Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Boot.Pihar removal help


  • This topic is locked This topic is locked
18 replies to this topic

#1 o_wanderer

o_wanderer

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:08 PM

Posted 14 June 2013 - 08:22 PM

Hello,

I received an error from Norton 360 hat says my PC is infected with Boot.Pihar (no letters behind it). I contacted their support, they told me to run the Norton Power Eraser, which I did. Ran it, still recieving the error. I contacted support, they said they could fix it for 100 bucks (which I don't have).

 

Scan Statistics:
  Scan Time: 10,913 seconds
  Scan Targets: Entire computer
  Counts:
   Total items scanned: 1,258,878
   - Files & Directories: 1,254,552
   - Registry Entries: 442
   - Processes & Start-up Items: 3,209
   - Network & Browser Items: 663
   - Other: 5
   - Trusted Files: 3,243
   - Skipped Files: 51

   Total security risks detected: 1
   Total items resolved: 0
   Total items that require attention: 1

Resolved Threats:
No risks have been resolved

Unresolved Threats:
Boot.Pihar
 Type: Master Boot Record
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)  
 Categories: Virus
 Status: Remove Failed
 -----------
 1 System Action
Drive 0x80 - Infected


I tried installing Kaspersky and uninstalling Norton to see if it could resolve the issue. It didn't even find it. Uninstalled Kaspersky. Reinstalled Norton 360. Ran MalwareBytes, didn't find it either, uninstalled it. I am at a loss what to do beyond this. I did run a Belarc Advisor listing to see if anything looked funny, but it's still showing the same...

 

I would really appreciate any help you could send my way.

 

Herer is a copy of the dds.log

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.21.2
Run by HP_Administrator at 21:02:04 on 2013-06-14
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1115 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
C:\WINDOWS\LTMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = about:blank
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Qwiklinx: {3E7C8B5A-96AB-438F-BF9B-782400655440} - c:\documents and settings\hp_administrator\application data\qwiklinx\Qwiklinx.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\6.4.1.14\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\6.4.1.14\ips\ipsbho.dll
BHO: Do Not Track Me: {6E45F3E8-2683-4824-A6BE-08108022FB36} - c:\program files\donottrackplus\ie\DNTPAddon.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: hpWebHelper Class: {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\6.4.1.14\coieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Search - <no file>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {6E45F3E8-2683-4824-A6BE-08108022FB36} - {23249465-AA46-4DED-BD4B-8EFB20F968FE} - c:\program files\donottrackplus\ie\DNTPAddon.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\program files\icqlite\ICQLite.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341752886327
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341752872527
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{3B8AE65D-9C50-4AB4-8A47-634912C823A5} : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{82E4D0CF-3BC7-4BAF-A364-FB58DA04DCB9} : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DHCPNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
Handler: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - c:\program files\lizardtech\express view\expressview.dll
Handler: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - c:\program files\lizardtech\express view\expressview.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\p23rjd04.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mie\alternatiff\npzzatif.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npImgCtl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-06-14 16:08; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.0.145\IPSFFPlgn
FF - ExtSQL: 2013-06-14 16:14; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.0.145\coFFPlgn
FF - ExtSQL: !HIDDEN! 2009-09-24 12:56; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn2
.
============= SERVICES / DRIVERS ===============
.
R0 SMR322;Symantec SMR Utility Service 3.2.2;c:\windows\system32\drivers\SMR322.SYS [2013-6-14 98392]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0604010.00e\symds.sys [2013-6-14 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0604010.00e\symefa.sys [2013-6-14 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.0.145\definitions\bashdefs\20130531.001\BHDrvx86.sys [2013-5-31 1002072]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0604010.00e\ccsetx86.sys [2013-6-14 132768]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0604010.00e\ironx86.sys [2013-6-14 149624]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 N360;Norton 360;c:\program files\norton 360\engine\6.4.1.14\ccsvchst.exe [2013-6-14 138272]
R2 portD;ABS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2007-5-29 7296]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-6-14 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.0.145\definitions\ipsdefs\20130614.001\IDSXpx86.sys [2013-6-14 373728]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.0.145\definitions\virusdefs\20130614.001\NAVENG.SYS [2013-6-14 93272]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.0.145\definitions\virusdefs\20130614.001\NAVEX15.SYS [2013-6-14 1611992]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 DYNPDI;DYNPDI;c:\docume~1\hp_adm~1\locals~1\temp\DYNPDI.exe [2013-5-19 392064]
S3 GNDAREFJTQM;GNDAREFJTQM;c:\docume~1\hp_adm~1\locals~1\temp\GNDAREFJTQM.exe [2013-5-19 412544]
S3 GT680xNT;Visioneer OneTouch 7300 Driver;c:\windows\system32\drivers\Gt680x.sys [2007-1-27 17376]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-6-14 35144]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-27 174336]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2006-3-7 468768]
S3 ZD1211BU(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking);c:\windows\system32\drivers\ZD1211BU.sys [2009-3-24 477696]
S3 ZD1211BU(SMC);802.11g Wireless USB2.0 Adapter Driver(SMC);c:\windows\system32\drivers\ZD1211BU.sys [2009-3-24 477696]
S4 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-2-12 3467768]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile="c:\windows\notepad.exe" "%1"
.
=============== Created Last 30 ================
.
2013-06-14 21:11:59    98392    ----a-w-    c:\windows\system32\drivers\SMR322.SYS
2013-06-14 20:21:37    924320    ----a-w-    c:\windows\system32\drivers\n360\0604010.00e\symefa.sys
2013-06-14 20:21:37    388216    ----a-r-    c:\windows\system32\drivers\n360\0604010.00e\symtdi.sys
2013-06-14 20:21:37    345208    ----a-r-    c:\windows\system32\drivers\n360\0604010.00e\symtdiv.sys
2013-06-14 20:21:37    318584    ----a-r-    c:\windows\system32\drivers\n360\0604010.00e\symnets.sys
2013-06-14 20:21:36    574112    ----a-w-    c:\windows\system32\drivers\n360\0604010.00e\srtsp.sys
2013-06-14 20:21:36    340088    ----a-r-    c:\windows\system32\drivers\n360\0604010.00e\symds.sys
2013-06-14 20:21:36    32928    ----a-w-    c:\windows\system32\drivers\n360\0604010.00e\srtspx.sys
2013-06-14 20:21:35    149624    ----a-r-    c:\windows\system32\drivers\n360\0604010.00e\ironx86.sys
2013-06-14 20:21:35    132768    ----a-w-    c:\windows\system32\drivers\n360\0604010.00e\ccsetx86.sys
2013-06-14 20:20:15    8942    ----a-w-    c:\windows\system32\drivers\n360\0604010.00e\symvtcer.dat
2013-06-14 20:20:15    --------    d-----w-    c:\windows\system32\drivers\n360\0604010.00E
2013-06-14 20:18:47    35144    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-06-14 19:34:38    60872    ----a-w-    c:\windows\system32\S32EVNT1.DLL
2013-06-14 19:34:38    141944    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2013-06-14 19:34:38    --------    d-----w-    c:\program files\Symantec
2013-06-14 19:32:41    --------    d-----w-    c:\windows\system32\drivers\N360
2013-06-14 19:32:37    --------    d-----w-    c:\program files\Norton 360
2013-06-14 19:32:17    --------    d-----w-    c:\program files\NortonInstaller
2013-06-14 15:55:28    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2013-05-20 22:37:45    --------    d-----w-    c:\documents and settings\all users\application data\Kaspersky Lab
2013-05-19 11:41:53    --------    d-----w-    c:\windows\system32\wbem\repository\FS
2013-05-19 11:41:53    --------    d-----w-    c:\windows\system32\wbem\Repository
2013-05-19 11:41:27    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-05-19 11:41:10    --------    d-----w-    c:\program files\Qwiklinx
2013-05-19 11:41:10    --------    d-----w-    c:\documents and settings\hp_administrator\application data\Qwiklinx
2013-05-19 11:41:09    --------    d-----w-    c:\windows\wt
2013-05-19 11:41:09    --------    d-----w-    c:\documents and settings\hp_administrator\application data\Babylon
2013-05-19 11:41:09    --------    d-----w-    c:\documents and settings\all users\application data\Babylon
2013-05-19 11:41:08    --------    d-----w-    c:\program files\OApps
2013-05-19 11:40:09    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2013-05-19 11:39:58    --------    d-----w-    c:\program files\ScreenArt
2013-05-19 09:50:13    --------    d-----w-    c:\program files\ESET
2013-05-18 15:17:06    --------    d-----w-    c:\documents and settings\all users\application data\Anvisoft
.
==================== Find3M  ====================
.
2013-05-27 22:50:22    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-27 22:50:18    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-04 09:35:08    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 21:03:11.54 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 PM

Posted 15 June 2013 - 04:00 PM


Hello o_wanderer

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 o_wanderer

o_wanderer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:08 PM

Posted 15 June 2013 - 09:54 PM

Hello Gringo,

Thank you very much for taking time to look at this.

My PC had been running well. Even after receiving the Norton error about the Boot.Pihar it ran well. Recently (past 2 days) I have been getting a KBD.exe error each time I log on. I have noticed some of my keystrokes are missed and I have to go back and edit. (It could be my mousepad, though.)

Immediately after running the two programs you instructed me to, I ran a full scan Norton 360 AV scan again and came up with the same result.
 Here is the data from the two programs...

Thank you again for your help.
o_wanderer

 

# AdwCleaner v2.303 - Logfile created 06/15/2013 at 19:40:32
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : HP_Administrator - BIGHOUSE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\HP_Administrator\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Claro LTD
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\p23rjd04.default\Smartbar
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Qwiklinx
Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dnfaglepmjgohnkcoieaijlheabmcdeo
Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Program Files\Qwiklinx
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\828fd1b468eb14
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\ICQToolbar
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\BrowserProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{625F420E-A4A9-4B40-BC23-716C1C43893A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21608B66-026F-4DCB-9244-0DACA328DCED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21608B66-026F-4DCB-9244-0DACA328DCED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Qwiklinx
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\QwiklinxBHO
Key Deleted : HKLM\SOFTWARE\Classes\QwiklinxBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{204C0025-C26A-43E2-853C-D8A8EB1BCE51}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dnfaglepmjgohnkcoieaijlheabmcdeo
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2E497885-E60B-420A-832D-0148B392E058}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2E497885-E60B-420A-832D-0148B392E058}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\PIP
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\p23rjd04.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1j30z54k.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [8042 octets] - [15/06/2013 19:40:32]

########## EOF - C:\AdwCleaner[S1].txt - [8102 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by HP_Administrator on Sat 06/15/2013 at 19:48:20.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E7C8B5A-96AB-438F-BF9B-782400655440}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\hot deals"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/15/2013 at 19:53:49.68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 PM

Posted 15 June 2013 - 10:13 PM


Hello o_wanderer

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 o_wanderer

o_wanderer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:08 PM

Posted 16 June 2013 - 05:03 AM

Hello again, Gringo.

 

I have followed your instructions and post my results from the Combofix below.

It did require me to update the XP Recovery Console. There were no other notifications except for the ones in Combofix. It did not require any reboot. Ran the AntiVirus again, still Boot.Pihar error.

 

Thanks agan for all your time and help. I really appreciate it.

 

Regards,

o_wanderer

 

 

ComboFix 13-06-15.01 - HP_Administrator 06/16/2013   5:36.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1451 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
ADS - WINDOWS: deleted 192 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Administrator\WINDOWS
c:\windows\Fonts\N019003T.TTF
c:\windows\system\VB40032.DLL
c:\windows\system\WING32.DLL
c:\windows\system32\Cache
c:\windows\system32\Cache\182bc78eae7b20cc.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\818dafe00b48794d.fb
c:\windows\system32\Cache\a7d98bc46df519f0.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\aecde910d0625836.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\ps2.bat
D:\Autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-16 to 2013-06-16  )))))))))))))))))))))))))))))))
.
.
2013-06-15 23:48 . 2013-06-15 23:48    --------    d-----w-    c:\windows\ERUNT
2013-06-15 23:48 . 2013-06-15 23:48    --------    d-----w-    C:\JRT
2013-06-15 01:28 . 2013-06-15 01:28    --------    d-----w-    c:\documents and settings\HP_Administrator\Local Settings\Application Data\Secunia PSI
2013-06-15 01:27 . 2013-06-15 01:27    --------    d-----w-    c:\program files\Secunia
2013-06-14 20:18 . 2013-06-14 20:18    35144    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-06-14 19:34 . 2013-06-14 19:34    --------    d-----w-    c:\program files\Symantec
2013-06-14 19:34 . 2013-06-14 19:34    60872    ----a-w-    c:\windows\system32\S32EVNT1.DLL
2013-06-14 19:34 . 2013-06-14 19:34    141944    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2013-06-14 19:32 . 2013-06-14 20:53    --------    d-----w-    c:\windows\system32\drivers\N360
2013-06-14 19:32 . 2013-06-14 19:32    --------    d-----w-    c:\program files\Norton 360
2013-06-14 19:32 . 2013-06-14 19:32    --------    d-----w-    c:\program files\NortonInstaller
2013-06-14 15:55 . 2013-06-14 20:50    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-05-22 22:23 . 2013-05-23 23:05    --------    d-----w-    c:\program files\Mozilla Thunderbird
2013-05-20 22:37 . 2013-06-14 19:56    --------    d-----w-    c:\documents and settings\All Users\Application Data\Kaspersky Lab
2013-05-19 11:41 . 2013-05-19 11:41    --------    d-----w-    c:\windows\system32\wbem\Repository
2013-05-19 11:41 . 2013-06-14 15:51    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-05-19 11:41 . 2013-05-19 11:41    --------    d-----w-    c:\windows\wt
2013-05-19 11:40 . 2013-05-23 23:04    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2013-05-19 11:39 . 2013-05-19 11:39    --------    d-----w-    c:\program files\ScreenArt
2013-05-19 09:50 . 2013-05-19 09:50    --------    d-----w-    c:\program files\ESET
2013-05-18 23:44 . 2013-05-18 23:44    --------    d-----w-    c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2013-05-18 23:41 . 2013-05-18 23:41    --------    d-----w-    c:\documents and settings\Administrator\IETldCache
2013-05-18 15:17 . 2013-05-18 15:17    --------    d-----w-    c:\documents and settings\All Users\Application Data\Anvisoft
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-27 22:50 . 2012-03-30 20:34    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-27 22:50 . 2011-05-15 19:45    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-04 09:35 . 2013-04-21 13:03    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2009-04-01 02:47 . 2013-05-19 13:30    324976    ----a-w-    c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-28 8466432]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 2.lnk]
backup=c:\windows\pss\Device Detector 2.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminder.lnk]
backup=c:\windows\pss\Event Planner Reminder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hawking Wireless Utility.lnk]
backup=c:\windows\pss\Hawking Wireless Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^BounceBack Launcher.lnk]
backup=c:\windows\pss\BounceBack Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_roc_ssl_v12
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06    958576    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28    59240    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 00:17    207424    ----a-w-    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BYR_AGENT]
2012-12-09 18:43    392320    ----a-w-    c:\lgmobileupgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
2005-11-12 04:11    1064960    ------w-    c:\program files\DISC\DISCover.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
2005-11-12 04:10    61440    ------w-    c:\program files\DISC\DISCUpdateMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
2005-11-01 17:01    90112    ----a-w-    c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 04:56    64512    ----a-w-    c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24    54840    ----a-w-    c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2005-10-13 03:30    139264    ----a-w-    c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
2001-11-20 10:51    356352    ----a-w-    c:\program files\Belkin Mouse 1.0\Mouse32A.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-08-28 05:59    8466432    ------w-    c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-08-28 05:59    1626112    ------w-    c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-11-26 01:42    54672    ----a-w-    c:\program files\Olympus\OLYMPUS Master 2\FirstStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
2003-08-18 12:12    94208    ----a-w-    c:\program files\Visioneer OneTouch\OneTouchMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2005-07-23 06:14    237568    ----a-w-    c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 11:32    253816    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-12-02 22:44    296056    ----a-w-    c:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec RemoteAssist"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"Autodesk Licensing Service"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"BrowserProtect"=2 (0x2)
"TeamViewer8"=2 (0x2)
"vToolbarUpdater14.1.7"=2 (0x2)
"TrkWks"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"DM1Service"=2 (0x2)
"ACDaemon"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604010.00E\symds.sys [6/14/2013 4:21 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604010.00E\symefa.sys [6/14/2013 4:21 PM 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130531.001\BHDrvx86.sys [5/31/2013 5:15 PM 1002072]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0604010.00E\ccsetx86.sys [6/14/2013 4:21 PM 132768]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604010.00E\ironx86.sys [6/14/2013 4:21 PM 149624]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.4.1.14\ccsvchst.exe [6/14/2013 4:20 PM 138272]
R2 portD;ABS PortIO Service;c:\windows\system32\drivers\portd2k.sys [5/29/2007 4:41 PM 7296]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/14/2013 4:07 PM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130614.001\IDSXpx86.sys [6/14/2013 4:56 PM 373728]
S3 DYNPDI;DYNPDI;c:\docume~1\HP_ADM~1\LOCALS~1\Temp\DYNPDI.exe --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\DYNPDI.exe [?]
S3 GNDAREFJTQM;GNDAREFJTQM;c:\docume~1\HP_ADM~1\LOCALS~1\Temp\GNDAREFJTQM.exe --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\GNDAREFJTQM.exe [?]
S3 GT680xNT;Visioneer OneTouch 7300 Driver;c:\windows\system32\drivers\Gt680x.sys [1/27/2007 8:22 AM 17376]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [6/14/2013 4:18 PM 35144]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/27/2008 5:03 PM 174336]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [3/7/2006 5:15 PM 468768]
S3 ZD1211BU(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking);c:\windows\system32\drivers\ZD1211BU.sys [3/24/2009 6:04 PM 477696]
S3 ZD1211BU(SMC);802.11g Wireless USB2.0 Adapter Driver(SMC);c:\windows\system32\drivers\ZD1211BU.sys [3/24/2009 6:04 PM 477696]
S4 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2/12/2013 8:12 PM 3467768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-06-16 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-09-30 01:59]
.
2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-27 00:09]
.
2013-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-27 00:09]
.
2013-06-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1501619771-3458876312-4207465737-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2013-06-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1501619771-3458876312-4207465737-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = about:blank
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\p23rjd04.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - ExtSQL: 2013-06-14 16:08; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn
FF - ExtSQL: 2013-06-14 16:14; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn
FF - ExtSQL: 2013-06-15 22:39; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\p23rjd04.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: !HIDDEN! 2009-09-24 12:56; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil11c_Plugin.exe
MSConfigStartUp-QBCD Autorun - E:\autorun.exe
AddRemove-GENViewerLite_is1 - k:\gvlite\unins000.exe
AddRemove-nLite_is1 - k:\nlite\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-16 05:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.1.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1501619771-3458876312-4207465737-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_03f0&Pid_0b0c&MI_01&Col04\7&979c6be&0&0003\LogConf]
@DACL=(02 0000)
.
Completion time: 2013-06-16  05:48:58
ComboFix-quarantined-files.txt  2013-06-16 09:48
.
Pre-Run: 208,944,746,496 bytes free
Post-Run: 209,252,646,912 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C5472111846046FAD0EB0E1E4972BB01
8F558EB6672622401DA993E1E865C861
 

 



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 PM

Posted 16 June 2013 - 03:25 PM


Hello o_wanderer

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 o_wanderer

o_wanderer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:08 PM

Posted 16 June 2013 - 08:42 PM

Hello again, Gringo - and thank you for working on this problem with me.

 

I followed your instructions. Afterward, I ran another Norton 360 scan. Says Boot.Pihar is there. Also, I am still getting this KBD.exe error. Never had that until the past few days. Everything else seems to run okay, though.

 

Here are the results from the programs run:

 

19:38:39.0859 4076  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:38:42.0140 4076  ============================================================
19:38:42.0140 4076  Current date / time: 2013/06/16 19:38:42.0140
19:38:42.0140 4076  SystemInfo:
19:38:42.0140 4076  
19:38:42.0140 4076  OS Version: 5.1.2600 ServicePack: 3.0
19:38:42.0140 4076  Product type: Workstation
19:38:42.0140 4076  ComputerName: BIGHOUSE
19:38:42.0140 4076  UserName: HP_Administrator
19:38:42.0140 4076  Windows directory: C:\WINDOWS
19:38:42.0140 4076  System windows directory: C:\WINDOWS
19:38:42.0140 4076  Processor architecture: Intel x86
19:38:42.0140 4076  Number of processors: 2
19:38:42.0140 4076  Page size: 0x1000
19:38:42.0140 4076  Boot type: Normal boot
19:38:42.0140 4076  ============================================================
19:39:33.0062 4076  BG loaded
19:39:33.0703 4076  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:39:33.0890 4076  ============================================================
19:39:33.0890 4076  \Device\Harddisk0\DR0:
19:39:33.0921 4076  MBR partitions:
19:39:33.0921 4076  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2430C7A4
19:39:33.0921 4076  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x243106A4, BlocksNum 0x111D01D
19:39:33.0921 4076  ============================================================
19:39:34.0281 4076  C: <-> \Device\Harddisk0\DR0\Partition1
19:39:34.0296 4076  D: <-> \Device\Harddisk0\DR0\Partition2
19:39:34.0296 4076  ============================================================
19:39:34.0296 4076  Initialize success
19:39:34.0296 4076  ============================================================
19:40:00.0296 1456  ============================================================
19:40:00.0296 1456  Scan started
19:40:00.0296 1456  Mode: Manual; SigCheck; TDLFS;
19:40:00.0296 1456  ============================================================
19:40:00.0421 1456  ================ Scan system memory ========================
19:40:00.0437 1456  System memory - ok
19:40:00.0437 1456  ================ Scan services =============================
19:40:00.0562 1456  Abiosdsk - ok
19:40:00.0562 1456  abp480n5 - ok
19:40:00.0687 1456  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
19:40:00.0984 1456  ACDaemon - ok
19:40:01.0031 1456  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:40:03.0671 1456  ACPI - ok
19:40:03.0718 1456  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
19:40:03.0937 1456  ACPIEC - ok
19:40:03.0953 1456  adpu160m - ok
19:40:03.0984 1456  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
19:40:04.0156 1456  aec - ok
19:40:04.0203 1456  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
19:40:04.0296 1456  AFD - ok
19:40:04.0296 1456  Aha154x - ok
19:40:04.0312 1456  aic78u2 - ok
19:40:04.0312 1456  aic78xx - ok
19:40:04.0343 1456  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
19:40:04.0515 1456  Alerter - ok
19:40:04.0546 1456  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
19:40:04.0640 1456  ALG - ok
19:40:04.0640 1456  AliIde - ok
19:40:04.0640 1456  amsint - ok
19:40:04.0703 1456  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
19:40:04.0796 1456  AppMgmt - ok
19:40:04.0859 1456  [ C413E2E549488A5F1969DECB5B03187A ] AR5416          C:\WINDOWS\system32\DRIVERS\athw.sys
19:40:05.0015 1456  AR5416 - ok
19:40:05.0078 1456  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:40:05.0234 1456  Arp1394 - ok
19:40:05.0234 1456  asc - ok
19:40:05.0234 1456  asc3350p - ok
19:40:05.0250 1456  asc3550 - ok
19:40:05.0375 1456  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:40:05.0421 1456  aspnet_state - ok
19:40:05.0453 1456  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:40:05.0625 1456  AsyncMac - ok
19:40:05.0656 1456  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
19:40:05.0843 1456  atapi - ok
19:40:05.0859 1456  Atdisk - ok
19:40:05.0921 1456  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:40:06.0093 1456  Atmarpc - ok
19:40:06.0140 1456  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
19:40:06.0296 1456  AudioSrv - ok
19:40:06.0343 1456  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
19:40:06.0515 1456  audstub - ok
19:40:06.0593 1456  [ 9F29157695EE58875B06724743CE9C42 ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
19:40:06.0625 1456  Autodesk Licensing Service - ok
19:40:06.0671 1456  [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt         C:\WINDOWS\System32\Drivers\BANTExt.sys
19:40:06.0687 1456  BANTExt ( UnsignedFile.Multi.Generic ) - warning
19:40:06.0687 1456  BANTExt - detected UnsignedFile.Multi.Generic (1)
19:40:06.0687 1456  [ 7270D070173B20AC9487EA16BB08B45F ] bb-run          C:\WINDOWS\system32\DRIVERS\bb-run.sys
19:40:06.0781 1456  bb-run - ok
19:40:06.0812 1456  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
19:40:06.0968 1456  Beep - ok
19:40:07.0218 1456  [ 6C6AC7CA8A034C15C52B35189BAD58EE ] BHDrvx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130531.001\BHDrvx86.sys
19:40:07.0265 1456  BHDrvx86 - ok
19:40:07.0312 1456  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
19:40:07.0640 1456  BITS - ok
19:40:07.0703 1456  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
19:40:07.0781 1456  Browser - ok
19:40:07.0875 1456  catchme - ok
19:40:07.0921 1456  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
19:40:08.0093 1456  cbidf2k - ok
19:40:08.0093 1456  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:40:08.0281 1456  CCDECODE - ok
19:40:08.0375 1456  [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_N360      C:\WINDOWS\system32\drivers\N360\0604010.00E\ccSetx86.sys
19:40:08.0421 1456  ccSet_N360 - ok
19:40:08.0421 1456  cd20xrnt - ok
19:40:08.0453 1456  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
19:40:08.0625 1456  Cdaudio - ok
19:40:08.0671 1456  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
19:40:08.0828 1456  Cdfs - ok
19:40:08.0843 1456  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:40:09.0000 1456  Cdrom - ok
19:40:09.0000 1456  Changer - ok
19:40:09.0062 1456  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
19:40:09.0218 1456  CiSvc - ok
19:40:09.0250 1456  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
19:40:09.0406 1456  ClipSrv - ok
19:40:09.0453 1456  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:40:09.0484 1456  clr_optimization_v2.0.50727_32 - ok
19:40:09.0562 1456  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:40:09.0578 1456  clr_optimization_v4.0.30319_32 - ok
19:40:09.0578 1456  CmdIde - ok
19:40:09.0593 1456  COMSysApp - ok
19:40:09.0593 1456  Cpqarray - ok
19:40:09.0656 1456  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
19:40:09.0812 1456  CryptSvc - ok
19:40:09.0828 1456  dac2w2k - ok
19:40:09.0828 1456  dac960nt - ok
19:40:09.0890 1456  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
19:40:09.0984 1456  DcomLaunch - ok
19:40:10.0031 1456  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
19:40:10.0203 1456  Dhcp - ok
19:40:10.0234 1456  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
19:40:10.0437 1456  Disk - ok
19:40:10.0546 1456  [ 0FD94E1B4FC9652286EEF4F811CA866D ] DM1Service      C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
19:40:10.0578 1456  DM1Service ( UnsignedFile.Multi.Generic ) - warning
19:40:10.0578 1456  DM1Service - detected UnsignedFile.Multi.Generic (1)
19:40:10.0578 1456  dmadmin - ok
19:40:10.0640 1456  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
19:40:10.0875 1456  dmboot - ok
19:40:10.0890 1456  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
19:40:11.0078 1456  dmio - ok
19:40:11.0109 1456  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
19:40:11.0281 1456  dmload - ok
19:40:11.0343 1456  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
19:40:11.0500 1456  dmserver - ok
19:40:11.0562 1456  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
19:40:11.0718 1456  DMusic - ok
19:40:11.0781 1456  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
19:40:11.0953 1456  Dnscache - ok
19:40:12.0109 1456  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
19:40:12.0421 1456  Dot3svc - ok
19:40:12.0421 1456  dpti2o - ok
19:40:12.0468 1456  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
19:40:12.0625 1456  drmkaud - ok
19:40:12.0703 1456  [ ABC654A2E8AFCF06C299BD990AFA13AA ] DSXUSB          C:\WINDOWS\system32\DRIVERS\DSXUSB.sys
19:40:12.0906 1456  DSXUSB ( UnsignedFile.Multi.Generic ) - warning
19:40:12.0906 1456  DSXUSB - detected UnsignedFile.Multi.Generic (1)
19:40:12.0906 1456  DYNPDI - ok
19:40:13.0015 1456  [ AC9CF17EE2AE003C98EB4F5336C38058 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:40:13.0046 1456  E100B - ok
19:40:13.0109 1456  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
19:40:13.0312 1456  EapHost - ok
19:40:13.0671 1456  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:40:13.0765 1456  eeCtrl - ok
19:40:13.0859 1456  [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr         C:\WINDOWS\eHome\ehRecvr.exe
19:40:14.0109 1456  ehRecvr - ok
19:40:14.0156 1456  [ A53243709439AC2A4C216B817F8D7411 ] ehSched         C:\WINDOWS\eHome\ehSched.exe
19:40:14.0375 1456  ehSched - ok
19:40:14.0437 1456  [ 1976FEDF6D7F87135C9B7F5CB4C8C868 ] ELacpi          C:\WINDOWS\system32\DRIVERS\ELacpi.sys
19:40:14.0468 1456  ELacpi - ok
19:40:14.0484 1456  [ AE65C02444907966378454138B9F99F0 ] ELhid           C:\WINDOWS\system32\DRIVERS\ELhid.sys
19:40:14.0515 1456  ELhid ( UnsignedFile.Multi.Generic ) - warning
19:40:14.0515 1456  ELhid - detected UnsignedFile.Multi.Generic (1)
19:40:14.0562 1456  [ E485C3BA1DADDEEF3E14FEA1E8FDA6E1 ] ELkbd           C:\WINDOWS\system32\DRIVERS\ELkbd.sys
19:40:14.0593 1456  ELkbd ( UnsignedFile.Multi.Generic ) - warning
19:40:14.0593 1456  ELkbd - detected UnsignedFile.Multi.Generic (1)
19:40:14.0640 1456  [ 0D87CB825ED6CB2EBCC147A10A42F1D6 ] ELmon           C:\WINDOWS\system32\DRIVERS\ELmon.sys
19:40:14.0671 1456  ELmon ( UnsignedFile.Multi.Generic ) - warning
19:40:14.0671 1456  ELmon - detected UnsignedFile.Multi.Generic (1)
19:40:14.0703 1456  [ A4ADD3847B67BACAB6FC851A2B60FDB3 ] ELmou           C:\WINDOWS\system32\DRIVERS\ELmou.sys
19:40:14.0718 1456  ELmou ( UnsignedFile.Multi.Generic ) - warning
19:40:14.0718 1456  ELmou - detected UnsignedFile.Multi.Generic (1)
19:40:14.0843 1456  [ D1DE16926C682DCD3D99AE5500CA5522 ] ELService       C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
19:40:14.0859 1456  ELService ( UnsignedFile.Multi.Generic ) - warning
19:40:14.0859 1456  ELService - detected UnsignedFile.Multi.Generic (1)
19:40:14.0953 1456  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:40:14.0968 1456  EraserUtilRebootDrv - ok
19:40:15.0015 1456  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
19:40:15.0203 1456  ERSvc - ok
19:40:15.0265 1456  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
19:40:15.0312 1456  Eventlog - ok
19:40:15.0390 1456  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
19:40:15.0484 1456  EventSystem - ok
19:40:15.0531 1456  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
19:40:15.0703 1456  Fastfat - ok
19:40:15.0796 1456  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:40:15.0921 1456  FastUserSwitchingCompatibility - ok
19:40:16.0000 1456  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
19:40:16.0203 1456  Fax - ok
19:40:16.0234 1456  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
19:40:16.0437 1456  Fdc - ok
19:40:16.0468 1456  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
19:40:16.0656 1456  Fips - ok
19:40:16.0687 1456  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
19:40:16.0859 1456  Flpydisk - ok
19:40:16.0890 1456  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
19:40:17.0093 1456  FltMgr - ok
19:40:17.0312 1456  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:40:17.0390 1456  FontCache3.0.0.0 - ok
19:40:17.0468 1456  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:40:17.0640 1456  Fs_Rec - ok
19:40:17.0718 1456  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:40:17.0937 1456  Ftdisk - ok
19:40:17.0968 1456  [ 22399D3CE5840C6082844679CCA5D2FC ] ftsata2         C:\WINDOWS\system32\DRIVERS\ftsata2.sys
19:40:18.0031 1456  ftsata2 - ok
19:40:18.0078 1456  [ 5AE3A887ECE5BBB72CFAB273C2FD1CFA ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:40:18.0109 1456  GEARAspiWDM - ok
19:40:18.0125 1456  GNDAREFJTQM - ok
19:40:18.0156 1456  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:40:18.0328 1456  Gpc - ok
19:40:18.0421 1456  [ 39272946CC027EE9717166876F913F51 ] GT680xNT        C:\WINDOWS\system32\drivers\gt680x.sys
19:40:18.0500 1456  GT680xNT - ok
19:40:18.0734 1456  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
19:40:18.0765 1456  gupdate - ok
19:40:18.0781 1456  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
19:40:18.0796 1456  gupdatem - ok
19:40:18.0875 1456  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:40:19.0000 1456  gusvc - ok
19:40:19.0062 1456  [ 41BBAD646A8C842BC30EF6745A4F6FF3 ] hcwPP2          C:\WINDOWS\system32\DRIVERS\hcwPP2.sys
19:40:19.0359 1456  hcwPP2 - ok
19:40:19.0453 1456  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:40:19.0640 1456  HDAudBus - ok
19:40:19.0828 1456  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:40:20.0078 1456  helpsvc - ok
19:40:20.0140 1456  [ BB1A6FB7D35A91E599973FA74A619056 ] HidIr           C:\WINDOWS\system32\DRIVERS\hidir.sys
19:40:20.0343 1456  HidIr - ok
19:40:20.0421 1456  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
19:40:20.0609 1456  HidServ - ok
19:40:20.0687 1456  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:40:20.0859 1456  HidUsb - ok
19:40:20.0968 1456  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
19:40:21.0171 1456  hkmsvc - ok
19:40:21.0187 1456  hpn - ok
19:40:21.0562 1456  [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
19:40:21.0671 1456  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
19:40:21.0671 1456  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
19:40:21.0750 1456  [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
19:40:21.0796 1456  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
19:40:21.0796 1456  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
19:40:21.0859 1456  [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:40:22.0828 1456  HPZid412 - ok
19:40:22.0859 1456  [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:40:22.0906 1456  HPZipr12 - ok
19:40:22.0937 1456  [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:40:23.0015 1456  HPZius12 - ok
19:40:23.0062 1456  [ 1F5C64B0C6B2E2F48735A77AE714CCB8 ] HSXHWBS2        C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
19:40:23.0187 1456  HSXHWBS2 - ok
19:40:23.0484 1456  [ A7F8C9228898A1E871D2AE7082F50AC3 ] HSX_DP          C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
19:40:23.0640 1456  HSX_DP - ok
19:40:23.0765 1456  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
19:40:23.0875 1456  HTTP - ok
19:40:23.0968 1456  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
19:40:24.0187 1456  HTTPFilter - ok
19:40:24.0187 1456  i2omgmt - ok
19:40:24.0187 1456  i2omp - ok
19:40:24.0218 1456  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:40:24.0406 1456  i8042prt - ok
19:40:24.0500 1456  [ 0B66A9A2137213075F753579E7D573A5 ] IAANTMon        C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
19:40:24.0546 1456  IAANTMon ( UnsignedFile.Multi.Generic ) - warning
19:40:24.0546 1456  IAANTMon - detected UnsignedFile.Multi.Generic (1)
19:40:24.0796 1456  [ 309C4D86D989FB1FCF64BD30DC81C51B ] iaStor          C:\WINDOWS\system32\DRIVERS\iaStor.sys
19:40:25.0140 1456  iaStor - ok
19:40:25.0359 1456  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:40:25.0500 1456  IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:40:25.0500 1456  IDriverT - detected UnsignedFile.Multi.Generic (1)
19:40:25.0921 1456  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:40:26.0890 1456  idsvc - ok
19:40:27.0156 1456  [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130614.001\IDSxpx86.sys
19:40:27.0218 1456  IDSxpx86 - ok
19:40:27.0312 1456  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
19:40:27.0546 1456  Imapi - ok
19:40:27.0640 1456  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
19:40:27.0843 1456  ImapiService - ok
19:40:27.0843 1456  ini910u - ok
19:40:28.0781 1456  [ 14B48553BE78472D2BD3A518658A1710 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:40:29.0968 1456  IntcAzAudAddService - ok
19:40:30.0000 1456  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
19:40:30.0156 1456  IntelIde - ok
19:40:30.0218 1456  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:40:30.0390 1456  intelppm - ok
19:40:30.0437 1456  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
19:40:30.0593 1456  Ip6Fw - ok
19:40:30.0609 1456  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:40:30.0796 1456  IpFilterDriver - ok
19:40:30.0796 1456  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:40:30.0968 1456  IpInIp - ok
19:40:30.0984 1456  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:40:31.0140 1456  IpNat - ok
19:40:31.0187 1456  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:40:31.0343 1456  IPSec - ok
19:40:31.0390 1456  [ B43B36B382AEA10861F7C7A37F9D4AE2 ] IrBus           C:\WINDOWS\system32\DRIVERS\IrBus.sys
19:40:31.0515 1456  IrBus - ok
19:40:31.0546 1456  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
19:40:31.0625 1456  IRENUM - ok
19:40:31.0640 1456  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:40:31.0781 1456  isapnp - ok
19:40:31.0921 1456  [ 5739F2821D49975CEDE6BF0153D0CF01 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
19:40:31.0953 1456  JavaQuickStarterService - ok
19:40:31.0968 1456  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:40:32.0156 1456  Kbdclass - ok
19:40:32.0203 1456  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:40:32.0343 1456  kbdhid - ok
19:40:32.0375 1456  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
19:40:32.0531 1456  kmixer - ok
19:40:32.0546 1456  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
19:40:32.0687 1456  KSecDD - ok
19:40:32.0734 1456  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
19:40:32.0812 1456  lanmanserver - ok
19:40:32.0875 1456  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:40:32.0953 1456  lanmanworkstation - ok
19:40:32.0953 1456  lbrtfdc - ok
19:40:33.0015 1456  [ 9696786759C4B43FA5C894747E893EA2 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:40:33.0031 1456  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:40:33.0031 1456  LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:40:33.0093 1456  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
19:40:33.0265 1456  LmHosts - ok
19:40:33.0312 1456  [ 3070246FBA35AA2E0C2251D55F5848F8 ] ltmodem5        C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
19:40:33.0406 1456  ltmodem5 - ok
19:40:33.0453 1456  [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon   C:\WINDOWS\system32\drivers\mbamchameleon.sys
19:40:33.0484 1456  mbamchameleon - ok
19:40:33.0578 1456  [ E6CB119EF2E148EAA1A247343550756E ] McciCMService   C:\Program Files\Common Files\Motive\McciCMService.exe
19:40:33.0609 1456  McciCMService ( UnsignedFile.Multi.Generic ) - warning
19:40:33.0609 1456  McciCMService - detected UnsignedFile.Multi.Generic (1)
19:40:33.0656 1456  [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc         C:\WINDOWS\ehome\mcrdsvc.exe
19:40:33.0687 1456  McrdSvc - ok
19:40:33.0765 1456  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:40:33.0781 1456  MDM - ok
19:40:33.0843 1456  [ E246A32C445056996074A397DA56E815 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:40:33.0859 1456  mdmxsdk - ok
19:40:33.0921 1456  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
19:40:34.0078 1456  Messenger - ok
19:40:34.0109 1456  [ B7521F69C0A9B29D356157229376FB21 ] MHN             C:\WINDOWS\System32\mhn.dll
19:40:34.0125 1456  MHN ( UnsignedFile.Multi.Generic ) - warning
19:40:34.0125 1456  MHN - detected UnsignedFile.Multi.Generic (1)
19:40:34.0140 1456  [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV          C:\WINDOWS\system32\DRIVERS\mhndrv.sys
19:40:34.0156 1456  MHNDRV ( UnsignedFile.Multi.Generic ) - warning
19:40:34.0156 1456  MHNDRV - detected UnsignedFile.Multi.Generic (1)
19:40:34.0187 1456  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
19:40:34.0328 1456  mnmdd - ok
19:40:34.0343 1456  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
19:40:34.0515 1456  mnmsrvc - ok
19:40:34.0531 1456  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
19:40:34.0687 1456  Modem - ok
19:40:34.0718 1456  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:40:34.0890 1456  Mouclass - ok
19:40:34.0921 1456  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:40:35.0078 1456  mouhid - ok
19:40:35.0125 1456  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
19:40:35.0281 1456  MountMgr - ok
19:40:35.0390 1456  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:40:35.0468 1456  MozillaMaintenance - ok
19:40:35.0468 1456  mraid35x - ok
19:40:35.0500 1456  [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50         C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
19:40:35.0546 1456  MREMP50 ( UnsignedFile.Multi.Generic ) - warning
19:40:35.0546 1456  MREMP50 - detected UnsignedFile.Multi.Generic (1)
19:40:35.0578 1456  [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50         C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
19:40:35.0609 1456  MRESP50 ( UnsignedFile.Multi.Generic ) - warning
19:40:35.0609 1456  MRESP50 - detected UnsignedFile.Multi.Generic (1)
19:40:35.0640 1456  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:40:35.0796 1456  MRxDAV - ok
19:40:35.0843 1456  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:40:35.0921 1456  MRxSmb - ok
19:40:35.0953 1456  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
19:40:36.0125 1456  Msfs - ok
19:40:36.0125 1456  MSIServer - ok
19:40:36.0171 1456  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:40:36.0296 1456  MSKSSRV - ok
19:40:36.0343 1456  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:40:36.0484 1456  MSPCLOCK - ok
19:40:36.0515 1456  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
19:40:36.0640 1456  MSPQM - ok
19:40:36.0656 1456  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:40:36.0796 1456  mssmbios - ok
19:40:36.0812 1456  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
19:40:36.0968 1456  MSTEE - ok
19:40:36.0984 1456  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
19:40:37.0046 1456  Mup - ok
19:40:37.0125 1456  [ F2840DBFE9322F35557219AE82CC4597 ] N360            C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
19:40:37.0140 1456  N360 - ok
19:40:37.0187 1456  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:40:37.0328 1456  NABTSFEC - ok
19:40:37.0390 1456  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
19:40:37.0562 1456  napagent - ok
19:40:37.0640 1456  [ CE2156DF796D41614AB60E68D107D573 ] NAVENG          C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130615.008\NAVENG.SYS
19:40:37.0671 1456  NAVENG - ok
19:40:37.0734 1456  [ 19CEB8F4EC8C800A53D0B67E658E0367 ] NAVEX15         C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130615.008\NAVEX15.SYS
19:40:37.0828 1456  NAVEX15 - ok
19:40:37.0859 1456  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
19:40:38.0046 1456  NDIS - ok
19:40:38.0078 1456  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:40:38.0218 1456  NdisIP - ok
19:40:38.0250 1456  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:40:38.0343 1456  NdisTapi - ok
19:40:38.0390 1456  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:40:38.0531 1456  Ndisuio - ok
19:40:38.0531 1456  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:40:38.0687 1456  NdisWan - ok
19:40:38.0734 1456  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
19:40:38.0875 1456  NDProxy - ok
19:40:38.0937 1456  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
19:40:38.0968 1456  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:40:38.0968 1456  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:40:39.0015 1456  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
19:40:39.0171 1456  NetBIOS - ok
19:40:39.0203 1456  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
19:40:39.0343 1456  NetBT - ok
19:40:39.0390 1456  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
19:40:39.0546 1456  NetDDE - ok
19:40:39.0562 1456  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
19:40:39.0687 1456  NetDDEdsdm - ok
19:40:39.0734 1456  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
19:40:39.0875 1456  Netlogon - ok
19:40:39.0937 1456  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
19:40:40.0078 1456  Netman - ok
19:40:40.0093 1456  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:40:40.0125 1456  NetTcpPortSharing - ok
19:40:40.0156 1456  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:40:40.0328 1456  NIC1394 - ok
19:40:40.0375 1456  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
19:40:40.0390 1456  Nla - ok
19:40:40.0421 1456  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
19:40:40.0562 1456  Npfs - ok
19:40:40.0593 1456  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
19:40:40.0781 1456  Ntfs - ok
19:40:40.0781 1456  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
19:40:40.0921 1456  NtLmSsp - ok
19:40:40.0953 1456  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
19:40:41.0109 1456  NtmsSvc - ok
19:40:41.0156 1456  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
19:40:41.0281 1456  Null - ok
19:40:41.0484 1456  [ FEE170F182D5167B6E06E490DD7B42D7 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:40:41.0796 1456  nv - ok
19:40:41.0828 1456  [ E534FBD8340B7C6C6A80589383430A53 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
19:40:41.0859 1456  NVSvc - ok
19:40:41.0921 1456  [ 0973C0C696780161F4526586D5EAC422 ] NWADI           C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
19:40:42.0062 1456  NWADI - ok
19:40:42.0078 1456  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:40:42.0234 1456  NwlnkFlt - ok
19:40:42.0265 1456  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:40:42.0406 1456  NwlnkFwd - ok
19:40:42.0484 1456  [ 65B471BB7E57C416A1E685EC07D4ABFA ] NWUSBModem      C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
19:40:42.0593 1456  NWUSBModem - ok
19:40:42.0640 1456  [ 65B471BB7E57C416A1E685EC07D4ABFA ] NWUSBPort       C:\WINDOWS\system32\DRIVERS\nwusbser.sys
19:40:42.0687 1456  NWUSBPort - ok
19:40:42.0734 1456  [ 65B471BB7E57C416A1E685EC07D4ABFA ] NWUSBPort2      C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
19:40:42.0781 1456  NWUSBPort2 - ok
19:40:42.0875 1456  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:40:42.0921 1456  odserv - ok
19:40:42.0953 1456  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:40:43.0109 1456  ohci1394 - ok
19:40:43.0140 1456  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:40:43.0156 1456  ose - ok
19:40:43.0312 1456  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:40:43.0593 1456  osppsvc - ok
19:40:43.0640 1456  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
19:40:43.0812 1456  Parport - ok
19:40:43.0812 1456  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
19:40:43.0968 1456  PartMgr - ok
19:40:44.0015 1456  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
19:40:44.0171 1456  ParVdm - ok
19:40:44.0171 1456  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
19:40:44.0359 1456  PCI - ok
19:40:44.0359 1456  PCIDump - ok
19:40:44.0375 1456  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
19:40:44.0531 1456  PCIIde - ok
19:40:44.0546 1456  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
19:40:44.0703 1456  Pcmcia - ok
19:40:44.0703 1456  PDCOMP - ok
19:40:44.0718 1456  PDFRAME - ok
19:40:44.0734 1456  PDRELI - ok
19:40:44.0734 1456  PDRFRAME - ok
19:40:44.0750 1456  perc2 - ok
19:40:44.0750 1456  perc2hib - ok
19:40:44.0781 1456  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
19:40:44.0828 1456  PlugPlay - ok
19:40:44.0890 1456  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
19:40:44.0921 1456  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:40:44.0921 1456  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:40:44.0953 1456  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
19:40:45.0078 1456  PolicyAgent - ok
19:40:45.0109 1456  [ 45BBBFA6CAF0B5166BE8ED726CC1D3F5 ] portD           C:\WINDOWS\system32\DRIVERS\portd2k.sys
19:40:45.0171 1456  portD ( UnsignedFile.Multi.Generic ) - warning
19:40:45.0171 1456  portD - detected UnsignedFile.Multi.Generic (1)
19:40:45.0187 1456  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:40:45.0359 1456  PptpMiniport - ok
19:40:45.0375 1456  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:40:45.0515 1456  ProtectedStorage - ok
19:40:45.0562 1456  [ 390C204CED3785609AB24E9C52054A84 ] Ps2             C:\WINDOWS\system32\DRIVERS\PS2.sys
19:40:45.0640 1456  Ps2 - ok
19:40:45.0640 1456  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
19:40:45.0796 1456  PSched - ok
19:40:45.0828 1456  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:40:45.0953 1456  Ptilink - ok
19:40:46.0000 1456  [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:40:46.0031 1456  PxHelp20 - ok
19:40:46.0031 1456  ql1080 - ok
19:40:46.0031 1456  Ql10wnt - ok
19:40:46.0046 1456  ql12160 - ok
19:40:46.0046 1456  ql1240 - ok
19:40:46.0046 1456  ql1280 - ok
19:40:46.0078 1456  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:40:46.0203 1456  RasAcd - ok
19:40:46.0234 1456  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
19:40:46.0406 1456  RasAuto - ok
19:40:46.0421 1456  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:40:46.0593 1456  Rasl2tp - ok
19:40:46.0640 1456  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
19:40:46.0781 1456  RasMan - ok
19:40:46.0812 1456  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:40:46.0984 1456  RasPppoe - ok
19:40:47.0015 1456  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
19:40:47.0171 1456  Raspti - ok
19:40:47.0187 1456  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:40:47.0343 1456  Rdbss - ok
19:40:47.0375 1456  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:40:47.0500 1456  RDPCDD - ok
19:40:47.0546 1456  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:40:47.0687 1456  rdpdr - ok
19:40:47.0734 1456  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
19:40:47.0875 1456  RDPWD - ok
19:40:47.0937 1456  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
19:40:48.0078 1456  RDSessMgr - ok
19:40:48.0109 1456  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
19:40:48.0250 1456  redbook - ok
19:40:48.0265 1456  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
19:40:48.0437 1456  RemoteAccess - ok
19:40:48.0484 1456  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
19:40:48.0625 1456  RemoteRegistry - ok
19:40:48.0625 1456  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
19:40:48.0765 1456  RpcLocator - ok
19:40:48.0828 1456  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
19:40:48.0875 1456  RpcSs - ok
19:40:48.0937 1456  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
19:40:49.0125 1456  RSVP - ok
19:40:49.0156 1456  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
19:40:49.0312 1456  rtl8139 - ok
19:40:49.0328 1456  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
19:40:49.0468 1456  SamSs - ok
19:40:49.0468 1456  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
19:40:49.0609 1456  SCardSvr - ok
19:40:49.0640 1456  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
19:40:49.0781 1456  Schedule - ok
19:40:49.0843 1456  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:40:49.0968 1456  Secdrv - ok
19:40:50.0000 1456  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
19:40:50.0156 1456  seclogon - ok
19:40:50.0171 1456  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
19:40:50.0296 1456  SENS - ok
19:40:50.0359 1456  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
19:40:50.0484 1456  Serial - ok
19:40:50.0531 1456  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
19:40:50.0687 1456  Sfloppy - ok
19:40:50.0703 1456  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
19:40:50.0890 1456  SharedAccess - ok
19:40:50.0921 1456  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:40:50.0953 1456  ShellHWDetection - ok
19:40:50.0968 1456  Simbad - ok
19:40:50.0984 1456  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:40:51.0109 1456  SLIP - ok
19:40:51.0234 1456  [ 4EF5EA44583C37383C289D4B8C354698 ] SMNDIS5         C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS
19:40:51.0250 1456  SMNDIS5 ( UnsignedFile.Multi.Generic ) - warning
19:40:51.0250 1456  SMNDIS5 - detected UnsignedFile.Multi.Generic (1)
19:40:51.0265 1456  Sparrow - ok
19:40:51.0312 1456  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
19:40:51.0468 1456  splitter - ok
19:40:51.0515 1456  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
19:40:51.0609 1456  Spooler - ok
19:40:51.0625 1456  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
19:40:51.0734 1456  sr - ok
19:40:51.0765 1456  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
19:40:51.0828 1456  srservice - ok
19:40:51.0921 1456  [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP           C:\WINDOWS\System32\Drivers\N360\0604010.00E\SRTSP.SYS
19:40:51.0984 1456  SRTSP - ok
19:40:52.0015 1456  [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX          C:\WINDOWS\system32\drivers\N360\0604010.00E\SRTSPX.SYS
19:40:52.0046 1456  SRTSPX - ok
19:40:52.0078 1456  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
19:40:52.0156 1456  Srv - ok
19:40:52.0203 1456  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
19:40:52.0281 1456  SSDPSRV - ok
19:40:52.0359 1456  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
19:40:52.0500 1456  stisvc - ok
19:40:52.0546 1456  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:40:52.0703 1456  streamip - ok
19:40:52.0734 1456  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
19:40:52.0875 1456  swenum - ok
19:40:52.0906 1456  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
19:40:53.0046 1456  swmidi - ok
19:40:53.0046 1456  SwPrv - ok
19:40:53.0062 1456  symc810 - ok
19:40:53.0062 1456  symc8xx - ok
19:40:53.0093 1456  [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS           C:\WINDOWS\system32\drivers\N360\0604010.00E\SYMDS.SYS
19:40:53.0140 1456  SymDS - ok
19:40:53.0187 1456  [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA          C:\WINDOWS\system32\drivers\N360\0604010.00E\SYMEFA.SYS
19:40:53.0265 1456  SymEFA - ok
19:40:53.0312 1456  [ 74E2521E96176A4449570E50BE91954D ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
19:40:53.0343 1456  SymEvent - ok
19:40:53.0390 1456  [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON         C:\WINDOWS\system32\drivers\N360\0604010.00E\Ironx86.SYS
19:40:53.0406 1456  SymIRON - ok
19:40:53.0437 1456  [ 508BD882040F9CB12319E3A4FC78EDB9 ] SYMTDI          C:\WINDOWS\System32\Drivers\N360\0604010.00E\SYMTDI.SYS
19:40:53.0453 1456  SYMTDI - ok
19:40:53.0468 1456  sym_hi - ok
19:40:53.0468 1456  sym_u3 - ok
19:40:53.0500 1456  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
19:40:53.0640 1456  sysaudio - ok
19:40:53.0656 1456  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
19:40:53.0796 1456  SysmonLog - ok
19:40:53.0828 1456  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
19:40:53.0968 1456  TapiSrv - ok
19:40:54.0031 1456  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:40:54.0046 1456  Tcpip - ok
19:40:54.0078 1456  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
19:40:54.0218 1456  TDPIPE - ok
19:40:54.0250 1456  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
19:40:54.0375 1456  TDTCP - ok
19:40:54.0578 1456  [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8     C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
19:40:54.0859 1456  TeamViewer8 - ok
19:40:54.0890 1456  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
19:40:55.0046 1456  TermDD - ok
19:40:55.0109 1456  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
19:40:55.0250 1456  TermService - ok
19:40:55.0265 1456  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
19:40:55.0296 1456  Themes - ok
19:40:55.0343 1456  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
19:40:55.0437 1456  TlntSvr - ok
19:40:55.0437 1456  TosIde - ok
19:40:55.0484 1456  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
19:40:55.0609 1456  TrkWks - ok
19:40:55.0640 1456  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
19:40:55.0796 1456  Udfs - ok
19:40:55.0796 1456  ultra - ok
19:40:55.0843 1456  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
19:40:55.0984 1456  Update - ok
19:40:56.0015 1456  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
19:40:56.0125 1456  upnphost - ok
19:40:56.0156 1456  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
19:40:56.0281 1456  UPS - ok
19:40:56.0343 1456  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
19:40:56.0468 1456  usbaudio - ok
19:40:56.0515 1456  [ AF9388E736AF0C325067F05EDC350010 ] usbbus          C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
19:40:56.0609 1456  usbbus - ok
19:40:56.0640 1456  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:40:56.0796 1456  usbccgp - ok
19:40:56.0843 1456  [ AE30EA96E60E823C7B525DA356283AE8 ] UsbDiag         C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
19:40:56.0859 1456  UsbDiag - ok
19:40:56.0875 1456  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:40:57.0031 1456  usbehci - ok
19:40:57.0062 1456  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:40:57.0203 1456  usbhub - ok
19:40:57.0234 1456  [ 46AC66DF3D6EFE81F69BEA823A53AAB5 ] USBModem        C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
19:40:57.0281 1456  USBModem - ok
19:40:57.0343 1456  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:40:57.0468 1456  usbprint - ok
19:40:57.0500 1456  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:40:57.0640 1456  usbscan - ok
19:40:57.0656 1456  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:40:57.0781 1456  usbstor - ok
19:40:57.0812 1456  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:40:57.0968 1456  usbuhci - ok
19:40:58.0000 1456  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
19:40:58.0156 1456  VgaSave - ok
19:40:58.0187 1456  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
19:40:58.0343 1456  ViaIde - ok
19:40:58.0343 1456  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
19:40:58.0484 1456  VolSnap - ok
19:40:58.0531 1456  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
19:40:58.0625 1456  VSS - ok
19:40:58.0656 1456  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
19:40:58.0781 1456  W32Time - ok
19:40:58.0812 1456  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:40:58.0968 1456  Wanarp - ok
19:40:58.0984 1456  WDICA - ok
19:40:59.0000 1456  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
19:40:59.0140 1456  wdmaud - ok
19:40:59.0187 1456  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
19:40:59.0343 1456  WebClient - ok
19:40:59.0375 1456  [ 11EC1AFCEB5C917CE73D3C301FF4291E ] winachsx        C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
19:40:59.0500 1456  winachsx - ok
19:40:59.0609 1456  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
19:40:59.0734 1456  winmgmt - ok
19:40:59.0812 1456  [ 18F347402DA544A780949B8FDF83351B ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
19:41:00.0015 1456  WinRM - ok
19:41:00.0046 1456  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
19:41:00.0203 1456  WmdmPmSN - ok
19:41:00.0250 1456  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
19:41:00.0281 1456  Wmi - ok
19:41:00.0328 1456  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:41:00.0468 1456  WmiApSrv - ok
19:41:00.0531 1456  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
19:41:00.0656 1456  WMPNetworkSvc - ok
19:41:00.0718 1456  [ B72D232E46FF5EE2BD8F61498B748DF7 ] WN5301          C:\WINDOWS\system32\DRIVERS\wn5301.sys
19:41:00.0812 1456  WN5301 - ok
19:41:00.0843 1456  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:41:00.0890 1456  WpdUsb - ok
19:41:01.0031 1456  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:41:01.0078 1456  WPFFontCache_v0400 - ok
19:41:01.0109 1456  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:41:01.0265 1456  WS2IFSL - ok
19:41:01.0312 1456  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
19:41:01.0453 1456  wscsvc - ok
19:41:01.0484 1456  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:41:01.0640 1456  WSTCODEC - ok
19:41:01.0687 1456  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
19:41:01.0828 1456  wuauserv - ok
19:41:01.0890 1456  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:41:02.0000 1456  WudfPf - ok
19:41:02.0046 1456  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:41:02.0062 1456  WudfRd - ok
19:41:02.0125 1456  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
19:41:02.0140 1456  WudfSvc - ok
19:41:02.0218 1456  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
19:41:02.0406 1456  WZCSVC - ok
19:41:02.0453 1456  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
19:41:02.0625 1456  xmlprov - ok
19:41:02.0687 1456  [ 154FE6A5A608CD725266877901E883C2 ] ZD1211BU(Hawking) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
19:41:02.0812 1456  ZD1211BU(Hawking) - ok
19:41:02.0843 1456  [ 154FE6A5A608CD725266877901E883C2 ] ZD1211BU(SMC)   C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
19:41:02.0875 1456  ZD1211BU(SMC) - ok
19:41:02.0921 1456  [ 00AE175B903D45ED4A62384D3315DC2A ] ZDPSp50         C:\WINDOWS\system32\Drivers\ZDPSp50.sys
19:41:02.0968 1456  ZDPSp50 ( UnsignedFile.Multi.Generic ) - warning
19:41:02.0968 1456  ZDPSp50 - detected UnsignedFile.Multi.Generic (1)
19:41:02.0984 1456  ================ Scan global ===============================
19:41:03.0046 1456  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:41:03.0093 1456  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:41:03.0109 1456  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:41:03.0140 1456  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:41:03.0140 1456  [Global] - ok
19:41:03.0140 1456  ================ Scan MBR ==================================
19:41:03.0156 1456  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:41:03.0390 1456  \Device\Harddisk0\DR0 - ok
19:41:03.0390 1456  ================ Scan VBR ==================================
19:41:03.0390 1456  [ 04434CD783C05D3B501FB265417DB182 ] \Device\Harddisk0\DR0\Partition1
19:41:03.0390 1456  \Device\Harddisk0\DR0\Partition1 - ok
19:41:03.0406 1456  [ EF91DA3EDC81EA8D43C2958B12883865 ] \Device\Harddisk0\DR0\Partition2
19:41:03.0406 1456  \Device\Harddisk0\DR0\Partition2 - ok
19:41:03.0406 1456  ================ Scan active images ========================
19:41:03.0406 1456  [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
19:41:03.0406 1456  C:\WINDOWS\system32\drivers\intelppm.sys - ok
19:41:03.0406 1456  [ 45BBBFA6CAF0B5166BE8ED726CC1D3F5 ] C:\WINDOWS\system32\drivers\portd2k.sys
19:41:03.0406 1456  C:\WINDOWS\system32\drivers\portd2k.sys - ok
19:41:03.0421 1456  [ 1976FEDF6D7F87135C9B7F5CB4C8C868 ] C:\WINDOWS\system32\drivers\ELacpi.sys
19:41:03.0421 1456  C:\WINDOWS\system32\drivers\ELacpi.sys - ok
19:41:03.0421 1456  [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
19:41:03.0421 1456  C:\WINDOWS\system32\drivers\videoprt.sys - ok
19:41:03.0421 1456  [ FEE170F182D5167B6E06E490DD7B42D7 ] C:\WINDOWS\system32\drivers\nv4_mini.sys
19:41:03.0421 1456  C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
19:41:03.0421 1456  [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
19:41:03.0421 1456  C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
19:41:03.0437 1456  [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
19:41:03.0437 1456  C:\WINDOWS\system32\drivers\usbport.sys - ok
19:41:03.0437 1456  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
19:41:03.0437 1456  C:\WINDOWS\system32\drivers\usbuhci.sys - ok
19:41:03.0437 1456  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
19:41:03.0437 1456  C:\WINDOWS\system32\drivers\usbehci.sys - ok
19:41:03.0437 1456  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] C:\WINDOWS\system32\drivers\nic1394.sys
19:41:03.0437 1456  C:\WINDOWS\system32\drivers\nic1394.sys - ok
19:41:03.0453 1456  [ C413E2E549488A5F1969DECB5B03187A ] C:\WINDOWS\system32\drivers\athw.sys
19:41:03.0453 1456  C:\WINDOWS\system32\drivers\athw.sys - ok
19:41:03.0453 1456  [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
19:41:03.0453 1456  C:\WINDOWS\system32\drivers\ks.sys - ok
19:41:03.0453 1456  [ 41BBAD646A8C842BC30EF6745A4F6FF3 ] C:\WINDOWS\system32\drivers\hcwPP2.sys
19:41:03.0453 1456  C:\WINDOWS\system32\drivers\hcwPP2.sys - ok
19:41:03.0453 1456  [ 3070246FBA35AA2E0C2251D55F5848F8 ] C:\WINDOWS\system32\drivers\ltmdmnt.sys
19:41:03.0453 1456  C:\WINDOWS\system32\drivers\ltmdmnt.sys - ok
19:41:03.0468 1456  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] C:\WINDOWS\system32\drivers\modem.sys
19:41:03.0468 1456  C:\WINDOWS\system32\drivers\modem.sys - ok
19:41:03.0468 1456  [ AC9CF17EE2AE003C98EB4F5336C38058 ] C:\WINDOWS\system32\drivers\e100b325.sys
19:41:03.0468 1456  C:\WINDOWS\system32\drivers\e100b325.sys - ok
19:41:03.0468 1456  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
19:41:03.0468 1456  C:\WINDOWS\system32\drivers\parport.sys - ok
19:41:03.0468 1456  [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
19:41:03.0468 1456  C:\WINDOWS\system32\drivers\imapi.sys - ok
19:41:03.0468 1456  [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
19:41:03.0468 1456  C:\WINDOWS\system32\drivers\audstub.sys - ok
19:41:03.0484 1456  [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
19:41:03.0484 1456  C:\WINDOWS\system32\drivers\cdrom.sys - ok
19:41:03.0484 1456  [ 5AE3A887ECE5BBB72CFAB273C2FD1CFA ] C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
19:41:03.0484 1456  C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - ok
19:41:03.0484 1456  [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
19:41:03.0484 1456  C:\WINDOWS\system32\drivers\redbook.sys - ok
19:41:03.0484 1456  [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
19:41:03.0484 1456  C:\WINDOWS\system32\drivers\ndistapi.sys - ok
19:41:03.0500 1456  [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
19:41:03.0500 1456  C:\WINDOWS\system32\drivers\ndiswan.sys - ok
19:41:03.0500 1456  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
19:41:03.0500 1456  C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
19:41:03.0500 1456  [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
19:41:03.0500 1456  C:\WINDOWS\system32\drivers\raspppoe.sys - ok
19:41:03.0500 1456  [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
19:41:03.0500 1456  C:\WINDOWS\system32\drivers\tdi.sys - ok
19:41:03.0515 1456  [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
19:41:03.0515 1456  C:\WINDOWS\system32\drivers\psched.sys - ok
19:41:03.0515 1456  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
19:41:03.0515 1456  C:\WINDOWS\system32\drivers\raspptp.sys - ok
19:41:03.0515 1456  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
19:41:03.0515 1456  C:\WINDOWS\system32\drivers\msgpc.sys - ok
19:41:03.0515 1456  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
19:41:03.0515 1456  C:\WINDOWS\system32\drivers\ptilink.sys - ok
19:41:03.0531 1456  [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
19:41:03.0531 1456  C:\WINDOWS\system32\drivers\raspti.sys - ok
19:41:03.0531 1456  [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
19:41:03.0531 1456  C:\WINDOWS\system32\drivers\rdpdr.sys - ok
19:41:03.0531 1456  [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
19:41:03.0531 1456  C:\WINDOWS\system32\drivers\kbdclass.sys - ok
19:41:03.0531 1456  [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
19:41:03.0531 1456  C:\WINDOWS\system32\drivers\mouclass.sys - ok
19:41:03.0546 1456  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
19:41:03.0546 1456  C:\WINDOWS\system32\drivers\swenum.sys - ok
19:41:03.0546 1456  [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
19:41:03.0546 1456  C:\WINDOWS\system32\drivers\termdd.sys - ok
19:41:03.0546 1456  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
19:41:03.0546 1456  C:\WINDOWS\system32\drivers\update.sys - ok
19:41:03.0546 1456  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
19:41:03.0546 1456  C:\WINDOWS\system32\drivers\mssmbios.sys - ok
19:41:03.0562 1456  [ 0973C0C696780161F4526586D5EAC422 ] C:\WINDOWS\system32\drivers\NWADIenum.sys
19:41:03.0562 1456  C:\WINDOWS\system32\drivers\NWADIenum.sys - ok
19:41:03.0562 1456  [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
19:41:03.0562 1456  C:\WINDOWS\system32\drivers\ndproxy.sys - ok
19:41:03.0562 1456  [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
19:41:03.0562 1456  C:\WINDOWS\system32\drivers\drmk.sys - ok
19:41:03.0562 1456  [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
19:41:03.0562 1456  C:\WINDOWS\system32\drivers\portcls.sys - ok
19:41:03.0578 1456  [ 14B48553BE78472D2BD3A518658A1710 ] C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:41:03.0578 1456  C:\WINDOWS\system32\drivers\RtkHDAud.sys - ok
19:41:03.0578 1456  [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
19:41:03.0578 1456  C:\WINDOWS\system32\drivers\usbd.sys - ok
19:41:03.0578 1456  [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
19:41:03.0578 1456  C:\WINDOWS\system32\drivers\usbhub.sys - ok
19:41:03.0578 1456  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
19:41:03.0578 1456  C:\WINDOWS\system32\drivers\fdc.sys - ok
19:41:03.0578 1456  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
19:41:03.0578 1456  C:\WINDOWS\system32\drivers\flpydisk.sys - ok
19:41:03.0593 1456  [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
19:41:03.0593 1456  C:\WINDOWS\system32\drivers\sfloppy.sys - ok
19:41:03.0593 1456  [ ACE85AF1C31F68BDFEE9333F6592917E ] C:\WINDOWS\system32\drivers\N360\0604010.00E\ccsetx86.sys
19:41:03.0593 1456  C:\WINDOWS\system32\drivers\N360\0604010.00E\ccsetx86.sys - ok
19:41:03.0593 1456  [ 7BB297CADA42903328E92425D9761DA6 ] C:\WINDOWS\system32\drivers\N360\0604010.00E\srtsp.sys
19:41:03.0593 1456  C:\WINDOWS\system32\drivers\N360\0604010.00E\srtsp.sys - ok
19:41:03.0593 1456  [ 2C356CCA706505CF63CBE39D532B9236 ] C:\WINDOWS\system32\drivers\N360\0604010.00E\ironx86.sys
19:41:03.0593 1456  C:\WINDOWS\system32\drivers\N360\0604010.00E\ironx86.sys - ok
19:41:03.0609 1456  [ 475FCF0F28D845BF1C8ABAC27F19003E ] C:\WINDOWS\system32\drivers\N360\0604010.00E\srtspx.sys
19:41:03.0609 1456  C:\WINDOWS\system32\drivers\N360\0604010.00E\srtspx.sys - ok
19:41:03.0609 1456  [ 74E2521E96176A4449570E50BE91954D ] C:\WINDOWS\system32\drivers\SYMEVENT.SYS
19:41:03.0609 1456  C:\WINDOWS\system32\drivers\SYMEVENT.SYS - ok
19:41:03.0609 1456  [ 19CEB8F4EC8C800A53D0B67E658E0367 ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130615.008\NAVEX15.SYS
19:41:03.0609 1456  C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130615.008\NAVEX15.SYS - ok
19:41:03.0609 1456  [ CE2156DF796D41614AB60E68D107D573 ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130615.008\NAVENG.SYS
19:41:03.0609 1456  C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130615.008\NAVENG.SYS - ok
19:41:03.0625 1456  [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
19:41:03.0625 1456  C:\WINDOWS\system32\drivers\usbccgp.sys - ok
19:41:03.0625 1456  [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
19:41:03.0625 1456  C:\WINDOWS\system32\drivers\cdaudio.sys - ok
19:41:03.0625 1456  [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
19:41:03.0625 1456  C:\WINDOWS\system32\drivers\beep.sys - ok
19:41:03.0625 1456  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
19:41:03.0625 1456  C:\WINDOWS\system32\drivers\fs_rec.sys - ok
19:41:03.0640 1456  [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
19:41:03.0640 1456  C:\WINDOWS\system32\drivers\i8042prt.sys - ok
19:41:03.0640 1456  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
19:41:03.0640 1456  C:\WINDOWS\system32\drivers\null.sys - ok
19:41:03.0640 1456  [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
19:41:03.0640 1456  C:\WINDOWS\system32\drivers\hidparse.sys - ok
19:41:03.0640 1456  [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
19:41:03.0640 1456  C:\WINDOWS\system32\drivers\kbdhid.sys - ok
19:41:03.0656 1456  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
19:41:03.0656 1456  C:\WINDOWS\system32\drivers\mnmdd.sys - ok
19:41:03.0656 1456  [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
19:41:03.0656 1456  C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
19:41:03.0656 1456  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
19:41:03.0656 1456  C:\WINDOWS\system32\drivers\vga.sys - ok
19:41:03.0656 1456  [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
19:41:03.0656 1456  C:\WINDOWS\system32\drivers\msfs.sys - ok
19:41:03.0656 1456  [ A32426D9B14A089EAA1D922E0C5801A9 ] C:\WINDOWS\system32\drivers\usbstor.sys
19:41:03.0656 1456  C:\WINDOWS\system32\drivers\usbstor.sys - ok
19:41:03.0671 1456  [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
19:41:03.0671 1456  C:\WINDOWS\system32\drivers\npfs.sys - ok
19:41:03.0671 1456  [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
19:41:03.0671 1456  C:\WINDOWS\system32\drivers\ipsec.sys - ok
19:41:03.0671 1456  [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
19:41:03.0671 1456  C:\WINDOWS\system32\drivers\rasacd.sys - ok
19:41:03.0671 1456  [ 508BD882040F9CB12319E3A4FC78EDB9 ] C:\WINDOWS\system32\drivers\N360\0604010.00E\symtdi.sys
19:41:03.0671 1456  C:\WINDOWS\system32\drivers\N360\0604010.00E\symtdi.sys - ok
19:41:03.0687 1456  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
19:41:03.0687 1456  C:\WINDOWS\system32\drivers\tcpip.sys - ok
19:41:03.0687 1456  [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
19:41:03.0687 1456  C:\WINDOWS\system32\drivers\ipnat.sys - ok
19:41:03.0687 1456  [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
19:41:03.0687 1456  C:\WINDOWS\system32\drivers\wanarp.sys - ok
19:41:03.0687 1456  [ C19BF2A07BE972A110220DF6B1E89D14 ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130614.001\IDSXpx86.sys
19:41:03.0687 1456  C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130614.001\IDSXpx86.sys - ok
19:41:03.0703 1456  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
19:41:03.0703 1456  C:\WINDOWS\system32\drivers\netbt.sys - ok
19:41:03.0703 1456  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
19:41:03.0703 1456  C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
19:41:03.0703 1456  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
19:41:03.0703 1456  C:\WINDOWS\system32\drivers\afd.sys - ok
19:41:03.0703 1456  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
19:41:03.0703 1456  C:\WINDOWS\system32\drivers\netbios.sys - ok
19:41:03.0718 1456  [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
19:41:03.0718 1456  C:\WINDOWS\system32\drivers\rdbss.sys - ok
19:41:03.0718 1456  [ B5B8A80875C1DEDEDA8B02765642C32F ] C:\WINDOWS\system32\drivers\arp1394.sys
19:41:03.0718 1456  C:\WINDOWS\system32\drivers\arp1394.sys - ok
19:41:03.0718 1456  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
19:41:03.0718 1456  C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
19:41:03.0718 1456  [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
19:41:03.0718 1456  C:\WINDOWS\system32\drivers\fips.sys - ok
19:41:03.0734 1456  [ 0D87CB825ED6CB2EBCC147A10A42F1D6 ] C:\WINDOWS\system32\drivers\ELmon.sys
19:41:03.0734 1456  C:\WINDOWS\system32\drivers\ELmon.sys - ok
19:41:03.0734 1456  [ A4ADD3847B67BACAB6FC851A2B60FDB3 ] C:\WINDOWS\system32\drivers\ELmou.sys
19:41:03.0734 1456  C:\WINDOWS\system32\drivers\ELmou.sys - ok
19:41:03.0734 1456  [ E485C3BA1DADDEEF3E14FEA1E8FDA6E1 ] C:\WINDOWS\system32\drivers\ELkbd.sys
19:41:03.0734 1456  C:\WINDOWS\system32\drivers\ELkbd.sys - ok
19:41:03.0734 1456  [ 85B8B4032A895A746D46A288A9B30DED ] C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:41:03.0734 1456  C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys - ok
19:41:03.0750 1456  [ AE65C02444907966378454138B9F99F0 ] C:\WINDOWS\system32\drivers\ELhid.sys
19:41:03.0750 1456  C:\WINDOWS\system32\drivers\ELhid.sys - ok
19:41:03.0750 1456  [ 6C6AC7CA8A034C15C52B35189BAD58EE ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130531.001\BHDrvx86.sys
19:41:03.0750 1456  C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130531.001\BHDrvx86.sys - ok
19:41:03.0750 1456  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:41:03.0750 1456  C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys - ok
19:41:03.0750 1456  [ 5D7BE7B19E827125E016325334E58FF1 ] C:\WINDOWS\system32\drivers\BANTExt.sys
19:41:03.0750 1456  C:\WINDOWS\system32\drivers\BANTExt.sys - ok
19:41:03.0765 1456  [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
19:41:03.0765 1456  C:\WINDOWS\system32\smss.exe - ok
19:41:03.0765 1456  [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
19:41:03.0765 1456  C:\WINDOWS\system32\ntdll.dll - ok
19:41:03.0765 1456  [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
19:41:03.0765 1456  C:\WINDOWS\system32\autochk.exe - ok
19:41:03.0765 1456  [ 38D332A6D56AF32635675F132548343E ] C:\WINDOWS\system32\drivers\fastfat.sys
19:41:03.0765 1456  C:\WINDOWS\system32\drivers\fastfat.sys - ok
19:41:03.0781 1456  [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
19:41:03.0781 1456  C:\WINDOWS\system32\sfcfiles.dll - ok
19:41:03.0781 1456  [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
19:41:03.0781 1456  C:\WINDOWS\system32\drivers\hidclass.sys - ok
19:41:03.0781 1456  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
19:41:03.0781 1456  C:\WINDOWS\system32\drivers\hidusb.sys - ok
19:41:03.0781 1456  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] C:\WINDOWS\system32\drivers\usbscan.sys
19:41:03.0781 1456  C:\WINDOWS\system32\drivers\usbscan.sys - ok
19:41:03.0781 1456  [ A717C8721046828520C9EDF31288FC00 ] C:\WINDOWS\system32\drivers\usbprint.sys
19:41:03.0781 1456  C:\WINDOWS\system32\drivers\usbprint.sys - ok
19:41:03.0796 1456  [ ABCB05CCDBF03000354B9553820E39F8 ] C:\WINDOWS\system32\drivers\HPZius12.sys
19:41:03.0796 1456  C:\WINDOWS\system32\drivers\HPZius12.sys - ok
19:41:03.0796 1456  [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
19:41:03.0796 1456  C:\WINDOWS\system32\drivers\mouhid.sys - ok
19:41:03.0796 1456  [ D03D10F7DED688FECF50F8FBF1EA9B8A ] C:\WINDOWS\system32\drivers\HPZid412.sys
19:41:03.0796 1456  C:\WINDOWS\system32\drivers\HPZid412.sys - ok
19:41:03.0796 1456  [ 89F41658929393487B6B7D13C8528CE3 ] C:\WINDOWS\system32\drivers\HPZipr12.sys
19:41:03.0796 1456  C:\WINDOWS\system32\drivers\HPZipr12.sys - ok
19:41:03.0812 1456  [ 309C4D86D989FB1FCF64BD30DC81C51B ] C:\WINDOWS\system32\drivers\iaStor.sys
19:41:03.0812 1456  C:\WINDOWS\system32\drivers\iaStor.sys - ok
19:41:03.0812 1456  [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
19:41:03.0812 1456  C:\WINDOWS\system32\drivers\dxapi.sys - ok
19:41:03.0812 1456  [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
19:41:03.0812 1456  C:\WINDOWS\system32\watchdog.sys - ok
19:41:03.0812 1456  [ F984CAE54E536681B209F7816D8F68DA ] C:\WINDOWS\system32\win32k.sys
19:41:03.0812 1456  C:\WINDOWS\system32\win32k.sys - ok
19:41:03.0828 1456  [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
19:41:03.0828 1456  C:\WINDOWS\system32\csrss.exe - ok
19:41:03.0828 1456  [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
19:41:03.0828 1456  C:\WINDOWS\system32\csrsrv.dll - ok
19:41:03.0828 1456  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:41:03.0828 1456  C:\WINDOWS\system32\basesrv.dll - ok
19:41:03.0828 1456  [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
19:41:03.0828 1456  C:\WINDOWS\system32\gdi32.dll - ok
19:41:03.0843 1456  [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
19:41:03.0843 1456  C:\WINDOWS\system32\kernel32.dll - ok
19:41:03.0843 1456  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:41:03.0843 1456  C:\WINDOWS\system32\winsrv.dll - ok
19:41:03.0843 1456  [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
19:41:03.0843 1456  C:\WINDOWS\system32\user32.dll - ok
19:41:03.0843 1456  [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
19:41:03.0843 1456  C:\WINDOWS\system32\drivers\dxg.sys - ok
19:41:03.0859 1456  [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
19:41:03.0859 1456  C:\WINDOWS\system32\drivers\dxgthk.sys - ok
19:41:03.0859 1456  [ A02461CCDB93A59C6C3C1EFD74B4292B ] C:\WINDOWS\system32\nv4_disp.dll
19:41:03.0859 1456  C:\WINDOWS\system32\nv4_disp.dll - ok
19:41:03.0859 1456  [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
19:41:03.0859 1456  C:\WINDOWS\system32\vga.dll - ok
19:41:03.0859 1456  [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
19:41:03.0859 1456  C:\WINDOWS\system32\advapi32.dll - ok
19:41:03.0875 1456  [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
19:41:03.0875 1456  C:\WINDOWS\system32\winlogon.exe - ok
19:41:03.0875 1456  [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
19:41:03.0875 1456  C:\WINDOWS\system32\rpcrt4.dll - ok
19:41:03.0875 1456  [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
19:41:03.0875 1456  C:\WINDOWS\system32\secur32.dll - ok
19:41:03.0875 1456  [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
19:41:03.0875 1456  C:\WINDOWS\system32\authz.dll - ok
19:41:03.0890 1456  [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
19:41:03.0890 1456  C:\WINDOWS\system32\msvcrt.dll - ok
19:41:03.0890 1456  [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
19:41:03.0890 1456  C:\WINDOWS\system32\crypt32.dll - ok
19:41:03.0890 1456  [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
19:41:03.0890 1456  C:\WINDOWS\system32\msasn1.dll - ok
19:41:03.0890 1456  [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
19:41:03.0890 1456  C:\WINDOWS\system32\nddeapi.dll - ok
19:41:03.0906 1456  [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
19:41:03.0906 1456  C:\WINDOWS\system32\netapi32.dll - ok
19:41:03.0906 1456  [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
19:41:03.0906 1456  C:\WINDOWS\system32\profmap.dll - ok
19:41:03.0906 1456  [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
19:41:03.0906 1456  C:\WINDOWS\system32\userenv.dll - ok
19:41:03.0906 1456  [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
19:41:03.0906 1456  C:\WINDOWS\system32\psapi.dll - ok
19:41:03.0921 1456  [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
19:41:03.0921 1456  C:\WINDOWS\system32\regapi.dll - ok
19:41:03.0921 1456  [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
19:41:03.0921 1456  C:\WINDOWS\system32\setupapi.dll - ok
19:41:03.0921 1456  [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
19:41:03.0921 1456  C:\WINDOWS\system32\version.dll - ok
19:41:03.0921 1456  [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
19:41:03.0921 1456  C:\WINDOWS\system32\imagehlp.dll - ok
19:41:03.0921 1456  [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
19:41:03.0921 1456  C:\WINDOWS\system32\winsta.dll - ok
19:41:03.0937 1456  [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
19:41:03.0937 1456  C:\WINDOWS\system32\wintrust.dll - ok
19:41:03.0937 1456  [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
19:41:03.0937 1456  C:\WINDOWS\system32\imm32.dll - ok
19:41:03.0937 1456  [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
19:41:03.0937 1456  C:\WINDOWS\system32\ws2help.dll - ok
19:41:03.0937 1456  [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
19:41:03.0937 1456  C:\WINDOWS\system32\ws2_32.dll - ok
19:41:03.0953 1456  [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
19:41:03.0953 1456  C:\WINDOWS\system32\kbdus.dll - ok
19:41:03.0953 1456  [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
19:41:03.0953 1456  C:\WINDOWS\system32\msgina.dll - ok
19:41:03.0953 1456  [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
19:41:03.0953 1456  C:\WINDOWS\system32\comctl32.dll - ok
19:41:03.0953 1456  [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
19:41:03.0953 1456  C:\WINDOWS\system32\comdlg32.dll - ok
19:41:03.0968 1456  [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
19:41:03.0968 1456  C:\WINDOWS\system32\odbc32.dll - ok
19:41:03.0968 1456  [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
19:41:03.0968 1456  C:\WINDOWS\system32\shell32.dll - ok
19:41:03.0968 1456  [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
19:41:03.0968 1456  C:\WINDOWS\system32\shlwapi.dll - ok
19:41:03.0968 1456  [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
19:41:03.0968 1456  C:\WINDOWS\system32\sxs.dll - ok
19:41:03.0984 1456  [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
19:41:03.0984 1456  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
19:41:03.0984 1456  [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
19:41:03.0984 1456  C:\WINDOWS\system32\odbcint.dll - ok
19:41:03.0984 1456  [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
19:41:03.0984 1456  C:\WINDOWS\system32\shsvcs.dll - ok
19:41:03.0984 1456  [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
19:41:03.0984 1456  C:\WINDOWS\system32\ole32.dll - ok
19:41:04.0000 1456  [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
19:41:04.0000 1456  C:\WINDOWS\system32\sfc.dll - ok
19:41:04.0000 1456  [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
19:41:04.0000 1456  C:\WINDOWS\system32\sfc_os.dll - ok
19:41:04.0000 1456  [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
19:41:04.0000 1456  C:\WINDOWS\system32\apphelp.dll - ok
19:41:04.0000 1456  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:41:04.0000 1456  C:\WINDOWS\system32\services.exe - ok
19:41:04.0000 1456  [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
19:41:04.0000 1456  C:\WINDOWS\system32\lsasrv.dll - ok
19:41:04.0015 1456  [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
19:41:04.0015 1456  C:\WINDOWS\system32\lsass.exe - ok
19:41:04.0015 1456  [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
19:41:04.0015 1456  C:\WINDOWS\system32\ncobjapi.dll - ok
19:41:04.0015 1456  [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
19:41:04.0015 1456  C:\WINDOWS\system32\msvcp60.dll - ok
19:41:04.0015 1456  [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
19:41:04.0015 1456  C:\WINDOWS\system32\mpr.dll - ok
19:41:04.0031 1456  [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
19:41:04.0031 1456  C:\WINDOWS\system32\ntdsapi.dll - ok
19:41:04.0031 1456  [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
19:41:04.0031 1456  C:\WINDOWS\system32\scesrv.dll - ok
19:41:04.0031 1456  [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
19:41:04.0031 1456  C:\WINDOWS\system32\dnsapi.dll - ok
19:41:04.0031 1456  [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
19:41:04.0031 1456  C:\WINDOWS\system32\samlib.dll - ok
19:41:04.0046 1456  [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
19:41:04.0046 1456  C:\WINDOWS\system32\samsrv.dll - ok
19:41:04.0046 1456  [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
19:41:04.0046 1456  C:\WINDOWS\system32\shimeng.dll - ok
19:41:04.0046 1456  [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
19:41:04.0046 1456  C:\WINDOWS\system32\umpnpmgr.dll - ok
19:41:04.0046 1456  [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
19:41:04.0046 1456  C:\WINDOWS\system32\wldap32.dll - ok
19:41:04.0046 1456  [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
19:41:04.0046 1456  C:\WINDOWS\AppPatch\acadproc.dll - ok
19:41:04.0062 1456  [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
19:41:04.0062 1456  C:\WINDOWS\system32\cryptdll.dll - ok
19:41:04.0062 1456  [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
19:41:04.0062 1456  C:\WINDOWS\AppPatch\acgenral.dll - ok
19:41:04.0062 1456  [ 1B2BE5777F69A71778F52FFEE1C798D6 ] C:\WINDOWS\system32\oleaut32.dll
19:41:04.0062 1456  C:\WINDOWS\system32\oleaut32.dll - ok
19:41:04.0062 1456  [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
19:41:04.0062 1456  C:\WINDOWS\system32\winmm.dll - ok
19:41:04.0078 1456  [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
19:41:04.0078 1456  C:\WINDOWS\system32\msacm32.dll - ok
19:41:04.0078 1456  [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
19:41:04.0078 1456  C:\WINDOWS\system32\uxtheme.dll - ok
19:41:04.0078 1456  [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
19:41:04.0078 1456  C:\WINDOWS\system32\msapsspc.dll - ok
19:41:04.0078 1456  [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
19:41:04.0078 1456  C:\WINDOWS\system32\msvcrt40.dll - ok
19:41:04.0093 1456  [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
19:41:04.0093 1456  C:\WINDOWS\system32\schannel.dll - ok
19:41:04.0093 1456  [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
19:41:04.0093 1456  C:\WINDOWS\system32\digest.dll - ok
19:41:04.0093 1456  [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
19:41:04.0093 1456  C:\WINDOWS\system32\msnsspc.dll - ok
19:41:04.0093 1456  [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
19:41:04.0093 1456  C:\WINDOWS\system32\kerberos.dll - ok
19:41:04.0109 1456  [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime
19:41:04.0109 1456  C:\WINDOWS\system32\msctfime.ime - ok
19:41:04.0109 1456  [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
19:41:04.0109 1456  C:\WINDOWS\system32\msprivs.dll - ok
19:41:04.0109 1456  [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
19:41:04.0109 1456  C:\WINDOWS\system32\msv1_0.dll - ok
19:41:04.0109 1456  [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
19:41:04.0109 1456  C:\WINDOWS\system32\iphlpapi.dll - ok
19:41:04.0125 1456  [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
19:41:04.0125 1456  C:\WINDOWS\system32\netlogon.dll - ok
19:41:04.0125 1456  [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
19:41:04.0125 1456  C:\WINDOWS\system32\w32time.dll - ok
19:41:04.0125 1456  [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
19:41:04.0125 1456  C:\WINDOWS\system32\rsaenh.dll - ok
19:41:04.0125 1456  [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
19:41:04.0125 1456  C:\WINDOWS\system32\wdigest.dll - ok
19:41:04.0140 1456  [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
19:41:04.0140 1456  C:\WINDOWS\system32\winscard.dll - ok
19:41:04.0140 1456  [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
19:41:04.0140 1456  C:\WINDOWS\system32\wtsapi32.dll - ok
19:41:04.0140 1456  [ 8EE4626AC7FB3B98CAC9C42B38A8B112 ] C:\WINDOWS\system32\atmfd.dll
19:41:04.0140 1456  C:\WINDOWS\system32\atmfd.dll - ok
19:41:04.0140 1456  [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
19:41:04.0140 1456  C:\WINDOWS\system32\scecli.dll - ok
19:41:04.0140 1456  [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
19:41:04.0140 1456  C:\WINDOWS\system32\svchost.exe - ok
19:41:04.0156 1456  [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
19:41:04.0156 1456  C:\WINDOWS\system32\ntmarta.dll - ok
19:41:04.0156 1456  [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
19:41:04.0156 1456  C:\WINDOWS\system32\rpcss.dll - ok
19:41:04.0156 1456  [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
19:41:04.0156 1456  C:\WINDOWS\system32\eventlog.dll - ok
19:41:04.0156 1456  [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
19:41:04.0156 1456  C:\WINDOWS\system32\xpsp2res.dll - ok
19:41:04.0171 1456  [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
19:41:04.0171 1456  C:\WINDOWS\system32\logonui.exe - ok
19:41:04.0171 1456  [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
19:41:04.0171 1456  C:\WINDOWS\system32\mswsock.dll - ok
19:41:04.0171 1456  [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
19:41:04.0171 1456  C:\WINDOWS\system32\hnetcfg.dll - ok
19:41:04.0171 1456  [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
19:41:04.0171 1456  C:\WINDOWS\system32\duser.dll - ok
19:41:04.0187 1456  [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
19:41:04.0187 1456  C:\WINDOWS\system32\msimg32.dll - ok
19:41:04.0187 1456  [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
19:41:04.0187 1456  C:\WINDOWS\system32\wshtcpip.dll - ok
19:41:04.0187 1456  [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
19:41:04.0187 1456  C:\WINDOWS\system32\winrnr.dll - ok
19:41:04.0187 1456  [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
19:41:04.0187 1456  C:\WINDOWS\system32\oleacc.dll - ok
19:41:04.0203 1456  [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
19:41:04.0203 1456  C:\WINDOWS\system32\rasadhlp.dll - ok
19:41:04.0203 1456  [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
19:41:04.0203 1456  C:\WINDOWS\system32\cscdll.dll - ok
19:41:04.0203 1456  [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
19:41:04.0203 1456  C:\WINDOWS\system32\dimsntfy.dll - ok
19:41:04.0203 1456  [ 5CAF91E865FE0C85048A233E594544D2 ] C:\WINDOWS\system32\WudfPlatform.dll
19:41:04.0203 1456  C:\WINDOWS\system32\WudfPlatform.dll - ok
19:41:04.0218 1456  [ 05231C04253C5BC30B26CBAAE680ED89 ] C:\WINDOWS\system32\WudfSvc.dll
19:41:04.0218 1456  C:\WINDOWS\system32\WudfSvc.dll - ok
19:41:04.0218 1456  [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
19:41:04.0218 1456  C:\WINDOWS\system32\clbcatq.dll - ok
19:41:04.0218 1456  [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
19:41:04.0218 1456  C:\WINDOWS\system32\winspool.drv - ok
19:41:04.0218 1456  [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
19:41:04.0218 1456  C:\WINDOWS\system32\wlnotify.dll - ok
19:41:04.0218 1456  [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
19:41:04.0218 1456  C:\WINDOWS\system32\comres.dll - ok
19:41:04.0234 1456  [ D7DCFB4D0C58FFB569DE93E1681FD37A ] C:\WINDOWS\system32\WgaLogon.dll
19:41:04.0234 1456  C:\WINDOWS\system32\WgaLogon.dll - ok
19:41:04.0234 1456  [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
19:41:04.0234 1456  C:\WINDOWS\system32\drivers\ndisuio.sys - ok
19:41:04.0234 1456  [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
19:41:04.0234 1456  C:\WINDOWS\system32\msxml3.dll - ok
19:41:04.0234 1456  [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
19:41:04.0234 1456  C:\WINDOWS\system32\dhcpcsvc.dll - ok
19:41:04.0250 1456  [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
19:41:04.0250 1456  C:\WINDOWS\system32\shgina.dll - ok
19:41:04.0250 1456  [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
19:41:04.0250 1456  C:\WINDOWS\system32\dnsrslvr.dll - ok
19:41:04.0250 1456  [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
19:41:04.0250 1456  C:\WINDOWS\system32\cscui.dll - ok
19:41:04.0250 1456  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
19:41:04.0250 1456  C:\WINDOWS\system32\wzcsvc.dll - ok
19:41:04.0265 1456  [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
19:41:04.0265 1456  C:\WINDOWS\system32\lmhsvc.dll - ok
19:41:04.0265 1456  [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
19:41:04.0265 1456  C:\WINDOWS\system32\powrprof.dll - ok
19:41:04.0265 1456  [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
19:41:04.0265 1456  C:\WINDOWS\system32\eapolqec.dll - ok
19:41:04.0265 1456  [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
19:41:04.0265 1456  C:\WINDOWS\system32\rtutils.dll - ok
19:41:04.0281 1456  [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
19:41:04.0281 1456  C:\WINDOWS\system32\wmi.dll - ok
19:41:04.0281 1456  [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
19:41:04.0281 1456  C:\WINDOWS\system32\atl.dll - ok
19:41:04.0281 1456  [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
19:41:04.0281 1456  C:\WINDOWS\system32\dot3api.dll - ok
19:41:04.0296 1456  [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll
19:41:04.0296 1456  C:\WINDOWS\system32\dpcdll.dll - ok
19:41:04.0296 1456  [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
19:41:04.0296 1456  C:\WINDOWS\system32\esent.dll - ok
19:41:04.0296 1456  [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
19:41:04.0296 1456  C:\WINDOWS\system32\qutil.dll - ok
19:41:04.0296 1456  [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
19:41:04.0296 1456  C:\WINDOWS\system32\userinit.exe - ok
19:41:04.0312 1456  [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
19:41:04.0312 1456  C:\WINDOWS\system32\rastls.dll - ok
19:41:04.0312 1456  [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
19:41:04.0312 1456  C:\WINDOWS\system32\cryptui.dll - ok
19:41:04.0312 1456  [ 9AD88EA663124336E88EB031F917CE20 ] C:\WINDOWS\system32\wininet.dll
19:41:04.0312 1456  C:\WINDOWS\system32\wininet.dll - ok
19:41:04.0328 1456  [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
19:41:04.0328 1456  C:\WINDOWS\system32\normaliz.dll - ok
19:41:04.0328 1456  [ BCA608797A3E8EEC0094CD6D596D77D7 ] C:\WINDOWS\system32\urlmon.dll
19:41:04.0328 1456  C:\WINDOWS\system32\urlmon.dll - ok
19:41:04.0328 1456  [ 994B77915EA49A467CDA144806AE42D6 ] C:\WINDOWS\system32\iertutil.dll
19:41:04.0328 1456  C:\WINDOWS\system32\iertutil.dll - ok
19:41:04.0328 1456  [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
19:41:04.0343 1456  C:\WINDOWS\system32\mprapi.dll - ok
19:41:04.0343 1456  [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
19:41:04.0343 1456  C:\WINDOWS\system32\activeds.dll - ok
19:41:04.0343 1456  [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
19:41:04.0343 1456  C:\WINDOWS\system32\adsldpc.dll - ok
19:41:04.0343 1456  [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
19:41:04.0343 1456  C:\WINDOWS\system32\rasapi32.dll - ok
19:41:04.0359 1456  [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
19:41:04.0359 1456  C:\WINDOWS\system32\rasman.dll - ok
19:41:04.0359 1456  [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
19:41:04.0359 1456  C:\WINDOWS\system32\tapi32.dll - ok
19:41:04.0359 1456  [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
19:41:04.0359 1456  C:\WINDOWS\system32\riched20.dll - ok
19:41:04.0359 1456  [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
19:41:04.0359 1456  C:\WINDOWS\explorer.exe - ok
19:41:04.0375 1456  [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
19:41:04.0375 1456  C:\WINDOWS\system32\raschap.dll - ok
19:41:04.0375 1456  [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
19:41:04.0375 1456  C:\WINDOWS\system32\browseui.dll - ok
19:41:04.0375 1456  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
19:41:04.0375 1456  C:\WINDOWS\system32\netman.dll - ok
19:41:04.0390 1456  [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
19:41:04.0390 1456  C:\WINDOWS\system32\netshell.dll - ok
19:41:04.0390 1456  [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll
19:41:04.0390 1456  C:\WINDOWS\system32\shdocvw.dll - ok
19:41:04.0390 1456  [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
19:41:04.0390 1456  C:\WINDOWS\system32\credui.dll - ok
19:41:04.0406 1456  [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
19:41:04.0406 1456  C:\WINDOWS\system32\dot3dlg.dll - ok
19:41:04.0406 1456  [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
19:41:04.0406 1456  C:\WINDOWS\system32\onex.dll - ok
19:41:04.0406 1456  [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
19:41:04.0406 1456  C:\WINDOWS\system32\eappcfg.dll - ok
19:41:04.0406 1456  [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
19:41:04.0406 1456  C:\WINDOWS\system32\eappprxy.dll - ok
19:41:04.0421 1456  [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
19:41:04.0421 1456  C:\WINDOWS\system32\wzcsapi.dll - ok
19:41:04.0421 1456  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
19:41:04.0421 1456  C:\WINDOWS\system32\schedsvc.dll - ok
19:41:04.0421 1456  [ 36F5F5A17FB30AC2BA269B22FF34B79F ] C:\WINDOWS\system32\AcSignIcon.dll
19:41:04.0421 1456  C:\WINDOWS\system32\AcSignIcon.dll - ok
19:41:04.0437 1456  [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
19:41:04.0437 1456  C:\WINDOWS\system32\msidle.dll - ok
19:41:04.0437 1456  [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
19:41:04.0437 1456  C:\WINDOWS\system32\spoolsv.exe - ok
19:41:04.0437 1456  [ 01F4F946E9FED1F01E6DA191C94131A3 ] C:\Program Files\Norton 360\Engine\6.4.1.14\bushell.dll
19:41:04.0437 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\bushell.dll - ok
19:41:04.0437 1456  [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
19:41:04.0437 1456  C:\WINDOWS\system32\audiosrv.dll - ok
19:41:04.0453 1456  [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
19:41:04.0453 1456  C:\WINDOWS\system32\wkssvc.dll - ok
19:41:04.0453 1456  [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
19:41:04.0453 1456  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
19:41:04.0453 1456  [ B2EEE3DEE31F50E082E9C720A6D7757D ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
19:41:04.0453 1456  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll - ok
19:41:04.0453 1456  [ 7538050656FE5D63CB4B80349DD1CFE3 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
19:41:04.0453 1456  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll - ok
19:41:04.0468 1456  [ 4853FAA23868E66FD66DC81B8DD42333 ] C:\Program Files\Norton 360\Engine\6.4.1.14\ccl110u.dll
19:41:04.0468 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\ccl110u.dll - ok
19:41:04.0468 1456  [ 52364B2BBA5D1CB4E6A55076EB184D90 ] C:\Program Files\Norton 360\Engine\6.4.1.14\efacli.dll
19:41:04.0468 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\efacli.dll - ok
19:41:04.0468 1456  [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
19:41:04.0468 1456  C:\WINDOWS\system32\desk.cpl - ok
19:41:04.0468 1456  [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
19:41:04.0468 1456  C:\WINDOWS\system32\themeui.dll - ok
19:41:04.0468 1456  [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
19:41:04.0468 1456  C:\WINDOWS\system32\wdmaud.drv - ok
19:41:04.0484 1456  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
19:41:04.0484 1456  C:\WINDOWS\system32\drivers\sysaudio.sys - ok
19:41:04.0484 1456  [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
19:41:04.0484 1456  C:\WINDOWS\system32\drivers\wdmaud.sys - ok
19:41:04.0484 1456  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
19:41:04.0484 1456  C:\WINDOWS\system32\drivers\splitter.sys - ok
19:41:04.0484 1456  [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
19:41:04.0484 1456  C:\WINDOWS\system32\drivers\aec.sys - ok
19:41:04.0500 1456  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
19:41:04.0500 1456  C:\WINDOWS\system32\drivers\swmidi.sys - ok
19:41:04.0500 1456  [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
19:41:04.0500 1456  C:\WINDOWS\system32\drivers\dmusic.sys - ok
19:41:04.0500 1456  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
19:41:04.0500 1456  C:\WINDOWS\system32\drivers\drmkaud.sys - ok
19:41:04.0500 1456  [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
19:41:04.0500 1456  C:\WINDOWS\system32\drivers\kmixer.sys - ok
19:41:04.0515 1456  [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
19:41:04.0515 1456  C:\WINDOWS\system32\msacm32.drv - ok
19:41:04.0515 1456  [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
19:41:04.0515 1456  C:\WINDOWS\system32\midimap.dll - ok
19:41:04.0515 1456  [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
19:41:04.0515 1456  C:\WINDOWS\system32\drivers\cdfs.sys - ok
19:41:04.0515 1456  [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
19:41:04.0515 1456  C:\WINDOWS\system32\actxprxy.dll - ok
19:41:04.0531 1456  [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
19:41:04.0531 1456  C:\WINDOWS\system32\cmd.exe - ok
19:41:04.0531 1456  [ 903C8C110131B8A71501514B61A17761 ] C:\WINDOWS\system32\ieframe.dll
19:41:04.0531 1456  C:\WINDOWS\system32\ieframe.dll - ok
19:41:04.0531 1456  [ C10C57F42042781B9CE4F0F492B1D5C2 ] C:\Program Files\real\RealUpgrade\realupgrade.exe
19:41:04.0531 1456  C:\Program Files\real\RealUpgrade\realupgrade.exe - ok
19:41:04.0531 1456  [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files\Google\Update\GoogleUpdate.exe
19:41:04.0531 1456  C:\Program Files\Google\Update\GoogleUpdate.exe - ok
19:41:04.0546 1456  [ C4A230C8052A656198781572D81EA663 ] C:\Program Files\real\RealUpgrade\Common\hxmedpltfm.dll
19:41:04.0546 1456  C:\Program Files\real\RealUpgrade\Common\hxmedpltfm.dll - ok
19:41:04.0546 1456  [ 758D99511FD82B6C55E70494039E9F1A ] C:\Program Files\Google\Update\1.3.21.145\goopdate.dll
19:41:04.0546 1456  C:\Program Files\Google\Update\1.3.21.145\goopdate.dll - ok
19:41:04.0546 1456  [ 25A5E3E7E5544584EC04BF565954921D ] C:\Program Files\real\RealUpgrade\Plugins\upgrade.dll
19:41:04.0546 1456  C:\Program Files\real\RealUpgrade\Plugins\upgrade.dll - ok
19:41:04.0546 1456  [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
19:41:04.0546 1456  C:\WINDOWS\system32\msi.dll - ok
19:41:04.0546 1456  [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
19:41:04.0546 1456  C:\WINDOWS\system32\dbghelp.dll - ok
19:41:04.0562 1456  [ 76B35CB0F3A4E69D6DFF27F542B9F856 ] C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
19:41:04.0562 1456  C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe - ok
19:41:04.0562 1456  [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
19:41:04.0562 1456  C:\WINDOWS\system32\mstask.dll - ok
19:41:04.0562 1456  [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
19:41:04.0562 1456  C:\WINDOWS\system32\cryptnet.dll - ok
19:41:04.0562 1456  [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
19:41:04.0562 1456  C:\WINDOWS\system32\sensapi.dll - ok
19:41:04.0578 1456  [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
19:41:04.0578 1456  C:\WINDOWS\system32\winhttp.dll - ok
19:41:04.0578 1456  [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
19:41:04.0578 1456  C:\WINDOWS\system32\cabinet.dll - ok
19:41:04.0578 1456  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
19:41:04.0578 1456  C:\WINDOWS\system32\drivers\mrxdav.sys - ok
19:41:04.0578 1456  [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
19:41:04.0578 1456  C:\WINDOWS\system32\webclnt.dll - ok
19:41:04.0593 1456  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
19:41:04.0593 1456  C:\WINDOWS\system32\drivers\serial.sys - ok
19:41:04.0593 1456  [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:41:04.0593 1456  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
19:41:04.0593 1456  [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
19:41:04.0593 1456  C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
19:41:04.0593 1456  [ 128DD9AF8640DBCC711940903C8B554F ] C:\WINDOWS\system32\mscoree.dll
19:41:04.0593 1456  C:\WINDOWS\system32\mscoree.dll - ok
19:41:04.0609 1456  [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
19:41:04.0609 1456  C:\WINDOWS\system32\certcli.dll - ok
19:41:04.0609 1456  [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
19:41:04.0609 1456  C:\WINDOWS\system32\cryptsvc.dll - ok
19:41:04.0609 1456  [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
19:41:04.0609 1456  C:\WINDOWS\system32\dmserver.dll - ok
19:41:04.0609 1456  [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
19:41:04.0609 1456  C:\WINDOWS\system32\es.dll - ok
19:41:04.0625 1456  [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
19:41:04.0625 1456  C:\WINDOWS\system32\hid.dll - ok
19:41:04.0625 1456  [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
19:41:04.0625 1456  C:\WINDOWS\system32\hidserv.dll - ok
19:41:04.0625 1456  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
19:41:04.0625 1456  C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
19:41:04.0625 1456  [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
19:41:04.0625 1456  C:\WINDOWS\system32\drivers\http.sys - ok
19:41:04.0625 1456  [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
19:41:04.0625 1456  C:\WINDOWS\system32\ersvc.dll - ok
19:41:04.0640 1456  [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
19:41:04.0640 1456  C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll - ok
19:41:04.0640 1456  [ 159FAC880722B49645E056A558B03E26 ] C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll
19:41:04.0640 1456  C:\Program Files\HP\Digital Imaging\bin\hpqddcmn.dll - ok
19:41:04.0640 1456  [ 0B66A9A2137213075F753579E7D573A5 ] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
19:41:04.0640 1456  C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe - ok
19:41:04.0640 1456  [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
19:41:04.0640 1456  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
19:41:04.0656 1456  [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
19:41:04.0656 1456  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
19:41:04.0656 1456  [ 9696786759C4B43FA5C894747E893EA2 ] C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:41:04.0656 1456  C:\Program Files\Common Files\LightScribe\LSSrvc.exe - ok
19:41:04.0656 1456  [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
19:41:04.0656 1456  C:\WINDOWS\system32\netmsg.dll - ok
19:41:04.0656 1456  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
19:41:04.0656 1456  C:\WINDOWS\system32\srvsvc.dll - ok
19:41:04.0671 1456  [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\Common Files\LightScribe\msvcr71.dll
19:41:04.0671 1456  C:\Program Files\Common Files\LightScribe\msvcr71.dll - ok
19:41:04.0671 1456  [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files\Common Files\LightScribe\msvcp71.dll
19:41:04.0671 1456  C:\Program Files\Common Files\LightScribe\msvcp71.dll - ok
19:41:04.0671 1456  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
19:41:04.0671 1456  C:\WINDOWS\system32\drivers\srv.sys - ok
19:41:04.0671 1456  [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
19:41:04.0671 1456  C:\WINDOWS\system32\spoolss.dll - ok
19:41:04.0687 1456  [ E6CB119EF2E148EAA1A247343550756E ] C:\Program Files\Common Files\Motive\McciCMService.exe
19:41:04.0687 1456  C:\Program Files\Common Files\Motive\McciCMService.exe - ok
19:41:04.0687 1456  [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
19:41:04.0687 1456  C:\WINDOWS\system32\localspl.dll - ok
19:41:04.0687 1456  [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
19:41:04.0687 1456  C:\WINDOWS\system32\clusapi.dll - ok
19:41:04.0687 1456  [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
19:41:04.0687 1456  C:\WINDOWS\system32\cnbjmon.dll - ok
19:41:04.0687 1456  [ E0B83ADFB16D794A0D207FE119D03182 ] C:\WINDOWS\system32\HPTcpMon.dll
19:41:04.0687 1456  C:\WINDOWS\system32\HPTcpMon.dll - ok
19:41:04.0703 1456  [ 16FC2C309998C6D55C182652D6A1C5B1 ] C:\WINDOWS\system32\hpzjrd01.dll
19:41:04.0703 1456  C:\WINDOWS\system32\hpzjrd01.dll - ok
19:41:04.0703 1456  [ 36247C6D5E1FE03A56EE81BB99D7E68C ] C:\WINDOWS\system32\HPTcpMib.dll
19:41:04.0703 1456  C:\WINDOWS\system32\HPTcpMib.dll - ok
19:41:04.0703 1456  [ 5CC3838902A9257B79BD43F56D8B7275 ] C:\WINDOWS\system32\HPTcpMUI.dll
19:41:04.0703 1456  C:\WINDOWS\system32\HPTcpMUI.dll - ok
19:41:04.0718 1456  [ 4413857BF29BD093FA38994236E2B1B1 ] C:\WINDOWS\system32\hpf3l083.dll
19:41:04.0718 1456  C:\WINDOWS\system32\hpf3l083.dll - ok
19:41:04.0718 1456  [ AD41C5A368342111418DF7EEE8590D31 ] C:\WINDOWS\system32\hpzll3xu.dll
19:41:04.0718 1456  C:\WINDOWS\system32\hpzll3xu.dll - ok
19:41:04.0718 1456  [ 1E744353BD534405187A404667DA3DC3 ] C:\WINDOWS\system32\mgmtapi.dll
19:41:04.0718 1456  C:\WINDOWS\system32\mgmtapi.dll - ok
19:41:04.0718 1456  [ 5C1F0537E61F87B435F56E00B4F20EE8 ] C:\WINDOWS\system32\snmpapi.dll
19:41:04.0718 1456  C:\WINDOWS\system32\snmpapi.dll - ok
19:41:04.0718 1456  [ 277F3E3333F1D10CA428568197FCCE70 ] C:\WINDOWS\system32\wsnmp32.dll
19:41:04.0718 1456  C:\WINDOWS\system32\wsnmp32.dll - ok
19:41:04.0734 1456  [ BDB83C844EDEC9BD01A94750D2C38DDF ] C:\WINDOWS\system32\fxsevent.dll
19:41:04.0734 1456  C:\WINDOWS\system32\fxsevent.dll - ok
19:41:04.0734 1456  [ CC6292CA575E851E5B74BF8883AB967A ] C:\WINDOWS\system32\fxsmon.dll
19:41:04.0734 1456  C:\WINDOWS\system32\fxsmon.dll - ok
19:41:04.0734 1456  [ C52CE534397E1D3A442FB4C88A3CBE42 ] C:\WINDOWS\system32\msonpmon.dll
19:41:04.0734 1456  C:\WINDOWS\system32\msonpmon.dll - ok
19:41:04.0734 1456  [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
19:41:04.0734 1456  C:\WINDOWS\system32\pjlmon.dll - ok
19:41:04.0750 1456  [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
19:41:04.0750 1456  C:\WINDOWS\system32\tcpmon.dll - ok
19:41:04.0750 1456  [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
19:41:04.0750 1456  C:\WINDOWS\system32\usbmon.dll - ok
19:41:04.0750 1456  [ 6BDE4A2BD00C7F970330F74D978CD301 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp083.dll
19:41:04.0750 1456  C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp083.dll - ok
19:41:04.0750 1456  [ 6A1D1E976E0DF04BE66240B3C09566C8 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
19:41:04.0750 1456  C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll - ok
19:41:04.0765 1456  [ 063457262374B224226710D8DB74C37C ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
19:41:04.0765 1456  C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok
19:41:04.0765 1456  [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
19:41:04.0765 1456  C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
19:41:04.0765 1456  [ F348280907B38FDBDB3CEF55D456E149 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
19:41:04.0765 1456  C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll - ok
19:41:04.0765 1456  [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
19:41:04.0765 1456  C:\WINDOWS\system32\netrap.dll - ok
19:41:04.0781 1456  [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
19:41:04.0781 1456  C:\WINDOWS\system32\win32spl.dll - ok
19:41:04.0781 1456  [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
19:41:04.0781 1456  C:\WINDOWS\system32\inetpp.dll - ok
19:41:04.0781 1456  [ 11F714F85530A2BD134074DC30E99FCA ] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:41:04.0781 1456  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE - ok
19:41:04.0781 1456  [ E246A32C445056996074A397DA56E815 ] C:\WINDOWS\system32\drivers\mdmxsdk.sys
19:41:04.0781 1456  C:\WINDOWS\system32\drivers\mdmxsdk.sys - ok
19:41:04.0796 1456  [ F2840DBFE9322F35557219AE82CC4597 ] C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvchst.exe
19:41:04.0796 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvchst.exe - ok
19:41:04.0796 1456  [ 2257C98561EBAC594A8BB797970D6D54 ] C:\Program Files\Norton 360\Engine\6.4.1.14\ccvrtrst.dll
19:41:04.0796 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\ccvrtrst.dll - ok
19:41:04.0796 1456  [ 8B8EEDA3D4B9C32170918B4EB8EF023B ] C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvc.dll
19:41:04.0796 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvc.dll - ok
19:41:04.0796 1456  [ 65D64BB840ABF8AA317E1A56595C5E28 ] C:\Program Files\Norton 360\Engine\6.4.1.14\srtsp32.dll
19:41:04.0796 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\srtsp32.dll - ok
19:41:04.0796 1456  [ 79ED7408D94471522D5C34BA10BCC7B9 ] C:\Program Files\Norton 360\Engine\6.4.1.14\ccipc.dll
19:41:04.0796 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\ccipc.dll - ok
19:41:04.0812 1456  [ A081CB6FB9A12668F233EB5414BE3A0E ] C:\WINDOWS\system32\HPZinw12.dll
19:41:04.0812 1456  C:\WINDOWS\system32\HPZinw12.dll - ok
19:41:04.0812 1456  [ E534FBD8340B7C6C6A80589383430A53 ] C:\WINDOWS\system32\nvsvc32.exe
19:41:04.0812 1456  C:\WINDOWS\system32\nvsvc32.exe - ok
19:41:04.0812 1456  [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
19:41:04.0812 1456  C:\WINDOWS\system32\wsock32.dll - ok
19:41:04.0828 1456  [ 284DAE55DED345F240DF806D45711E0B ] C:\Program Files\Norton 360\Engine\6.4.1.14\dimaster.dll
19:41:04.0828 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\dimaster.dll - ok
19:41:04.0828 1456  [ 440688592F2315F5881418A55A902BD9 ] C:\WINDOWS\system32\nvcpl.dll
19:41:04.0828 1456  C:\WINDOWS\system32\nvcpl.dll - ok
19:41:04.0828 1456  [ 65BC271F337637731D3C71455AE1F476 ] C:\WINDOWS\system32\HPZipm12.dll
19:41:04.0828 1456  C:\WINDOWS\system32\HPZipm12.dll - ok
19:41:04.0828 1456  [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
19:41:04.0828 1456  C:\WINDOWS\system32\ipsecsvc.dll - ok
19:41:04.0843 1456  [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
19:41:04.0843 1456  C:\WINDOWS\system32\oakley.dll - ok
19:41:04.0843 1456  [ 5B19B557B0C188210A56A6B699D90B8F ] C:\WINDOWS\system32\regsvc.dll
19:41:04.0843 1456  C:\WINDOWS\system32\regsvc.dll - ok
19:41:04.0843 1456  [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
19:41:04.0843 1456  C:\WINDOWS\system32\seclogon.dll - ok
19:41:04.0843 1456  [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
19:41:04.0843 1456  C:\WINDOWS\system32\srsvc.dll - ok
19:41:04.0859 1456  [ 5684762CF40116976A0007EECD5A587D ] C:\Program Files\Norton 360\Engine\6.4.1.14\ccset.dll
19:41:04.0859 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\ccset.dll - ok
19:41:04.0859 1456  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
19:41:04.0859 1456  C:\WINDOWS\system32\sens.dll - ok
19:41:04.0859 1456  [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
19:41:04.0859 1456  C:\WINDOWS\system32\ssdpsrv.dll - ok
19:41:04.0859 1456  [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
19:41:04.0859 1456  C:\WINDOWS\system32\winipsec.dll - ok
19:41:04.0875 1456  [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
19:41:04.0875 1456  C:\WINDOWS\system32\pstorsvc.dll - ok
19:41:04.0875 1456  [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
19:41:04.0875 1456  C:\WINDOWS\system32\psbase.dll - ok
19:41:04.0875 1456  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
19:41:04.0875 1456  C:\WINDOWS\system32\wiaservc.dll - ok
19:41:04.0875 1456  [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
19:41:04.0875 1456  C:\WINDOWS\system32\dssenh.dll - ok
19:41:04.0890 1456  [ C7ABBC59B43274B1109DF6B24D617051 ] C:\WINDOWS\system32\smlogsvc.exe
19:41:04.0890 1456  C:\WINDOWS\system32\smlogsvc.exe - ok
19:41:04.0890 1456  [ 116005420D1BFC77B0D4D1A9AD16E870 ] C:\Program Files\Norton 360\Engine\6.4.1.14\coSvcPlg.dll
19:41:04.0890 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\coSvcPlg.dll - ok
19:41:04.0890 1456  [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
19:41:04.0890 1456  C:\WINDOWS\system32\cfgmgr32.dll - ok
19:41:04.0890 1456  [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
19:41:04.0890 1456  C:\WINDOWS\system32\mscms.dll - ok
19:41:04.0906 1456  [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
19:41:04.0906 1456  C:\WINDOWS\system32\pdh.dll - ok
19:41:04.0906 1456  [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
19:41:04.0906 1456  C:\WINDOWS\system32\odbcbcp.dll - ok
19:41:04.0906 1456  [ DF0A511F38F16016BF658FCA0090CB87 ] C:\WINDOWS\ehome\mcrdsvc.exe
19:41:04.0906 1456  C:\WINDOWS\ehome\mcrdsvc.exe - ok
19:41:04.0906 1456  [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
19:41:04.0906 1456  C:\WINDOWS\system32\wbem\wmisvc.dll - ok
19:41:04.0921 1456  [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
19:41:04.0921 1456  C:\WINDOWS\system32\vssapi.dll - ok
19:41:04.0921 1456  [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
19:41:04.0921 1456  C:\WINDOWS\system32\ssdpapi.dll - ok
19:41:04.0921 1456  [ 6D280BC969218AE4A72180F907C32913 ] C:\WINDOWS\ehome\ehTrace.dll
19:41:04.0921 1456  C:\WINDOWS\ehome\ehTrace.dll - ok
19:41:04.0921 1456  [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
19:41:04.0921 1456  C:\WINDOWS\system32\browser.dll - ok
19:41:04.0921 1456  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
19:41:04.0921 1456  C:\WINDOWS\system32\wuauserv.dll - ok
19:41:04.0937 1456  [ D1DE16926C682DCD3D99AE5500CA5522 ] C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
19:41:04.0937 1456  C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe - ok
19:41:04.0937 1456  [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
19:41:04.0937 1456  C:\WINDOWS\system32\wuaueng.dll - ok
19:41:04.0937 1456  [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
19:41:04.0937 1456  C:\WINDOWS\system32\wbem\wbemprox.dll - ok
19:41:04.0937 1456  [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
19:41:04.0937 1456  C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
19:41:04.0953 1456  [ C84258931E3E9B841D500CB21B4FECF9 ] C:\WINDOWS\system32\hposwia_d02a.dll
19:41:04.0953 1456  C:\WINDOWS\system32\hposwia_d02a.dll - ok
19:41:04.0953 1456  [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
19:41:04.0953 1456  C:\WINDOWS\system32\mspatcha.dll - ok
19:41:04.0953 1456  [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
19:41:04.0953 1456  C:\WINDOWS\system32\wbem\wbemcore.dll - ok
19:41:04.0953 1456  [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
19:41:04.0953 1456  C:\WINDOWS\system32\wbem\esscli.dll - ok
19:41:04.0968 1456  [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
19:41:04.0968 1456  C:\WINDOWS\system32\wbem\fastprox.dll - ok
19:41:04.0968 1456  [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
19:41:04.0968 1456  C:\WINDOWS\system32\ipnathlp.dll - ok
19:41:04.0968 1456  [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
19:41:04.0968 1456  C:\WINDOWS\system32\comsvcs.dll - ok
19:41:04.0968 1456  [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
19:41:04.0968 1456  C:\WINDOWS\system32\colbact.dll - ok
19:41:04.0984 1456  [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
19:41:04.0984 1456  C:\WINDOWS\system32\mtxclu.dll - ok
19:41:04.0984 1456  [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
19:41:04.0984 1456  C:\WINDOWS\system32\resutils.dll - ok
19:41:04.0984 1456  [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
19:41:04.0984 1456  C:\WINDOWS\system32\wscsvc.dll - ok
19:41:04.0984 1456  [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
19:41:04.0984 1456  C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
19:41:05.0000 1456  [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
19:41:05.0000 1456  C:\WINDOWS\system32\wbem\wmiutils.dll - ok
19:41:05.0000 1456  [ 40DC2638EE4C9E7A4517C95E7AD1BF14 ] C:\WINDOWS\system32\nvapi.dll
19:41:05.0000 1456  C:\WINDOWS\system32\nvapi.dll - ok
19:41:05.0000 1456  [ 3A9738A0C71A9A5098356BD3AA46D0BD ] C:\Program Files\Norton 360\Engine\6.4.1.14\ccgevt.dll
19:41:05.0000 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\ccgevt.dll - ok
19:41:05.0000 1456  [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
19:41:05.0000 1456  C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
19:41:05.0015 1456  [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
19:41:05.0015 1456  C:\WINDOWS\system32\wups.dll - ok
19:41:05.0015 1456  [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
19:41:05.0015 1456  C:\WINDOWS\system32\wups2.dll - ok
19:41:05.0015 1456  [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
19:41:05.0015 1456  C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
19:41:05.0015 1456  [ 6A1C893A0A5B413282FB7C90F81B5A91 ] C:\WINDOWS\system32\nvdisps.dll
19:41:05.0015 1456  C:\WINDOWS\system32\nvdisps.dll - ok
19:41:05.0031 1456  [ E036AA5E1F4A94C2D7058192DA0514BA ] C:\Program Files\Norton 360\Engine\6.4.1.14\ccglog.dll
19:41:05.0031 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\ccglog.dll - ok
19:41:05.0031 1456  [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
19:41:05.0031 1456  C:\WINDOWS\system32\wbem\wbemess.dll - ok
19:41:05.0031 1456  [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll
19:41:05.0031 1456  C:\WINDOWS\system32\mydocs.dll - ok
19:41:05.0031 1456  [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
19:41:05.0031 1456  C:\WINDOWS\system32\ntshrui.dll - ok
19:41:05.0046 1456  [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
19:41:05.0046 1456  C:\WINDOWS\system32\wuauclt.exe - ok
19:41:05.0046 1456  [ 93ED9FF632CEE1D181CD89BB67256C92 ] C:\Program Files\Norton 360\Engine\6.4.1.14\ccjobmgr.dll
19:41:05.0046 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\ccjobmgr.dll - ok
19:41:05.0046 1456  [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
19:41:05.0046 1456  C:\WINDOWS\system32\wuapi.dll - ok
19:41:05.0046 1456  [ A9E790F2C9B5F22EC9E9BE7855B9BFFC ] C:\Program Files\Norton 360\Engine\6.4.1.14\ccsubeng.dll
19:41:05.0046 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\ccsubeng.dll - ok
19:41:05.0062 1456  [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
19:41:05.0062 1456  C:\WINDOWS\system32\wbem\ncprov.dll - ok
19:41:05.0062 1456  [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
19:41:05.0062 1456  C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
19:41:05.0062 1456  [ 3662262608ADC5DEA6FD9F5AC465528D ] C:\Program Files\Norton 360\Engine\6.4.1.14\ccemlpxy.dll
19:41:05.0062 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\ccemlpxy.dll - ok
19:41:05.0062 1456  [ 99056A9FF85141B3337C5D392DD9EBA7 ] C:\Program Files\Norton 360\Engine\6.4.1.14\iron.dll
19:41:05.0062 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\iron.dll - ok
19:41:05.0062 1456  [ 2CFE545ABAFCE9AB0C375DC05CE831C7 ] C:\Program Files\Norton 360\Engine\6.4.1.14\symredir.dll
19:41:05.0062 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\symredir.dll - ok
19:41:05.0078 1456  [ 7EABAA542A7DA553552128F595DDA08E ] C:\Program Files\Norton 360\Engine\6.4.1.14\sndsvc.dll
19:41:05.0078 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\sndsvc.dll - ok
19:41:05.0078 1456  [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
19:41:05.0078 1456  C:\WINDOWS\system32\wbem\cimwin32.dll - ok
19:41:05.0078 1456  [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe
19:41:05.0078 1456  C:\WINDOWS\system32\rundll32.exe - ok
19:41:05.0078 1456  [ 7601A29152ED8EDF2478DEBF5CDD89B6 ] C:\Program Files\Norton 360\Engine\6.4.1.14\symrdrsv.dll
19:41:05.0078 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\symrdrsv.dll - ok
19:41:05.0093 1456  [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
19:41:05.0093 1456  C:\WINDOWS\system32\wbem\framedyn.dll - ok
19:41:05.0093 1456  [ 2DCB2CC8A1D1074E5D42D36FA6B7EB20 ] C:\Program Files\Norton 360\Engine\6.4.1.14\hncore.dll
19:41:05.0093 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\hncore.dll - ok
19:41:05.0093 1456  [ 561E410856E782C80BB4C1A9F65B3619 ] C:\Program Files\Norton 360\Engine\6.4.1.14\coFFPlgn.dll
19:41:05.0093 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\coFFPlgn.dll - ok
19:41:05.0093 1456  [ FF6B44E0BD9C3941A9D7764839100AC6 ] C:\Program Files\Norton 360\Engine\6.4.1.14\symneti.dll
19:41:05.0093 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\symneti.dll - ok
19:41:05.0109 1456  [ C50D0F17B5A01E8805EEFD5DA9CF9FA2 ] C:\Program Files\Norton 360\Engine\6.4.1.14\appmgr32.dll
19:41:05.0109 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\appmgr32.dll - ok
19:41:05.0109 1456  [ 797A3566CDAE5E9CEE6DB0041305DB46 ] C:\Program Files\Norton 360\Engine\6.4.1.14\avmodule.dll
19:41:05.0109 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\avmodule.dll - ok
19:41:05.0109 1456  [ 05A3E083332D3ABE33E499A6DC3E7FFB ] C:\Program Files\Norton 360\Engine\6.4.1.14\isdatapr.dll
19:41:05.0109 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\isdatapr.dll - ok
19:41:05.0109 1456  [ 613B277AB5C75287DACBA35AA7EE4BC8 ] C:\Program Files\Norton 360\Engine\6.4.1.14\defutdcd.dll
19:41:05.0109 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\defutdcd.dll - ok
19:41:05.0125 1456  [ C44354E5074D69B0A7FF50964CB3BD18 ] C:\Program Files\Norton 360\Engine\6.4.1.14\ducclib.dll
19:41:05.0125 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\ducclib.dll - ok
19:41:05.0125 1456  [ F25DFFA463F458E975C93128A9133419 ] C:\Program Files\Norton 360\Engine\6.4.1.14\NCW.dll
19:41:05.0125 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\NCW.dll - ok
19:41:05.0125 1456  [ 83E5B8B86E6FDD48A60954A193F1B440 ] C:\Program Files\Norton 360\Engine\6.4.1.14\cltpe.dll
19:41:05.0125 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\cltpe.dll - ok
19:41:05.0125 1456  [ B135B7BAD6A9C8318B5C9B88692638D8 ] C:\Program Files\Norton 360\Engine\6.4.1.14\avpsvc32.dll
19:41:05.0125 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\avpsvc32.dll - ok
19:41:05.0140 1456  [ 468D9C5404D6202DC7A5D96B8480929B ] C:\Program Files\Norton 360\Engine\6.4.1.14\sqsvc.dll
19:41:05.0140 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\sqsvc.dll - ok
19:41:05.0140 1456  [ D3654637A382BFD0E1ACED5CDF90CFDA ] C:\Program Files\Norton 360\Engine\6.4.1.14\qsplugin.dll
19:41:05.0140 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\qsplugin.dll - ok
19:41:05.0140 1456  [ A46D72A18E4B34BDA2832AA445F7C058 ] C:\Program Files\Norton 360\Engine\6.4.1.14\cltlms.dll
19:41:05.0140 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\cltlms.dll - ok
19:41:05.0140 1456  [ EAB1BB965DF56129A786078FC68A8B92 ] C:\Program Files\Norton 360\Engine\6.4.1.14\avifc.dll
19:41:05.0140 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\avifc.dll - ok
19:41:05.0156 1456  [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
19:41:05.0156 1456  C:\WINDOWS\system32\termsrv.dll - ok
19:41:05.0156 1456  [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
19:41:05.0156 1456  C:\WINDOWS\system32\wbem\wbemcons.dll - ok
19:41:05.0156 1456  [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
19:41:05.0156 1456  C:\WINDOWS\system32\icaapi.dll - ok
19:41:05.0156 1456  [ 14D289F63D9538306CB560C4CD12172F ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130614.001\IDSxpx86.dll
19:41:05.0156 1456  C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130614.001\IDSxpx86.dll - ok
19:41:05.0171 1456  [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
19:41:05.0171 1456  C:\WINDOWS\system32\mstlsapi.dll - ok
19:41:05.0171 1456  [ 837519AF9AF513C59C7D8223EDB23518 ] C:\Program Files\Norton 360\Engine\6.4.1.14\coDataPr.dll
19:41:05.0171 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\coDataPr.dll - ok
19:41:05.0171 1456  [ CE0FCEC4D4D860F36D972759B11EAF0F ] C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
19:41:05.0171 1456  C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll - ok
19:41:05.0171 1456  [ 5BDC853E9DB4641700E6480213538B9F ] C:\Program Files\Norton 360\Engine\6.4.1.14\coshdobj.dll
19:41:05.0171 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\coshdobj.dll - ok
19:41:05.0187 1456  [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
19:41:05.0187 1456  C:\WINDOWS\system32\shfolder.dll - ok
19:41:05.0187 1456  [ 1F761DA08B1855DDBDD97204D69B48DD ] C:\Program Files\Norton 360\Engine\6.4.1.14\bhsvcplg.dll
19:41:05.0187 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\bhsvcplg.dll - ok
19:41:05.0187 1456  [ D7D805E56B7F1C74907A0D5A98B99641 ] C:\Program Files\Norton 360\Engine\6.4.1.14\budatacl.dll
19:41:05.0187 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\budatacl.dll - ok
19:41:05.0187 1456  [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
19:41:05.0187 1456  C:\WINDOWS\system32\alg.exe - ok
19:41:05.0203 1456  [ 960F6D3CD9A1BA6435D7AADD102B297F ] C:\WINDOWS\system32\wbem\wmiprov.dll
19:41:05.0203 1456  C:\WINDOWS\system32\wbem\wmiprov.dll - ok
19:41:05.0203 1456  [ F54D31CAD1AF8B0A0CC23DB15E7ECA26 ] C:\Program Files\Norton 360\Engine\6.4.1.14\busvc.dll
19:41:05.0203 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\busvc.dll - ok
19:41:05.0203 1456  [ F92E1076C42FCD6DB3D72D8CFE9816D5 ] C:\WINDOWS\system32\wscntfy.exe
19:41:05.0203 1456  C:\WINDOWS\system32\wscntfy.exe - ok
19:41:05.0203 1456  [ F05B007A7FD7CA2ADE80A8A16D9F4A48 ] C:\Program Files\Norton 360\Engine\6.4.1.14\tudatapr.dll
19:41:05.0203 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\tudatapr.dll - ok
19:41:05.0218 1456  [ 5E0C5B5BE5304E133968D6D6F8840B28 ] C:\Program Files\Norton 360\Engine\6.4.1.14\dscli.dll
19:41:05.0218 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\dscli.dll - ok
19:41:05.0218 1456  [ F3ECB50D9A21D4FE89F1A906F7E431F7 ] C:\Program Files\Norton 360\Engine\6.4.1.14\bucomm.dll
19:41:05.0218 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\bucomm.dll - ok
19:41:05.0218 1456  [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
19:41:05.0218 1456  C:\WINDOWS\system32\netcfgx.dll - ok
19:41:05.0218 1456  [ 43488AA694AD2A1E5BDC3A0BD1034283 ] C:\Program Files\Norton 360\Engine\6.4.1.14\bueng.dll
19:41:05.0218 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\bueng.dll - ok
19:41:05.0218 1456  [ 1A2DD785FFC2BE5C1E6CB8340FC73C17 ] C:\Program Files\Norton 360\Engine\6.4.1.14\buprov.dll
19:41:05.0218 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\buprov.dll - ok
19:41:05.0234 1456  [ 091F15B5D2A722650D6E621BD3C6B96A ] C:\Program Files\Norton 360\Engine\6.4.1.14\gwrks32.dll
19:41:05.0234 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\gwrks32.dll - ok
19:41:05.0234 1456  [ AF9388E736AF0C325067F05EDC350010 ] C:\WINDOWS\system32\drivers\lgusbbus.sys
19:41:05.0234 1456  C:\WINDOWS\system32\drivers\lgusbbus.sys - ok
19:41:05.0234 1456  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
19:41:05.0234 1456  C:\WINDOWS\system32\rasmans.dll - ok
19:41:05.0234 1456  [ AE30EA96E60E823C7B525DA356283AE8 ] C:\WINDOWS\system32\drivers\lgusbdiag.sys
19:41:05.0234 1456  C:\WINDOWS\system32\drivers\lgusbdiag.sys - ok
19:41:05.0250 1456  [ C6AC1B68D6A9F982D6765872B25B894C ] C:\Program Files\Norton 360\Engine\6.4.1.14\gearaw32.dll
19:41:05.0250 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\gearaw32.dll - ok
19:41:05.0250 1456  [ 46AC66DF3D6EFE81F69BEA823A53AAB5 ] C:\WINDOWS\system32\drivers\lgusbmodem.sys
19:41:05.0250 1456  C:\WINDOWS\system32\drivers\lgusbmodem.sys - ok
19:41:05.0250 1456  [ CA591BB0B28C777065D8A16B7057FCF8 ] C:\Program Files\Norton 360\Engine\6.4.1.14\spocclnt.dll
19:41:05.0250 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\spocclnt.dll - ok
19:41:05.0250 1456  [ 53726EBA2B0D9DD215CCE7B8923D73BF ] C:\Program Files\Norton 360\Engine\6.4.1.14\datastor.dll
19:41:05.0250 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\datastor.dll - ok
19:41:05.0265 1456  [ CA3A6F3C9C963DA7BE8964848D739E9C ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130531.001\BHEngine.dll
19:41:05.0265 1456  C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130531.001\BHEngine.dll - ok
19:41:05.0265 1456  [ F7DC4705A1B1D14FF9582D373AF080BA ] C:\Program Files\Norton 360\Engine\6.4.1.14\sqlite.dll
19:41:05.0265 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\sqlite.dll - ok
19:41:05.0265 1456  [ 4C230E31630087B78D061D29A43E6D11 ] C:\Program Files\Norton 360\Engine\6.4.1.14\comm.dll
19:41:05.0265 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\comm.dll - ok
19:41:05.0265 1456  [ 10729D2D308C5AA804ECE537B49C16AD ] C:\Program Files\Norton 360\Engine\6.4.1.14\userlog.dll
19:41:05.0265 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\userlog.dll - ok
19:41:05.0281 1456  [ D750EA29EB42573062C3F115C4884942 ] C:\Program Files\Norton 360\Engine\6.4.1.14\ipsplug.dll
19:41:05.0281 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\ipsplug.dll - ok
19:41:05.0281 1456  [ F38E7CC2C76A78F31B1EE2559EDD35A9 ] C:\Program Files\Norton 360\Engine\6.4.1.14\isdatasv.dll
19:41:05.0281 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\isdatasv.dll - ok
19:41:05.0281 1456  [ 8718831F001A4C4F8ADD98833C2B1211 ] C:\Program Files\Norton 360\Engine\6.4.1.14\proxyclt.dll
19:41:05.0281 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\proxyclt.dll - ok
19:41:05.0281 1456  [ 1C508276096E4C2D1684E475CE33EF82 ] C:\Program Files\Norton 360\Engine\6.4.1.14\fwcore.dll
19:41:05.0281 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\fwcore.dll - ok
19:41:05.0296 1456  [ BC0ED1BD94343BD7AC2E259576BFBCF8 ] C:\Program Files\Norton 360\Engine\6.4.1.14\fwgenplg.dll
19:41:05.0296 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\fwgenplg.dll - ok
19:41:05.0296 1456  [ 30979CDC8F0DA5E4AF4127A24870DCAC ] C:\Program Files\Norton 360\Engine\6.4.1.14\avmail.dll
19:41:05.0296 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\avmail.dll - ok
19:41:05.0296 1456  [ CB61626FB485A606662279CEC7806214 ] C:\Program Files\Norton 360\Engine\6.4.1.14\npctray.dll
19:41:05.0296 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\npctray.dll - ok
19:41:05.0296 1456  [ 698667E69CF976A70A82AA2F0B1C37E0 ] C:\Program Files\Norton 360\Engine\6.4.1.14\fwsetup.dll
19:41:05.0296 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\fwsetup.dll - ok
19:41:05.0312 1456  [ 00CDFA8461780E8A42EED36D92B1B58B ] C:\Program Files\Norton 360\Engine\6.4.1.14\ispwd.dll
19:41:05.0312 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\ispwd.dll - ok
19:41:05.0312 1456  [ 047CD344AC7B76BA3C224FAE1A4627C9 ] C:\WINDOWS\system32\WgaTray.exe
19:41:05.0312 1456  C:\WINDOWS\system32\WgaTray.exe - ok
19:41:05.0312 1456  [ 79A4432FE6B52AC5265AFD06CD6D75B4 ] C:\Program Files\Norton 360\Engine\6.4.1.14\npc360ui.dll
19:41:05.0312 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\npc360ui.dll - ok
19:41:05.0312 1456  [ FD32EA9505B4C74A0882D4733D4D1156 ] C:\Program Files\Norton 360\Engine\6.4.1.14\asengine.dll
19:41:05.0312 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\asengine.dll - ok
19:41:05.0328 1456  [ 1245D621C59DF410EA3AB35234C734A7 ] C:\Program Files\Norton 360\Engine\6.4.1.14\ashelper.dll
19:41:05.0328 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\ashelper.dll - ok
19:41:05.0328 1456  [ 6487A19E0EA3228515394A4B1A780B17 ] C:\Program Files\Norton 360\Engine\6.4.1.14\symhtml.dll
19:41:05.0328 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\symhtml.dll - ok
19:41:05.0328 1456  [ E058C4821D48E0A67F6069CB50818D44 ] C:\WINDOWS\system32\LegitCheckControl.dll
19:41:05.0328 1456  C:\WINDOWS\system32\LegitCheckControl.dll - ok
19:41:05.0328 1456  [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\HP_ADM~1\LOCALS~1\temp\A2529E86-C312-4B40-8761-01B254B909BF.exe
19:41:05.0328 1456  C:\DOCUME~1\HP_ADM~1\LOCALS~1\temp\A2529E86-C312-4B40-8761-01B254B909BF.exe - ok
19:41:05.0328 1456  [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
19:41:05.0328 1456  C:\WINDOWS\system32\linkinfo.dll - ok
19:41:05.0343 1456  [ D0C0C17E2A31C33FA495D3AB8A0D5BB2 ] C:\Program Files\Norton 360\Engine\6.4.1.14\bhclient.dll
19:41:05.0343 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\bhclient.dll - ok
19:41:05.0343 1456  [ 0F3376083A6F6AE88BC7B0C059540661 ] C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll
19:41:05.0343 1456  C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll - ok
19:41:05.0343 1456  [ C81BE1B951C36E97D3DA90DA745DA5F7 ] C:\hp\KBD\kbd.exe
19:41:05.0343 1456  C:\hp\KBD\kbd.exe - ok
19:41:05.0343 1456  [ F68A3F0D63BE926ED65ED1C8C5B03A3D ] C:\hp\KBD\led.dll
19:41:05.0343 1456  C:\hp\KBD\led.dll - ok
19:41:05.0359 1456  [ F8C008DA6F620E822394781C894A06DB ] C:\hp\KBD\usb.dll
19:41:05.0359 1456  C:\hp\KBD\usb.dll - ok
19:41:05.0359 1456  [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
19:41:05.0359 1456  C:\WINDOWS\system32\mlang.dll - ok
19:41:05.0359 1456  [ 548DF858BC8446D6A649E87EC02EEA09 ] C:\Program Files\Norton 360\Engine\6.4.1.14\asoehook.dll
19:41:05.0359 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\asoehook.dll - ok
19:41:05.0359 1456  [ 2AE54F20144B2AF570587A8478D02885 ] C:\hp\KBD\PS2.dll
19:41:05.0359 1456  C:\hp\KBD\PS2.dll - ok
19:41:05.0375 1456  [ 205DB5A0DD15DF2657EFD4B64D0CC4A3 ] C:\hp\KBD\msg.dll
19:41:05.0375 1456  C:\hp\KBD\msg.dll - ok
19:41:05.0375 1456  [ 5F1EC8079DCC3ACB3315966A9A7E2391 ] C:\hp\KBD\OSD.DLL
19:41:05.0375 1456  C:\hp\KBD\OSD.DLL - ok
19:41:05.0375 1456  [ 6895427873D6C37A6D6DA7C3DB37DA14 ] C:\WINDOWS\system32\licwmi.dll
19:41:05.0375 1456  C:\WINDOWS\system32\licwmi.dll - ok
19:41:05.0375 1456  [ 198D51AB311EF8ED8882985048A93406 ] C:\Program Files\Norton 360\Engine\6.4.1.14\distrptr.dll
19:41:05.0375 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\distrptr.dll - ok
19:41:05.0390 1456  [ 2F420C4DCFFACF50F73CAB6C27DDA901 ] C:\hp\KBD\sct.dll
19:41:05.0390 1456  C:\hp\KBD\sct.dll - ok
19:41:05.0390 1456  [ FB8BFCDF02173E59F8336C3EAECE76E5 ] C:\hp\KBD\Onl.dll
19:41:05.0390 1456  C:\hp\KBD\Onl.dll - ok
19:41:05.0390 1456  [ 8985D2AA1EE7BE86B24BFC89A651519A ] C:\Program Files\Norton 360\Engine\6.4.1.14\avpapp32.dll
19:41:05.0390 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\avpapp32.dll - ok
19:41:05.0390 1456  [ 308C9DDBD043903534514B097396E017 ] C:\hp\KBD\aol.dll
19:41:05.0390 1456  C:\hp\KBD\aol.dll - ok
19:41:05.0406 1456  [ A693A49A67673F2C8D76797EA9A628D0 ] C:\WINDOWS\system32\licdll.dll
19:41:05.0406 1456  C:\WINDOWS\system32\licdll.dll - ok
19:41:05.0406 1456  [ 996FC333026A68A66078A4AB6C9EA54C ] C:\hp\KBD\url.dll
19:41:05.0406 1456  C:\hp\KBD\url.dll - ok
19:41:05.0406 1456  [ 261E5E3602941656A1442B255C936B9E ] C:\hp\KBD\cfg.dll
19:41:05.0406 1456  C:\hp\KBD\cfg.dll - ok
19:41:05.0406 1456  [ 42DCC44CF5FA41100D7A5BE01D866180 ] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
19:41:05.0406 1456  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe - ok
19:41:05.0421 1456  [ 60DB5561F7B646FA217E9EA6561E6705 ] C:\hp\KBD\msikbdif.dll
19:41:05.0421 1456  C:\hp\KBD\msikbdif.dll - ok
19:41:05.0421 1456  [ FB9E5C251CF6C37749F296BACB34A69B ] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
19:41:05.0421 1456  C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe - ok
19:41:05.0421 1456  [ F586611283205EBBC010201EE9EF85D9 ] C:\Program Files\Norton 360\Engine\6.4.1.14\fwhelper.dll
19:41:05.0421 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\fwhelper.dll - ok
19:41:05.0421 1456  [ 585992D78B671AAA075C02241309795D ] C:\WINDOWS\system32\msvcirt.dll
19:41:05.0421 1456  C:\WINDOWS\system32\msvcirt.dll - ok
19:41:05.0437 1456  [ FE6FE2EAB253E5836C3536ABE4DACC85 ] C:\Program Files\Norton 360\Engine\6.4.1.14\buuiplg.dll
19:41:05.0437 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\buuiplg.dll - ok
19:41:05.0437 1456  [ 5D999BF519415D1C8EE0B97FF6A254DB ] C:\Program Files\Microsoft Office\Office12\MSOHEVI.DLL
19:41:05.0437 1456  C:\Program Files\Microsoft Office\Office12\MSOHEVI.DLL - ok
19:41:05.0437 1456  [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
19:41:05.0437 1456  C:\WINDOWS\system32\webcheck.dll - ok
19:41:05.0437 1456  [ 92F7F16C5BBF75D96793A86C83DF322E ] C:\Program Files\Norton 360\Engine\6.4.1.14\cltaldis.dll
19:41:05.0437 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\cltaldis.dll - ok
19:41:05.0453 1456  [ B8367D76BBF50335BA0777179D7BB799 ] C:\Program Files\Norton 360\Engine\6.4.1.14\ccscanw.dll
19:41:05.0453 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\ccscanw.dll - ok
19:41:05.0453 1456  [ F771EE80948971858BEEF36839C24E65 ] C:\Program Files\Common Files\InstallShield\UpdateService\_ispmres.dll
19:41:05.0453 1456  C:\Program Files\Common Files\InstallShield\UpdateService\_ispmres.dll - ok
19:41:05.0453 1456  [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
19:41:05.0453 1456  C:\WINDOWS\system32\batmeter.dll - ok
19:41:05.0453 1456  [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
19:41:05.0453 1456  C:\WINDOWS\system32\stobject.dll - ok
19:41:05.0453 1456  [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
19:41:05.0453 1456  C:\WINDOWS\system32\WPDShServiceObj.dll - ok
19:41:05.0468 1456  [ 83BA5E873164A3711B44052F58C8FE9F ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
19:41:05.0468 1456  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
19:41:05.0468 1456  [ 7B378E6633E08BC393D0E59A0DA13678 ] C:\Program Files\Norton 360\Engine\6.4.1.14\ecmldr32.dll
19:41:05.0468 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\ecmldr32.dll - ok
19:41:05.0468 1456  [ 9212D6DF2A00DAB5C0C8A65399167CB2 ] C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
19:41:05.0468 1456  C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe - ok
19:41:05.0468 1456  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\system32\imapi.exe
19:41:05.0468 1456  C:\WINDOWS\system32\imapi.exe - ok
19:41:05.0484 1456  [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
19:41:05.0484 1456  C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
19:41:05.0484 1456  [ DC3078BA1B58562416C843582A42284C ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll
19:41:05.0484 1456  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll - ok
19:41:05.0484 1456  [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
19:41:05.0484 1456  C:\WINDOWS\system32\PortableDeviceApi.dll - ok
19:41:05.0484 1456  [ F1430F5D20F4BB71A003209C3DB3ADDF ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
19:41:05.0484 1456  C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll - ok
19:41:05.0500 1456  [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
19:41:05.0500 1456  C:\WINDOWS\system32\perfos.dll - ok
19:41:05.0500 1456  [ B4459D13473D07FCB43365C02732DE16 ] C:\WINDOWS\system32\pschdprf.dll
19:41:05.0500 1456  C:\WINDOWS\system32\pschdprf.dll - ok
19:41:05.0500 1456  [ 1F3A82333046F4B97B2BB148ABF38D54 ] C:\WINDOWS\system32\traffic.dll
19:41:05.0500 1456  C:\WINDOWS\system32\traffic.dll - ok
19:41:05.0500 1456  [ F9DD799E07ED5028DB2F1FFEA72C9357 ] C:\WINDOWS\system32\rsvpperf.dll
19:41:05.0500 1456  C:\WINDOWS\system32\rsvpperf.dll - ok
19:41:05.0515 1456  [ 6951B89B4F591AA694048A6CD0E5224A ] C:\WINDOWS\system32\tapiperf.dll
19:41:05.0515 1456  C:\WINDOWS\system32\tapiperf.dll - ok
19:41:05.0515 1456  [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
19:41:05.0515 1456  C:\WINDOWS\system32\perfdisk.dll - ok
19:41:05.0515 1456  [ 1048CC7458DEED300BA3D192119D0CCE ] C:\Program Files\Norton 360\MUI\6.4.1.14\09\01\cltres.loc
19:41:05.0515 1456  C:\Program Files\Norton 360\MUI\6.4.1.14\09\01\cltres.loc - ok
19:41:05.0515 1456  [ 755D0F9F93E5893EBDA81FF12F0AEE10 ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130615.008\ECMSVR32.DLL
19:41:05.0515 1456  C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130615.008\ECMSVR32.DLL - ok
19:41:05.0531 1456  [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
19:41:05.0531 1456  C:\WINDOWS\system32\upnp.dll - ok
19:41:05.0531 1456  [ F16C0CD6CDF7CD5704492C7717889BA3 ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130615.008\NAVEX32A.DLL
19:41:05.0531 1456  C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130615.008\NAVEX32A.DLL - ok
19:41:05.0531 1456  [ A417752DCEFED9460887F7F3AD65B812 ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130615.008\NAVENG32.DLL
19:41:05.0531 1456  C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130615.008\NAVENG32.DLL - ok
19:41:05.0531 1456  [ 1C22A3866112ED41E1F3684DAE9AD5D2 ] C:\WINDOWS\system32\mmcshext.dll
19:41:05.0531 1456  C:\WINDOWS\system32\mmcshext.dll - ok
19:41:05.0531 1456  [ D3E868700D9B5E3C54B7EED060215CC1 ] C:\WINDOWS\system32\hhsetup.dll
19:41:05.0531 1456  C:\WINDOWS\system32\hhsetup.dll - ok
19:41:05.0546 1456  [ B0A7FA04BF62AAD1BD8F52BA07BD30CB ] C:\Program Files\Norton 360\Engine\6.4.1.14\nahelper.dll
19:41:05.0546 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\nahelper.dll - ok
19:41:05.0546 1456  [ 08B24F2FA52E3F7FD27549A5B4117A0E ] C:\Program Files\Norton 360\Engine\6.4.1.14\avexclu.dll
19:41:05.0546 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\avexclu.dll - ok
19:41:05.0546 1456  [ 0C85BEFBC3C5072DACD66474BBA121D8 ] C:\Program Files\Norton 360\Engine\6.4.1.14\qbackup.dll
19:41:05.0546 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\qbackup.dll - ok
19:41:05.0546 1456  [ 5FFE1E4A00CB6EF86A603B33C93D1122 ] C:\Program Files\Norton 360\Engine\6.4.1.14\avscanui.dll
19:41:05.0546 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\avscanui.dll - ok
19:41:05.0562 1456  [ FC2BB2598B4004C637F56331DF13A18F ] C:\Program Files\Norton 360\Engine\6.4.1.14\coactmgr.dll
19:41:05.0562 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\coactmgr.dll - ok
19:41:05.0562 1456  [ A0AE7F043497C9971E9D7FE291099D40 ] C:\WINDOWS\system32\msxml6.dll
19:41:05.0562 1456  C:\WINDOWS\system32\msxml6.dll - ok
19:41:05.0562 1456  [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
19:41:05.0562 1456  C:\WINDOWS\system32\rasdlg.dll - ok
19:41:05.0562 1456  [ C8112AFCCB31BB054A4570D99A0E331C ] C:\Program Files\Norton 360\Engine\6.4.1.14\fwsesal.dll
19:41:05.0562 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\fwsesal.dll - ok
19:41:05.0578 1456  [ C0479DFDB520B7117EDA736ADE855698 ] C:\Program Files\Norton 360\Engine\6.4.1.14\sdkcmn.dll
19:41:05.0578 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\sdkcmn.dll - ok
19:41:05.0578 1456  [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
19:41:05.0578 1456  C:\WINDOWS\system32\security.dll - ok
19:41:05.0578 1456  [ 51B58EE8E0966EE553A5E497201B555E ] C:\Program Files\Norton 360\Engine\6.4.1.14\uialert.dll
19:41:05.0578 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\uialert.dll - ok
19:41:05.0578 1456  [ 0099D24356585743B0B35C222092FD8F ] C:\WINDOWS\system32\faultrep.dll
19:41:05.0578 1456  C:\WINDOWS\system32\faultrep.dll - ok
19:41:05.0593 1456  [ 90A9B542C9300E540864D9FE1C42A130 ] C:\WINDOWS\system32\fxsst.dll
19:41:05.0593 1456  C:\WINDOWS\system32\fxsst.dll - ok
19:41:05.0593 1456  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\18438159.sys
19:41:05.0593 1456  C:\WINDOWS\system32\drivers\18438159.sys - ok
19:41:05.0593 1456  [ B7C7FA3BEDE83AC5F1DE03B30D494CC1 ] C:\WINDOWS\system32\httpapi.dll
19:41:05.0593 1456  C:\WINDOWS\system32\httpapi.dll - ok
19:41:05.0593 1456  [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll
19:41:05.0593 1456  C:\WINDOWS\system32\wbem\wmipcima.dll - ok
19:41:05.0593 1456  [ 0329D0A4F230094B669A87BB3B85606E ] C:\WINDOWS\system32\fxsapi.dll
19:41:05.0593 1456  C:\WINDOWS\system32\fxsapi.dll - ok
19:41:05.0609 1456  [ 86042F6F6A5287EAF9379C91D0BF72B6 ] C:\WINDOWS\system32\dwwin.exe
19:41:05.0609 1456  C:\WINDOWS\system32\dwwin.exe - ok
19:41:05.0609 1456  [ 60402F4BC7E1DDE03CECA8B50E7A942E ] C:\Program Files\Norton 360\Engine\6.4.1.14\userctxt.dll
19:41:05.0609 1456  C:\Program Files\Norton 360\Engine\6.4.1.14\userctxt.dll - ok
19:41:05.0609 1456  [ 6100A808600F44D999CEBDEF8841C7A3 ] C:\WINDOWS\system32\w3ssl.dll
19:41:05.0609 1456  C:\WINDOWS\system32\w3ssl.dll - ok
19:41:05.0609 1456  [ 4A93B65CFB514F2EA76B59568D5F39CE ] C:\WINDOWS\system32\strmfilt.dll
19:41:05.0609 1456  C:\WINDOWS\system32\strmfilt.dll - ok
19:41:05.0625 1456  [ EF32415C2755E66CA1B345DF68C71243 ] C:\WINDOWS\system32\1033\dwintl.dll
19:41:05.0625 1456  C:\WINDOWS\system32\1033\dwintl.dll - ok
19:41:05.0625 1456  [ B48E7B4C95CCE0C6C0C3F7B1A97FBC8F ] C:\WINDOWS\system32\wzcdlg.dll
19:41:05.0625 1456  C:\WINDOWS\system32\wzcdlg.dll - ok
19:41:05.0625 1456  [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\system32\drprov.dll
19:41:05.0625 1456  C:\WINDOWS\system32\drprov.dll - ok
19:41:05.0625 1456  [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll
19:41:05.0625 1456  C:\WINDOWS\system32\ntlanman.dll - ok
19:41:05.0640 1456  [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll
19:41:05.0640 1456  C:\WINDOWS\system32\netui0.dll - ok
19:41:05.0640 1456  [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll
19:41:05.0640 1456  C:\WINDOWS\system32\netui1.dll - ok
19:41:05.0640 1456  [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll
19:41:05.0640 1456  C:\WINDOWS\system32\davclnt.dll - ok
19:41:05.0640 1456  [ FF8CCC86C4E42F59B189BD28D362B599 ] C:\WINDOWS\system32\ps2.EXE
19:41:05.0640 1456  C:\WINDOWS\system32\ps2.EXE - ok
19:41:05.0656 1456  ============================================================
19:41:05.0656 1456  Scan finished
19:41:05.0656 1456  ============================================================
19:41:05.0765 3656  Detected object count: 23
19:41:05.0765 3656  Actual detected object count: 23
19:41:39.0468 3656  BANTExt ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:39.0468 3656  BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:39.0468 3656  DM1Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:39.0468 3656  DM1Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:39.0468 3656  DSXUSB ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:39.0468 3656  DSXUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:39.0484 3656  ELhid ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:39.0484 3656  ELhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:39.0484 3656  ELkbd ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:39.0484 3656  ELkbd ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:39.0484 3656  ELmon ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:39.0484 3656  ELmon ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:39.0484 3656  ELmou ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:39.0484 3656  ELmou ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:39.0484 3656  ELService ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:39.0484 3656  ELService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:39.0484 3656  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:39.0484 3656  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:39.0484 3656  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:39.0484 3656  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:39.0484 3656  IAANTMon ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:39.0484 3656  IAANTMon ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:39.0484 3656  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:39.0484 3656  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:39.0484 3656  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:39.0484 3656  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:39.0500 3656  McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:39.0500 3656  McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:39.0500 3656  MHN ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:39.0500 3656  MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:39.0500 3656  MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:39.0500 3656  MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:39.0500 3656  MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:39.0500 3656  MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:39.0500 3656  MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:39.0500 3656  MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:39.0500 3656  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:39.0500 3656  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:39.0500 3656  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:39.0500 3656  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:39.0500 3656  portD ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:39.0500 3656  portD ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:39.0500 3656  SMNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:39.0500 3656  SMNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:39.0500 3656  ZDPSp50 ( UnsignedFile.Multi.Generic ) - skipped by user
19:41:39.0500 3656  ZDPSp50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:41:58.0703 3548  Deinitialize success
 

For the RogueKiller program, I do not see a RKreport[2], only 0 and 1. I am including the 1 report.

 

RogueKiller V8.6.0 [Jun 16 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP
Started in : Normal mode
User : HP_Administrator [Admin rights]
Mode : Remove -- Date : 06/16/2013 19:53:26
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] ltmsg.exe -- C:\WINDOWS\ltmsg.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Folder] U : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{8c7c4c58-ff09-debc-88a2-753d78d074ab}\U [-] --> DELETED
[ZeroAccess][Folder] L : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{8c7c4c58-ff09-debc-88a2-753d78d074ab}\L [-] --> DELETED

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x899DE7E0)
[Address] SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x899DE9F8)
[Address] SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x8987C2C8)
[Address] SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (Unknown @ 0x899DB680)
[Address] SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x89A403F0)
[Address] SSDT[43] : NtCreateMutant @ 0x806176AE -> HOOKED (Unknown @ 0x898810E0)
[Address] SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A02 -> HOOKED (Unknown @ 0x89900188)
[Address] SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x89B7F908)
[Address] SSDT[57] : NtDebugActiveProcess @ 0x80643B3E -> HOOKED (Unknown @ 0x899DB890)
[Address] SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0x89899260)
[Address] SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x89B142C8)
[Address] SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x899DD9C8)
[Address] SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x899DE1F8)
[Address] SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x8984C290)
[Address] SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x89B7F5B8)
[Address] SSDT[114] : NtOpenEvent @ 0x8060F06C -> HOOKED (Unknown @ 0x899DD0B0)
[Address] SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x8995E308)
[Address] SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x899E7110)
[Address] SSDT[125] : NtOpenSection @ 0x805AA3F4 -> HOOKED (Unknown @ 0x899DC3A8)
[Address] SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0x8995E238)
[Address] SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (Unknown @ 0x8974A0A0)
[Address] SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x899DEE90)
[Address] SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x899E09B0)
[Address] SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x899952B0)
[Address] SSDT[240] : NtSetSystemInformation @ 0x8060FD24 -> HOOKED (Unknown @ 0x899DBC40)
[Address] SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x899DC5C0)
[Address] SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x899DF0C0)
[Address] SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x8995A318)
[Address] SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x899E0138)
[Address] SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x899E24B8)
[Address] SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x899B22A8)
[Address] Shadow SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8986F240)
[Address] Shadow SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x897B2BF0)
[Address] Shadow SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x897594D0)
[Address] Shadow SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x897F99E8)
[Address] Shadow SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x89910310)
[Address] Shadow SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x89896248)
[Address] Shadow SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x897B52B0)
[Address] Shadow SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x898962D8)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8981F128)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x89754DF0)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200JS-60PDB0 +++++
--- User ---
[MBR] a08e62a5648868193815a4f6a4e80c8e
[BSP] 02be4e29c13ca98116e57d99b53da0e6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 296472 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 607192740 | Size: 8762 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_D_06162013_195326.txt >>
RKreport[0]_S_06162013_195240.txt


If you wish to see the other one, please let me know and I will be happy to copy and paste it also.

 

Thank you so very much for your help -

 

o_wanderer

 

 



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 PM

Posted 16 June 2013 - 08:47 PM

Hello


I would like to see the part of the report from Norton that shows this - I ran another Norton 360 scan. Says Boot.Pihar
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 o_wanderer

o_wanderer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:08 PM

Posted 16 June 2013 - 09:00 PM

Sure...it says:

 

Removal failed for this threat.

We recommend that you remove this threat.

Boot.Pihar

 

 

Full Path: Not Available
____________________________
____________________________
On computers as of Not Available
Last Used 6/16/2013 at 9:30:53 PM
Startup Item No
Launched No
____________________________
____________________________
Unknown
Number of users in the Norton Community that have used this file: Unknown
____________________________
Unknown
This file release is currently not known.
____________________________
High
This file risk is high.
____________________________
Threat Details
Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.
____________________________

____________________________
Suspicious Actions
Master boot record infection: Drive 0x80
Remove Failed
____________________________
File Thumbprint - SHA:
Not Available
____________________________
File Thumbprint - MD5:
Not Available
____________________________
 



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 PM

Posted 16 June 2013 - 09:29 PM




Hello o_wanderer

It is not showing up in any of the reports - I am wondering if this is just a warning as an unresolved threat. something that it has found but since it was not the one taken care of it so it does not know it is gone.


Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
When you are complete please send me both reports

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 o_wanderer

o_wanderer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:08 PM

Posted 17 June 2013 - 01:01 AM

Hello Gringo,
I ran the programs you suggested.

MalwareBytes said no cleanup required!
Report below.

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.16.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Administrator :: BIGHOUSE [administrator]

6/16/2013 10:42:54 PM
mbar-log-2013-06-16 (22-42-54).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical

Sectors | Memory | Startup | Registry | File System |

Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 243746
Time elapsed: 21 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

************************

aswMBR report:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST

Software
Run date: 2013-06-16 23:06:22
-----------------------------
23:06:22.437    OS Version: Windows 5.1.2600 Service Pack

3
23:06:22.437    Number of processors: 2 586 0x602
23:06:22.437    ComputerName: BIGHOUSE  UserName:
23:06:24.578    Initialize success
23:10:46.687    AVAST engine defs: 13061300
23:11:12.359    Disk 0 (boot) \Device\Harddisk0\DR0 ->

\Device\Ide\IAAStorageDevice-0
23:11:12.375    Disk 0 Vendor: WDC_WD32 21.0 Size:

305245MB BusType: 3
23:11:12.562    Disk 0 MBR read successfully
23:11:12.562    Disk 0 MBR scan
23:11:12.609    Disk 0 Windows XP default MBR code
23:11:12.609    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS

NTFS       296472 MB offset 63
23:11:12.625    Disk 0 Partition 2 00     0C    FAT32 LBA

RECOVERY     8762 MB offset 607192740
23:11:12.640    Disk 0 scanning sectors +625137345
23:11:12.718    Disk 0 scanning

C:\WINDOWS\system32\drivers
23:11:26.296    Service scanning
23:11:52.093    Modules scanning
23:12:01.015    Disk 0 trace - called modules:
23:12:01.046    ntkrnlpa.exe CLASSPNP.SYS disk.sys

iaStor.sys hal.dll
23:12:01.046    1 nt!IofCallDriver ->

\Device\Harddisk0\DR0[0x89f80ab8]
23:12:01.046    3 CLASSPNP.SYS[ba108fd7] ->

nt!IofCallDriver ->

\Device\Ide\IAAStorageDevice-0[0x8a8cd030]
23:12:01.953    AVAST engine scan C:\WINDOWS
23:12:09.890    AVAST engine scan

C:\WINDOWS\system32
23:16:32.984    AVAST engine scan

C:\WINDOWS\system32\drivers
23:17:00.765    AVAST engine scan C:\Documents and

Settings\HP_Administrator
00:00:38.046    AVAST engine scan C:\Documents and

Settings\All Users
00:04:14.406    Scan finished successfully
00:11:47.843    Disk 0 MBR has been saved successfully to

"C:\Documents and

Settings\HP_Administrator\Desktop\Bleeping

Computer\MBR.dat"
00:11:47.843    The log file has been saved successfully to

"C:\Documents and

Settings\HP_Administrator\Desktop\Bleeping

Computer\aswMBR.txt"
************************

While doing these, I thought about your comment on it
possibly being left over from a previous Norton Scan. I went
to the GUI, then to Support, then Get Support (thinking I
would try to get a chat to see if there had been other
incidences of this happening. What you commented on made
sense to me...) Instead of being redirected to a chat or web
page, it ran an "AutoFix". It then showed that it "fixed the
installation". When it completed, it showed this:

Norton 360
6.4.1.14
Error: 0, 0
Microsoft Windows XP
2600.xpsp_sp3_gdr.120821-1629
Norton Autofix Results: 1 item(s)
Installation :: Success

Note: It does not show "what" it fixed, but I have only had one
error showing up - the Boot.Pihar (beside the KBD.exe) and
this showed one problem.

I just ran a full scan...it showed nothing but when I went to
get the log it shows 1 unresolved. I will run a full scan again
in the AM.

Category: Scan Results Date &
Time,Risk,Activity,Status,Scan Time (d:h:m:s),Total items
scanned,Files & Directories,Registry Entries,Processes &
Start-Up Items,Network & Browser Items,Other,Trusted
Files,Skipped Files,Total Security Risks Detected,Virus,Total
Security Risks Resolved,Total Security Risks Requiring
Attention,Virus Unresolved

2013-06-17 1:50:21,Info,Full System Scan results,Completed,0:02:45:09,"1,242,303","1,237,970",414,"3, ,275",633,11,"4,869",48,1,1,0,1,1



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 PM

Posted 17 June 2013 - 01:24 AM

Hello

it shows 1 unresolved. <-- this IS what I was talking about - I have seen a few ways to fix this but it seems the easiest way is to just uninstall and reinstall Norton
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 o_wanderer

o_wanderer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:08 PM

Posted 17 June 2013 - 08:01 AM

This is the result for the full scan of this morning..

Category: Scan Results

 

Category: Scan Results
Date & Time,Risk,Activity,Status,Scan Time (d:h:m:s),Total items scanned,Files & Directories,Registry Entries,Processes & Start-Up Items,Network & Browser Items,Other,Trusted Files,Skipped Files,Total Security Risks Detected,Virus,Total Security Risks Resolved,Total Security Risks Requiring Attention,Virus Unresolved
2013-06-17 8:31:19,Info,Full System Scan results,Completed,0:00:35:13,"447,820","443,529",418,"3,235",627,11,"4,839","315,288",1,1,0,1,1

 

 

I went to the website and see that they have an updated version.

will uninstall then reinstall this new version.

 

 

Thanks for your help,

 

o_wanderer

 

 

 

 



#14 o_wanderer

o_wanderer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:08 PM

Posted 17 June 2013 - 09:34 AM

Okay, I uninstalled the Norton 360 and reinstalled the newer version.

Here is the scan error:

 

Resolved Threats:
No risks have been resolved

Unresolved Threats:
Boot.Pihar
 Type: Master Boot Record
 Risk: High (High Stealth, High Removal, High Performance, High Privacy)  
 Categories: Virus
 Status: Remove Failed
 -----------
 1 System Action
Drive 0x80 - Infected



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:08 PM

Posted 17 June 2013 - 09:38 PM

Take a read here and see if it helps

http://community.norton.com/t5/Norton-Internet-Security-Norton/Unable-to-clear-quot-Unresolved-Security-Risks-quot/td-p/107260


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users