting -

JRT and ADWCleaner logs :

Autoruns output to follow shortly

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Microsoft Windows XP x86
Ran by Pappy on 22/02/2013 at 18:21:54.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


 

 


 


~~~ Services


 

 


 

~~~ Registry Values


 

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-93242854-1296263977-923382764-1007\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL


 

 


 

~~~ Registry Keys


 

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}


 

 


 

~~~ Files


 

 


 

~~~ Folders


 

 


 

 


 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/02/2013 at 18:32:25.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v2.112 - Logfile created 02/22/2013 at 18:12:15
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Pappy - MAPS0001
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Pappy\Desktop\AdwCleaner.exe
# Option [Delete]


 


***** [Services] *****


 


***** [Files / Folders] *****


 


***** [Registry] *****


 

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E720452-B472-4954-B7AA-33069EB53906}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}


 

***** [Internet Browsers] *****


 

-\\ Internet Explorer v8.0.6001.18702


 

[OK] Registry is clean.


 

*************************


 

AdwCleaner[S1].txt - [2231 octets] - [22/02/2013 18:12:15]


 

########## EOF - C:\AdwCleaner[S1].txt - [2291 octets] ##########



#8 SqanticP

SqanticP
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 22 February 2013 - 02:54 PM

re. autoruns - not getting different output this time,

however it does have the "Hide microsoft entries" filter option checked

Let me know if you'ld like output without this filter option.

anyway reposting from Autoruns  :

 

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup" "" "" ""
"HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup" "" "" ""
"HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon" "" "" ""
"HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet" "" "" ""
"HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown" "" "" ""
"HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logoff" "" "" ""
"HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logoff" "" "" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Startup" "" "" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Shutdown" "" "" ""
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell" "" "" ""
"HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell" "" "" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell" "" "" ""
"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\AlternateShell" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\InitialProgram" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "QuickTime Task" "QuickTime Task" "(Not verified) Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "Recguard" "Recguard MFC Application" "" "c:\windows\sminst\recguard.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
"C:\Documents and Settings\Pappy\Start Menu\Programs\Startup" "" "" ""
"HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load" "" "" ""
"HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" "" "" ""
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\IconServiceLib" "" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" "" "" ""
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Power2GoExpress" "" "" "File not found: NA"
"HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
"HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce" "" "" ""
"HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows CE Services\AutoStartOnConnect" "" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services\AutoStartOnConnect" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows CE Services\AutoStartOnDisconnect" "" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services\AutoStartOnDisconnect" "" "" ""
"HKCU\SOFTWARE\Classes\Protocols\Filter" "" "" ""
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
"HKCU\SOFTWARE\Classes\Protocols\Handler" "" "" ""
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "(Not verified) Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "skype4com" "Skype for COM API" "(Verified) Skype Technologies SA" "c:\windows\system32\skype4com.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler" "" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" "" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" "" "" ""
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" "" "" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "BUContextMenu" "Backup Shell" "(Verified) Symantec Corporation" "c:\program files\norton 360\engine\5.2.2.3\bushell.dll"
+ "EPPShellEx" "" "(Not verified) SEIKO EPSON CORPORATION" "c:\program files\epson\creativity suite\easy photo print\eppshell.dll"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "(Verified) Symantec Corporation" "c:\program files\norton 360\engine\5.2.2.3\navshext.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
"HKCU\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "BuPropertySheet" "Backup Shell" "(Verified) Symantec Corporation" "c:\program files\norton 360\engine\5.2.2.3\bushell.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
"HKCU\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "(Verified) Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
"HKCU\Software\Classes\AllFileSystemObjects\ShellEx\DragDropHandlers" "" "" ""
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\DragDropHandlers" "" "" ""
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\DragDropHandlers" "" "" ""
"HKCU\Software\Classes\AllFileSystemObjects\ShellEx\PropertySheetHandlers" "" "" ""
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\PropertySheetHandlers" "" "" ""
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\PropertySheetHandlers" "" "" ""
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
"HKCU\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
"HKCU\Software\Classes\Directory\Shellex\PropertySheetHandlers" "" "" ""
"HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers" "" "" ""
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\PropertySheetHandlers" "" "" ""
"HKCU\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
"HKCU\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "(Not verified) Adobe Systems, Inc." "c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
"HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "BUContextMenu" "Backup Shell" "(Verified) Symantec Corporation" "c:\program files\norton 360\engine\5.2.2.3\bushell.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "(Verified) Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "Symantec.Norton.Antivirus.IEContextMenu" "Symantec Shared Component Shell Extension Module" "(Verified) Symantec Corporation" "c:\program files\norton 360\engine\5.2.2.3\navshext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
"HKCU\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
"HKCU\Software\Classes\Folder\ShellEx\ExtShellFolderViews" "" "" ""
"HKLM\Software\Classes\Folder\ShellEx\ExtShellFolderViews" "" "" ""
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ExtShellFolderViews" "" "" ""
"HKCU\Software\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" ""
"HKLM\Software\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" ""
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" ""
"HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "OverlayExcluded" "Backup Shell" "(Verified) Symantec Corporation" "c:\program files\norton 360\engine\5.2.2.3\bushell.dll"
+ "OverlayPending" "Backup Shell" "(Verified) Symantec Corporation" "c:\program files\norton 360\engine\5.2.2.3\bushell.dll"
+ "OverlayProtected" "Backup Shell" "(Verified) Symantec Corporation" "c:\program files\norton 360\engine\5.2.2.3\bushell.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
"HKCU\Software\Microsoft\Ctf\LangBarAddin" "" "" ""
"HKLM\Software\Microsoft\Ctf\LangBarAddin" "" "" ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Reader Link Helper" "Adobe Acrobat IE Helper Version 7.0 for ActiveX" "(Verified) Adobe Systems" "c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll"
+ "CBrowserHelperObject Object" "BAE.dll" "(Not verified) Gateway Inc." "c:\windows\system32\bae.dll"
+ "EpsonToolBandKicker Class" "EPSON Web-To-Page" "(Not verified) SEIKO EPSON CORPORATION" "c:\program files\epson\epson web-to-page\epson web-to-page.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "(Verified) Sun Microsystems" "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Symantec Intrusion Prevention" "IPS Browser Helper DLL" "(Verified) Symantec Corporation" "c:\program files\norton 360\engine\5.2.2.3\ips\ipsbho.dll"
+ "Symantec NCO BHO" "coIEPlugIn" "(Verified) Symantec Corporation" "c:\program files\norton 360\engine\5.2.2.3\coieplg.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" ""
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "EPSON Web-To-Page" "EPSON Web-To-Page" "(Not Verified) SEIKO EPSON CORPORATION" "c:\program files\epson\epson web-to-page\epson web-to-page.dll"
+ "Norton Toolbar" "coIEPlugIn" "(Verified) Symantec Corporation" "c:\program files\norton 360\engine\5.2.2.3\coieplg.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
"HKCU\Software\Microsoft\Internet Explorer\Explorer Bars" "" "" ""
"HKLM\Software\Microsoft\Internet Explorer\Explorer Bars" "" "" ""
"HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars" "" "" ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars" "" "" ""
"HKCU\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
"HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
"Task Scheduler" "" "" ""
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "(Not verified) Apple, Inc." "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe"
+ "ATI Smart" "ATI Smart" "" "c:\windows\system32\ati2sgag.exe"
+ "BlueSoleil Hid Service" "" "(Verified) IVT SOFTWARE TECHNOLOGY Inc." "c:\program files\ivt corporation\bluesoleil\btntservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence, so that users can discover and use those services without any unnecessary manual setup or administration." "(Not verified) Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "iPod Service" "iPod hardware management services" "(Verified) Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "KService" "Delivery Manager Service" "" "File not found: C:\Program Files\Kontiki\KService.exe"
+ "MHN" "Multimedia Home Networking (MHN) is a networking platform for Audio Video (AV) streaming applications on IP home networks. MHN enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications by providing mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization." "(Not verified) Microsoft Corporation" "c:\windows\system32\mhn.dll"
+ "N360" "Norton 360" "(Verified) Symantec Corporation" "c:\program files\norton 360\engine\5.2.2.3\ccsvchst.exe"
+ "PrismXL" "PrismXL Service" "(Not verified) New Boundary Technologies, Inc." "c:\program files\common files\new boundary\prismxl\prismxl.sys"
+ "Start BT in service" "" "(Verified) IVT SOFTWARE TECHNOLOGY Inc." "c:\program files\ivt corporation\bluesoleil\startskysolsvc.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "alcan5wn" "WAN Driver" "(Not verified) THOMSON" "c:\windows\system32\drivers\alcan5wn.sys"
+ "alcaudsl" "WDM Driver" "(Not verified) THOMSON" "c:\windows\system32\drivers\alcaudsl.sys"
+ "BHDrvx86" "SONAR Engine Driver" "(Verified) Symantec Corporation" "c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20130208.001\bhdrvx86.sys"
+ "BTNetFilter" "Bluetooth Network Filter Driver" "(Verified) IVT SOFTWARE TECHNOLOGY Inc." "c:\program files\ivt corporation\bluesoleil\device\win2k\btnetfilter.sys"
+ "Changer" "" "" "File not found: C:\windows\System32\Drivers\Changer.sys"
+ "eeCtrl" "Symantec Eraser Control Driver" "(Verified) Symantec Corporation" "c:\program files\common files\symantec shared\eengine\eectrl.sys"
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "(Verified) Symantec Corporation" "c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys"
+ "GEARAspiWDM" "CD DVD Filter" "(Verified) GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "IDSxpx86" "Symantec Intrusion Prevention Driver" "(Verified) Symantec Corporation" "c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20130221.001\idsxpx86.sys"
+ "lbrtfdc" "" "" "File not found: C:\windows\System32\Drivers\lbrtfdc.sys"
+ "MASPINT" "Aspi32 Driver" "(Not verified) MicroStaff Co.,Ltd." "c:\windows\system32\drivers\maspint.sys"
+ "MHNDRV" "Multimedia Home Network component driver" "(Not verified) Microsoft Corporation" "c:\windows\system32\drivers\mhndrv.sys"
+ "NAVENG" "AV Engine" "(Verified) Symantec Corporation" "c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20130221.033\naveng.sys"
+ "NAVEX15" "AV Engine" "(Verified) Symantec Corporation" "c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20130221.033\navex15.sys"
+ "PCIDump" "" "" "File not found: C:\windows\System32\Drivers\PCIDump.sys"
+ "pcouffin" "low level access layer for CD/DVD/BD devices" "(Not verified) VSO Software" "c:\windows\system32\drivers\pcouffin.sys"
+ "PDCOMP" "" "" "File not found: C:\windows\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\windows\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\windows\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\windows\System32\Drivers\PDRFRAME.sys"
+ "pnicml" "" "" "File not found: C:\DOCUME~1\Mummy\LOCALS~1\Temp\pnicml.sys"
+ "SMR311" "" "" "File not found: System32\drivers\SMR311.SYS"
+ "SRTSP" "Symantec AutoProtect" "(Verified) Symantec Corporation" "c:\windows\system32\drivers\n360\0502020.003\srtsp.sys"
+ "SRTSPX" "Symantec AutoProtect" "(Verified) Symantec Corporation" "c:\windows\system32\drivers\n360\0502020.003\srtspx.sys"
+ "SymDS" "Symantec Data Store" "(Verified) Symantec Corporation" "c:\windows\system32\drivers\n360\0502020.003\symds.sys"
+ "SymEFA" "Symantec Extended File Attributes" "(Verified) Symantec Corporation" "c:\windows\system32\drivers\n360\0502020.003\symefa.sys"
+ "SymEvent" "Symantec Event Library" "(Verified) Symantec Corporation" "c:\windows\system32\drivers\symevent.sys"
+ "SymIRON" "Iron Driver" "(Verified) Symantec Corporation" "c:\windows\system32\drivers\n360\0502020.003\ironx86.sys"
+ "SYMTDI" "Network Dispatch Driver" "(Verified) Symantec Corporation" "c:\windows\system32\drivers\n360\0502020.003\symtdi.sys"
+ "WDICA" "" "" "File not found: C:\windows\System32\Drivers\WDICA.sys"
+ "WinDriver6" "WinDriver Device Driver 8.11" "(Not verified) Jungo" "c:\windows\system32\drivers\windrvr6.sys"
"HKCU\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.clmp3enc" "CLMP3Enc" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\power2go\clmp3enc.acm"
"HKCU\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
"HKCU\Software\Classes\Filter" "" "" ""
"HKLM\Software\Classes\Filter" "" "" ""
"HKCU\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
"HKCU\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
"HKCU\Software\Classes\CLSID\{AC757296-3522-4E11-9862-C17BE5A1767E}\Instance" "" "" ""
"HKCU\Software\Wow6432Node\Classes\CLSID\{AC757296-3522-4E11-9862-C17BE5A1767E}\Instance" "" "" ""
"HKCU\Software\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance" "" "" ""
"HKCU\Software\Wow6432Node\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance" "" "" ""
"HKCU\Software\Classes\CLSID\{ABE3B9A4-257D-4B97-BD1A-294AF496222E}\Instance" "" "" ""
"HKCU\Software\Wow6432Node\Classes\CLSID\{ABE3B9A4-257D-4B97-BD1A-294AF496222E}\Instance" "" "" ""
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "(Not verified) Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Content Based Video Analysis Filter" "Media Center Content Based Video Analyzer Filter Module" "(Not verified) Microsoft Corporation" "c:\windows\ehome\cbvafilter.dll"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\powerdvd\audiofilter\claud.ax"
+ "CyberLink Audio Effect (PDVD6)" "CyberLink Audio Effect Filter" "(Not verified) CyberLink Corporation" "c:\program files\cyberlink\powerdvd\audiofilter\claudfx.ax"
+ "CyberLink Audio Resampler" "CLAuRsmpl.ax" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\power2go\p2gaursmpl.ax"
+ "CyberLink Audio Spectrum Analyzer (PDVD6)" "CLAudSpa.ax" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\powerdvd\audiofilter\claudspa.ax"
+ "CyberLink Audio VolumeBooster" "CyberLink Audio Volume Booster Filter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\power2go\p2gvb.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\power2go\p2gaudiocd.ax"
+ "CyberLink AudioCD Filter (PDVD6)" "CyberLink AudioCD Filter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\powerdvd\audiofilter\claudiocd.ax"
+ "CyberLink Demux (PDVD6)" "MPEG-2 Dempltiplexer" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\powerdvd\navfilter\cldemuxer.ax"
+ "Cyberlink Dump Dispatch Filter" "Cyberlink File Dump Dispatch Filter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\power2go\p2gdumpdispatch.ax"
+ "Cyberlink Dump Filter" "Cyberlink File Dump Filter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\power2go\p2gdump.ax"
+ "CyberLink DVD Navigator (PDVD6)" "CyberLink DVD Navigation Filter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\powerdvd\navfilter\clnavx.ax"
+ "CyberLink Line21 Decoder (PDVD6)" "CyberLink Line21 Decoder Filter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\powerdvd\videofilter\clline21.ax"
+ "CyberLink Load Image Filter" "CLImage" "(Not verified) CyberLink" "c:\program files\cyberlink\shared files\climage.ax"
+ "CyberLink LPCM Converter" "LPCM Converter Filter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\power2go\p2glpcmcvrt.ax"
+ "CyberLink M2V Writer" "CLM2VWriter" "(Not verified) CyberLink" "c:\program files\cyberlink\power2go\p2gm2vwriter.ax"
+ "CyberLink MP3/WAV Wrapper" "CyberLink MP3 Wrapper" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\power2go\p2gmp3wrap.ax"
+ "CyberLink MPEG Decoder" "CyberLink Video/SP Filter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\power2go\p2gmvd.ax"
+ "CyberLink MPEG Muxer" "MpgMux" "(Not verified) CyberLink" "c:\program files\cyberlink\power2go\p2gmpgmux.ax"
+ "CyberLink MPEG-1 Splitter" "CyberLink MPEG Splitter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\power2go\p2gm1spliter.ax"
+ "CyberLink MPEG-2 Splitter" "CyberLink MPEG Splitter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\power2go\p2gm2spliter.ax"
+ "CyberLink PCM Wrapper" "CyberLink PCM Wrapper" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\power2go\p2gpcmenc.ax"
+ "Cyberlink SubTitle Importor (PDVD6)" "CLSubTitle.ax" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\powerdvd\videofilter\clsubtitle.ax"
+ "CyberLink TimeStretch Filter (PDVD6)" "CLAuTS.ax" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\powerdvd\audiofilter\clauts.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\powerdvd\videofilter\clvsd.ax"
+ "DirectVobSub" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "(Not verified) Gabest" "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "DirectVobSub (auto-loading version)" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "(Not Verified) Gabest" "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow DXVA Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "FinePix Color Filter" "FinePix Color Filter" "(Not verified) FUJI PHOTO FILM CO.,LTD." "c:\program files\finepixviewer\extensions\helpers\mvfilters\fxcolorft.ax"
+ "FinePix Rotate Filter" "FinePix Rotate Filter" "(Not verified) FUJI PHOTO FILM CO.,LTD." "c:\program files\finepixviewer\extensions\helpers\mvfilters\fxrotateft.ax"
+ "Fujifilm Setup Filter" "FujifilmSetupFilter" "(Not verified) FUJI PHOTO FILM CO., LTD. " "c:\program files\finepixviewer\extensions\helpers\mvfilters\fujifilmsetupfilter.ax"
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Video Renderer" "" "" "c:\program files\k-lite codec pack\filters\haali\dxr.dll"
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "madFlac Decoder" "DirectShow FLAC Decoder" "(Not verified) www.madshi.net" "c:\program files\k-lite codec pack\filters\madflac.ax"
+ "madFlac Source" "DirectShow FLAC Decoder" "(Not Verified) www.madshi.net" "c:\program files\k-lite codec pack\filters\madflac.ax"
+ "MPC - FLV Source (Gabest)" "FLV Splitter" "(Not Verified) MPC-HC Team" "c:\program files\k-lite codec pack\filters\flvsplitter.ax"
+ "MPC - FLV Splitter (Gabest)" "FLV Splitter" "(Not verified) MPC-HC Team" "c:\program files\k-lite codec pack\filters\flvsplitter.ax"
+ "MPC - MP4 Source" "MP4 Splitter" "(Not verified) MPC-HC Team" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MPC - MP4 Splitter" "MP4 Splitter" "(Not Verified) MPC-HC Team" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MPC - Mpeg Source (Gabest)" "Mpeg Splitter" "(Not verified) MPC-HC Team" "c:\program files\k-lite codec pack\filters\mpegsplitter.ax"
+ "MPC - Mpeg Splitter (Gabest)" "Mpeg Splitter" "(Not Verified) MPC-HC Team" "c:\program files\k-lite codec pack\filters\mpegsplitter.ax"
+ "MPC - MPEG4 Video Source" "MP4 Splitter" "(Not Verified) MPC-HC Team" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MPC - MPEG4 Video Splitter" "MP4 Splitter" "(Not Verified) MPC-HC Team" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "P2G Audio Decoder" "CyberLink Audio Decoder Filter" "(Not verified) CyberLink Corp." "c:\program files\cyberlink\power2go\p2gaud.ax"
+ "P2G Audio Encoder" "CyberLink Audio Encoder Filter" "(Not verified) Cyberlink Corp." "c:\program files\cyberlink\power2go\p2gaudenc.ax"
+ "P2G MPEG Video Encoder" "CyberLink MPEG Video Encoder                               " "(Not verified) CyberLink Corp.                                            " "c:\program files\cyberlink\power2go\p2gmpgvenc.ax"
+ "P2G Video Regulator" "CyberLink Video Regulator" "(Not verified) CyberLink" "c:\program files\cyberlink\power2go\p2gresample.ax"
+ "PIX Photo Story Source Filter" "Photo Story DShow Filters Dll" "(Not verified) Microsoft Corporation" "c:\program files\microsoft digital image 2006\pixpssourcefilter.dll"
+ "PIX Photo Story WAV Dest" "Photo Story DShow Filters Dll" "(Not verified) Microsoft Corporation" "c:\program files\microsoft digital image 2006\pixwavdest.dll"
+ "RealPlayer Audio Filter" "Audio Filter Plugin" "(Verified) RealNetworks" "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter" "Audio Filter Plugin" "(Verified) RealNetworks" "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter" "Audio Filter Plugin" "(Verified) RealNetworks" "c:\program files\real\realplayer\rdsf3260.dll"
+ "WavPack Audio Decoder" "WavPack Audio DirectShow Decoder" "(Not verified) -" "c:\program files\k-lite codec pack\filters\wavpackdsdecoder.ax"
+ "WavPack Audio Splitter" "WavPack Audio DirectShow Splitter" "(Not verified) -" "c:\program files\k-lite codec pack\filters\wavpackdssplitter.ax"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
"HKLM\Software\Classes\CLSID\{AC757296-3522-4E11-9862-C17BE5A1767E}\Instance" "" "" ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{AC757296-3522-4E11-9862-C17BE5A1767E}\Instance" "" "" ""
"HKLM\Software\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance" "" "" ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance" "" "" ""
"HKLM\Software\Classes\CLSID\{ABE3B9A4-257D-4B97-BD1A-294AF496222E}\Instance" "" "" ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{ABE3B9A4-257D-4B97-BD1A-294AF496222E}\Instance" "" "" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute" "" "" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\Execute" "" "" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\S0InitialCommand" "" "" ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" "" "" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" "" "" ""
"HKLM\Software\Microsoft\Command Processor\Autorun" "" "" ""
"HKLM\Software\Wow6432Node\Microsoft\Command Processor\Autorun" "" "" ""
"HKCU\Software\Microsoft\Command Processor\Autorun" "" "" ""
"HKCU\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)" "" "" ""
"HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)" "" "" ""
"HKLM\Software\Classes\.exe" "" "" ""
"HKCU\Software\Classes\.exe" "" "" ""
"HKLM\Software\Classes\.cmd" "" "" ""
"HKCU\Software\Classes\.cmd" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls" "" "" ""
"HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ServiceControllerStart" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LsaStart" "" "" ""
"HKLM\SYSTEM\Setup\CmdLine" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SaveDumpStart" "" "" ""
"HKCU\SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop\Scrnsave.exe" "" "" ""
"HKCU\Control Panel\Desktop\Scrnsave.exe" "" "" ""
+ "C:\windows\system32\f3PSSavr.scr" "" "" "File not found: C:\windows\system32\f3PSSavr.scr"
"HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath" "" "" ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries" "" "" ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "(Not verified) Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64" "" "" ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "hpzsnt07" "" "(Not verified) HP" "c:\windows\system32\hpzsnt07.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders" "" "" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages" "" "" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages" "" "" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages" "" "" ""
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
 



#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:29 AM

Posted 22 February 2013 - 03:48 PM

Press Windows+R key and type

 

services.msc and click ok

 

Right click on Security center service-properties

 

Change the startup type to automatic and start it.

 

Delete this folder C:\TDSSkillerQuarantine

 

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users