Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackware keeps redirecting my browser and outlook


  • This topic is locked This topic is locked
15 replies to this topic

#1 alexjeppson

alexjeppson

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 PM

Posted 17 September 2013 - 10:12 AM

Here is my HijackThis log. I have already removed all melware with melwarebytes and norton symantec, but the problem is still happening.

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:46:02 AM, on 9/17/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\Smc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SHOREL~1\SHOREW~1\STCLogin.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\bin\IPS\IPSBHO.DLL
O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {b4de90bb-150d-4b33-95fe-6baac97e1c21} - (no file)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: []  (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'Default user')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3AC3D009-2E89-4F1E-9F51-04D4FBD50122} (Shoretel SClientInstall) - http://192.168.51.11/shorewaredirector/clientinstall/ShoretelClientInstall.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122329886442
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132592152220
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://adocs-support.webex.com/client/T28L/support/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pcaaero.local
O17 - HKLM\Software\..\Telephony: DomainName = pcaaero.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pcaaero.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pcaaero.local
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SEP - C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\WinLogoutNotifier.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccSvcHst.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\Smc.exe

--
End of file - 5923 bytes

 

Moderator edit: Moved from Introductions to a more appropriate forum due to being a Malware problem and the HiJack Log.

Roger


Edited by rotor123, 17 September 2013 - 10:28 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:51 PM

Posted 17 September 2013 - 09:26 PM


Hello alexjeppson

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 alexjeppson

alexjeppson
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 PM

Posted 18 September 2013 - 09:59 AM

Hey Gringo! Thanks for the help. Here is my Adwcleaner log:

 

# AdwCleaner v3.004 - Report created 17/09/2013 at 09:58:39
# Updated 15/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : awulf - PCA-103
# Running from : C:\Documents and Settings\awulf.PCAAERO\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\WINDOWS\system32\conduitEngine.tmp

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2405280
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4DE90BB-150D-4B33-95FE-6BAAC97E1C21}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2D6C718-7E52-428E-8852-365C4B1A6E36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4DE90BB-150D-4B33-95FE-6BAAC97E1C21}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F2D6C718-7E52-428E-8852-365C4B1A6E36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

*************************

AdwCleaner[R0].txt - [2326 octets] - [17/09/2013 09:56:40]
AdwCleaner[S0].txt - [2281 octets] - [17/09/2013 09:58:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2341 octets] ##########

 

 

The computer is still malfunctioning. The 2 issues it is still having is that the windows firewall keeps turning itself off after reboot and the Outlook (2010) can recieve but not send email. I have triple checked all the server outgoing mail settings and everything is as it should be in terms of password authentication. One thing I have noticed is that if the symantec antivirus program is disabled before reboot, the firewall doesn't shut itself off. But as soon as Symantec is enabled again, the windows firewall once again turns itself off. I will run the junk cleaner and post ASAP.

 

My computer operating system is:

 

Windows XP Professional

Version 2002

Service Pack 3

 

Intel Pentium Dual CPU

E2140 @ 1.60GHz

1.60 GHz, 0.99 GB of RAM

Physical Address Extension



#4 alexjeppson

alexjeppson
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 PM

Posted 18 September 2013 - 10:05 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Microsoft Windows XP x86
Ran by awulf on Wed 09/18/2013 at  7:52:39.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/18/2013 at  7:59:20.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Here is the Junkware log. The computer is still turning off its windows firewall after reboot and Outlook 2010 can receive but not send email.



#5 alexjeppson

alexjeppson
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 PM

Posted 18 September 2013 - 10:09 AM

I forgot to mention that the Windows XP service pack 3 and internet explorer 8 will not uninstall. Everytime I try I get and error message saying that the specified folder cannot be found.



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:51 PM

Posted 18 September 2013 - 02:08 PM


Hello alexjeppson

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 alexjeppson

alexjeppson
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 PM

Posted 18 September 2013 - 04:52 PM

Hello Gringo,

 

Here is the log from Combofix.. Unfortunatly I had already ran Combofix earlier the same day I started this topic. So I have posted the earlier log first and the log from when I ran Combofix today second.

 

ComboFix 13-09-17.01 - awulf 09/17/2013   9:27.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1015.527 [GMT -7:00]
Running from: c:\documents and settings\awulf.PCAAERO\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\awulf\WINDOWS
C:\UNWISE.EXE
c:\windows\system32\_005021_.tmp.dll
c:\windows\system32\_005022_.tmp.dll
c:\windows\system32\_005023_.tmp.dll
c:\windows\system32\_005024_.tmp.dll
c:\windows\system32\_005029_.tmp.dll
c:\windows\system32\_005030_.tmp.dll
c:\windows\system32\_005031_.tmp.dll
c:\windows\system32\_005032_.tmp.dll
c:\windows\system32\_005033_.tmp.dll
c:\windows\system32\_005034_.tmp.dll
c:\windows\system32\_005035_.tmp.dll
c:\windows\system32\_005036_.tmp.dll
c:\windows\system32\_005037_.tmp.dll
c:\windows\system32\_005038_.tmp.dll
c:\windows\system32\_005040_.tmp.dll
c:\windows\system32\_005041_.tmp.dll
c:\windows\system32\_005042_.tmp.dll
c:\windows\system32\_005043_.tmp.dll
c:\windows\system32\_005044_.tmp.dll
c:\windows\system32\_005045_.tmp.dll
c:\windows\system32\_005046_.tmp.dll
c:\windows\system32\_005047_.tmp.dll
c:\windows\system32\_005048_.tmp.dll
c:\windows\system32\_005049_.tmp.dll
c:\windows\system32\_005050_.tmp.dll
c:\windows\system32\_005051_.tmp.dll
c:\windows\system32\_005052_.tmp.dll
c:\windows\system32\_005053_.tmp.dll
c:\windows\system32\_005054_.tmp.dll
c:\windows\system32\_005055_.tmp.dll
c:\windows\system32\_005056_.tmp.dll
c:\windows\system32\_005057_.tmp.dll
c:\windows\system32\_005058_.tmp.dll
c:\windows\system32\_005059_.tmp.dll
c:\windows\system32\_005060_.tmp.dll
c:\windows\system32\_005061_.tmp.dll
c:\windows\system32\_005062_.tmp.dll
c:\windows\system32\_005063_.tmp.dll
c:\windows\system32\_005064_.tmp.dll
c:\windows\system32\_005065_.tmp.dll
c:\windows\system32\_005066_.tmp.dll
c:\windows\system32\_005067_.tmp.dll
c:\windows\system32\_005068_.tmp.dll
c:\windows\system32\_005069_.tmp.dll
c:\windows\system32\_005070_.tmp.dll
c:\windows\system32\_005071_.tmp.dll
c:\windows\system32\_005072_.tmp.dll
c:\windows\system32\_005073_.tmp.dll
c:\windows\system32\_005074_.tmp.dll
c:\windows\system32\_005075_.tmp.dll
c:\windows\system32\_005076_.tmp.dll
c:\windows\system32\_005077_.tmp.dll
c:\windows\system32\_005078_.tmp.dll
c:\windows\system32\_005079_.tmp.dll
c:\windows\system32\_005081_.tmp.dll
c:\windows\system32\_005082_.tmp.dll
c:\windows\system32\_005083_.tmp.dll
c:\windows\system32\_005084_.tmp.dll
c:\windows\system32\_005086_.tmp.dll
c:\windows\system32\_005087_.tmp.dll
c:\windows\system32\_005088_.tmp.dll
c:\windows\system32\_005089_.tmp.dll
c:\windows\system32\_005090_.tmp.dll
c:\windows\system32\_005091_.tmp.dll
c:\windows\system32\_005093_.tmp.dll
c:\windows\system32\_005094_.tmp.dll
c:\windows\system32\_005095_.tmp.dll
c:\windows\system32\_005096_.tmp.dll
c:\windows\system32\_005097_.tmp.dll
c:\windows\system32\_005099_.tmp.dll
c:\windows\system32\_005100_.tmp.dll
c:\windows\system32\_005102_.tmp.dll
c:\windows\system32\_005103_.tmp.dll
c:\windows\system32\_005104_.tmp.dll
c:\windows\system32\_005105_.tmp.dll
c:\windows\system32\_005106_.tmp.dll
c:\windows\system32\_005107_.tmp.dll
c:\windows\system32\_005108_.tmp.dll
c:\windows\system32\_005109_.tmp.dll
c:\windows\system32\_005110_.tmp.dll
c:\windows\system32\_005111_.tmp.dll
c:\windows\system32\_005112_.tmp.dll
c:\windows\system32\_005114_.tmp.dll
c:\windows\system32\_005115_.tmp.dll
c:\windows\system32\_005116_.tmp.dll
c:\windows\system32\_005117_.tmp.dll
c:\windows\system32\_005118_.tmp.dll
c:\windows\system32\_005119_.tmp.dll
c:\windows\system32\_005120_.tmp.dll
c:\windows\system32\_005121_.tmp.dll
c:\windows\system32\_005122_.tmp.dll
c:\windows\system32\_005123_.tmp.dll
c:\windows\system32\_005124_.tmp.dll
c:\windows\system32\_005125_.tmp.dll
c:\windows\system32\_005126_.tmp.dll
c:\windows\system32\_005128_.tmp.dll
c:\windows\system32\_005129_.tmp.dll
c:\windows\system32\_005130_.tmp.dll
c:\windows\system32\_005131_.tmp.dll
c:\windows\system32\_005132_.tmp.dll
c:\windows\system32\_005134_.tmp.dll
c:\windows\system32\_005135_.tmp.dll
c:\windows\system32\_005137_.tmp.dll
c:\windows\system32\_005138_.tmp.dll
c:\windows\system32\_005139_.tmp.dll
c:\windows\system32\_005140_.tmp.dll
c:\windows\system32\_005141_.tmp.dll
c:\windows\system32\_005142_.tmp.dll
c:\windows\system32\_005143_.tmp.dll
c:\windows\system32\_005144_.tmp.dll
c:\windows\system32\_005145_.tmp.dll
c:\windows\system32\_005146_.tmp.dll
c:\windows\system32\_005147_.tmp.dll
c:\windows\system32\_005149_.tmp.dll
c:\windows\system32\_005150_.tmp.dll
c:\windows\system32\_005151_.tmp.dll
c:\windows\system32\_005152_.tmp.dll
c:\windows\system32\_005154_.tmp.dll
c:\windows\system32\_005155_.tmp.dll
c:\windows\system32\_005156_.tmp.dll
c:\windows\system32\_005159_.tmp.dll
c:\windows\system32\_005160_.tmp.dll
c:\windows\system32\_005164_.tmp.dll
c:\windows\system32\_005165_.tmp.dll
c:\windows\system32\_005167_.tmp.dll
c:\windows\system32\_005169_.tmp.dll
c:\windows\system32\_005170_.tmp.dll
c:\windows\system32\_005172_.tmp.dll
c:\windows\system32\_005173_.tmp.dll
c:\windows\system32\_005174_.tmp.dll
c:\windows\system32\_005175_.tmp.dll
c:\windows\system32\_005178_.tmp.dll
c:\windows\system32\_005179_.tmp.dll
c:\windows\system32\_005180_.tmp.dll
c:\windows\system32\_005181_.tmp.dll
c:\windows\system32\_005182_.tmp.dll
c:\windows\system32\_005187_.tmp.dll
c:\windows\system32\_005189_.tmp.dll
c:\windows\system32\_005190_.tmp.dll
c:\windows\system32\SET10F.tmp
c:\windows\system32\SET110.tmp
c:\windows\system32\SET112.tmp
c:\windows\system32\SET1128.tmp
c:\windows\system32\SET112D.tmp
c:\windows\system32\SET113.tmp
c:\windows\system32\SET1130.tmp
c:\windows\system32\SET114D.tmp
c:\windows\system32\SET115.tmp
c:\windows\system32\SET116.tmp
c:\windows\system32\SET117.tmp
c:\windows\system32\SET118.tmp
c:\windows\system32\SET119.tmp
c:\windows\system32\SET11A.tmp
c:\windows\system32\SET11C.tmp
c:\windows\system32\SET11D.tmp
c:\windows\system32\SET11E.tmp
c:\windows\system32\SET1214.tmp
c:\windows\system32\SET1215.tmp
c:\windows\system32\SET121A.tmp
c:\windows\system32\SET121D.tmp
c:\windows\system32\SET123.tmp
c:\windows\system32\SET123A.tmp
c:\windows\system32\SET124.tmp
c:\windows\system32\SET125.tmp
c:\windows\system32\SET126.tmp
c:\windows\system32\SET128.tmp
c:\windows\system32\SET129.tmp
c:\windows\system32\SET12A.tmp
c:\windows\system32\SET12B.tmp
c:\windows\system32\SET12B9.tmp
c:\windows\system32\SET12C.tmp
c:\windows\system32\SET12D.tmp
c:\windows\system32\SET12E.tmp
c:\windows\system32\SET12F.tmp
c:\windows\system32\SET12F1.tmp
c:\windows\system32\SET12F6.tmp
c:\windows\system32\SET12F9.tmp
c:\windows\system32\SET130.tmp
c:\windows\system32\SET131.tmp
c:\windows\system32\SET1316.tmp
c:\windows\system32\SET132.tmp
c:\windows\system32\SET134.tmp
c:\windows\system32\SET135.tmp
c:\windows\system32\SET136.tmp
c:\windows\system32\SET137.tmp
c:\windows\system32\SET138.tmp
c:\windows\system32\SET139.tmp
c:\windows\system32\SET13A.tmp
c:\windows\system32\SET13B.tmp
c:\windows\system32\SET13C.tmp
c:\windows\system32\SET13D.tmp
c:\windows\system32\SET13DD.tmp
c:\windows\system32\SET13E.tmp
c:\windows\system32\SET13E2.tmp
c:\windows\system32\SET13E5.tmp
c:\windows\system32\SET13E9.tmp
c:\windows\system32\SET13F.tmp
c:\windows\system32\SET140.tmp
c:\windows\system32\SET1402.tmp
c:\windows\system32\SET141.tmp
c:\windows\system32\SET143.tmp
c:\windows\system32\SET144.tmp
c:\windows\system32\SET145.tmp
c:\windows\system32\SET146.tmp
c:\windows\system32\SET147.tmp
c:\windows\system32\SET14A.tmp
c:\windows\system32\SET14C.tmp
c:\windows\system32\SET14E.tmp
c:\windows\system32\SET14F.tmp
c:\windows\system32\SET150.tmp
c:\windows\system32\SET151.tmp
c:\windows\system32\SET152.tmp
c:\windows\system32\SET153.tmp
c:\windows\system32\SET155.tmp
c:\windows\system32\SET156.tmp
c:\windows\system32\SET157.tmp
c:\windows\system32\SET158.tmp
c:\windows\system32\SET159.tmp
c:\windows\system32\SET15A.tmp
c:\windows\system32\SET15B.tmp
c:\windows\system32\SET15C.tmp
c:\windows\system32\SET15D.tmp
c:\windows\system32\SET15E.tmp
c:\windows\system32\SET15F.tmp
c:\windows\system32\SET160.tmp
c:\windows\system32\SET161.tmp
c:\windows\system32\SET162.tmp
c:\windows\system32\SET163.tmp
c:\windows\system32\SET164.tmp
c:\windows\system32\SET165.tmp
c:\windows\system32\SET166.tmp
c:\windows\system32\SET167.tmp
c:\windows\system32\SET168.tmp
c:\windows\system32\SET169.tmp
c:\windows\system32\SET16A.tmp
c:\windows\system32\SET16B.tmp
c:\windows\system32\SET16C.tmp
c:\windows\system32\SET16D.tmp
c:\windows\system32\SET16E.tmp
c:\windows\system32\SET16F.tmp
c:\windows\system32\SET171.tmp
c:\windows\system32\SET172.tmp
c:\windows\system32\SET173.tmp
c:\windows\system32\SET174.tmp
c:\windows\system32\SET175.tmp
c:\windows\system32\SET176.tmp
c:\windows\system32\SET177.tmp
c:\windows\system32\SET178.tmp
c:\windows\system32\SET179.tmp
c:\windows\system32\SET17A.tmp
c:\windows\system32\SET17B.tmp
c:\windows\system32\SET17C.tmp
c:\windows\system32\SET17D.tmp
c:\windows\system32\SET17F.tmp
c:\windows\system32\SET181.tmp
c:\windows\system32\SET182.tmp
c:\windows\system32\SET183.tmp
c:\windows\system32\SET184.tmp
c:\windows\system32\SET185.tmp
c:\windows\system32\SET186.tmp
c:\windows\system32\SET18A.tmp
c:\windows\system32\SET18B.tmp
c:\windows\system32\SET18D.tmp
c:\windows\system32\SET18E.tmp
c:\windows\system32\SET18F.tmp
c:\windows\system32\SET190.tmp
c:\windows\system32\SET191.tmp
c:\windows\system32\SET192.tmp
c:\windows\system32\SET193.tmp
c:\windows\system32\SET195.tmp
c:\windows\system32\SET197.tmp
c:\windows\system32\SET198.tmp
c:\windows\system32\SET199.tmp
c:\windows\system32\SET19A.tmp
c:\windows\system32\SET19B.tmp
c:\windows\system32\SET19C.tmp
c:\windows\system32\SET19D.tmp
c:\windows\system32\SET19F.tmp
c:\windows\system32\SET1A0.tmp
c:\windows\system32\SET1A1.tmp
c:\windows\system32\SET1A2.tmp
c:\windows\system32\SET1A3.tmp
c:\windows\system32\SET1A4.tmp
c:\windows\system32\SET1A5.tmp
c:\windows\system32\SET1A6.tmp
c:\windows\system32\SET1AA.tmp
c:\windows\system32\SET1AB.tmp
c:\windows\system32\SET1AC.tmp
c:\windows\system32\SET1AD.tmp
c:\windows\system32\SET1AE.tmp
c:\windows\system32\SET1AF.tmp
c:\windows\system32\SET1B0.tmp
c:\windows\system32\SET1B1.tmp
c:\windows\system32\SET1B2.tmp
c:\windows\system32\SET1B3.tmp
c:\windows\system32\SET1B5.tmp
c:\windows\system32\SET1B6.tmp
c:\windows\system32\SET1B7.tmp
c:\windows\system32\SET1B8.tmp
c:\windows\system32\SET1B9.tmp
c:\windows\system32\SET1BA.tmp
c:\windows\system32\SET1BB.tmp
c:\windows\system32\SET1BC.tmp
c:\windows\system32\SET1BD.tmp
c:\windows\system32\SET1BE.tmp
c:\windows\system32\SET1BF.tmp
c:\windows\system32\SET1C0.tmp
c:\windows\system32\SET1C1.tmp
c:\windows\system32\SET1C2.tmp
c:\windows\system32\SET1C3.tmp
c:\windows\system32\SET1C4.tmp
c:\windows\system32\SET1C5.tmp
c:\windows\system32\SET1C6.tmp
c:\windows\system32\SET1C7.tmp
c:\windows\system32\SET1C8.tmp
c:\windows\system32\SET1C9.tmp
c:\windows\system32\SET1CA.tmp
c:\windows\system32\SET1CB.tmp
c:\windows\system32\SET1CC.tmp
c:\windows\system32\SET1CD.tmp
c:\windows\system32\SET1CE.tmp
c:\windows\system32\SET1CF.tmp
c:\windows\system32\SET1D0.tmp
c:\windows\system32\SET1D1.tmp
c:\windows\system32\SET1D2.tmp
c:\windows\system32\SET1D3.tmp
c:\windows\system32\SET1D4.tmp
c:\windows\system32\SET1D5.tmp
c:\windows\system32\SET1D6.tmp
c:\windows\system32\SET1D7.tmp
c:\windows\system32\SET1D9.tmp
c:\windows\system32\SET1DA.tmp
c:\windows\system32\SET1DB.tmp
c:\windows\system32\SET1DC.tmp
c:\windows\system32\SET1DD.tmp
c:\windows\system32\SET1DE.tmp
c:\windows\system32\SET1DF.tmp
c:\windows\system32\SET1E0.tmp
c:\windows\system32\SET1E2.tmp
c:\windows\system32\SET1E4.tmp
c:\windows\system32\SET1E5.tmp
c:\windows\system32\SET1E6.tmp
c:\windows\system32\SET1E7.tmp
c:\windows\system32\SET1E8.tmp
c:\windows\system32\SET1EA.tmp
c:\windows\system32\SET1EC.tmp
c:\windows\system32\SET1ED.tmp
c:\windows\system32\SET1EE.tmp
c:\windows\system32\SET1EF.tmp
c:\windows\system32\SET1F0.tmp
c:\windows\system32\SET1F1.tmp
c:\windows\system32\SET1F2.tmp
c:\windows\system32\SET1F3.tmp
c:\windows\system32\SET1F4.tmp
c:\windows\system32\SET1F5.tmp
c:\windows\system32\SET1F6.tmp
c:\windows\system32\SET1F7.tmp
c:\windows\system32\SET1F8.tmp
c:\windows\system32\SET1F9.tmp
c:\windows\system32\SET1FA.tmp
c:\windows\system32\SET1FD.tmp
c:\windows\system32\SET1FE.tmp
c:\windows\system32\SET201.tmp
c:\windows\system32\SET202.tmp
c:\windows\system32\SET203.tmp
c:\windows\system32\SET204.tmp
c:\windows\system32\SET205.tmp
c:\windows\system32\SET206.tmp
c:\windows\system32\SET208.tmp
c:\windows\system32\SET209.tmp
c:\windows\system32\SET20B.tmp
c:\windows\system32\SET20D.tmp
c:\windows\system32\SET20E.tmp
c:\windows\system32\SET20F.tmp
c:\windows\system32\SET210.tmp
c:\windows\system32\SET211.tmp
c:\windows\system32\SET212.tmp
c:\windows\system32\SET213.tmp
c:\windows\system32\SET215.tmp
c:\windows\system32\SET216.tmp
c:\windows\system32\SET217.tmp
c:\windows\system32\SET218.tmp
c:\windows\system32\SET219.tmp
c:\windows\system32\SET21A.tmp
c:\windows\system32\SET21B.tmp
c:\windows\system32\SET21C.tmp
c:\windows\system32\SET21D.tmp
c:\windows\system32\SET21E.tmp
c:\windows\system32\SET21F.tmp
c:\windows\system32\SET220.tmp
c:\windows\system32\SET221.tmp
c:\windows\system32\SET222.tmp
c:\windows\system32\SET225.tmp
c:\windows\system32\SET226.tmp
c:\windows\system32\SET228.tmp
c:\windows\system32\SET229.tmp
c:\windows\system32\SET22C.tmp
c:\windows\system32\SET22D.tmp
c:\windows\system32\SET22E.tmp
c:\windows\system32\SET22F.tmp
c:\windows\system32\SET230.tmp
c:\windows\system32\SET231.tmp
c:\windows\system32\SET232.tmp
c:\windows\system32\SET233.tmp
c:\windows\system32\SET234.tmp
c:\windows\system32\SET235.tmp
c:\windows\system32\SET236.tmp
c:\windows\system32\SET237.tmp
c:\windows\system32\SET238.tmp
c:\windows\system32\SET239.tmp
c:\windows\system32\SET23A.tmp
c:\windows\system32\SET23C.tmp
c:\windows\system32\SET23D.tmp
c:\windows\system32\SET23E.tmp
c:\windows\system32\SET23F.tmp
c:\windows\system32\SET240.tmp
c:\windows\system32\SET242.tmp
c:\windows\system32\SET243.tmp
c:\windows\system32\SET244.tmp
c:\windows\system32\SET245.tmp
c:\windows\system32\SET246.tmp
c:\windows\system32\SET247.tmp
c:\windows\system32\SET248.tmp
c:\windows\system32\SET249.tmp
c:\windows\system32\SET24A.tmp
c:\windows\system32\SET24B.tmp
c:\windows\system32\SET24C.tmp
c:\windows\system32\SET24D.tmp
c:\windows\system32\SET24E.tmp
c:\windows\system32\SET250.tmp
c:\windows\system32\SET251.tmp
c:\windows\system32\SET252.tmp
c:\windows\system32\SET253.tmp
c:\windows\system32\SET254.tmp
c:\windows\system32\SET255.tmp
c:\windows\system32\SET256.tmp
c:\windows\system32\SET257.tmp
c:\windows\system32\SET258.tmp
c:\windows\system32\SET259.tmp
c:\windows\system32\SET25A.tmp
c:\windows\system32\SET25B.tmp
c:\windows\system32\SET25C.tmp
c:\windows\system32\SET25D.tmp
c:\windows\system32\SET25E.tmp
c:\windows\system32\SET25F.tmp
c:\windows\system32\SET260.tmp
c:\windows\system32\SET261.tmp
c:\windows\system32\SET262.tmp
c:\windows\system32\SET265.tmp
c:\windows\system32\SET267.tmp
c:\windows\system32\SET268.tmp
c:\windows\system32\SET269.tmp
c:\windows\system32\SET26A.tmp
c:\windows\system32\SET26B.tmp
c:\windows\system32\SET26C.tmp
c:\windows\system32\SET26D.tmp
c:\windows\system32\SET26F.tmp
c:\windows\system32\SET270.tmp
c:\windows\system32\SET271.tmp
c:\windows\system32\SET272.tmp
c:\windows\system32\SET273.tmp
c:\windows\system32\SET274.tmp
c:\windows\system32\SET275.tmp
c:\windows\system32\SET276.tmp
c:\windows\system32\SET277.tmp
c:\windows\system32\SET278.tmp
c:\windows\system32\SET279.tmp
c:\windows\system32\SET27B.tmp
c:\windows\system32\SET27D.tmp
c:\windows\system32\SET281.tmp
c:\windows\system32\SET282.tmp
c:\windows\system32\SET283.tmp
c:\windows\system32\SET284.tmp
c:\windows\system32\SET285.tmp
c:\windows\system32\SET286.tmp
c:\windows\system32\SET287.tmp
c:\windows\system32\SET289.tmp
c:\windows\system32\SET28B.tmp
c:\windows\system32\SET28C.tmp
c:\windows\system32\SET28D.tmp
c:\windows\system32\SET28F.tmp
c:\windows\system32\SET291.tmp
c:\windows\system32\SET292.tmp
c:\windows\system32\SET293.tmp
c:\windows\system32\SET294.tmp
c:\windows\system32\SET295.tmp
c:\windows\system32\SET296.tmp
c:\windows\system32\SET297.tmp
c:\windows\system32\SET298.tmp
c:\windows\system32\SET299.tmp
c:\windows\system32\SET29A.tmp
c:\windows\system32\SET29B.tmp
c:\windows\system32\SET29C.tmp
c:\windows\system32\SET29D.tmp
c:\windows\system32\SET29E.tmp
c:\windows\system32\SET2A0.tmp
c:\windows\system32\SET2A1.tmp
c:\windows\system32\SET2A2.tmp
c:\windows\system32\SET2A3.tmp
c:\windows\system32\SET2A4.tmp
c:\windows\system32\SET2A6.tmp
c:\windows\system32\SET2A7.tmp
c:\windows\system32\SET2A8.tmp
c:\windows\system32\SET2AA.tmp
c:\windows\system32\SET2AB.tmp
c:\windows\system32\SET2AC.tmp
c:\windows\system32\SET2AD.tmp
c:\windows\system32\SET2AE.tmp
c:\windows\system32\SET2AF.tmp
c:\windows\system32\SET2B0.tmp
c:\windows\system32\SET2B1.tmp
c:\windows\system32\SET2B3.tmp
c:\windows\system32\SET2B4.tmp
c:\windows\system32\SET2B5.tmp
c:\windows\system32\SET2B6.tmp
c:\windows\system32\SET2B7.tmp
c:\windows\system32\SET2B8.tmp
c:\windows\system32\SET2B9.tmp
c:\windows\system32\SET2BA.tmp
c:\windows\system32\SET2BB.tmp
c:\windows\system32\SET2BC.tmp
c:\windows\system32\SET2BD.tmp
c:\windows\system32\SET2C0.tmp
c:\windows\system32\SET2C3.tmp
c:\windows\system32\SET2C4.tmp
c:\windows\system32\SET2C5.tmp
c:\windows\system32\SET2C6.tmp
c:\windows\system32\SET2C7.tmp
c:\windows\system32\SET2C8.tmp
c:\windows\system32\SET2CB.tmp
c:\windows\system32\SET2CC.tmp
c:\windows\system32\SET2CD.tmp
c:\windows\system32\SET2CF.tmp
c:\windows\system32\SET2D0.tmp
c:\windows\system32\SET2D1.tmp
c:\windows\system32\SET2D2.tmp
c:\windows\system32\SET2D3.tmp
c:\windows\system32\SET2D4.tmp
c:\windows\system32\SET2D5.tmp
c:\windows\system32\SET2D7.tmp
c:\windows\system32\SET2D8.tmp
c:\windows\system32\SET2D9.tmp
c:\windows\system32\SET2DA.tmp
c:\windows\system32\SET2DB.tmp
c:\windows\system32\SET2DC.tmp
c:\windows\system32\SET2DD.tmp
c:\windows\system32\SET2DE.tmp
c:\windows\system32\SET2DF.tmp
c:\windows\system32\SET2E0.tmp
c:\windows\system32\SET2E2.tmp
c:\windows\system32\SET2E3.tmp
c:\windows\system32\SET2E4.tmp
c:\windows\system32\SET2E5.tmp
c:\windows\system32\SET2E6.tmp
c:\windows\system32\SET2E8.tmp
c:\windows\system32\SET2EA.tmp
c:\windows\system32\SET2EC.tmp
c:\windows\system32\SET2ED.tmp
c:\windows\system32\SET2EF.tmp
c:\windows\system32\SET2F0.tmp
c:\windows\system32\SET2F1.tmp
c:\windows\system32\SET2F2.tmp
c:\windows\system32\SET2F3.tmp
c:\windows\system32\SET2F4.tmp
c:\windows\system32\SET2F5.tmp
c:\windows\system32\SET2F7.tmp
c:\windows\system32\SET2F9.tmp
c:\windows\system32\SET2FA.tmp
c:\windows\system32\SET2FB.tmp
c:\windows\system32\SET2FD.tmp
c:\windows\system32\SET2FE.tmp
c:\windows\system32\SET301.tmp
c:\windows\system32\SET302.tmp
c:\windows\system32\SET303.tmp
c:\windows\system32\SET304.tmp
c:\windows\system32\SET305.tmp
c:\windows\system32\SET306.tmp
c:\windows\system32\SET307.tmp
c:\windows\system32\SET308.tmp
c:\windows\system32\SET30A.tmp
c:\windows\system32\SET30B.tmp
c:\windows\system32\SET30C.tmp
c:\windows\system32\SET30D.tmp
c:\windows\system32\SET30E.tmp
c:\windows\system32\SET30F.tmp
c:\windows\system32\SET310.tmp
c:\windows\system32\SET311.tmp
c:\windows\system32\SET313.tmp
c:\windows\system32\SET314.tmp
c:\windows\system32\SET315.tmp
c:\windows\system32\SET316.tmp
c:\windows\system32\SET318.tmp
c:\windows\system32\SET31B.tmp
c:\windows\system32\SET31C.tmp
c:\windows\system32\SET31D.tmp
c:\windows\system32\SET31E.tmp
c:\windows\system32\SET31F.tmp
c:\windows\system32\SET320.tmp
c:\windows\system32\SET321.tmp
c:\windows\system32\SET322.tmp
c:\windows\system32\SET323.tmp
c:\windows\system32\SET324.tmp
c:\windows\system32\SET325.tmp
c:\windows\system32\SET326.tmp
c:\windows\system32\SET327.tmp
c:\windows\system32\SET328.tmp
c:\windows\system32\SET329.tmp
c:\windows\system32\SET32A.tmp
c:\windows\system32\SET32B.tmp
c:\windows\system32\SET32C.tmp
c:\windows\system32\SET32D.tmp
c:\windows\system32\SET32E.tmp
c:\windows\system32\SET32F.tmp
c:\windows\system32\SET331.tmp
c:\windows\system32\SET332.tmp
c:\windows\system32\SET335.tmp
c:\windows\system32\SET336.tmp
c:\windows\system32\SET33B.tmp
c:\windows\system32\SET33C.tmp
c:\windows\system32\SET33E.tmp
c:\windows\system32\SET33F.tmp
c:\windows\system32\SET340.tmp
c:\windows\system32\SET341.tmp
c:\windows\system32\SET342.tmp
c:\windows\system32\SET343.tmp
c:\windows\system32\SET344.tmp
c:\windows\system32\SET346.tmp
c:\windows\system32\SET348.tmp
c:\windows\system32\SET349.tmp
c:\windows\system32\SET34A.tmp
c:\windows\system32\SET34B.tmp
c:\windows\system32\SET34D.tmp
c:\windows\system32\SET34F.tmp
c:\windows\system32\SET351.tmp
c:\windows\system32\SET353.tmp
c:\windows\system32\SET355.tmp
c:\windows\system32\SET356.tmp
c:\windows\system32\SET357.tmp
c:\windows\system32\SET358.tmp
c:\windows\system32\SET359.tmp
c:\windows\system32\SET35A.tmp
c:\windows\system32\SET35B.tmp
c:\windows\system32\SET35C.tmp
c:\windows\system32\SET35D.tmp
c:\windows\system32\SET35F.tmp
c:\windows\system32\SET361.tmp
c:\windows\system32\SET362.tmp
c:\windows\system32\SET363.tmp
c:\windows\system32\SET364.tmp
c:\windows\system32\SET366.tmp
c:\windows\system32\SET368.tmp
c:\windows\system32\SET36A.tmp
c:\windows\system32\SET36B.tmp
c:\windows\system32\SET36C.tmp
c:\windows\system32\SET36D.tmp
c:\windows\system32\SET36E.tmp
c:\windows\system32\SET36F.tmp
c:\windows\system32\SET370.tmp
c:\windows\system32\SET371.tmp
c:\windows\system32\SET372.tmp
c:\windows\system32\SET373.tmp
c:\windows\system32\SET374.tmp
c:\windows\system32\SET375.tmp
c:\windows\system32\SET376.tmp
c:\windows\system32\SET377.tmp
c:\windows\system32\SET378.tmp
c:\windows\system32\SET379.tmp
c:\windows\system32\SET37A.tmp
c:\windows\system32\SET37B.tmp
c:\windows\system32\SET37D.tmp
c:\windows\system32\SET37E.tmp
c:\windows\system32\SET37F.tmp
c:\windows\system32\SET380.tmp
c:\windows\system32\SET381.tmp
c:\windows\system32\SET382.tmp
c:\windows\system32\SET383.tmp
c:\windows\system32\SET386.tmp
c:\windows\system32\SET387.tmp
c:\windows\system32\SET388.tmp
c:\windows\system32\SET389.tmp
c:\windows\system32\SET38A.tmp
c:\windows\system32\SET38B.tmp
c:\windows\system32\SET38D.tmp
c:\windows\system32\SET38E.tmp
c:\windows\system32\SET38F.tmp
c:\windows\system32\SET390.tmp
c:\windows\system32\SET391.tmp
c:\windows\system32\SET392.tmp
c:\windows\system32\SET393.tmp
c:\windows\system32\SET394.tmp
c:\windows\system32\SET395.tmp
c:\windows\system32\SET396.tmp
c:\windows\system32\SET397.tmp
c:\windows\system32\SET398.tmp
c:\windows\system32\SET39A.tmp
c:\windows\system32\SET39B.tmp
c:\windows\system32\SET39C.tmp
c:\windows\system32\SET39E.tmp
c:\windows\system32\SET39F.tmp
c:\windows\system32\SET3A0.tmp
c:\windows\system32\SET3A1.tmp
c:\windows\system32\SET3A2.tmp
c:\windows\system32\SET3A3.tmp
c:\windows\system32\SET3A4.tmp
c:\windows\system32\SET3A5.tmp
c:\windows\system32\SET3A6.tmp
c:\windows\system32\SET3A7.tmp
c:\windows\system32\SET3A8.tmp
c:\windows\system32\SET3A9.tmp
c:\windows\system32\SET3AA.tmp
c:\windows\system32\SET3AB.tmp
c:\windows\system32\SET3AC.tmp
c:\windows\system32\SET3AE.tmp
c:\windows\system32\SET3AF.tmp
c:\windows\system32\SET3B0.tmp
c:\windows\system32\SET3B1.tmp
c:\windows\system32\SET3B2.tmp
c:\windows\system32\SET3B3.tmp
c:\windows\system32\SET3B5.tmp
c:\windows\system32\SET3B6.tmp
c:\windows\system32\SET3BA.tmp
c:\windows\system32\SET3BB.tmp
c:\windows\system32\SET3BC.tmp
c:\windows\system32\SET3BD.tmp
c:\windows\system32\SET3BE.tmp
c:\windows\system32\SET3BF.tmp
c:\windows\system32\SET3C0.tmp
c:\windows\system32\SET3C1.tmp
c:\windows\system32\SET3C2.tmp
c:\windows\system32\SET3C3.tmp
c:\windows\system32\SET3C4.tmp
c:\windows\system32\SET3C5.tmp
c:\windows\system32\SET3C6.tmp
c:\windows\system32\SET3C7.tmp
c:\windows\system32\SET3C9.tmp
c:\windows\system32\SET3CA.tmp
c:\windows\system32\SET3CB.tmp
c:\windows\system32\SET3CD.tmp
c:\windows\system32\SET3CF.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-17 to 2013-09-17  )))))))))))))))))))))))))))))))
.
.
2013-09-16 16:42 . 2013-09-16 16:42 -------- d-----w- c:\documents and settings\awulf.PCAAERO\Application Data\ElevatedDiagnostics
2013-09-13 21:05 . 2008-04-14 12:42 10752 ------w- c:\windows\system32\smtpapi.dll
2013-09-13 21:05 . 2008-04-14 12:42 9728 ------w- c:\windows\system32\rwnh.dll
2013-09-13 21:05 . 2007-04-03 07:12 1327320 ------w- c:\program files\MSN\msncorefiles\install\msnsusii.exe
2013-09-13 21:05 . 2007-04-03 07:04 884712 ------w- c:\program files\MSN\msncorefiles\install\msn9components\digcore.exe
2013-09-13 21:05 . 2007-04-03 07:09 11053008 ------w- c:\program files\MSN\msncorefiles\install\msn9components\msncli.exe
2013-09-13 21:05 . 2008-04-14 12:40 966656 ------w- c:\program files\MSN\msncorefiles\oobe\obemetal.dll
2013-09-13 21:05 . 2008-04-14 12:40 86016 ------w- c:\program files\MSN\msncorefiles\oobe\obepopc.dll
2013-09-13 21:05 . 2008-04-14 12:40 229376 ------w- c:\program files\MSN\msncorefiles\oobe\obelog.dll
2013-09-13 21:05 . 2007-04-03 07:14 77824 ------w- c:\program files\MSN\msncorefiles\oobe\obemtllc.dll
2013-09-13 21:04 . 2006-12-29 07:31 19569 ----a-w- c:\windows\000001_.tmp
2013-09-13 15:31 . 2003-03-18 18:07 16512 ----a-w- c:\windows\system32\drivers\aspi32.sys
2013-09-13 15:30 . 2000-02-03 19:53 24608 ----a-w- c:\windows\system32\Ckldrv.sys
2013-09-12 17:34 . 2013-09-12 17:34 94128 ----a-w- c:\windows\system32\FwsVpn.dll
2013-09-12 16:09 . 2013-09-12 16:09 -------- d-----w- C:\found.000
2013-09-11 22:24 . 2013-08-08 01:27 1877760 ------w- c:\windows\system32\win32k.sys
2013-08-28 19:02 . 2013-08-29 20:04 -------- d-----w- c:\program files\Microsoft Silverlight
2013-08-28 18:51 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-08-28 17:16 . 2013-08-28 17:16 -------- d-----w- c:\documents and settings\awulf.PCAAERO\Application Data\InstallShield
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-13 19:54 . 2012-07-09 18:06 868264 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-09-13 19:54 . 2010-04-21 14:21 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-12 17:40 . 2006-10-11 19:32 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2013-09-12 17:40 . 2006-10-11 19:32 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-09-12 17:34 . 2011-11-01 10:03 32208 ----a-w- c:\windows\system32\drivers\WGX.SYS
2013-09-12 17:34 . 2011-11-01 10:03 240048 ----a-w- c:\windows\system32\SymVPN.dll
2013-09-12 17:34 . 2011-11-01 10:03 92080 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2013-08-09 01:56 . 2006-02-28 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05 . 2006-02-28 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2006-02-28 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 00:02 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2006-02-28 12:00 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 21:18 . 2006-10-19 04:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-08-01 05:52 . 2006-02-28 12:00 901808 ------w- c:\windows\system32\wmvdmod.dll
2013-07-10 10:37 . 2006-02-28 12:00 406016 ------w- c:\windows\system32\usp10.dll
2013-07-04 03:03 . 2011-07-22 17:01 2149888 ------w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2011-07-22 17:01 2028544 ------w- c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-23 32768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LbrtyFaxMan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LbrtyFaxMan.lnk
backup=c:\windows\pss\LbrtyFaxMan.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-09-23 13:44 57344 -c--a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2004-09-24 10:06 2559488 -c--a-w- c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-02-23 05:21 32768 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:42 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-03-17 22:10 61952 ------w- c:\windows\system32\Hdaudpropshortcut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-01-13 16:47 163840 ------w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-01-13 16:47 131072 ------w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-01-13 16:46 135168 ------w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-09-23 11:27 77824 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2007-04-04 02:55 839680 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-03-16 14:06 868352 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6]
2004-02-27 17:29 61440 -c--a-w- c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
2004-05-20 16:40 188416 -c--a-w- c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"SentinelProtectionServer"=2 (0x2)
"SentinelKeysServer"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"Intel® PROSet Monitoring Service"=2 (0x2)
"idsvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"Crypkey License"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"SDWSCService"=2 (0x2)
"SDUpdateService"=2 (0x2)
"SDScannerService"=2 (0x2)
"SNAC"=3 (0x3)
"SmcService"=3 (0x3)
"SepMasterService"=2 (0x2)
"LiveUpdate"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec AntiVirus\\12.1.671.4971.105\\Bin\\Smc.exe"=
"c:\\Program Files\\Symantec AntiVirus\\12.1.671.4971.105\\Bin\\snac.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\SEP\0C01029F\136B.105\x86\SymDS.sys [5/2/2011 6:18 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\SEP\0C01029F\136B.105\x86\SymEFA.sys [5/17/2011 7:32 PM 756856]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20130913.013\BHDrvx86.sys [9/16/2013 11:44 AM 1002072]
R1 KdsMm;KdsMm;c:\windows\system32\drivers\kdsmm.sys [5/24/2007 2:45 PM 12160]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\SEP\0C01029F\136B.105\x86\Ironx86.sys [5/10/2011 7:54 PM 136312]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccSvcHst.exe [6/14/2011 3:31 PM 137224]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/12/2013 8:06 AM 108120]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20130913.001\IDSXpx86.sys [9/13/2013 6:00 PM 373728]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [7/25/2011 10:33 AM 11520]
S3 SyDvCtrl;SyDvCtrl;c:\program files\Symantec AntiVirus\12.1.671.4971.105\Bin\SyDvCtrl32.sys [6/17/2011 4:06 PM 23984]
S4 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [7/21/2011 1:45 PM 109728]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = localhost:8080
Trusted Zone: exostar.com\portalvs
TCP: DhcpNameServer = 192.168.51.101 4.2.2.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Notify-AtiExtEvent - (no file)
Notify-SEP - c:\program files\Symantec AntiVirus\12.1.671.4971.105\Bin\WinLogoutNotifier.dll
SafeBoot-41481415.sys
SafeBoot-45622756.sys
SafeBoot-77538618.sys
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-HP Software Update - c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
AddRemove-LibertyNET - c:\lib\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-17 09:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SepMasterService]
"ImagePath"="\"c:\program files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec AntiVirus\12.1.671.4971.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SmcService]
"ImagePath"="\"c:\program files\Symantec AntiVirus\12.1.671.4971.105\Bin\Smc.exe\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3680)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec AntiVirus\12.1.671.4971.105\Bin\Smc.exe
c:\progra~1\SHOREL~1\SHOREW~1\STCLogin.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2013-09-17  09:51:40 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-17 16:51
.
Pre-Run: 102,960,107,520 bytes free
Post-Run: 103,720,136,704 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 11A5C64CAB651775D4FB41A8A7981D23
8F558EB6672622401DA993E1E865C861
 

 

 

Second Log (from today)

 

 

ComboFix 13-09-17.01 - awulf 09/18/2013   8:38.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1015.570 [GMT -7:00]
Running from: c:\documents and settings\awulf.PCAAERO\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\AWULF~1.PCA\LOCALS~1\Temp\LAE8D.tmp
c:\docume~1\AWULF~1.PCA\LOCALS~1\Temp\LAEBA.tmp
c:\docume~1\AWULF~1.PCA\LOCALS~1\Temp\LAECE.tmp
c:\documents and settings\awulf.PCAAERO\Local Settings\temp\LAE8D.tmp
c:\documents and settings\awulf.PCAAERO\Local Settings\temp\LAEBA.tmp
c:\documents and settings\awulf.PCAAERO\Local Settings\temp\LAECE.tmp
c:\windows\system32\SET3D0.tmp
c:\windows\system32\SET3D1.tmp
c:\windows\system32\SET3D2.tmp
c:\windows\system32\SET3D5.tmp
c:\windows\system32\SET3D6.tmp
c:\windows\system32\SET3D8.tmp
c:\windows\system32\SET3D9.tmp
c:\windows\system32\SET3DA.tmp
c:\windows\system32\SET3DC.tmp
c:\windows\system32\SET3DD.tmp
c:\windows\system32\SET3DE.tmp
c:\windows\system32\SET3DF.tmp
c:\windows\system32\SET3E0.tmp
c:\windows\system32\SET3E1.tmp
c:\windows\system32\SET3E2.tmp
c:\windows\system32\SET3E3.tmp
c:\windows\system32\SET3E5.tmp
c:\windows\system32\SET3E9.tmp
c:\windows\system32\SET3EA.tmp
c:\windows\system32\SET3EB.tmp
c:\windows\system32\SET3EC.tmp
c:\windows\system32\SET3EE.tmp
c:\windows\system32\SET3EF.tmp
c:\windows\system32\SET3F0.tmp
c:\windows\system32\SET3F1.tmp
c:\windows\system32\SET3F2.tmp
c:\windows\system32\SET3F3.tmp
c:\windows\system32\SET3F5.tmp
c:\windows\system32\SET3F6.tmp
c:\windows\system32\SET3F7.tmp
c:\windows\system32\SET3F8.tmp
c:\windows\system32\SET3FA.tmp
c:\windows\system32\SET3FC.tmp
c:\windows\system32\SET400.tmp
c:\windows\system32\SET401.tmp
c:\windows\system32\SET402.tmp
c:\windows\system32\SET403.tmp
c:\windows\system32\SET404.tmp
c:\windows\system32\SET405.tmp
c:\windows\system32\SET409.tmp
c:\windows\system32\SET40A.tmp
c:\windows\system32\SET40C.tmp
c:\windows\system32\SET410.tmp
c:\windows\system32\SET411.tmp
c:\windows\system32\SET412.tmp
c:\windows\system32\SET413.tmp
c:\windows\system32\SET415.tmp
c:\windows\system32\SET416.tmp
c:\windows\system32\SET418.tmp
c:\windows\system32\SET419.tmp
c:\windows\system32\SET41A.tmp
c:\windows\system32\SET41B.tmp
c:\windows\system32\SET41D.tmp
c:\windows\system32\SET41E.tmp
c:\windows\system32\SET41F.tmp
c:\windows\system32\SET421.tmp
c:\windows\system32\SET422.tmp
c:\windows\system32\SET423.tmp
c:\windows\system32\SET427.tmp
c:\windows\system32\SET428.tmp
c:\windows\system32\SET42B.tmp
c:\windows\system32\SET42C.tmp
c:\windows\system32\SET42D.tmp
c:\windows\system32\SET42E.tmp
c:\windows\system32\SET42F.tmp
c:\windows\system32\SET430.tmp
c:\windows\system32\SET431.tmp
c:\windows\system32\SET432.tmp
c:\windows\system32\SET434.tmp
c:\windows\system32\SET436.tmp
c:\windows\system32\SET437.tmp
c:\windows\system32\SET43A.tmp
c:\windows\system32\SET43B.tmp
c:\windows\system32\SET43D.tmp
c:\windows\system32\SET43F.tmp
c:\windows\system32\SET440.tmp
c:\windows\system32\SET443.tmp
c:\windows\system32\SET445.tmp
c:\windows\system32\SET446.tmp
c:\windows\system32\SET448.tmp
c:\windows\system32\SET44A.tmp
c:\windows\system32\SET44B.tmp
c:\windows\system32\SET44C.tmp
c:\windows\system32\SET44E.tmp
c:\windows\system32\SET44F.tmp
c:\windows\system32\SET452.tmp
c:\windows\system32\SET453.tmp
c:\windows\system32\SET454.tmp
c:\windows\system32\SET456.tmp
c:\windows\system32\SET457.tmp
c:\windows\system32\SET458.tmp
c:\windows\system32\SET459.tmp
c:\windows\system32\SET45B.tmp
c:\windows\system32\SET45C.tmp
c:\windows\system32\SET45D.tmp
c:\windows\system32\SET461.tmp
c:\windows\system32\SET464.tmp
c:\windows\system32\SET467.tmp
c:\windows\system32\SET468.tmp
c:\windows\system32\SET46C.tmp
c:\windows\system32\SET470.tmp
c:\windows\system32\SET471.tmp
c:\windows\system32\SET472.tmp
c:\windows\system32\SET473.tmp
c:\windows\system32\SET474.tmp
c:\windows\system32\SET475.tmp
c:\windows\system32\SET478.tmp
c:\windows\system32\SET479.tmp
c:\windows\system32\SET47A.tmp
c:\windows\system32\SET47B.tmp
c:\windows\system32\SET47C.tmp
c:\windows\system32\SET47D.tmp
c:\windows\system32\SET47E.tmp
c:\windows\system32\SET47F.tmp
c:\windows\system32\SET480.tmp
c:\windows\system32\SET481.tmp
c:\windows\system32\SET483.tmp
c:\windows\system32\SET484.tmp
c:\windows\system32\SET485.tmp
c:\windows\system32\SET486.tmp
c:\windows\system32\SET488.tmp
c:\windows\system32\SET489.tmp
c:\windows\system32\SET48A.tmp
c:\windows\system32\SET48B.tmp
c:\windows\system32\SET48C.tmp
c:\windows\system32\SET48D.tmp
c:\windows\system32\SET48E.tmp
c:\windows\system32\SET48F.tmp
c:\windows\system32\SET490.tmp
c:\windows\system32\SET491.tmp
c:\windows\system32\SET492.tmp
c:\windows\system32\SET493.tmp
c:\windows\system32\SET495.tmp
c:\windows\system32\SET496.tmp
c:\windows\system32\SET497.tmp
c:\windows\system32\SET498.tmp
c:\windows\system32\SET49A.tmp
c:\windows\system32\SET49B.tmp
c:\windows\system32\SET49C.tmp
c:\windows\system32\SET49E.tmp
c:\windows\system32\SET49F.tmp
c:\windows\system32\SET4A1.tmp
c:\windows\system32\SET4A2.tmp
c:\windows\system32\SET4A6.tmp
c:\windows\system32\SET4A7.tmp
c:\windows\system32\SET4A8.tmp
c:\windows\system32\SET4AA.tmp
c:\windows\system32\SET4AE.tmp
c:\windows\system32\SET4AF.tmp
c:\windows\system32\SET4B0.tmp
c:\windows\system32\SET4B1.tmp
c:\windows\system32\SET4B3.tmp
c:\windows\system32\SET4B4.tmp
c:\windows\system32\SET4B6.tmp
c:\windows\system32\SET4B8.tmp
c:\windows\system32\SET4B9.tmp
c:\windows\system32\SET4BA.tmp
c:\windows\system32\SET4BC.tmp
c:\windows\system32\SET4BD.tmp
c:\windows\system32\SET4BE.tmp
c:\windows\system32\SET4BF.tmp
c:\windows\system32\SET4C0.tmp
c:\windows\system32\SET4C1.tmp
c:\windows\system32\SET4C2.tmp
c:\windows\system32\SET4C4.tmp
c:\windows\system32\SET4C5.tmp
c:\windows\system32\SET4C6.tmp
c:\windows\system32\SET4C8.tmp
c:\windows\system32\SET4C9.tmp
c:\windows\system32\SET4CA.tmp
c:\windows\system32\SET4CB.tmp
c:\windows\system32\SET4CC.tmp
c:\windows\system32\SET4CE.tmp
c:\windows\system32\SET4CF.tmp
c:\windows\system32\SET4D1.tmp
c:\windows\system32\SET4D2.tmp
c:\windows\system32\SET4D5.tmp
c:\windows\system32\SET4D6.tmp
c:\windows\system32\SET4D8.tmp
c:\windows\system32\SET4D9.tmp
c:\windows\system32\SET4DB.tmp
c:\windows\system32\SET4DF.tmp
c:\windows\system32\SET4E0.tmp
c:\windows\system32\SET4E1.tmp
c:\windows\system32\SET4E3.tmp
c:\windows\system32\SET4E5.tmp
c:\windows\system32\SET4E9.tmp
c:\windows\system32\SET4EB.tmp
c:\windows\system32\SET4ED.tmp
c:\windows\system32\SET4EE.tmp
c:\windows\system32\SET4F0.tmp
c:\windows\system32\SET4F3.tmp
c:\windows\system32\SET4F4.tmp
c:\windows\system32\SET4F5.tmp
c:\windows\system32\SET4F6.tmp
c:\windows\system32\SET4F8.tmp
c:\windows\system32\SET4F9.tmp
c:\windows\system32\SET4FB.tmp
c:\windows\system32\SET4FC.tmp
c:\windows\system32\SET502.tmp
c:\windows\system32\SET506.tmp
c:\windows\system32\SET508.tmp
c:\windows\system32\SET509.tmp
c:\windows\system32\SET50A.tmp
c:\windows\system32\SET50B.tmp
c:\windows\system32\SET50D.tmp
c:\windows\system32\SET50F.tmp
c:\windows\system32\SET510.tmp
c:\windows\system32\SET512.tmp
c:\windows\system32\SET516.tmp
c:\windows\system32\SET51D.tmp
c:\windows\system32\SET520.tmp
c:\windows\system32\SET521.tmp
c:\windows\system32\SET522.tmp
c:\windows\system32\SET523.tmp
c:\windows\system32\SET524.tmp
c:\windows\system32\SET526.tmp
c:\windows\system32\SET528.tmp
c:\windows\system32\SET52B.tmp
c:\windows\system32\SET531.tmp
c:\windows\system32\SET532.tmp
c:\windows\system32\SET537.tmp
c:\windows\system32\SET53A.tmp
c:\windows\system32\SET53C.tmp
c:\windows\system32\SET53D.tmp
c:\windows\system32\SET53E.tmp
c:\windows\system32\SET540.tmp
c:\windows\system32\SET541.tmp
c:\windows\system32\SET542.tmp
c:\windows\system32\SET546.tmp
c:\windows\system32\SET548.tmp
c:\windows\system32\SET549.tmp
c:\windows\system32\SET550.tmp
c:\windows\system32\SET55B.tmp
c:\windows\system32\SET55C.tmp
c:\windows\system32\SET55E.tmp
c:\windows\system32\SET561.tmp
c:\windows\system32\SET562.tmp
c:\windows\system32\SET563.tmp
c:\windows\system32\SET566.tmp
c:\windows\system32\SET567.tmp
c:\windows\system32\SET568.tmp
c:\windows\system32\SET569.tmp
c:\windows\system32\SET56A.tmp
c:\windows\system32\SET56B.tmp
c:\windows\system32\SET56C.tmp
c:\windows\system32\SET56E.tmp
c:\windows\system32\SET570.tmp
c:\windows\system32\SET571.tmp
c:\windows\system32\SET572.tmp
c:\windows\system32\SET575.tmp
c:\windows\system32\SET577.tmp
c:\windows\system32\SET57A.tmp
c:\windows\system32\SET57C.tmp
c:\windows\system32\SET57D.tmp
c:\windows\system32\SET580.tmp
c:\windows\system32\SET583.tmp
c:\windows\system32\SET585.tmp
c:\windows\system32\SET586.tmp
c:\windows\system32\SET58B.tmp
c:\windows\system32\SET58C.tmp
c:\windows\system32\SET58E.tmp
c:\windows\system32\SET591.tmp
c:\windows\system32\SET594.tmp
c:\windows\system32\SET597.tmp
c:\windows\system32\SET599.tmp
c:\windows\system32\SET59D.tmp
c:\windows\system32\SET59F.tmp
c:\windows\system32\SET5A0.tmp
c:\windows\system32\SET5A1.tmp
c:\windows\system32\SET5A4.tmp
c:\windows\system32\SET5A5.tmp
c:\windows\system32\SET5A9.tmp
c:\windows\system32\SET5AA.tmp
c:\windows\system32\SET5AC.tmp
c:\windows\system32\SET5B0.tmp
c:\windows\system32\SET5B2.tmp
c:\windows\system32\SET5B3.tmp
c:\windows\system32\SET5B5.tmp
c:\windows\system32\SET5B6.tmp
c:\windows\system32\SET5BA.tmp
c:\windows\system32\SET5BC.tmp
c:\windows\system32\SET5BE.tmp
c:\windows\system32\SET5BF.tmp
c:\windows\system32\SET5C3.tmp
c:\windows\system32\SET5D1.tmp
c:\windows\system32\SET5D7.tmp
c:\windows\system32\SET5D9.tmp
c:\windows\system32\SET5DA.tmp
c:\windows\system32\SET5E0.tmp
c:\windows\system32\SET5E4.tmp
c:\windows\system32\SET5E5.tmp
c:\windows\system32\SET5ED.tmp
c:\windows\system32\SET5EE.tmp
c:\windows\system32\SET5F2.tmp
c:\windows\system32\SET5F4.tmp
c:\windows\system32\SET5F5.tmp
c:\windows\system32\SET5F6.tmp
c:\windows\system32\SET5FE.tmp
c:\windows\system32\SET602.tmp
c:\windows\system32\SET60D.tmp
c:\windows\system32\SET61D.tmp
c:\windows\system32\SET61E.tmp
c:\windows\system32\SET623.tmp
c:\windows\system32\SET648.tmp
c:\windows\system32\SET64A.tmp
c:\windows\system32\SET651.tmp
c:\windows\system32\SET652.tmp
c:\windows\system32\SET653.tmp
c:\windows\system32\SET655.tmp
c:\windows\system32\SET656.tmp
c:\windows\system32\SET657.tmp
c:\windows\system32\SET658.tmp
c:\windows\system32\SET65A.tmp
c:\windows\system32\SET65C.tmp
c:\windows\system32\SET65D.tmp
c:\windows\system32\SET65E.tmp
c:\windows\system32\SET661.tmp
c:\windows\system32\SET663.tmp
c:\windows\system32\SET668.tmp
c:\windows\system32\SET669.tmp
c:\windows\system32\SET671.tmp
c:\windows\system32\SET678.tmp
c:\windows\system32\SET67D.tmp
c:\windows\system32\SET680.tmp
c:\windows\system32\SET681.tmp
c:\windows\system32\SET684.tmp
c:\windows\system32\SET686.tmp
c:\windows\system32\SET68A.tmp
c:\windows\system32\SET68C.tmp
c:\windows\system32\SET68D.tmp
c:\windows\system32\SET68E.tmp
c:\windows\system32\SET691.tmp
c:\windows\system32\SET692.tmp
c:\windows\system32\SET696.tmp
c:\windows\system32\SET697.tmp
c:\windows\system32\SET6A0.tmp
c:\windows\system32\SET6A3.tmp
c:\windows\system32\SET6A7.tmp
c:\windows\system32\SET6A9.tmp
c:\windows\system32\SET6AB.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-18 to 2013-09-18  )))))))))))))))))))))))))))))))
.
.
2013-09-18 14:52 . 2013-09-18 14:52 -------- d-----w- c:\windows\ERUNT
2013-09-17 22:50 . 2013-09-17 23:24 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-09-17 22:48 . 2013-09-17 22:48 -------- d-----w- C:\RegBackup
2013-09-17 22:44 . 2013-09-17 22:44 -------- d-----w- c:\program files\Tweaking.com
2013-09-17 17:19 . 2013-09-17 17:19 -------- d-----w- c:\documents and settings\awulf.PCAAERO\Application Data\Malwarebytes
2013-09-17 17:19 . 2013-09-17 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-09-16 16:42 . 2013-09-17 19:01 -------- d-----w- c:\documents and settings\awulf.PCAAERO\Application Data\ElevatedDiagnostics
2013-09-13 21:05 . 2008-04-14 12:42 10752 ------w- c:\windows\system32\smtpapi.dll
2013-09-13 21:05 . 2008-04-14 12:42 9728 ------w- c:\windows\system32\rwnh.dll
2013-09-13 21:05 . 2007-04-03 07:12 1327320 ------w- c:\program files\MSN\msncorefiles\install\msnsusii.exe
2013-09-13 21:05 . 2007-04-03 07:04 884712 ------w- c:\program files\MSN\msncorefiles\install\msn9components\digcore.exe
2013-09-13 21:05 . 2007-04-03 07:09 11053008 ------w- c:\program files\MSN\msncorefiles\install\msn9components\msncli.exe
2013-09-13 21:05 . 2008-04-14 12:40 966656 ------w- c:\program files\MSN\msncorefiles\oobe\obemetal.dll
2013-09-13 21:05 . 2008-04-14 12:40 86016 ------w- c:\program files\MSN\msncorefiles\oobe\obepopc.dll
2013-09-13 21:05 . 2008-04-14 12:40 229376 ------w- c:\program files\MSN\msncorefiles\oobe\obelog.dll
2013-09-13 21:05 . 2007-04-03 07:14 77824 ------w- c:\program files\MSN\msncorefiles\oobe\obemtllc.dll
2013-09-13 21:04 . 2006-12-29 07:31 19569 ----a-w- c:\windows\000001_.tmp
2013-09-13 15:31 . 2003-03-18 18:07 16512 ----a-w- c:\windows\system32\drivers\aspi32.sys
2013-09-13 15:30 . 2000-02-03 19:53 24608 ----a-w- c:\windows\system32\Ckldrv.sys
2013-09-12 17:34 . 2013-09-17 21:51 94128 ----a-w- c:\windows\system32\FwsVpn.dll
2013-09-11 22:24 . 2013-08-08 01:27 1877760 ------w- c:\windows\system32\win32k.sys
2013-08-28 19:02 . 2013-08-29 20:04 -------- d-----w- c:\program files\Microsoft Silverlight
2013-08-28 18:51 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-08-28 17:16 . 2013-08-28 17:16 -------- d-----w- c:\documents and settings\awulf.PCAAERO\Application Data\InstallShield
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-17 21:53 . 2006-10-11 19:32 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2013-09-17 21:53 . 2006-10-11 19:32 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-09-17 21:51 . 2011-11-01 10:03 32208 ----a-w- c:\windows\system32\drivers\WGX.SYS
2013-09-17 21:51 . 2011-11-01 10:03 240048 ----a-w- c:\windows\system32\SymVPN.dll
2013-09-17 21:51 . 2011-11-01 10:03 92080 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2013-09-13 19:54 . 2012-07-09 18:06 868264 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-09-13 19:54 . 2010-04-21 14:21 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-09 01:56 . 2006-02-28 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05 . 2006-02-28 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2006-02-28 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 00:02 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2006-02-28 12:00 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 21:18 . 2006-10-19 04:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-08-01 05:52 . 2006-02-28 12:00 901808 ------w- c:\windows\system32\wmvdmod.dll
2013-07-10 10:37 . 2006-02-28 12:00 406016 ------w- c:\windows\system32\usp10.dll
2013-07-04 03:03 . 2011-07-22 17:01 2149888 ------w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2011-07-22 17:01 2028544 ------w- c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-23 32768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LbrtyFaxMan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LbrtyFaxMan.lnk
backup=c:\windows\pss\LbrtyFaxMan.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-09-23 13:44 57344 -c--a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2004-09-24 10:06 2559488 -c--a-w- c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-02-23 05:21 32768 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:42 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-03-17 22:10 61952 ------w- c:\windows\system32\Hdaudpropshortcut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-01-13 16:47 163840 ------w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-01-13 16:47 131072 ------w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-01-13 16:46 135168 ------w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-09-23 11:27 77824 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2007-04-04 02:55 839680 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-03-16 14:06 868352 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6]
2004-02-27 17:29 61440 -c--a-w- c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
2004-05-20 16:40 188416 -c--a-w- c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"SentinelProtectionServer"=2 (0x2)
"SentinelKeysServer"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"osppsvc"=3 (0x3)
"ose"=3 (0x3)
"Intel® PROSet Monitoring Service"=2 (0x2)
"idsvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"Crypkey License"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"SDWSCService"=2 (0x2)
"SDUpdateService"=2 (0x2)
"SDScannerService"=2 (0x2)
"SNAC"=3 (0x3)
"SmcService"=3 (0x3)
"SepMasterService"=2 (0x2)
"LiveUpdate"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec AntiVirus\\12.1.671.4971.105\\Bin\\Smc.exe"=
"c:\\Program Files\\Symantec AntiVirus\\12.1.671.4971.105\\Bin\\snac.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\SEP\0C01029F\136B.105\x86\SymDS.sys [5/2/2011 6:18 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\SEP\0C01029F\136B.105\x86\SymEFA.sys [5/17/2011 7:32 PM 756856]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20130913.014\BHDrvx86.sys [9/13/2013 10:50 PM 1002072]
R1 KdsMm;KdsMm;c:\windows\system32\drivers\kdsmm.sys [5/24/2007 2:45 PM 12160]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\SEP\0C01029F\136B.105\x86\Ironx86.sys [5/10/2011 7:54 PM 136312]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccSvcHst.exe [9/17/2013 2:51 PM 137224]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/12/2013 8:06 AM 108120]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20130914.001\IDSXpx86.sys [9/17/2013 11:52 AM 373728]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [7/25/2011 10:33 AM 11520]
S3 SyDvCtrl;SyDvCtrl;c:\program files\Symantec AntiVirus\12.1.671.4971.105\Bin\SyDvCtrl32.sys [6/17/2011 4:06 PM 23984]
S4 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [7/21/2011 1:45 PM 109728]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = localhost:8080
Trusted Zone: exostar.com\portalvs
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SEP - c:\program files\Symantec AntiVirus\12.1.671.4971.105\Bin\WinLogoutNotifier.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-18 08:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SepMasterService]
"ImagePath"="\"c:\program files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec AntiVirus\12.1.671.4971.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SmcService]
"ImagePath"="\"c:\program files\Symantec AntiVirus\12.1.671.4971.105\Bin\Smc.exe\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3712)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec AntiVirus\12.1.671.4971.105\Bin\Smc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\SHOREL~1\SHOREW~1\STCLogin.exe
.
**************************************************************************
.
Completion time: 2013-09-18  08:57:55 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-18 15:57
.
Pre-Run: 106,304,262,144 bytes free
Post-Run: 106,238,861,312 bytes free
.
- - End Of File - - B23CF3771CA1B10BA43FDED510F5873D
8F558EB6672622401DA993E1E865C861
 

 

 

 So at this point the Windows firewall is still turning off. I was able to fix the email by changing the name of the address and reloading the account in Outlook 2010. I think the pipe was cloged by a corrupted sent email or something. My browsers are also working fine with no popups or anything like that. It's just that freakin firewall at this point. I'm pretty sure it's a hijacker, but I can't seem to pin point where it is. Once again, thank you so much for your help. It is very appreciated.



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:51 PM

Posted 18 September 2013 - 06:19 PM


Hello alexjeppson

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 alexjeppson

alexjeppson
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 PM

Posted 19 September 2013 - 11:50 AM

The TDSSKiller made 2 logs after the scan.

 

Here is TDSSKiller Log 1:

 

08:01:32.0515 1264  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:01:33.0343 1264  ============================================================
08:01:33.0343 1264  Current date / time: 2013/09/19 08:01:33.0343
08:01:33.0359 1264  SystemInfo:
08:01:33.0359 1264 
08:01:33.0359 1264  OS Version: 5.1.2600 ServicePack: 3.0
08:01:33.0359 1264  Product type: Workstation
08:01:33.0359 1264  ComputerName: PCA-103
08:01:33.0359 1264  UserName: awulf
08:01:33.0359 1264  Windows directory: C:\WINDOWS
08:01:33.0359 1264  System windows directory: C:\WINDOWS
08:01:33.0359 1264  Processor architecture: Intel x86
08:01:33.0359 1264  Number of processors: 2
08:01:33.0359 1264  Page size: 0x1000
08:01:33.0359 1264  Boot type: Normal boot
08:01:33.0359 1264  ============================================================
08:01:35.0468 1264  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:01:35.0468 1264  Drive \Device\Harddisk1\DR2 - Size: 0x774488000 (29.82 Gb), SectorSize: 0x200, Cylinders: 0xF34, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:01:35.0468 1264  ============================================================
08:01:35.0468 1264  \Device\Harddisk0\DR0:
08:01:35.0468 1264  MBR partitions:
08:01:35.0468 1264  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
08:01:35.0468 1264  \Device\Harddisk1\DR2:
08:01:35.0468 1264  MBR partitions:
08:01:35.0468 1264  \Device\Harddisk1\DR2\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x3BA2420
08:01:35.0468 1264  ============================================================
08:01:35.0500 1264  C: <-> \Device\Harddisk0\DR0\Partition1
08:01:35.0500 1264  ============================================================
08:01:35.0500 1264  Initialize success
08:01:35.0500 1264  ============================================================
08:01:48.0562 3764  Deinitialize success
 

 

 

Here is TDSSKiller Log 2:

 

 

08:04:33.0671 3084  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:04:34.0562 3084  ============================================================
08:04:34.0562 3084  Current date / time: 2013/09/19 08:04:34.0562
08:04:34.0562 3084  SystemInfo:
08:04:34.0562 3084 
08:04:34.0562 3084  OS Version: 5.1.2600 ServicePack: 3.0
08:04:34.0562 3084  Product type: Workstation
08:04:34.0562 3084  ComputerName: PCA-103
08:04:34.0562 3084  UserName: awulf
08:04:34.0562 3084  Windows directory: C:\WINDOWS
08:04:34.0562 3084  System windows directory: C:\WINDOWS
08:04:34.0562 3084  Processor architecture: Intel x86
08:04:34.0562 3084  Number of processors: 2
08:04:34.0562 3084  Page size: 0x1000
08:04:34.0562 3084  Boot type: Normal boot
08:04:34.0562 3084  ============================================================
08:04:37.0343 3084  BG loaded
08:04:37.0750 3084  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:04:37.0750 3084  Drive \Device\Harddisk1\DR2 - Size: 0x774488000 (29.82 Gb), SectorSize: 0x200, Cylinders: 0xF34, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:04:37.0750 3084  ============================================================
08:04:37.0750 3084  \Device\Harddisk0\DR0:
08:04:37.0750 3084  MBR partitions:
08:04:37.0750 3084  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
08:04:37.0750 3084  \Device\Harddisk1\DR2:
08:04:37.0750 3084  MBR partitions:
08:04:37.0750 3084  \Device\Harddisk1\DR2\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x3BA2420
08:04:37.0750 3084  ============================================================
08:04:37.0781 3084  C: <-> \Device\Harddisk0\DR0\Partition1
08:04:37.0781 3084  ============================================================
08:04:37.0781 3084  Initialize success
08:04:37.0781 3084  ============================================================
08:04:45.0718 3636  ============================================================
08:04:45.0718 3636  Scan started
08:04:45.0718 3636  Mode: Manual; SigCheck; TDLFS;
08:04:45.0718 3636  ============================================================
08:04:46.0593 3636  ================ Scan system memory ========================
08:04:48.0765 3636  System memory - ok
08:04:48.0765 3636  ================ Scan services =============================
08:04:48.0890 3636  Abiosdsk - ok
08:04:48.0906 3636  abp480n5 - ok
08:04:48.0953 3636  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:04:59.0015 3636  ACPI - ok
08:04:59.0062 3636  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
08:04:59.0390 3636  ACPIEC - ok
08:04:59.0468 3636  [ D81DA6943A4C03DBB1E1DB8AE74C75F3 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
08:04:59.0593 3636  ADIHdAudAddService - ok
08:04:59.0593 3636  adpu160m - ok
08:04:59.0656 3636  [ 860DF7676869CD8690CB2B23AB6DE66A ] AEAudio         C:\WINDOWS\system32\drivers\AEAudio.sys
08:04:59.0703 3636  AEAudio - ok
08:04:59.0734 3636  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
08:04:59.0968 3636  aec - ok
08:05:00.0031 3636  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
08:05:00.0125 3636  AFD - ok
08:05:00.0125 3636  Aha154x - ok
08:05:00.0140 3636  aic78u2 - ok
08:05:00.0140 3636  aic78xx - ok
08:05:00.0171 3636  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
08:05:00.0437 3636  Alerter - ok
08:05:00.0468 3636  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
08:05:00.0593 3636  ALG - ok
08:05:00.0609 3636  AliIde - ok
08:05:00.0609 3636  amsint - ok
08:05:00.0656 3636  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
08:05:00.0812 3636  AppMgmt - ok
08:05:00.0859 3636  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:05:01.0078 3636  Arp1394 - ok
08:05:01.0093 3636  asc - ok
08:05:01.0093 3636  asc3350p - ok
08:05:01.0109 3636  asc3550 - ok
08:05:01.0250 3636  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:05:01.0359 3636  aspnet_state - ok
08:05:01.0375 3636  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:05:01.0609 3636  AsyncMac - ok
08:05:01.0656 3636  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
08:05:01.0906 3636  atapi - ok
08:05:01.0906 3636  Atdisk - ok
08:05:01.0937 3636  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:05:02.0156 3636  Atmarpc - ok
08:05:02.0203 3636  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
08:05:02.0421 3636  AudioSrv - ok
08:05:02.0468 3636  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
08:05:02.0765 3636  audstub - ok
08:05:02.0796 3636  [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt         C:\WINDOWS\System32\Drivers\BANTExt.sys
08:05:02.0812 3636  BANTExt ( UnsignedFile.Multi.Generic ) - warning
08:05:02.0812 3636  BANTExt - detected UnsignedFile.Multi.Generic (1)
08:05:02.0859 3636  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
08:05:03.0125 3636  Beep - ok
08:05:03.0625 3636  [ 6C6AC7CA8A034C15C52B35189BAD58EE ] BHDrvx86        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20130913.014\BHDrvx86.sys
08:05:04.0359 3636  BHDrvx86 - ok
08:05:04.0515 3636  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
08:05:05.0468 3636  BITS - ok
08:05:05.0531 3636  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
08:05:05.0640 3636  Browser - ok
08:05:05.0718 3636  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
08:05:06.0734 3636  cbidf2k - ok
08:05:06.0750 3636  cd20xrnt - ok
08:05:06.0796 3636  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
08:05:07.0062 3636  Cdaudio - ok
08:05:07.0109 3636  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
08:05:07.0359 3636  Cdfs - ok
08:05:07.0390 3636  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:05:07.0640 3636  Cdrom - ok
08:05:07.0656 3636  Changer - ok
08:05:07.0687 3636  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
08:05:07.0953 3636  CiSvc - ok
08:05:08.0000 3636  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
08:05:08.0234 3636  ClipSrv - ok
08:05:08.0250 3636  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:05:08.0484 3636  clr_optimization_v2.0.50727_32 - ok
08:05:08.0578 3636  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:05:08.0609 3636  clr_optimization_v4.0.30319_32 - ok
08:05:08.0609 3636  CmdIde - ok
08:05:08.0656 3636  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
08:05:08.0921 3636  Compbatt - ok
08:05:08.0921 3636  COMSysApp - ok
08:05:08.0937 3636  Cpqarray - ok
08:05:08.0937 3636  Crypkey License - ok
08:05:08.0984 3636  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
08:05:09.0203 3636  CryptSvc - ok
08:05:09.0203 3636  dac2w2k - ok
08:05:09.0218 3636  dac960nt - ok
08:05:09.0265 3636  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
08:05:09.0437 3636  DcomLaunch - ok
08:05:09.0484 3636  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
08:05:09.0703 3636  Dhcp - ok
08:05:09.0718 3636  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
08:05:09.0968 3636  Disk - ok
08:05:09.0968 3636  dmadmin - ok
08:05:10.0031 3636  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
08:05:10.0328 3636  dmboot - ok
08:05:10.0375 3636  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\DRIVERS\dmio.sys
08:05:10.0625 3636  dmio - ok
08:05:10.0640 3636  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
08:05:10.0875 3636  dmload - ok
08:05:10.0921 3636  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
08:05:11.0140 3636  dmserver - ok
08:05:11.0171 3636  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
08:05:11.0421 3636  DMusic - ok
08:05:11.0437 3636  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
08:05:11.0500 3636  Dnscache - ok
08:05:11.0531 3636  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
08:05:11.0812 3636  Dot3svc - ok
08:05:11.0890 3636  [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] Dot4            C:\WINDOWS\system32\DRIVERS\Dot4.sys
08:05:12.0203 3636  Dot4 - ok
08:05:12.0234 3636  [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print       C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
08:05:12.0468 3636  Dot4Print - ok
08:05:12.0500 3636  [ 6EC3AF6BB5B30E488A0C559921F012E1 ] dot4usb         C:\WINDOWS\system32\DRIVERS\dot4usb.sys
08:05:12.0781 3636  dot4usb - ok
08:05:12.0781 3636  dpti2o - ok
08:05:12.0843 3636  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
08:05:13.0125 3636  drmkaud - ok
08:05:13.0156 3636  [ 7D91DC6342248369F94D6EBA0CF42E99 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
08:05:13.0218 3636  E100B - ok
08:05:13.0250 3636  [ 6DE32A9123EF60F9D423E9163AF0E305 ] e1express       C:\WINDOWS\system32\DRIVERS\e1e5132.sys
08:05:13.0312 3636  e1express - ok
08:05:13.0343 3636  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
08:05:13.0656 3636  EapHost - ok
08:05:13.0812 3636  [ E1E3804F7C59EA3E14637C2A763F65E2 ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
08:05:13.0843 3636  eeCtrl - ok
08:05:13.0875 3636  [ 6D84DFC3B5C5052881BF50470D0C03D1 ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
08:05:13.0890 3636  EraserUtilRebootDrv - ok
08:05:13.0937 3636  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
08:05:14.0218 3636  ERSvc - ok
08:05:14.0265 3636  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
08:05:14.0421 3636  Eventlog - ok
08:05:14.0468 3636  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
08:05:14.0578 3636  EventSystem - ok
08:05:14.0593 3636  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
08:05:14.0843 3636  Fastfat - ok
08:05:14.0875 3636  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:05:14.0984 3636  FastUserSwitchingCompatibility - ok
08:05:15.0031 3636  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
08:05:15.0281 3636  Fdc - ok
08:05:15.0296 3636  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
08:05:15.0531 3636  Fips - ok
08:05:15.0562 3636  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:05:15.0828 3636  Flpydisk - ok
08:05:15.0859 3636  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
08:05:16.0093 3636  FltMgr - ok
08:05:16.0187 3636  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:05:16.0218 3636  FontCache3.0.0.0 - ok
08:05:16.0234 3636  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:05:16.0468 3636  Fs_Rec - ok
08:05:16.0500 3636  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:05:16.0765 3636  Ftdisk - ok
08:05:16.0812 3636  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:05:17.0062 3636  Gpc - ok
08:05:17.0093 3636  [ 160B24FD894E79E71C983EA403A6E6E7 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
08:05:17.0265 3636  HdAudAddService - ok
08:05:17.0312 3636  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:05:17.0546 3636  HDAudBus - ok
08:05:17.0625 3636  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:05:17.0875 3636  helpsvc - ok
08:05:17.0890 3636  [ 748031FF4FE45CCC47546294905FEAB8 ] HidBatt         C:\WINDOWS\system32\DRIVERS\HidBatt.sys
08:05:18.0125 3636  HidBatt - ok
08:05:18.0171 3636  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
08:05:18.0437 3636  HidServ - ok
08:05:18.0453 3636  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:05:18.0703 3636  HidUsb - ok
08:05:18.0718 3636  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
08:05:18.0984 3636  hkmsvc - ok
08:05:19.0000 3636  hpn - ok
08:05:19.0046 3636  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
08:05:19.0109 3636  HTTP - ok
08:05:19.0140 3636  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
08:05:19.0515 3636  HTTPFilter - ok
08:05:19.0531 3636  i2omgmt - ok
08:05:19.0531 3636  i2omp - ok
08:05:19.0562 3636  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:05:19.0843 3636  i8042prt - ok
08:05:20.0093 3636  [ 2AAE7BE67911F4AEC9AD28E9CFB9096F ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
08:05:20.0343 3636  ialm - ok
08:05:20.0453 3636  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:05:20.0546 3636  idsvc - ok
08:05:20.0640 3636  [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20130918.003\IDSxpx86.sys
08:05:20.0671 3636  IDSxpx86 - ok
08:05:20.0703 3636  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
08:05:20.0953 3636  Imapi - ok
08:05:21.0000 3636  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
08:05:21.0250 3636  ImapiService - ok
08:05:21.0265 3636  ini910u - ok
08:05:21.0343 3636  [ C60B77A9EAC40774556201A736E050A8 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:05:21.0515 3636  IntcAzAudAddService - ok
08:05:21.0531 3636  [ F470B4BCEA84CAA2CDB0CC94C97EA55D ] Intel® PROSet Monitoring Service C:\WINDOWS\system32\IProsetMonitor.exe
08:05:21.0593 3636  Intel® PROSet Monitoring Service - ok
08:05:21.0625 3636  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
08:05:21.0843 3636  IntelIde - ok
08:05:21.0890 3636  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:05:22.0140 3636  intelppm - ok
08:05:22.0156 3636  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
08:05:22.0390 3636  Ip6Fw - ok
08:05:22.0421 3636  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:05:22.0671 3636  IpFilterDriver - ok
08:05:22.0687 3636  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:05:22.0937 3636  IpInIp - ok
08:05:22.0968 3636  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:05:23.0203 3636  IpNat - ok
08:05:23.0250 3636  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:05:23.0468 3636  IPSec - ok
08:05:23.0500 3636  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
08:05:23.0656 3636  IRENUM - ok
08:05:23.0656 3636  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:05:23.0875 3636  isapnp - ok
08:05:23.0984 3636  [ A5937B2A94424CF1B13A4AD503AF6B2E ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
08:05:24.0015 3636  JavaQuickStarterService - ok
08:05:24.0046 3636  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:05:24.0281 3636  Kbdclass - ok
08:05:24.0328 3636  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:05:24.0562 3636  kbdhid - ok
08:05:24.0609 3636  [ 0E5D246AE3856C644C3D1CDF4EC285CA ] KdsMm           C:\WINDOWS\system32\drivers\kdsmm.sys
08:05:24.0640 3636  KdsMm ( UnsignedFile.Multi.Generic ) - warning
08:05:24.0640 3636  KdsMm - detected UnsignedFile.Multi.Generic (1)
08:05:24.0687 3636  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
08:05:24.0937 3636  kmixer - ok
08:05:24.0984 3636  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
08:05:25.0078 3636  KSecDD - ok
08:05:25.0125 3636  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
08:05:25.0187 3636  lanmanserver - ok
08:05:25.0234 3636  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:05:25.0328 3636  lanmanworkstation - ok
08:05:25.0343 3636  lbrtfdc - ok
08:05:25.0453 3636  [ 89BFFB6A09652DA7D019A387354D0D19 ] LiveUpdate      C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
08:05:25.0640 3636  LiveUpdate - ok
08:05:25.0671 3636  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
08:05:25.0906 3636  LmHosts - ok
08:05:25.0937 3636  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
08:05:26.0171 3636  Messenger - ok
08:05:26.0203 3636  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
08:05:26.0421 3636  mnmdd - ok
08:05:26.0468 3636  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
08:05:26.0703 3636  mnmsrvc - ok
08:05:26.0750 3636  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
08:05:27.0000 3636  Modem - ok
08:05:27.0031 3636  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:05:27.0265 3636  Mouclass - ok
08:05:27.0312 3636  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:05:27.0531 3636  mouhid - ok
08:05:27.0562 3636  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
08:05:27.0828 3636  MountMgr - ok
08:05:27.0890 3636  [ 0329A45C849C9D77901094B8FFE8BBB9 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:05:28.0031 3636  MozillaMaintenance - ok
08:05:28.0031 3636  mraid35x - ok
08:05:28.0062 3636  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:05:28.0281 3636  MRxDAV - ok
08:05:28.0343 3636  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:05:28.0421 3636  MRxSmb - ok
08:05:28.0468 3636  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
08:05:28.0687 3636  MSDTC - ok
08:05:28.0703 3636  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
08:05:28.0921 3636  Msfs - ok
08:05:28.0937 3636  MSIServer - ok
08:05:28.0968 3636  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:05:29.0171 3636  MSKSSRV - ok
08:05:29.0203 3636  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:05:29.0421 3636  MSPCLOCK - ok
08:05:29.0453 3636  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
08:05:29.0687 3636  MSPQM - ok
08:05:29.0718 3636  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:05:29.0921 3636  mssmbios - ok
08:05:29.0937 3636  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
08:05:30.0015 3636  Mup - ok
08:05:30.0046 3636  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
08:05:30.0312 3636  napagent - ok
08:05:30.0406 3636  [ 81E928EE3751FAF725C87CC17726C05D ] NAVENG          C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20130918.018\NAVENG.SYS
08:05:30.0453 3636  NAVENG - ok
08:05:30.0531 3636  [ E0C39FA6C76AE8ED53ABF043F35ECDFF ] NAVEX15         C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20130918.018\NAVEX15.SYS
08:05:30.0640 3636  NAVEX15 - ok
08:05:30.0687 3636  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
08:05:30.0906 3636  NDIS - ok
08:05:30.0937 3636  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:05:31.0015 3636  NdisTapi - ok
08:05:31.0062 3636  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:05:31.0281 3636  Ndisuio - ok
08:05:31.0312 3636  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:05:31.0531 3636  NdisWan - ok
08:05:31.0546 3636  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
08:05:31.0671 3636  NDProxy - ok
08:05:31.0703 3636  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
08:05:31.0937 3636  NetBIOS - ok
08:05:31.0984 3636  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
08:05:32.0203 3636  NetBT - ok
08:05:32.0250 3636  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
08:05:32.0468 3636  NetDDE - ok
08:05:32.0468 3636  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
08:05:32.0687 3636  NetDDEdsdm - ok
08:05:32.0734 3636  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
08:05:32.0937 3636  Netlogon - ok
08:05:33.0000 3636  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
08:05:33.0234 3636  Netman - ok
08:05:33.0250 3636  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:05:33.0296 3636  NetTcpPortSharing - ok
08:05:33.0312 3636  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:05:33.0515 3636  NIC1394 - ok
08:05:33.0546 3636  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
08:05:33.0640 3636  Nla - ok
08:05:33.0640 3636  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
08:05:33.0843 3636  Npfs - ok
08:05:33.0906 3636  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
08:05:34.0171 3636  Ntfs - ok
08:05:34.0187 3636  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
08:05:34.0406 3636  NtLmSsp - ok
08:05:34.0468 3636  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
08:05:34.0734 3636  NtmsSvc - ok
08:05:34.0765 3636  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
08:05:34.0984 3636  Null - ok
08:05:35.0000 3636  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:05:35.0265 3636  NwlnkFlt - ok
08:05:35.0281 3636  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:05:35.0484 3636  NwlnkFwd - ok
08:05:35.0500 3636  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:05:35.0734 3636  ohci1394 - ok
08:05:35.0828 3636  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:05:35.0875 3636  ose - ok
08:05:36.0187 3636  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:05:36.0531 3636  osppsvc - ok
08:05:36.0578 3636  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
08:05:36.0812 3636  Parport - ok
08:05:36.0828 3636  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
08:05:37.0078 3636  PartMgr - ok
08:05:37.0109 3636  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
08:05:37.0328 3636  ParVdm - ok
08:05:37.0328 3636  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
08:05:37.0593 3636  PCI - ok
08:05:37.0609 3636  PCIDump - ok
08:05:37.0625 3636  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
08:05:37.0859 3636  PCIIde - ok
08:05:37.0890 3636  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
08:05:38.0109 3636  Pcmcia - ok
08:05:38.0125 3636  PDCOMP - ok
08:05:38.0125 3636  PDFRAME - ok
08:05:38.0140 3636  PDRELI - ok
08:05:38.0140 3636  PDRFRAME - ok
08:05:38.0156 3636  perc2 - ok
08:05:38.0156 3636  perc2hib - ok
08:05:38.0203 3636  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
08:05:38.0343 3636  PlugPlay - ok
08:05:38.0375 3636  [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
08:05:38.0421 3636  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
08:05:38.0421 3636  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
08:05:38.0453 3636  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
08:05:38.0640 3636  PolicyAgent - ok
08:05:38.0687 3636  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:05:38.0906 3636  PptpMiniport - ok
08:05:38.0906 3636  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:05:39.0109 3636  ProtectedStorage - ok
08:05:39.0109 3636  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
08:05:39.0359 3636  PSched - ok
08:05:39.0390 3636  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:05:39.0671 3636  Ptilink - ok
08:05:39.0687 3636  ql1080 - ok
08:05:39.0687 3636  Ql10wnt - ok
08:05:39.0703 3636  ql12160 - ok
08:05:39.0703 3636  ql1240 - ok
08:05:39.0718 3636  ql1280 - ok
08:05:39.0765 3636  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:05:39.0984 3636  RasAcd - ok
08:05:40.0062 3636  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
08:05:40.0312 3636  RasAuto - ok
08:05:40.0343 3636  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:05:40.0593 3636  Rasl2tp - ok
08:05:40.0640 3636  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
08:05:40.0843 3636  RasMan - ok
08:05:40.0859 3636  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:05:41.0078 3636  RasPppoe - ok
08:05:41.0093 3636  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
08:05:41.0296 3636  Raspti - ok
08:05:41.0343 3636  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:05:41.0546 3636  Rdbss - ok
08:05:41.0578 3636  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:05:41.0812 3636  RDPCDD - ok
08:05:41.0859 3636  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:05:42.0078 3636  rdpdr - ok
08:05:42.0125 3636  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
08:05:42.0203 3636  RDPWD - ok
08:05:42.0250 3636  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
08:05:42.0500 3636  RDSessMgr - ok
08:05:42.0515 3636  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
08:05:42.0750 3636  redbook - ok
08:05:42.0781 3636  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
08:05:43.0031 3636  RemoteAccess - ok
08:05:43.0062 3636  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
08:05:43.0265 3636  RemoteRegistry - ok
08:05:43.0281 3636  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
08:05:43.0515 3636  RpcLocator - ok
08:05:43.0562 3636  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
08:05:43.0703 3636  RpcSs - ok
08:05:43.0718 3636  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
08:05:43.0968 3636  RSVP - ok
08:05:44.0015 3636  [ C6D34A1874CD2B212DC3E788091C64B4 ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
08:05:44.0046 3636  RTLE8023xp - ok
08:05:44.0062 3636  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
08:05:44.0250 3636  SamSs - ok
08:05:44.0296 3636  [ B244960E5A1DB8E9D5D17086DE37C1E4 ] sbp2port        C:\WINDOWS\system32\DRIVERS\sbp2port.sys
08:05:44.0515 3636  sbp2port - ok
08:05:44.0531 3636  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
08:05:44.0781 3636  SCardSvr - ok
08:05:44.0812 3636  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
08:05:45.0031 3636  Schedule - ok
08:05:45.0078 3636  [ 089870DAB7AA277585C475AE09EE4C63 ] scsiscan        C:\WINDOWS\system32\DRIVERS\scsiscan.sys
08:05:45.0312 3636  scsiscan - ok
08:05:45.0343 3636  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:05:45.0515 3636  Secdrv - ok
08:05:45.0562 3636  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
08:05:45.0781 3636  seclogon - ok
08:05:45.0812 3636  [ F537B84461653B28E0C75DA7E83169C6 ] SenFiltService  C:\WINDOWS\system32\drivers\Senfilt.sys
08:05:45.0859 3636  SenFiltService - ok
08:05:45.0906 3636  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
08:05:46.0109 3636  SENS - ok
08:05:46.0234 3636  [ 7E2C360B6CC0D87B8EF38439B53DFC71 ] SepMasterService C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccSvcHst.exe
08:05:46.0250 3636  SepMasterService - ok
08:05:46.0281 3636  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
08:05:46.0531 3636  serenum - ok
08:05:46.0546 3636  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
08:05:46.0765 3636  Serial - ok
08:05:46.0796 3636  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
08:05:47.0015 3636  Sfloppy - ok
08:05:47.0078 3636  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
08:05:47.0296 3636  SharedAccess - ok
08:05:47.0343 3636  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:05:47.0390 3636  ShellHWDetection - ok
08:05:47.0390 3636  Simbad - ok
08:05:47.0437 3636  [ D72A21424CA66C7A745BD995ECA6A710 ] SMBios          C:\WINDOWS\system32\DRIVERS\SMBios.sys
08:05:47.0453 3636  SMBios ( UnsignedFile.Multi.Generic ) - warning
08:05:47.0453 3636  SMBios - detected UnsignedFile.Multi.Generic (1)
08:05:47.0515 3636  [ 9FFFEA13A6181F1A92EDBF023CDB6EFD ] SmcService      C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\Smc.exe
08:05:47.0625 3636  SmcService - ok
08:05:47.0671 3636  [ C83D26A2F51D8887B99ACF86B7299716 ] SNAC            C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\snac.exe
08:05:47.0718 3636  SNAC - ok
08:05:47.0734 3636  Sparrow - ok
08:05:47.0781 3636  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
08:05:47.0984 3636  splitter - ok
08:05:48.0031 3636  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
08:05:48.0125 3636  Spooler - ok
08:05:48.0171 3636  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
08:05:48.0343 3636  sr - ok
08:05:48.0375 3636  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
08:05:48.0546 3636  srservice - ok
08:05:48.0593 3636  [ D1646B3DB1E401A7FCE2F82547D0CE32 ] SRTSP           C:\WINDOWS\system32\Drivers\SEP\0C01029F\136B.105\x86\SRTSP.SYS
08:05:48.0609 3636  SRTSP - ok
08:05:48.0656 3636  [ AB26657D755CC81F073892D833DE426B ] SRTSPX          C:\WINDOWS\system32\Drivers\SEP\0C01029F\136B.105\x86\SRTSPX.SYS
08:05:48.0671 3636  SRTSPX - ok
08:05:48.0687 3636  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
08:05:48.0781 3636  Srv - ok
08:05:48.0812 3636  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
08:05:48.0984 3636  SSDPSRV - ok
08:05:49.0031 3636  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
08:05:49.0265 3636  stisvc - ok
08:05:49.0312 3636  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
08:05:49.0531 3636  swenum - ok
08:05:49.0546 3636  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
08:05:49.0781 3636  swmidi - ok
08:05:49.0781 3636  SwPrv - ok
08:05:49.0812 3636  [ 10349D3C68E7FF0527FDB1A55975999D ] SyDvCtrl        C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SyDvCtrl32.sys
08:05:49.0843 3636  SyDvCtrl - ok
08:05:49.0859 3636  symc810 - ok
08:05:49.0859 3636  symc8xx - ok
08:05:49.0906 3636  [ 4F52D56310FEF75249914F352DDE7D13 ] SymDS           C:\WINDOWS\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMDS.SYS
08:05:49.0937 3636  SymDS - ok
08:05:50.0000 3636  [ 6C30D676B806ED0324124C85146B46BC ] SymEFA          C:\WINDOWS\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMEFA.SYS
08:05:50.0093 3636  SymEFA - ok
08:05:50.0156 3636  [ 98D28D08E68145FB550EE7670B43BAF2 ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
08:05:50.0203 3636  SymEvent - ok
08:05:50.0250 3636  [ 057AC299D7A61BAB2A1BDC483280AE57 ] SymIRON         C:\WINDOWS\system32\Drivers\SEP\0C01029F\136B.105\x86\Ironx86.SYS
08:05:50.0281 3636  SymIRON - ok
08:05:50.0343 3636  [ 336CACE58F0359D5CBB1AE6B8A2FB205 ] SYMTDI          C:\WINDOWS\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMTDI.SYS
08:05:50.0359 3636  SYMTDI - ok
08:05:50.0375 3636  sym_hi - ok
08:05:50.0375 3636  sym_u3 - ok
08:05:50.0406 3636  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
08:05:50.0640 3636  sysaudio - ok
08:05:50.0671 3636  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
08:05:50.0906 3636  SysmonLog - ok
08:05:50.0953 3636  [ 853E08AB8078B2D36EC157ACB9BB0D55 ] SysPlant        C:\WINDOWS\system32\Drivers\SysPlant.sys
08:05:50.0968 3636  SysPlant - ok
08:05:51.0015 3636  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
08:05:51.0250 3636  TapiSrv - ok
08:05:51.0296 3636  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:05:51.0437 3636  Tcpip - ok
08:05:51.0468 3636  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
08:05:51.0687 3636  TDPIPE - ok
08:05:51.0703 3636  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
08:05:51.0921 3636  TDTCP - ok
08:05:51.0953 3636  [ D3B7576C97EBE31F456CAEB2D8141338 ] Teefer2         C:\WINDOWS\system32\DRIVERS\teefer.sys
08:05:51.0984 3636  Teefer2 - ok
08:05:52.0031 3636  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
08:05:52.0250 3636  TermDD - ok
08:05:52.0265 3636  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
08:05:52.0484 3636  TermService - ok
08:05:52.0515 3636  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
08:05:52.0531 3636  Themes - ok
08:05:52.0562 3636  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
08:05:52.0750 3636  TlntSvr - ok
08:05:52.0765 3636  TosIde - ok
08:05:52.0812 3636  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
08:05:53.0031 3636  TrkWks - ok
08:05:53.0062 3636  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
08:05:53.0296 3636  Udfs - ok
08:05:53.0296 3636  ultra - ok
08:05:53.0343 3636  [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf           C:\WINDOWS\system32\wdfmgr.exe
08:05:53.0515 3636  UMWdf - ok
08:05:53.0562 3636  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
08:05:53.0765 3636  Update - ok
08:05:53.0812 3636  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
08:05:54.0000 3636  upnphost - ok
08:05:54.0046 3636  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
08:05:54.0265 3636  UPS - ok
08:05:54.0312 3636  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:05:54.0531 3636  usbccgp - ok
08:05:54.0562 3636  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:05:54.0796 3636  usbehci - ok
08:05:54.0843 3636  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:05:55.0046 3636  usbhub - ok
08:05:55.0093 3636  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:05:55.0328 3636  USBSTOR - ok
08:05:55.0359 3636  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:05:55.0578 3636  usbuhci - ok
08:05:55.0609 3636  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
08:05:55.0828 3636  VgaSave - ok
08:05:55.0843 3636  ViaIde - ok
08:05:55.0859 3636  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
08:05:56.0062 3636  VolSnap - ok
08:05:56.0109 3636  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
08:05:56.0312 3636  VSS - ok
08:05:56.0359 3636  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
08:05:56.0578 3636  W32Time - ok
08:05:56.0609 3636  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:05:56.0828 3636  Wanarp - ok
08:05:56.0828 3636  WDICA - ok
08:05:56.0875 3636  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
08:05:57.0093 3636  wdmaud - ok
08:05:57.0125 3636  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
08:05:57.0359 3636  WebClient - ok
08:05:57.0453 3636  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
08:05:57.0671 3636  winmgmt - ok
08:05:57.0718 3636  [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
08:05:57.0781 3636  WmdmPmSN - ok
08:05:57.0828 3636  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
08:05:58.0000 3636  Wmi - ok
08:05:58.0031 3636  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:05:58.0250 3636  WmiApSrv - ok
08:05:58.0406 3636  [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:05:58.0671 3636  WPFFontCache_v0400 - ok
08:05:58.0703 3636  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:05:58.0921 3636  WS2IFSL - ok
08:05:58.0968 3636  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
08:05:59.0187 3636  wscsvc - ok
08:05:59.0218 3636  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
08:05:59.0453 3636  wuauserv - ok
08:05:59.0468 3636  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:05:59.0593 3636  WudfPf - ok
08:05:59.0609 3636  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:05:59.0671 3636  WudfRd - ok
08:05:59.0703 3636  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
08:05:59.0765 3636  WudfSvc - ok
08:05:59.0828 3636  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
08:06:00.0031 3636  WZCSVC - ok
08:06:00.0046 3636  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
08:06:00.0265 3636  xmlprov - ok
08:06:00.0281 3636  ================ Scan global ===============================
08:06:00.0312 3636  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
08:06:00.0375 3636  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
08:06:00.0390 3636  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
08:06:00.0406 3636  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
08:06:00.0421 3636  [Global] - ok
08:06:00.0421 3636  ================ Scan MBR ==================================
08:06:00.0437 3636  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
08:06:00.0671 3636  \Device\Harddisk0\DR0 - ok
08:06:00.0671 3636  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR2
08:06:11.0359 3636  \Device\Harddisk1\DR2 - ok
08:06:11.0359 3636  ================ Scan VBR ==================================
08:06:11.0359 3636  [ F3DB52F5E1168A32E0F8948164353483 ] \Device\Harddisk0\DR0\Partition1
08:06:11.0359 3636  \Device\Harddisk0\DR0\Partition1 - ok
08:06:11.0375 3636  [ 619592B7CC63267B84BF53ACA66A010A ] \Device\Harddisk1\DR2\Partition1
08:06:11.0375 3636  \Device\Harddisk1\DR2\Partition1 - ok
08:06:11.0375 3636  ================ Scan active images ========================
08:06:11.0375 3636  [ D72A21424CA66C7A745BD995ECA6A710 ] C:\WINDOWS\system32\drivers\SMBios.sys
08:06:11.0375 3636  C:\WINDOWS\system32\drivers\SMBios.sys - ok
08:06:11.0375 3636  [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
08:06:11.0375 3636  C:\WINDOWS\system32\drivers\intelppm.sys - ok
08:06:11.0390 3636  [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
08:06:11.0390 3636  C:\WINDOWS\system32\drivers\videoprt.sys - ok
08:06:11.0390 3636  [ 2AAE7BE67911F4AEC9AD28E9CFB9096F ] C:\WINDOWS\system32\drivers\igxpmp32.sys
08:06:11.0390 3636  C:\WINDOWS\system32\drivers\igxpmp32.sys - ok
08:06:11.0390 3636  [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
08:06:11.0390 3636  C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
08:06:11.0406 3636  [ C6D34A1874CD2B212DC3E788091C64B4 ] C:\WINDOWS\system32\drivers\Rtenicxp.sys
08:06:11.0406 3636  C:\WINDOWS\system32\drivers\Rtenicxp.sys - ok
08:06:11.0406 3636  [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
08:06:11.0406 3636  C:\WINDOWS\system32\drivers\usbport.sys - ok
08:06:11.0406 3636  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
08:06:11.0406 3636  C:\WINDOWS\system32\drivers\usbuhci.sys - ok
08:06:11.0421 3636  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
08:06:11.0421 3636  C:\WINDOWS\system32\drivers\usbehci.sys - ok
08:06:11.0421 3636  [ 089870DAB7AA277585C475AE09EE4C63 ] C:\WINDOWS\system32\drivers\scsiscan.sys
08:06:11.0421 3636  C:\WINDOWS\system32\drivers\scsiscan.sys - ok
08:06:11.0437 3636  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] C:\WINDOWS\system32\drivers\nic1394.sys
08:06:11.0437 3636  C:\WINDOWS\system32\drivers\nic1394.sys - ok
08:06:11.0437 3636  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
08:06:11.0437 3636  C:\WINDOWS\system32\drivers\serial.sys - ok
08:06:11.0437 3636  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys
08:06:11.0437 3636  C:\WINDOWS\system32\drivers\serenum.sys - ok
08:06:11.0453 3636  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
08:06:11.0453 3636  C:\WINDOWS\system32\drivers\parport.sys - ok
08:06:11.0453 3636  [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
08:06:11.0453 3636  C:\WINDOWS\system32\drivers\audstub.sys - ok
08:06:11.0453 3636  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
08:06:11.0453 3636  C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
08:06:11.0468 3636  [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
08:06:11.0468 3636  C:\WINDOWS\system32\drivers\ndistapi.sys - ok
08:06:11.0468 3636  [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
08:06:11.0468 3636  C:\WINDOWS\system32\drivers\ndiswan.sys - ok
08:06:11.0484 3636  [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
08:06:11.0484 3636  C:\WINDOWS\system32\drivers\raspppoe.sys - ok
08:06:11.0484 3636  [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
08:06:11.0484 3636  C:\WINDOWS\system32\drivers\tdi.sys - ok
08:06:11.0484 3636  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
08:06:11.0484 3636  C:\WINDOWS\system32\drivers\raspptp.sys - ok
08:06:11.0484 3636  [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
08:06:11.0484 3636  C:\WINDOWS\system32\drivers\psched.sys - ok
08:06:11.0500 3636  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
08:06:11.0500 3636  C:\WINDOWS\system32\drivers\msgpc.sys - ok
08:06:11.0500 3636  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
08:06:11.0500 3636  C:\WINDOWS\system32\drivers\ptilink.sys - ok
08:06:11.0515 3636  [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
08:06:11.0515 3636  C:\WINDOWS\system32\drivers\raspti.sys - ok
08:06:11.0515 3636  [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
08:06:11.0515 3636  C:\WINDOWS\system32\drivers\rdpdr.sys - ok
08:06:11.0515 3636  [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
08:06:11.0515 3636  C:\WINDOWS\system32\drivers\termdd.sys - ok
08:06:11.0531 3636  [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
08:06:11.0531 3636  C:\WINDOWS\system32\drivers\kbdclass.sys - ok
08:06:11.0531 3636  [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
08:06:11.0531 3636  C:\WINDOWS\system32\drivers\mouclass.sys - ok
08:06:11.0531 3636  [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
08:06:11.0531 3636  C:\WINDOWS\system32\drivers\ks.sys - ok
08:06:11.0546 3636  [ D3B7576C97EBE31F456CAEB2D8141338 ] C:\WINDOWS\system32\drivers\teefer.sys
08:06:11.0546 3636  C:\WINDOWS\system32\drivers\teefer.sys - ok
08:06:11.0546 3636  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
08:06:11.0546 3636  C:\WINDOWS\system32\drivers\swenum.sys - ok
08:06:11.0546 3636  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
08:06:11.0546 3636  C:\WINDOWS\system32\drivers\update.sys - ok
08:06:11.0562 3636  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
08:06:11.0562 3636  C:\WINDOWS\system32\drivers\mssmbios.sys - ok
08:06:11.0562 3636  [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
08:06:11.0562 3636  C:\WINDOWS\system32\drivers\ndproxy.sys - ok
08:06:11.0578 3636  [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
08:06:11.0578 3636  C:\WINDOWS\system32\drivers\drmk.sys - ok
08:06:11.0578 3636  [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
08:06:11.0578 3636  C:\WINDOWS\system32\drivers\portcls.sys - ok
08:06:11.0578 3636  [ D81DA6943A4C03DBB1E1DB8AE74C75F3 ] C:\WINDOWS\system32\drivers\ADIHdAud.sys
08:06:11.0578 3636  C:\WINDOWS\system32\drivers\ADIHdAud.sys - ok
08:06:11.0593 3636  [ 860DF7676869CD8690CB2B23AB6DE66A ] C:\WINDOWS\system32\drivers\aeaudio.sys
08:06:11.0593 3636  C:\WINDOWS\system32\drivers\aeaudio.sys - ok
08:06:11.0593 3636  [ F537B84461653B28E0C75DA7E83169C6 ] C:\WINDOWS\system32\drivers\senfilt.sys
08:06:11.0593 3636  C:\WINDOWS\system32\drivers\senfilt.sys - ok
08:06:11.0593 3636  [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
08:06:11.0593 3636  C:\WINDOWS\system32\drivers\usbd.sys - ok
08:06:11.0609 3636  [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
08:06:11.0609 3636  C:\WINDOWS\system32\drivers\usbhub.sys - ok
08:06:11.0609 3636  [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
08:06:11.0609 3636  C:\WINDOWS\system32\drivers\sfloppy.sys - ok
08:06:11.0625 3636  [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
08:06:11.0625 3636  C:\WINDOWS\system32\drivers\cdrom.sys - ok
08:06:11.0625 3636  [ D1646B3DB1E401A7FCE2F82547D0CE32 ] C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\srtsp.sys
08:06:11.0625 3636  C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\srtsp.sys - ok
08:06:11.0625 3636  [ 057AC299D7A61BAB2A1BDC483280AE57 ] C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\Ironx86.sys
08:06:11.0625 3636  C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\Ironx86.sys - ok
08:06:11.0640 3636  [ AB26657D755CC81F073892D833DE426B ] C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\srtspx.sys
08:06:11.0640 3636  C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\srtspx.sys - ok
08:06:11.0640 3636  [ 98D28D08E68145FB550EE7670B43BAF2 ] C:\WINDOWS\system32\drivers\SYMEVENT.SYS
08:06:11.0640 3636  C:\WINDOWS\system32\drivers\SYMEVENT.SYS - ok
08:06:11.0640 3636  [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
08:06:11.0640 3636  C:\WINDOWS\system32\drivers\usbccgp.sys - ok
08:06:11.0656 3636  [ A32426D9B14A089EAA1D922E0C5801A9 ] C:\WINDOWS\system32\drivers\usbstor.sys
08:06:11.0656 3636  C:\WINDOWS\system32\drivers\usbstor.sys - ok
08:06:11.0656 3636  [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
08:06:11.0656 3636  C:\WINDOWS\system32\drivers\hidparse.sys - ok
08:06:11.0671 3636  [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
08:06:11.0671 3636  C:\WINDOWS\system32\drivers\hidclass.sys - ok
08:06:11.0671 3636  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
08:06:11.0671 3636  C:\WINDOWS\system32\drivers\hidusb.sys - ok
08:06:11.0671 3636  [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
08:06:11.0671 3636  C:\WINDOWS\system32\drivers\mouhid.sys - ok
08:06:11.0687 3636  [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
08:06:11.0687 3636  C:\WINDOWS\system32\drivers\kbdhid.sys - ok
08:06:11.0687 3636  [ E0C39FA6C76AE8ED53ABF043F35ECDFF ] C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20130918.018\NAVEX15.SYS
08:06:11.0687 3636  C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20130918.018\NAVEX15.SYS - ok
08:06:11.0687 3636  [ 81E928EE3751FAF725C87CC17726C05D ] C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20130918.018\NAVENG.SYS
08:06:11.0687 3636  C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20130918.018\NAVENG.SYS - ok
08:06:11.0703 3636  [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
08:06:11.0703 3636  C:\WINDOWS\system32\drivers\cdaudio.sys - ok
08:06:11.0703 3636  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
08:06:11.0703 3636  C:\WINDOWS\system32\drivers\fs_rec.sys - ok
08:06:11.0718 3636  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
08:06:11.0718 3636  C:\WINDOWS\system32\drivers\null.sys - ok
08:06:11.0718 3636  [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
08:06:11.0718 3636  C:\WINDOWS\system32\drivers\beep.sys - ok
08:06:11.0718 3636  [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
08:06:11.0718 3636  C:\WINDOWS\system32\drivers\i8042prt.sys - ok
08:06:11.0734 3636  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
08:06:11.0734 3636  C:\WINDOWS\system32\drivers\vga.sys - ok
08:06:11.0734 3636  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
08:06:11.0734 3636  C:\WINDOWS\system32\drivers\mnmdd.sys - ok
08:06:11.0734 3636  [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
08:06:11.0734 3636  C:\WINDOWS\system32\drivers\msfs.sys - ok
08:06:11.0750 3636  [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
08:06:11.0750 3636  C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
08:06:11.0750 3636  [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
08:06:11.0750 3636  C:\WINDOWS\system32\drivers\npfs.sys - ok
08:06:11.0750 3636  [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
08:06:11.0750 3636  C:\WINDOWS\system32\drivers\ipsec.sys - ok
08:06:11.0765 3636  [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
08:06:11.0765 3636  C:\WINDOWS\system32\drivers\rasacd.sys - ok
08:06:11.0765 3636  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
08:06:11.0765 3636  C:\WINDOWS\system32\drivers\tcpip.sys - ok
08:06:11.0765 3636  [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
08:06:11.0765 3636  C:\WINDOWS\system32\drivers\ipnat.sys - ok
08:06:11.0781 3636  [ 336CACE58F0359D5CBB1AE6B8A2FB205 ] C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\symtdi.sys
08:06:11.0781 3636  C:\WINDOWS\system32\drivers\SEP\0C01029F\136B.105\x86\symtdi.sys - ok
08:06:11.0781 3636  [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
08:06:11.0781 3636  C:\WINDOWS\system32\drivers\wanarp.sys - ok
08:06:11.0796 3636  [ B5B8A80875C1DEDEDA8B02765642C32F ] C:\WINDOWS\system32\drivers\arp1394.sys
08:06:11.0796 3636  C:\WINDOWS\system32\drivers\arp1394.sys - ok
08:06:11.0796 3636  [ C19BF2A07BE972A110220DF6B1E89D14 ] C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20130918.003\IDSXpx86.sys
08:06:11.0796 3636  C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20130918.003\IDSXpx86.sys - ok
08:06:11.0796 3636  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
08:06:11.0796 3636  C:\WINDOWS\system32\drivers\netbt.sys - ok
08:06:11.0812 3636  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
08:06:11.0812 3636  C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
08:06:11.0812 3636  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
08:06:11.0812 3636  C:\WINDOWS\system32\drivers\afd.sys - ok
08:06:11.0812 3636  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
08:06:11.0812 3636  C:\WINDOWS\system32\drivers\netbios.sys - ok
08:06:11.0828 3636  [ 0E5D246AE3856C644C3D1CDF4EC285CA ] C:\WINDOWS\system32\drivers\kdsmm.sys
08:06:11.0828 3636  C:\WINDOWS\system32\drivers\kdsmm.sys - ok
08:06:11.0828 3636  [ 853E08AB8078B2D36EC157ACB9BB0D55 ] C:\WINDOWS\system32\drivers\SysPlant.sys
08:06:11.0828 3636  C:\WINDOWS\system32\drivers\SysPlant.sys - ok
08:06:11.0828 3636  [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
08:06:11.0828 3636  C:\WINDOWS\system32\drivers\redbook.sys - ok
08:06:11.0843 3636  [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
08:06:11.0843 3636  C:\WINDOWS\system32\drivers\rdbss.sys - ok
08:06:11.0843 3636  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
08:06:11.0843 3636  C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
08:06:11.0859 3636  [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
08:06:11.0859 3636  C:\WINDOWS\system32\drivers\imapi.sys - ok
08:06:11.0859 3636  [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
08:06:11.0859 3636  C:\WINDOWS\system32\drivers\fips.sys - ok
08:06:11.0859 3636  [ E1E3804F7C59EA3E14637C2A763F65E2 ] C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
08:06:11.0859 3636  C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys - ok
08:06:11.0875 3636  [ 6C6AC7CA8A034C15C52B35189BAD58EE ] C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20130913.014\BHDrvx86.sys
08:06:11.0875 3636  C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20130913.014\BHDrvx86.sys - ok
08:06:11.0875 3636  [ 6D84DFC3B5C5052881BF50470D0C03D1 ] C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
08:06:11.0875 3636  C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys - ok
08:06:11.0875 3636  [ 5D7BE7B19E827125E016325334E58FF1 ] C:\WINDOWS\system32\drivers\BANTExt.sys
08:06:11.0875 3636  C:\WINDOWS\system32\drivers\BANTExt.sys - ok
08:06:11.0890 3636  [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
08:06:11.0890 3636  C:\WINDOWS\system32\smss.exe - ok
08:06:11.0890 3636  [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
08:06:11.0890 3636  C:\WINDOWS\system32\ntdll.dll - ok
08:06:11.0906 3636  [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
08:06:11.0906 3636  C:\WINDOWS\system32\autochk.exe - ok
08:06:11.0906 3636  [ D511DE94346DB0EEB16083A118B9C473 ] C:\WINDOWS\system32\sysferThunk.dll
08:06:11.0906 3636  C:\WINDOWS\system32\sysferThunk.dll - ok
08:06:11.0906 3636  [ 38D332A6D56AF32635675F132548343E ] C:\WINDOWS\system32\drivers\fastfat.sys
08:06:11.0906 3636  C:\WINDOWS\system32\drivers\fastfat.sys - ok
08:06:11.0921 3636  [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
08:06:11.0921 3636  C:\WINDOWS\system32\sfcfiles.dll - ok
08:06:11.0921 3636  [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
08:06:11.0921 3636  C:\WINDOWS\system32\drivers\wmilib.sys - ok
08:06:11.0921 3636  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
08:06:11.0921 3636  C:\WINDOWS\system32\drivers\atapi.sys - ok
08:06:11.0937 3636  [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
08:06:11.0937 3636  C:\WINDOWS\system32\drivers\dxapi.sys - ok
08:06:11.0937 3636  [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
08:06:11.0937 3636  C:\WINDOWS\system32\watchdog.sys - ok
08:06:11.0937 3636  [ 63FA0F8D9CC1F24DC5D93FA8806228CD ] C:\WINDOWS\system32\win32k.sys
08:06:11.0937 3636  C:\WINDOWS\system32\win32k.sys - ok
08:06:11.0953 3636  [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
08:06:11.0953 3636  C:\WINDOWS\system32\csrss.exe - ok
08:06:11.0953 3636  [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
08:06:11.0953 3636  C:\WINDOWS\system32\csrsrv.dll - ok
08:06:11.0968 3636  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
08:06:11.0968 3636  C:\WINDOWS\system32\basesrv.dll - ok
08:06:11.0968 3636  [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
08:06:11.0968 3636  C:\WINDOWS\system32\gdi32.dll - ok
08:06:11.0968 3636  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
08:06:11.0968 3636  C:\WINDOWS\system32\winsrv.dll - ok
08:06:11.0984 3636  [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
08:06:11.0984 3636  C:\WINDOWS\system32\kernel32.dll - ok
08:06:11.0984 3636  [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
08:06:11.0984 3636  C:\WINDOWS\system32\user32.dll - ok
08:06:11.0984 3636  [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
08:06:11.0984 3636  C:\WINDOWS\system32\drivers\dxg.sys - ok
08:06:12.0000 3636  [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
08:06:12.0000 3636  C:\WINDOWS\system32\drivers\dxgthk.sys - ok
08:06:12.0000 3636  [ E95967EB24F5036998947E771E5BE734 ] C:\WINDOWS\system32\igxpgd32.dll
08:06:12.0000 3636  C:\WINDOWS\system32\igxpgd32.dll - ok
08:06:12.0000 3636  [ 9326C80A449CE799977207138B9F7FEE ] C:\WINDOWS\system32\igxprd32.dll
08:06:12.0000 3636  C:\WINDOWS\system32\igxprd32.dll - ok
08:06:12.0015 3636  [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
08:06:12.0015 3636  C:\WINDOWS\system32\vga.dll - ok
08:06:12.0015 3636  [ EE34119CD544A50A0D5F6E0750DAA389 ] C:\WINDOWS\system32\igxpdv32.dll
08:06:12.0015 3636  C:\WINDOWS\system32\igxpdv32.dll - ok
08:06:12.0015 3636  [ 2680FC3AA485925DCFE9ADF853FCF267 ] C:\WINDOWS\system32\igxpdx32.dll
08:06:12.0015 3636  C:\WINDOWS\system32\igxpdx32.dll - ok
08:06:12.0031 3636  [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
08:06:12.0031 3636  C:\WINDOWS\system32\winlogon.exe - ok
08:06:12.0031 3636  [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
08:06:12.0031 3636  C:\WINDOWS\system32\sxs.dll - ok
08:06:12.0046 3636  [ 59C5FCD810A40C22E821DAC58CBAC8DF ] C:\WINDOWS\system32\sysfer.dll
08:06:12.0046 3636  C:\WINDOWS\system32\sysfer.dll - ok
08:06:12.0046 3636  [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
08:06:12.0046 3636  C:\WINDOWS\system32\advapi32.dll - ok
08:06:12.0046 3636  [ B0E27554F0B16BAEF4D51D7260E62CFB ] C:\WINDOWS\system32\rpcrt4.dll
08:06:12.0046 3636  C:\WINDOWS\system32\rpcrt4.dll - ok
08:06:12.0062 3636  [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
08:06:12.0062 3636  C:\WINDOWS\system32\secur32.dll - ok
08:06:12.0062 3636  [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
08:06:12.0062 3636  C:\WINDOWS\system32\authz.dll - ok
08:06:12.0062 3636  [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
08:06:12.0062 3636  C:\WINDOWS\system32\msvcrt.dll - ok
08:06:12.0078 3636  [ 5ED835EDCBC3AFEE8B1462F611C20CF7 ] C:\WINDOWS\system32\crypt32.dll
08:06:12.0078 3636  C:\WINDOWS\system32\crypt32.dll - ok
08:06:12.0078 3636  [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
08:06:12.0078 3636  C:\WINDOWS\system32\msasn1.dll - ok
08:06:12.0078 3636  [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
08:06:12.0078 3636  C:\WINDOWS\system32\nddeapi.dll - ok
08:06:12.0093 3636  [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
08:06:12.0093 3636  C:\WINDOWS\system32\netapi32.dll - ok
08:06:12.0093 3636  [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
08:06:12.0093 3636  C:\WINDOWS\system32\profmap.dll - ok
08:06:12.0109 3636  [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
08:06:12.0109 3636  C:\WINDOWS\system32\userenv.dll - ok
08:06:12.0109 3636  [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
08:06:12.0109 3636  C:\WINDOWS\system32\psapi.dll - ok
08:06:12.0109 3636  [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
08:06:12.0109 3636  C:\WINDOWS\system32\regapi.dll - ok
08:06:12.0125 3636  [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
08:06:12.0125 3636  C:\WINDOWS\system32\setupapi.dll - ok
08:06:12.0125 3636  [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
08:06:12.0125 3636  C:\WINDOWS\system32\version.dll - ok
08:06:12.0125 3636  [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
08:06:12.0125 3636  C:\WINDOWS\system32\winsta.dll - ok
08:06:12.0140 3636  [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
08:06:12.0140 3636  C:\WINDOWS\system32\wintrust.dll - ok
08:06:12.0140 3636  [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
08:06:12.0140 3636  C:\WINDOWS\system32\imagehlp.dll - ok
08:06:12.0140 3636  [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
08:06:12.0140 3636  C:\WINDOWS\system32\ws2_32.dll - ok
08:06:12.0156 3636  [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
08:06:12.0156 3636  C:\WINDOWS\system32\imm32.dll - ok
08:06:12.0156 3636  [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
08:06:12.0156 3636  C:\WINDOWS\system32\ws2help.dll - ok
08:06:12.0171 3636  [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
08:06:12.0171 3636  C:\WINDOWS\system32\kbdus.dll - ok
08:06:12.0171 3636  [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
08:06:12.0171 3636  C:\WINDOWS\system32\msgina.dll - ok
08:06:12.0171 3636  [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
08:06:12.0171 3636  C:\WINDOWS\system32\comctl32.dll - ok
08:06:12.0187 3636  [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
08:06:12.0187 3636  C:\WINDOWS\system32\odbc32.dll - ok
08:06:12.0187 3636  [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
08:06:12.0187 3636  C:\WINDOWS\system32\comdlg32.dll - ok
08:06:12.0187 3636  [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
08:06:12.0187 3636  C:\WINDOWS\system32\shell32.dll - ok
08:06:12.0203 3636  [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
08:06:12.0203 3636  C:\WINDOWS\system32\shlwapi.dll - ok
08:06:12.0203 3636  [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
08:06:12.0203 3636  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
08:06:12.0218 3636  [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
08:06:12.0218 3636  C:\WINDOWS\system32\odbcint.dll - ok
08:06:12.0218 3636  [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
08:06:12.0218 3636  C:\WINDOWS\system32\shsvcs.dll - ok
08:06:12.0218 3636  [ 59B408E5B8489B0B36A0D783D150EDCC ] C:\WINDOWS\system32\ole32.dll
08:06:12.0218 3636  C:\WINDOWS\system32\ole32.dll - ok
08:06:12.0234 3636  [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
08:06:12.0234 3636  C:\WINDOWS\system32\sfc.dll - ok
08:06:12.0234 3636  [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
08:06:12.0234 3636  C:\WINDOWS\system32\sfc_os.dll - ok
08:06:12.0234 3636  [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
08:06:12.0234 3636  C:\WINDOWS\system32\apphelp.dll - ok
08:06:12.0250 3636  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
08:06:12.0250 3636  C:\WINDOWS\system32\services.exe - ok
08:06:12.0250 3636  [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
08:06:12.0250 3636  C:\WINDOWS\system32\ncobjapi.dll - ok
08:06:12.0250 3636  [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
08:06:12.0250 3636  C:\WINDOWS\system32\lsass.exe - ok
08:06:12.0265 3636  [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
08:06:12.0265 3636  C:\WINDOWS\system32\msvcp60.dll - ok
08:06:12.0265 3636  [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
08:06:12.0265 3636  C:\WINDOWS\system32\lsasrv.dll - ok
08:06:12.0265 3636  [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
08:06:12.0265 3636  C:\WINDOWS\system32\scesrv.dll - ok
08:06:12.0281 3636  [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
08:06:12.0281 3636  C:\WINDOWS\system32\mpr.dll - ok
08:06:12.0281 3636  [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
08:06:12.0281 3636  C:\WINDOWS\system32\ntdsapi.dll - ok
08:06:12.0281 3636  [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
08:06:12.0281 3636  C:\WINDOWS\system32\dnsapi.dll - ok
08:06:12.0296 3636  [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
08:06:12.0296 3636  C:\WINDOWS\system32\wldap32.dll - ok
08:06:12.0296 3636  [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
08:06:12.0296 3636  C:\WINDOWS\system32\samlib.dll - ok
08:06:12.0312 3636  [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
08:06:12.0312 3636  C:\WINDOWS\system32\samsrv.dll - ok
08:06:12.0312 3636  [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
08:06:12.0312 3636  C:\WINDOWS\system32\shimeng.dll - ok
08:06:12.0312 3636  [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
08:06:12.0312 3636  C:\WINDOWS\system32\umpnpmgr.dll - ok
08:06:12.0328 3636  [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
08:06:12.0328 3636  C:\WINDOWS\AppPatch\acadproc.dll - ok
08:06:12.0328 3636  [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
08:06:12.0328 3636  C:\WINDOWS\AppPatch\acgenral.dll - ok
08:06:12.0343 3636  [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
08:06:12.0343 3636  C:\WINDOWS\system32\cryptdll.dll - ok
08:06:12.0343 3636  [ EFF03460E542EEA6B0ABDEC6BF19C897 ] C:\WINDOWS\system32\oleaut32.dll
08:06:12.0343 3636  C:\WINDOWS\system32\oleaut32.dll - ok
08:06:12.0343 3636  [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
08:06:12.0343 3636  C:\WINDOWS\system32\winmm.dll - ok
08:06:12.0359 3636  [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
08:06:12.0359 3636  C:\WINDOWS\system32\msacm32.dll - ok
08:06:12.0359 3636  [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
08:06:12.0359 3636  C:\WINDOWS\system32\uxtheme.dll - ok
08:06:12.0375 3636  [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
08:06:12.0375 3636  C:\WINDOWS\system32\msapsspc.dll - ok
08:06:12.0375 3636  [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
08:06:12.0375 3636  C:\WINDOWS\system32\msvcrt40.dll - ok
08:06:12.0375 3636  [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
08:06:12.0375 3636  C:\WINDOWS\system32\schannel.dll - ok
08:06:12.0390 3636  [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
08:06:12.0390 3636  C:\WINDOWS\system32\digest.dll - ok
08:06:12.0390 3636  [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
08:06:12.0390 3636  C:\WINDOWS\system32\msnsspc.dll - ok
08:06:12.0390 3636  [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
08:06:12.0390 3636  C:\WINDOWS\system32\kerberos.dll - ok
08:06:12.0406 3636  [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime
08:06:12.0406 3636  C:\WINDOWS\system32\msctfime.ime - ok
08:06:12.0406 3636  [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
08:06:12.0406 3636  C:\WINDOWS\system32\msprivs.dll - ok
08:06:12.0406 3636  [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
08:06:12.0406 3636  C:\WINDOWS\system32\msv1_0.dll - ok
08:06:12.0421 3636  [ C11D10A3C164AC222BC9AAB3650A88B3 ] C:\WINDOWS\system32\atmfd.dll
08:06:12.0421 3636  C:\WINDOWS\system32\atmfd.dll - ok
08:06:12.0421 3636  [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
08:06:12.0421 3636  C:\WINDOWS\system32\iphlpapi.dll - ok
08:06:12.0437 3636  [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
08:06:12.0437 3636  C:\WINDOWS\system32\netlogon.dll - ok
08:06:12.0437 3636  [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
08:06:12.0437 3636  C:\WINDOWS\system32\w32time.dll - ok
08:06:12.0437 3636  [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
08:06:12.0437 3636  C:\WINDOWS\system32\wdigest.dll - ok
08:06:12.0453 3636  [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
08:06:12.0453 3636  C:\WINDOWS\system32\rsaenh.dll - ok
08:06:12.0453 3636  [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
08:06:12.0453 3636  C:\WINDOWS\system32\winscard.dll - ok
08:06:12.0453 3636  [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
08:06:12.0453 3636  C:\WINDOWS\system32\wtsapi32.dll - ok
08:06:12.0468 3636  [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
08:06:12.0468 3636  C:\WINDOWS\system32\svchost.exe - ok
08:06:12.0468 3636  [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
08:06:12.0468 3636  C:\WINDOWS\system32\ntmarta.dll - ok
08:06:12.0468 3636  [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
08:06:12.0468 3636  C:\WINDOWS\system32\rpcss.dll - ok
08:06:12.0484 3636  [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
08:06:12.0484 3636  C:\WINDOWS\system32\xpsp2res.dll - ok
08:06:12.0484 3636  [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
08:06:12.0484 3636  C:\WINDOWS\system32\eventlog.dll - ok
08:06:12.0484 3636  [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
08:06:12.0484 3636  C:\WINDOWS\system32\mswsock.dll - ok
08:06:12.0500 3636  [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
08:06:12.0500 3636  C:\WINDOWS\system32\hnetcfg.dll - ok
08:06:12.0500 3636  [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
08:06:12.0500 3636  C:\WINDOWS\system32\wshtcpip.dll - ok
08:06:12.0500 3636  [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
08:06:12.0500 3636  C:\WINDOWS\system32\winrnr.dll - ok
08:06:12.0515 3636  [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
08:06:12.0515 3636  C:\WINDOWS\system32\rasadhlp.dll - ok
08:06:12.0515 3636  [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
08:06:12.0515 3636  C:\WINDOWS\system32\drivers\ndisuio.sys - ok
08:06:12.0531 3636  [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
08:06:12.0531 3636  C:\WINDOWS\system32\cscdll.dll - ok
08:06:12.0531 3636  [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
08:06:12.0531 3636  C:\WINDOWS\system32\dimsntfy.dll - ok
08:06:12.0531 3636  [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
08:06:12.0531 3636  C:\WINDOWS\system32\dhcpcsvc.dll - ok
08:06:12.0546 3636  [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
08:06:12.0546 3636  C:\WINDOWS\system32\dnsrslvr.dll - ok
08:06:12.0546 3636  [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
08:06:12.0546 3636  C:\WINDOWS\system32\wlnotify.dll - ok
08:06:12.0562 3636  [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
08:06:12.0562 3636  C:\WINDOWS\system32\winspool.drv - ok
08:06:12.0562 3636  [ 02CF580510234E519736559A7F19EA20 ] C:\WINDOWS\system32\WgaLogon.dll
08:06:12.0562 3636  C:\WINDOWS\system32\WgaLogon.dll - ok
08:06:12.0562 3636  [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
08:06:12.0562 3636  C:\WINDOWS\system32\clbcatq.dll - ok
08:06:12.0578 3636  [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
08:06:12.0578 3636  C:\WINDOWS\system32\lmhsvc.dll - ok
08:06:12.0578 3636  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
08:06:12.0578 3636  C:\WINDOWS\system32\wzcsvc.dll - ok
08:06:12.0578 3636  [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
08:06:12.0578 3636  C:\WINDOWS\system32\comres.dll - ok
08:06:12.0593 3636  [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
08:06:12.0593 3636  C:\WINDOWS\system32\rtutils.dll - ok
08:06:12.0593 3636  [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
08:06:12.0593 3636  C:\WINDOWS\system32\eapolqec.dll - ok
08:06:12.0609 3636  [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
08:06:12.0609 3636  C:\WINDOWS\system32\wmi.dll - ok
08:06:12.0609 3636  [ 72F2CFC7653FB5ABB85789D28E26A643 ] C:\WINDOWS\system32\atl.dll
08:06:12.0609 3636  C:\WINDOWS\system32\atl.dll - ok
08:06:12.0609 3636  [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
08:06:12.0609 3636  C:\WINDOWS\system32\qutil.dll - ok
08:06:12.0625 3636  [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
08:06:12.0625 3636  C:\WINDOWS\system32\dot3api.dll - ok
08:06:12.0625 3636  [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
08:06:12.0625 3636  C:\WINDOWS\system32\msxml3.dll - ok
08:06:12.0625 3636  [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
08:06:12.0625 3636  C:\WINDOWS\system32\esent.dll - ok
08:06:12.0640 3636  [ 6738CF94D2A90564E930720AD8186533 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SymRasMan.dll
08:06:12.0640 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SymRasMan.dll - ok
08:06:12.0640 3636  [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
08:06:12.0640 3636  C:\WINDOWS\system32\rastls.dll - ok
08:06:12.0640 3636  [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
08:06:12.0640 3636  C:\WINDOWS\system32\cryptui.dll - ok
08:06:12.0656 3636  [ F1BD516A4446B737BAEFB9FBAA92F01A ] C:\WINDOWS\system32\wininet.dll
08:06:12.0656 3636  C:\WINDOWS\system32\wininet.dll - ok
08:06:12.0656 3636  [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
08:06:12.0656 3636  C:\WINDOWS\system32\normaliz.dll - ok
08:06:12.0671 3636  [ 5288BC366FDABFA94D5C4577DAF85387 ] C:\WINDOWS\system32\urlmon.dll
08:06:12.0671 3636  C:\WINDOWS\system32\urlmon.dll - ok
08:06:12.0671 3636  [ 6195004BF2586FAA3B22F3CAC9E5CC15 ] C:\WINDOWS\system32\iertutil.dll
08:06:12.0671 3636  C:\WINDOWS\system32\iertutil.dll - ok
08:06:12.0671 3636  [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
08:06:12.0671 3636  C:\WINDOWS\system32\mprapi.dll - ok
08:06:12.0687 3636  [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
08:06:12.0687 3636  C:\WINDOWS\system32\activeds.dll - ok
08:06:12.0687 3636  [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
08:06:12.0687 3636  C:\WINDOWS\system32\adsldpc.dll - ok
08:06:12.0687 3636  [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
08:06:12.0687 3636  C:\WINDOWS\system32\rasapi32.dll - ok
08:06:12.0703 3636  [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
08:06:12.0703 3636  C:\WINDOWS\system32\rasman.dll - ok
08:06:12.0703 3636  [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
08:06:12.0703 3636  C:\WINDOWS\system32\tapi32.dll - ok
08:06:12.0703 3636  [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
08:06:12.0703 3636  C:\WINDOWS\system32\riched20.dll - ok
08:06:12.0718 3636  [ EB769781873BEBA1448EA6E765B37FAA ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\RasSymEap.dll
08:06:12.0718 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\RasSymEap.dll - ok
08:06:12.0718 3636  [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
08:06:12.0718 3636  C:\WINDOWS\system32\raschap.dll - ok
08:06:12.0734 3636  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
08:06:12.0734 3636  C:\WINDOWS\system32\schedsvc.dll - ok
08:06:12.0734 3636  [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
08:06:12.0734 3636  C:\WINDOWS\system32\msidle.dll - ok
08:06:12.0734 3636  [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
08:06:12.0734 3636  C:\WINDOWS\system32\spoolsv.exe - ok
08:06:12.0750 3636  [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
08:06:12.0750 3636  C:\WINDOWS\system32\audiosrv.dll - ok
08:06:12.0750 3636  [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
08:06:12.0750 3636  C:\WINDOWS\system32\wkssvc.dll - ok
08:06:12.0750 3636  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] C:\WINDOWS\system32\drivers\parvdm.sys
08:06:12.0750 3636  C:\WINDOWS\system32\drivers\parvdm.sys - ok
08:06:12.0765 3636  [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:06:12.0765 3636  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
08:06:12.0765 3636  [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
08:06:12.0765 3636  C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
08:06:12.0781 3636  [ 08A73B0E7EE6E32983B5F9E540A8E380 ] C:\WINDOWS\system32\mscoree.dll
08:06:12.0781 3636  C:\WINDOWS\system32\mscoree.dll - ok
08:06:12.0781 3636  [ A5937B2A94424CF1B13A4AD503AF6B2E ] C:\Program Files\Java\jre7\bin\jqs.exe
08:06:12.0781 3636  C:\Program Files\Java\jre7\bin\jqs.exe - ok
08:06:12.0781 3636  [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
08:06:12.0781 3636  C:\WINDOWS\system32\cryptsvc.dll - ok
08:06:12.0796 3636  [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Java\jre7\bin\msvcr100.dll
08:06:12.0796 3636  C:\Program Files\Java\jre7\bin\msvcr100.dll - ok
08:06:12.0796 3636  [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
08:06:12.0796 3636  C:\WINDOWS\system32\certcli.dll - ok
08:06:12.0796 3636  [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
08:06:12.0796 3636  C:\WINDOWS\system32\dmserver.dll - ok
08:06:12.0812 3636  [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
08:06:12.0812 3636  C:\WINDOWS\system32\pdh.dll - ok
08:06:12.0812 3636  [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
08:06:12.0812 3636  C:\WINDOWS\system32\ersvc.dll - ok
08:06:12.0812 3636  [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
08:06:12.0812 3636  C:\WINDOWS\system32\odbcbcp.dll - ok
08:06:12.0828 3636  [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
08:06:12.0828 3636  C:\WINDOWS\system32\es.dll - ok
08:06:12.0828 3636  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
08:06:12.0828 3636  C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
08:06:12.0843 3636  [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
08:06:12.0843 3636  C:\WINDOWS\system32\ipsecsvc.dll - ok
08:06:12.0843 3636  [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
08:06:12.0843 3636  C:\WINDOWS\system32\oakley.dll - ok
08:06:12.0843 3636  [ 7E2C360B6CC0D87B8EF38439B53DFC71 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccSvcHst.exe
08:06:12.0843 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccSvcHst.exe - ok
08:06:12.0859 3636  [ B2EEE3DEE31F50E082E9C720A6D7757D ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
08:06:12.0859 3636  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll - ok
08:06:12.0859 3636  [ 5B19B557B0C188210A56A6B699D90B8F ] C:\WINDOWS\system32\regsvc.dll
08:06:12.0859 3636  C:\WINDOWS\system32\regsvc.dll - ok
08:06:12.0859 3636  [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
08:06:12.0859 3636  C:\WINDOWS\system32\winipsec.dll - ok
08:06:12.0875 3636  [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
08:06:12.0875 3636  C:\WINDOWS\system32\pstorsvc.dll - ok
08:06:12.0875 3636  [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
08:06:12.0875 3636  C:\WINDOWS\system32\perfos.dll - ok
08:06:12.0875 3636  [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
08:06:12.0875 3636  C:\WINDOWS\system32\perfdisk.dll - ok
08:06:12.0890 3636  [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
08:06:12.0890 3636  C:\WINDOWS\system32\psbase.dll - ok
08:06:12.0890 3636  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
08:06:12.0890 3636  C:\WINDOWS\system32\netman.dll - ok
08:06:12.0906 3636  [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
08:06:12.0906 3636  C:\WINDOWS\system32\dssenh.dll - ok
08:06:12.0906 3636  [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
08:06:12.0906 3636  C:\WINDOWS\system32\netshell.dll - ok
08:06:12.0906 3636  [ 7538050656FE5D63CB4B80349DD1CFE3 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
08:06:12.0906 3636  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll - ok
08:06:12.0921 3636  [ A569678FFD9013266B83ECF68126E776 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccL100U.dll
08:06:12.0921 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccL100U.dll - ok
08:06:12.0921 3636  [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
08:06:12.0921 3636  C:\WINDOWS\system32\credui.dll - ok
08:06:12.0921 3636  [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
08:06:12.0921 3636  C:\WINDOWS\system32\dot3dlg.dll - ok
08:06:12.0937 3636  [ 7E08612276D40F3FB2F4EFD6C07BB145 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccVrTrst.dll
08:06:12.0937 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccVrTrst.dll - ok
08:06:12.0937 3636  [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
08:06:12.0937 3636  C:\WINDOWS\system32\onex.dll - ok
08:06:12.0953 3636  [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
08:06:12.0953 3636  C:\WINDOWS\system32\wsock32.dll - ok
08:06:12.0953 3636  [ 28E1096114BB765CC29420F03716C922 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\EFACli.dll
08:06:12.0953 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\EFACli.dll - ok
08:06:12.0953 3636  [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
08:06:12.0953 3636  C:\WINDOWS\system32\eappcfg.dll - ok
08:06:12.0968 3636  [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
08:06:12.0968 3636  C:\WINDOWS\system32\eappprxy.dll - ok
08:06:12.0968 3636  [ 4EA92135C436D18975C2EBEC242B71DA ] C:\WINDOWS\system32\icmp.dll
08:06:12.0968 3636  C:\WINDOWS\system32\icmp.dll - ok
08:06:12.0968 3636  [ 2C0EC5FA4C4FE0166335D2FBF9996AD2 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SymNeti.dll
08:06:12.0968 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SymNeti.dll - ok
08:06:12.0984 3636  [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
08:06:12.0984 3636  C:\WINDOWS\system32\wzcsapi.dll - ok
08:06:12.0984 3636  [ CC25F6C453B00D85DF4A2BD37135BA1A ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccSvc.dll
08:06:12.0984 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccSvc.dll - ok
08:06:12.0984 3636  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
08:06:12.0984 3636  C:\WINDOWS\system32\srvsvc.dll - ok
08:06:13.0000 3636  [ 872E46894E4A86E835B272CF6EADF19B ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\Srtsp32.dll
08:06:13.0000 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\Srtsp32.dll - ok
08:06:13.0000 3636  [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
08:06:13.0000 3636  C:\WINDOWS\system32\netmsg.dll - ok
08:06:13.0000 3636  [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
08:06:13.0000 3636  C:\WINDOWS\system32\seclogon.dll - ok
08:06:13.0015 3636  [ 649A38E1020F524F03783D09072FA5EC ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccIPC.dll
08:06:13.0015 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccIPC.dll - ok
08:06:13.0015 3636  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
08:06:13.0015 3636  C:\WINDOWS\system32\wiaservc.dll - ok
08:06:13.0031 3636  [ 7A526DE7C1BB517E8F5AA83836ABD767 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\sms.dll
08:06:13.0031 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\sms.dll - ok
08:06:13.0031 3636  [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
08:06:13.0031 3636  C:\WINDOWS\system32\cfgmgr32.dll - ok
08:06:13.0031 3636  [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
08:06:13.0031 3636  C:\WINDOWS\system32\mscms.dll - ok
08:06:13.0046 3636  [ 34E9D420E7950E3B22575C8591CB5A5F ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\sis.dll
08:06:13.0046 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\sis.dll - ok
08:06:13.0046 3636  [ 23D3B382531301A2EF73FB54BA262BA6 ] C:\WINDOWS\system32\kdssti.dll
08:06:13.0046 3636  C:\WINDOWS\system32\kdssti.dll - ok
08:06:13.0046 3636  [ 2BFF31508A58EA3F82CA8D6620AE6E13 ] C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
08:06:13.0046 3636  C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL - ok
08:06:13.0062 3636  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
08:06:13.0062 3636  C:\WINDOWS\system32\sens.dll - ok
08:06:13.0062 3636  [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
08:06:13.0062 3636  C:\WINDOWS\system32\srsvc.dll - ok
08:06:13.0062 3636  [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
08:06:13.0062 3636  C:\WINDOWS\system32\powrprof.dll - ok
08:06:13.0078 3636  [ E1D83F811E748A687ADE8DAD52506B07 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccSet.dll
08:06:13.0078 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccSet.dll - ok
08:06:13.0078 3636  [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
08:06:13.0078 3636  C:\WINDOWS\system32\trkwks.dll - ok
08:06:13.0093 3636  [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
08:06:13.0093 3636  C:\WINDOWS\system32\vssapi.dll - ok
08:06:13.0093 3636  [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
08:06:13.0093 3636  C:\WINDOWS\system32\wbem\wmisvc.dll - ok
08:06:13.0093 3636  [ B3290D40659E1E398C3B7F5BE0856EDD ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccGEvt.dll
08:06:13.0093 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccGEvt.dll - ok
08:06:13.0109 3636  [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
08:06:13.0109 3636  C:\WINDOWS\system32\actxprxy.dll - ok
08:06:13.0109 3636  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
08:06:13.0109 3636  C:\WINDOWS\system32\drivers\srv.sys - ok
08:06:13.0109 3636  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
08:06:13.0109 3636  C:\WINDOWS\system32\wuauserv.dll - ok
08:06:13.0125 3636  [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
08:06:13.0125 3636  C:\WINDOWS\system32\wuaueng.dll - ok
08:06:13.0125 3636  [ F7BEFE5683BCC049636C5EAE015635C1 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccGLog.dll
08:06:13.0125 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccGLog.dll - ok
08:06:13.0140 3636  [ E05F2769F251F1B3BC4CE0C97A83CCFE ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccJobMgr.dll
08:06:13.0140 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccJobMgr.dll - ok
08:06:13.0140 3636  [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
08:06:13.0140 3636  C:\WINDOWS\system32\winhttp.dll - ok
08:06:13.0140 3636  [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
08:06:13.0140 3636  C:\WINDOWS\system32\cabinet.dll - ok
08:06:13.0156 3636  [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
08:06:13.0156 3636  C:\WINDOWS\system32\mspatcha.dll - ok
08:06:13.0156 3636  [ 9760CBF3B9F33B0B166891A803A1BE27 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccSubEng.dll
08:06:13.0156 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccSubEng.dll - ok
08:06:13.0156 3636  [ 1CF2A59D3EB4B70121A1158AFA67BEEB ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccEmlPxy.dll
08:06:13.0156 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccEmlPxy.dll - ok
08:06:13.0171 3636  [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
08:06:13.0171 3636  C:\WINDOWS\system32\ipnathlp.dll - ok
08:06:13.0171 3636  [ 37042FEF6C15669D33CDCF46CDB783AC ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\Iron.dll
08:06:13.0171 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\Iron.dll - ok
08:06:13.0171 3636  [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
08:06:13.0171 3636  C:\WINDOWS\system32\msi.dll - ok
08:06:13.0187 3636  [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
08:06:13.0187 3636  C:\WINDOWS\system32\wscsvc.dll - ok
08:06:13.0187 3636  [ FBC12F98DBEE24EAFD41B1E8EF7E6E8C ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\LUSvc.dll
08:06:13.0187 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\LUSvc.dll - ok
08:06:13.0203 3636  [ ED2CB3202682CA78FBF9C312E84A7A8F ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SNDSvc.dll
08:06:13.0203 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SNDSvc.dll - ok
08:06:13.0203 3636  [ 0EA961EA523B3BC9941623EFE5997655 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SymRedir.dll
08:06:13.0203 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SymRedir.dll - ok
08:06:13.0203 3636  [ DA655F5BEC36139287C049C888CD09A8 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SymRdrSv.dll
08:06:13.0203 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SymRdrSv.dll - ok
08:06:13.0218 3636  [ ABEBF0C22D97CF826160781BFC17F01E ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\BHSvcPlg.dll
08:06:13.0218 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\BHSvcPlg.dll - ok
08:06:13.0218 3636  [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
08:06:13.0218 3636  C:\WINDOWS\system32\browser.dll - ok
08:06:13.0218 3636  [ EF9C121F8FAE4B7D10BCCEFE2F0F9844 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\IPSPlug.dll
08:06:13.0218 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\IPSPlug.dll - ok
08:06:13.0234 3636  [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
08:06:13.0234 3636  C:\WINDOWS\system32\wups.dll - ok
08:06:13.0234 3636  [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
08:06:13.0234 3636  C:\WINDOWS\system32\comsvcs.dll - ok
08:06:13.0234 3636  [ 5A5EBAD1EF9ACB5CA0BDF7DAF1873DBB ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\EimLoader.dll
08:06:13.0234 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\EimLoader.dll - ok
08:06:13.0250 3636  [ 9B971A463789408BB9D9FF944BC88BC4 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\DataMan.dll
08:06:13.0250 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\DataMan.dll - ok
08:06:13.0250 3636  [ A07FC77B858B3BDCAFA566AD8F1E8C4F ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\AVHostPlugin.dll
08:06:13.0250 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\AVHostPlugin.dll - ok
08:06:13.0250 3636  [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
08:06:13.0250 3636  C:\WINDOWS\system32\colbact.dll - ok
08:06:13.0265 3636  [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
08:06:13.0265 3636  C:\WINDOWS\system32\clusapi.dll - ok
08:06:13.0265 3636  [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
08:06:13.0265 3636  C:\WINDOWS\system32\mtxclu.dll - ok
08:06:13.0281 3636  [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
08:06:13.0281 3636  C:\WINDOWS\system32\resutils.dll - ok
08:06:13.0281 3636  [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
08:06:13.0281 3636  C:\WINDOWS\system32\wups2.dll - ok
08:06:13.0281 3636  [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
08:06:13.0281 3636  C:\WINDOWS\system32\wuauclt.exe - ok
08:06:13.0296 3636  [ 808608B5A83D9E55B9FBB2216D1A0271 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\NavNTutl.dll
08:06:13.0296 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\NavNTutl.dll - ok
08:06:13.0296 3636  [ 85F7955B8951D75AAD9E245CDFFF5D30 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\i2ldvp3.dll
08:06:13.0296 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\i2ldvp3.dll - ok
08:06:13.0296 3636  [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
08:06:13.0296 3636  C:\WINDOWS\system32\shfolder.dll - ok
08:06:13.0312 3636  [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
08:06:13.0312 3636  C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
08:06:13.0312 3636  [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
08:06:13.0312 3636  C:\WINDOWS\system32\wbem\wbemprox.dll - ok
08:06:13.0312 3636  [ 2668FBA209D097428AB0E898A12CA757 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\AgentCore.dll
08:06:13.0312 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\AgentCore.dll - ok
08:06:13.0328 3636  [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
08:06:13.0328 3636  C:\WINDOWS\system32\wbem\wbemcore.dll - ok
08:06:13.0328 3636  [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
08:06:13.0328 3636  C:\WINDOWS\system32\wbem\esscli.dll - ok
08:06:13.0343 3636  [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
08:06:13.0343 3636  C:\WINDOWS\system32\wbem\fastprox.dll - ok
08:06:13.0343 3636  [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
08:06:13.0343 3636  C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
08:06:13.0343 3636  [ 29413E74C2FDCAE7BAD2735D925EBE30 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\ActaRes.dll
08:06:13.0343 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\ActaRes.dll - ok
08:06:13.0359 3636  [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
08:06:13.0359 3636  C:\WINDOWS\system32\wbem\wmiutils.dll - ok
08:06:13.0359 3636  [ 6AA64DB4AFD915E6ACE3524BB2CC0ED2 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\IPSFFPl.dll
08:06:13.0359 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\IPSFFPl.dll - ok
08:06:13.0375 3636  [ 18BC576CB720EF1FD81FD0883D9448E4 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\PScanRes.dll
08:06:13.0375 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\PScanRes.dll - ok
08:06:13.0375 3636  [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
08:06:13.0375 3636  C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
08:06:13.0375 3636  [ 14D289F63D9538306CB560C4CD12172F ] C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20130918.003\IDSxpx86.dll
08:06:13.0375 3636  C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20130918.003\IDSxpx86.dll - ok
08:06:13.0390 3636  [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
08:06:13.0390 3636  C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
08:06:13.0390 3636  [ A7E06854EA2A20AEE8EC32BD8C754298 ] C:\WINDOWS\system32\mpnotify.exe
08:06:13.0390 3636  C:\WINDOWS\system32\mpnotify.exe - ok
08:06:13.0406 3636  [ F8C2C4FC35B83843D458EEF2D759E96F ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\snacnp.dll
08:06:13.0406 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\snacnp.dll - ok
08:06:13.0406 3636  [ B5D8B066D1CEAC12F7C95B5118C52018 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\DSCli.dll
08:06:13.0406 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\DSCli.dll - ok
08:06:13.0406 3636  [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
08:06:13.0406 3636  C:\WINDOWS\system32\wbem\wbemess.dll - ok
08:06:13.0421 3636  [ 4215C53A162118E7828196181E3ECFC9 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\DefUtDCD.dll
08:06:13.0421 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\DefUtDCD.dll - ok
08:06:13.0421 3636  [ 26732E64EB15D0543B2EB7BD6724A8DA ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ducclib.dll
08:06:13.0421 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ducclib.dll - ok
08:06:13.0421 3636  [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
08:06:13.0421 3636  C:\WINDOWS\system32\cscui.dll - ok
08:06:13.0437 3636  [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll
08:06:13.0437 3636  C:\WINDOWS\system32\dpcdll.dll - ok
08:06:13.0437 3636  [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
08:06:13.0437 3636  C:\WINDOWS\system32\wdmaud.drv - ok
08:06:13.0437 3636  [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
08:06:13.0453 3636  C:\WINDOWS\system32\drivers\wdmaud.sys - ok
08:06:13.0453 3636  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
08:06:13.0453 3636  C:\WINDOWS\system32\drivers\sysaudio.sys - ok
08:06:13.0453 3636  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
08:06:13.0453 3636  C:\WINDOWS\system32\drivers\splitter.sys - ok
08:06:13.0468 3636  [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
08:06:13.0468 3636  C:\WINDOWS\system32\drivers\aec.sys - ok
08:06:13.0468 3636  [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
08:06:13.0468 3636  C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
08:06:13.0468 3636  [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
08:06:13.0468 3636  C:\WINDOWS\system32\alg.exe - ok
08:06:13.0484 3636  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
08:06:13.0484 3636  C:\WINDOWS\system32\drivers\swmidi.sys - ok
08:06:13.0484 3636  [ D9C987AF4B1B1533BF25298B491384B4 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SEPSessionPlugin.dll
08:06:13.0484 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SEPSessionPlugin.dll - ok
08:06:13.0484 3636  [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
08:06:13.0484 3636  C:\WINDOWS\system32\drivers\dmusic.sys - ok
08:06:13.0500 3636  [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
08:06:13.0500 3636  C:\WINDOWS\system32\userinit.exe - ok
08:06:13.0500 3636  [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
08:06:13.0500 3636  C:\WINDOWS\system32\drivers\kmixer.sys - ok
08:06:13.0500 3636  [ B1296D52B0D2096EC4759EEEB806D759 ] C:\WINDOWS\system32\WgaTray.exe
08:06:13.0500 3636  C:\WINDOWS\system32\WgaTray.exe - ok
08:06:13.0515 3636  [ 0F080E659BAB2D9006AA99318DB06F6B ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\OutlookSessionPlugin.dll
08:06:13.0515 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\OutlookSessionPlugin.dll - ok
08:06:13.0515 3636  [ 9FFFEA13A6181F1A92EDBF023CDB6EFD ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\Smc.exe
08:06:13.0515 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\Smc.exe - ok
08:06:13.0531 3636  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
08:06:13.0531 3636  C:\WINDOWS\system32\drivers\drmkaud.sys - ok
08:06:13.0531 3636  [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
08:06:13.0531 3636  C:\WINDOWS\system32\wbem\cimwin32.dll - ok
08:06:13.0531 3636  [ F39B7DB59E1D2699B8BC5B791CF9983E ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\RunOnceSessionPlugin.dll
08:06:13.0531 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\RunOnceSessionPlugin.dll - ok
08:06:13.0546 3636  [ B0FF008010AA867364500904C742A291 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\SEPSessionPluginRes.dll
08:06:13.0546 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\SEPSessionPluginRes.dll - ok
08:06:13.0546 3636  [ 435FC3C8B6C0B7BBCB6214F765D549FD ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SAVSesHlp.dll
08:06:13.0546 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SAVSesHlp.dll - ok
08:06:13.0546 3636  [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
08:06:13.0546 3636  C:\WINDOWS\system32\msacm32.drv - ok
08:06:13.0562 3636  [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
08:06:13.0562 3636  C:\WINDOWS\system32\midimap.dll - ok
08:06:13.0562 3636  [ 9B97B8E9C44FB933B18998368597348A ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SAVStatusFinder.dll
08:06:13.0562 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SAVStatusFinder.dll - ok
08:06:13.0562 3636  [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
08:06:13.0562 3636  C:\WINDOWS\system32\netcfgx.dll - ok
08:06:13.0578 3636  [ CC3BA3182BAB15C5D97B89A7ADD7E06C ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\LicenseMan.dll
08:06:13.0578 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\LicenseMan.dll - ok
08:06:13.0578 3636  [ 1CAD39337202BA05BA929A44CA585A6A ] C:\WINDOWS\system32\pautoenr.dll
08:06:13.0578 3636  C:\WINDOWS\system32\pautoenr.dll - ok
08:06:13.0593 3636  [ C05287F86C4770D289E17A4D53616AC0 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SyLog.dll
08:06:13.0593 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SyLog.dll - ok
08:06:13.0593 3636  [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
08:06:13.0593 3636  C:\WINDOWS\explorer.exe - ok
08:06:13.0593 3636  [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
08:06:13.0593 3636  C:\WINDOWS\system32\wbem\framedyn.dll - ok
08:06:13.0609 3636  [ 26A97E88171FEB71F07960E6A191B04C ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SymDeltaDll.dll
08:06:13.0609 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SymDeltaDll.dll - ok
08:06:13.0609 3636  [ 423069307FB726E51E2A66F1C3F738FE ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
08:06:13.0609 3636  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll - ok
08:06:13.0609 3636  [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
08:06:13.0609 3636  C:\WINDOWS\system32\browseui.dll - ok
08:06:13.0625 3636  [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
08:06:13.0625 3636  C:\WINDOWS\system32\cryptnet.dll - ok
08:06:13.0625 3636  [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
08:06:13.0625 3636  C:\WINDOWS\system32\sensapi.dll - ok
08:06:13.0640 3636  [ 3307A07B81206F354F0D4BEFEE922437 ] C:\WINDOWS\system32\LegitCheckControl.DLL
08:06:13.0640 3636  C:\WINDOWS\system32\LegitCheckControl.DLL - ok
08:06:13.0640 3636  [ 6895427873D6C37A6D6DA7C3DB37DA14 ] C:\WINDOWS\system32\licwmi.dll
08:06:13.0640 3636  C:\WINDOWS\system32\licwmi.dll - ok
08:06:13.0640 3636  [ 43D5CC45A2B74939A88614EEFEF1295D ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SavEmailSesHlp.dll
08:06:13.0640 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SavEmailSesHlp.dll - ok
08:06:13.0656 3636  [ 7B5B6676BE0903364003320220BB4075 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\SAVSesHlpRes.dll
08:06:13.0656 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\SAVSesHlpRes.dll - ok
08:06:13.0656 3636  [ 05F86FFAD2410F0656993ADBF7787159 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\LicenseManRes.dll
08:06:13.0656 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\LicenseManRes.dll - ok
08:06:13.0656 3636  [ 384F4232BD819D9055B2B95EAAECC788 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\Cliproxy.dll
08:06:13.0656 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\Cliproxy.dll - ok
08:06:13.0671 3636  [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll
08:06:13.0671 3636  C:\WINDOWS\system32\shdocvw.dll - ok
08:06:13.0671 3636  [ 759BD98C37E90F37C19F00727491687A ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\SavEmailSesHlpRes.dll
08:06:13.0671 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\SavEmailSesHlpRes.dll - ok
08:06:13.0687 3636  [ AD2E0DAD5DAAEF98415B62D2E4431D6C ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\CidsTrayStatus.dll
08:06:13.0687 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\CidsTrayStatus.dll - ok
08:06:13.0687 3636  [ 7ED7D316742C3D8B9C057DEEC47043A3 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\CidsEimProxy.dll
08:06:13.0687 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\CidsEimProxy.dll - ok
08:06:13.0687 3636  [ 22FEAEBA18A438498080E0C494287F3C ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ProfileManagementClient.dll
08:06:13.0687 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ProfileManagementClient.dll - ok
08:06:13.0703 3636  [ DD4FA944D16D9570184AE35F239CC648 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\FWTrayStatus.dll
08:06:13.0703 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\FWTrayStatus.dll - ok
08:06:13.0703 3636  [ AD6B9F30E0EBD3BC9F88328F2BEDF8A2 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\HITrayStatus.dll
08:06:13.0703 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\HITrayStatus.dll - ok
08:06:13.0703 3636  [ 41F62E641AB75AC3235F22B179AC9721 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\PTPTrayStatus.dll
08:06:13.0703 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\PTPTrayStatus.dll - ok
08:06:13.0718 3636  [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
08:06:13.0718 3636  C:\WINDOWS\system32\msimg32.dll - ok
08:06:13.0718 3636  [ E4268AD6D3D4E047F100E3F78CFE2D2E ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ProtectionUtil.dll
08:06:13.0718 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ProtectionUtil.dll - ok
08:06:13.0718 3636  [ 95DECD7EE37E740F4176BAF60897A92F ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
08:06:13.0718 3636  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll - ok
08:06:13.0734 3636  [ CA3A6F3C9C963DA7BE8964848D739E9C ] C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20130913.014\BHEngine.dll
08:06:13.0734 3636  C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20130913.014\BHEngine.dll - ok
08:06:13.0734 3636  [ 78B62E4C13378F737603136975A07E1A ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
08:06:13.0734 3636  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll - ok
08:06:13.0734 3636  [ 2A632A95433E9719F37AE06BA00543AC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
08:06:13.0734 3636  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll - ok
08:06:13.0750 3636  [ 34FFA264E894EC8DB2AB55B0FB890906 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\ProtectionUtilRes.dll
08:06:13.0750 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\ProtectionUtilRes.dll - ok
08:06:13.0750 3636  [ 4F452917A45C7F14360CAB9A314EF05D ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\RebootMgrEimProxy.dll
08:06:13.0750 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\RebootMgrEimProxy.dll - ok
08:06:13.0765 3636  [ 9EFBB3055B3EECE5B0FC7BAED07A6EE9 ] C:\WINDOWS\system32\msxml6.dll
08:06:13.0765 3636  C:\WINDOWS\system32\msxml6.dll - ok
08:06:13.0765 3636  [ 8BBF6E3A5AFE6486C06AC5293DEF9D30 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\SmcRes.dll
08:06:13.0765 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\SmcRes.dll - ok
08:06:13.0765 3636  [ E364D22A9D2AB5A10894C7DBA2029257 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SyLink.dll
08:06:13.0765 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SyLink.dll - ok
08:06:13.0781 3636  [ 18FABC377339E2EB93EC35F1A622EC64 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\rtvscanPS.dll
08:06:13.0781 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\rtvscanPS.dll - ok
08:06:13.0781 3636  [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
08:06:13.0781 3636  C:\WINDOWS\system32\desk.cpl - ok
08:06:13.0781 3636  [ 44B8D103585061BF6290CE5E88689B4F ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\Netport.dll
08:06:13.0781 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\Netport.dll - ok
08:06:13.0796 3636  [ 14646E339808272393541B3B860A8D97 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\RebootMgrEim.dll
08:06:13.0796 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\RebootMgrEim.dll - ok
08:06:13.0796 3636  [ EE9710428FFB95FD3845D41E7148AC31 ] C:\WINDOWS\system32\themeui.dll
08:06:13.0796 3636  C:\WINDOWS\system32\themeui.dll - ok
08:06:13.0796 3636  [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
08:06:13.0796 3636  C:\WINDOWS\system32\termsrv.dll - ok
08:06:13.0812 3636  [ EAB2EFA5B77A0AFFFAC8F2509CB87905 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\RebootMgrEimRes.dll
08:06:13.0812 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\RebootMgrEimRes.dll - ok
08:06:13.0812 3636  [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
08:06:13.0812 3636  C:\WINDOWS\system32\upnp.dll - ok
08:06:13.0812 3636  [ 801FFDDE7E5FB4B85487EF990CC0B38B ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SavEmail.dll
08:06:13.0812 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SavEmail.dll - ok
08:06:13.0828 3636  [ 6B2DFB23E5CFE54E42B79FF923CFBFE8 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\Trident.dll
08:06:13.0828 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\Trident.dll - ok
08:06:13.0828 3636  [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
08:06:13.0828 3636  C:\WINDOWS\system32\icaapi.dll - ok
08:06:13.0828 3636  [ 15DB51DC00F1CF9D8AFC1D2E905BD0CF ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ProtectionProviderPS.dll
08:06:13.0828 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ProtectionProviderPS.dll - ok
08:06:13.0843 3636  [ 5D50BB423CCC09BCABFE9BD5551BFA08 ] C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20130918.003\IPSFFPl.dll
08:06:13.0843 3636  C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20130918.003\IPSFFPl.dll - ok
08:06:13.0843 3636  [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
08:06:13.0843 3636  C:\WINDOWS\system32\mstlsapi.dll - ok
08:06:13.0843 3636  [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
08:06:13.0843 3636  C:\WINDOWS\system32\ssdpapi.dll - ok
08:06:13.0859 3636  [ 07A82AEE352F7F607353F6D3CD3F77C5 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SavMainUI.dll
08:06:13.0859 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SavMainUI.dll - ok
08:06:13.0859 3636  [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
08:06:13.0859 3636  C:\WINDOWS\system32\drivers\http.sys - ok
08:06:13.0859 3636  [ 5AB083E4E88073D9CBFB212CEA9EB7C6 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\AtpiEimProxy.dll
08:06:13.0859 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\AtpiEimProxy.dll - ok
08:06:13.0875 3636  [ C7C84DF7233F4834CD190F3DCCAF50CA ] C:\WINDOWS\system32\rdpwsx.dll
08:06:13.0875 3636  C:\WINDOWS\system32\rdpwsx.dll - ok
08:06:13.0875 3636  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
08:06:13.0875 3636  C:\WINDOWS\system32\rasmans.dll - ok
08:06:13.0875 3636  [ 7586AC7A7FAC2382121FD2BD4B4F9B16 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SubmissionsEim.dll
08:06:13.0875 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SubmissionsEim.dll - ok
08:06:13.0890 3636  [ 58F2733605DE53A38942318BD7DB8EF6 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\tseConfig.dll
08:06:13.0890 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\tseConfig.dll - ok
08:06:13.0890 3636  [ 29ECDA17BA5E6D98430F698587569ACC ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.23084_x-ww_f3f35550\GdiPlus.dll
08:06:13.0890 3636  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.23084_x-ww_f3f35550\GdiPlus.dll - ok
08:06:13.0890 3636  [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
08:06:13.0890 3636  C:\WINDOWS\system32\tapisrv.dll - ok
08:06:13.0890 3636  [ 0BF5B7D09BF2163FFD616647F30BE1B8 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SpNet.dll
08:06:13.0890 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SpNet.dll - ok
08:06:13.0906 3636  [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
08:06:13.0906 3636  C:\WINDOWS\system32\rastapi.dll - ok
08:06:13.0906 3636  [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
08:06:13.0906 3636  C:\WINDOWS\system32\unimdm.tsp - ok
08:06:13.0906 3636  [ CC25CAAF4C257615B8F101DCB73684F2 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\GEDataStore.dll
08:06:13.0906 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\GEDataStore.dll - ok
08:06:13.0921 3636  [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
08:06:13.0921 3636  C:\WINDOWS\system32\uniplat.dll - ok
08:06:13.0921 3636  [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
08:06:13.0921 3636  C:\WINDOWS\system32\kmddsp.tsp - ok
08:06:13.0921 3636  [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
08:06:13.0921 3636  C:\WINDOWS\system32\ndptsp.tsp - ok
08:06:13.0937 3636  [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
08:06:13.0937 3636  C:\WINDOWS\system32\ipconf.tsp - ok
08:06:13.0937 3636  [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
08:06:13.0937 3636  C:\WINDOWS\system32\h323.tsp - ok
08:06:13.0937 3636  [ 0DA8A73BD9771C7D0826A7E2FC276BA6 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\NacManager.plg
08:06:13.0937 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\NacManager.plg - ok
08:06:13.0953 3636  [ 1D2C82EEEF620F124FF670B850B802D7 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\sfConfig.dll
08:06:13.0953 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\sfConfig.dll - ok
08:06:13.0953 3636  [ F3A78AEFB5A66F2A9DAA9BC03E6704C9 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\BHClient.dll
08:06:13.0953 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\BHClient.dll - ok
08:06:13.0953 3636  [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
08:06:13.0953 3636  C:\WINDOWS\system32\hidphone.tsp - ok
08:06:13.0953 3636  [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
08:06:13.0968 3636  C:\WINDOWS\system32\hid.dll - ok
08:06:13.0968 3636  [ 9139BC505D415E5CD3F663ECC0E7C329 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\dec_abi.dll
08:06:13.0968 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\dec_abi.dll - ok
08:06:13.0968 3636  [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
08:06:13.0968 3636  C:\WINDOWS\system32\ssdpsrv.dll - ok
08:06:13.0968 3636  [ D88AF24403E615AC6792048F9C6C87B6 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SgHI.dll
08:06:13.0968 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SgHI.dll - ok
08:06:13.0984 3636  [ BEB1D77DCF0D8CB42F81E14BF215D5B6 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\SavMainUIRes.dll
08:06:13.0984 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\SavMainUIRes.dll - ok
08:06:13.0984 3636  [ 9EEFE69139FDBB4A3C327630F8EB993A ] C:\WINDOWS\system32\wlanapi.dll
08:06:13.0984 3636  C:\WINDOWS\system32\wlanapi.dll - ok
08:06:13.0984 3636  [ 33B371A7DFE1F8A0DC3C5E07D038C23A ] C:\WINDOWS\system32\RpcTspX.tsp
08:06:13.0984 3636  C:\WINDOWS\system32\RpcTspX.tsp - ok
08:06:14.0000 3636  [ 68B393AD200B3A81197EB15B12D588B4 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\TseConfigRes.dll
08:06:14.0000 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\TseConfigRes.dll - ok
08:06:14.0000 3636  [ 7179CEF2E2A2D4E5F38CE04C35C773FE ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\AtpiMan.plg
08:06:14.0000 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\AtpiMan.plg - ok
08:06:14.0000 3636  [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
08:06:14.0000 3636  C:\WINDOWS\system32\cmd.exe - ok
08:06:14.0015 3636  [ 2DD904F7FE982A3141193F491D04F7C9 ] C:\WINDOWS\system32\ieframe.dll
08:06:14.0015 3636  C:\WINDOWS\system32\ieframe.dll - ok
08:06:14.0015 3636  [ E68CD69B9CEA6FCF938898D6E5078B29 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\AVMan.plg
08:06:14.0015 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\AVMan.plg - ok
08:06:14.0015 3636  [ 9F757226F13DCCFE3A50DF90921E54F3 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\BashMan.plg
08:06:14.0015 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\BashMan.plg - ok
08:06:14.0031 3636  [ 6887FA4298F44BB9D326B57311657ACE ] C:\PROGRA~1\SHOREL~1\SHOREW~1\STCLogin.exe
08:06:14.0031 3636  C:\PROGRA~1\SHOREL~1\SHOREW~1\STCLogin.exe - ok
08:06:14.0031 3636  [ 58D8C652AEB69DA90AF909BE15780A68 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\CIDSMan.plg
08:06:14.0031 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\CIDSMan.plg - ok
08:06:14.0031 3636  [ C56B6D0402371CF3700EB322EF3AAF61 ] C:\WINDOWS\system32\drivers\tdtcp.sys
08:06:14.0031 3636  C:\WINDOWS\system32\drivers\tdtcp.sys - ok
08:06:14.0031 3636  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] C:\WINDOWS\system32\drivers\rdpwd.sys
08:06:14.0031 3636  C:\WINDOWS\system32\drivers\rdpwd.sys - ok
08:06:14.0046 3636  [ 661AABD45EE4A9F42693BB9612BB9400 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\CommonMan.plg
08:06:14.0046 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\CommonMan.plg - ok
08:06:14.0046 3636  [ 50B8C66EC77E124B27F15756CFF60917 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\DevMan.plg
08:06:14.0046 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\DevMan.plg - ok
08:06:14.0046 3636  [ A8058FCD0E0FF21388D5947BF1967370 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\GUProxy.plg
08:06:14.0046 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\GUProxy.plg - ok
08:06:14.0062 3636  [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
08:06:14.0062 3636  C:\WINDOWS\system32\rasppp.dll - ok
08:06:14.0062 3636  [ 9E2F8C0CC4249882F0554EC3156FA818 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\LocalRep.plg
08:06:14.0062 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\LocalRep.plg - ok
08:06:14.0078 3636  [ 3F8F62E9FE419F3D4E73FB619BC54D0C ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\LUMan.plg
08:06:14.0078 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\LUMan.plg - ok
08:06:14.0078 3636  [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
08:06:14.0078 3636  C:\WINDOWS\system32\ntlsapi.dll - ok
08:06:14.0078 3636  [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
08:06:14.0078 3636  C:\WINDOWS\system32\rasqec.dll - ok
08:06:14.0093 3636  [ 8117CB49984BDBB7872178D24702C4FD ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ProfileMgrMan.plg
08:06:14.0093 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ProfileMgrMan.plg - ok
08:06:14.0093 3636  [ 36B53832C1551016BC7FFAA4CFF5DED8 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\RebootMgrMan.plg
08:06:14.0093 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\RebootMgrMan.plg - ok
08:06:14.0093 3636  [ 38212D873BD327F3F0A4BBA053C01F2E ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\RepMgtMan.plg
08:06:14.0093 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\RepMgtMan.plg - ok
08:06:14.0109 3636  [ 156B42E69ABD1E729A72B2FA9374B7A6 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SfMan.plg
08:06:14.0109 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SfMan.plg - ok
08:06:14.0109 3636  [ 48256F771BC505C0EE0B5D0672D490E1 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccScanw.dll
08:06:14.0109 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ccScanw.dll - ok
08:06:14.0125 3636  [ 853A59C5E476D000EF4025D19FD50554 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\HPPProtectionProviderUI.dll
08:06:14.0125 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\HPPProtectionProviderUI.dll - ok
08:06:14.0125 3636  [ AE60B9A32E648E65CB2C831D9E38C230 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ecmldr32.DLL
08:06:14.0125 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ecmldr32.DLL - ok
08:06:14.0125 3636  [ 92A9D72800FA409F71318477BF64D795 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SubmissionsMan.plg
08:06:14.0125 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SubmissionsMan.plg - ok
08:06:14.0140 3636  [ 71E2B2D49576F13845E13EDD60847476 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\HPPProtectionProviderUIRes.dll
08:06:14.0140 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\HPPProtectionProviderUIRes.dll - ok
08:06:14.0140 3636  [ 8BD6796E475788AFE618658B30E9D222 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\LueEim.dll
08:06:14.0140 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\LueEim.dll - ok
08:06:14.0140 3636  [ 1A1F9325ABD104DDF40E6E7409D008F6 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ProfileManagement.dll
08:06:14.0140 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\ProfileManagement.dll - ok
08:06:14.0140 3636  [ 145F5A0C83A263857595A14531DA5204 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\AVManRes.dll
08:06:14.0140 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\AVManRes.dll - ok
08:06:14.0156 3636  [ 483C6AAD5CFC4CB09CAC7D3EDC336B83 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\AvPluginImpl.dll
08:06:14.0156 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\AvPluginImpl.dll - ok
08:06:14.0156 3636  [ 423069307FB726E51E2A66F1C3F738FE ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\mfc90u.dll
08:06:14.0156 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\mfc90u.dll - ok
08:06:14.0156 3636  [ 95FCA3F8E7E7F13FDF259D9251C12E91 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\BashEimProxy.dll
08:06:14.0156 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\BashEimProxy.dll - ok
08:06:14.0171 3636  [ DDFD3417DEB319E7F80C9659027D8B33 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\GUProxyRes.dll
08:06:14.0171 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\GUProxyRes.dll - ok
08:06:14.0171 3636  [ 3079FE124BBF1D37A9DC68205D048711 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\LUManRes.dll
08:06:14.0171 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\LUManRes.dll - ok
08:06:14.0171 3636  [ 336B67595319C2B364D57FC3BF26FBD8 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\LueEimProxy.dll
08:06:14.0171 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\LueEimProxy.dll - ok
08:06:14.0187 3636  [ 156C179B034894BD9559A6ED593BF8BC ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\SfManRes.dll
08:06:14.0187 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\SfManRes.dll - ok
08:06:14.0187 3636  [ EE8A2D79C872950D6EC5BB0370498114 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SAVTrayStatus.dll
08:06:14.0187 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SAVTrayStatus.dll - ok
08:06:14.0187 3636  [ C7000F2DB2A5515C64C257478769A481 ] C:\WINDOWS\system32\wbem\unsecapp.exe
08:06:14.0187 3636  C:\WINDOWS\system32\wbem\unsecapp.exe - ok
08:06:14.0203 3636  [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
08:06:14.0203 3636  C:\WINDOWS\system32\wbem\ncprov.dll - ok
08:06:14.0203 3636  [ 467483FA1C698B46EA7C46011C02868F ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\DevManRes.dll
08:06:14.0203 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\DevManRes.dll - ok
08:06:14.0203 3636  [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
08:06:14.0203 3636  C:\WINDOWS\system32\wbem\wbemcons.dll - ok
08:06:14.0218 3636  [ 504514297B0C2FEF4FDE7E94170792D9 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\CIDSManRes.dll
08:06:14.0218 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\CIDSManRes.dll - ok
08:06:14.0218 3636  [ B13D9C815796DF419C9BA20D301A8F33 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\RepMgtTim.dll
08:06:14.0218 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\RepMgtTim.dll - ok
08:06:14.0218 3636  [ BBC9014A27E58D991119435CF2592199 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\RepMgtEimProxy.dll
08:06:14.0218 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\RepMgtEimProxy.dll - ok
08:06:14.0234 3636  [ 93B049A85431D0FF6DA9C398F7007106 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SubmissionsEimProxy.dll
08:06:14.0234 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SubmissionsEimProxy.dll - ok
08:06:14.0234 3636  [ 899DA1AF93E907811BCB2F1C1347EAEA ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\NacManagerRes.dll
08:06:14.0234 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\NacManagerRes.dll - ok
08:06:14.0234 3636  [ 7CDF38E0466C69B9D3FBFC5D9A47E1D5 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\AtpiEim.dll
08:06:14.0234 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\AtpiEim.dll - ok
08:06:14.0250 3636  [ 47B175F30519E71C29E163B2EE54BC4B ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\CIdsEim.dll
08:06:14.0250 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\CIdsEim.dll - ok
08:06:14.0250 3636  [ 37F65928549C4EB3E7CD6C7E04F34EBB ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SMCTrayStatus.dll
08:06:14.0250 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SMCTrayStatus.dll - ok
08:06:14.0250 3636  [ F6A87E35BAE45FA6BAF539937A57093A ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\BashEim.dll
08:06:14.0250 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\BashEim.dll - ok
08:06:14.0265 3636  [ FCFD6BD44F5557043F15F94BA3B2629A ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\LueEimRes.dll
08:06:14.0265 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\LueEimRes.dll - ok
08:06:14.0265 3636  [ 620466628102E6A005D3240D616928F5 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SNACTrayStatus.dll
08:06:14.0265 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SNACTrayStatus.dll - ok
08:06:14.0281 3636  [ 8960A53C8F53D8BD9D0C196805B012D2 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\LUCtl.dll
08:06:14.0281 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\LUCtl.dll - ok
08:06:14.0281 3636  [ 13FC2F9CE8EEFBFA99F4A6E5EB32A6E9 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\CIdsEimRes.dll
08:06:14.0281 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\CIdsEimRes.dll - ok
08:06:14.0281 3636  [ 455802A5630B6D52AD0B7E72437B7695 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\LUEng.dll
08:06:14.0281 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\LUEng.dll - ok
08:06:14.0296 3636  [ A8C5C157617408CB4EFCD1F91DD36363 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\TrstZone.dll
08:06:14.0296 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\TrstZone.dll - ok
08:06:14.0296 3636  [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
08:06:14.0296 3636  C:\WINDOWS\system32\spoolss.dll - ok
08:06:14.0296 3636  [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
08:06:14.0296 3636  C:\WINDOWS\system32\localspl.dll - ok
08:06:14.0312 3636  [ E47CB7C8D830D40DF711A10E8FB23185 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\RepMgtTimRes.dll
08:06:14.0312 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\RepMgtTimRes.dll - ok
08:06:14.0312 3636  [ ECDB14D959F9AE6B4B6616E67A740B97 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\IMail.dll
08:06:14.0312 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\IMail.dll - ok
08:06:14.0328 3636  [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
08:06:14.0328 3636  C:\WINDOWS\system32\cnbjmon.dll - ok
08:06:14.0328 3636  [ A246F118B3247C456DC68C5B7D929E75 ] C:\WINDOWS\system32\HPBMMON.DLL
08:06:14.0328 3636  C:\WINDOWS\system32\HPBMMON.DLL - ok
08:06:14.0328 3636  [ 755ECDFDF2C322378C710E2DCFB0BA9B ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\IMailRes.dll
08:06:14.0328 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\IMailRes.dll - ok
08:06:14.0343 3636  [ 3E59B7EA7D3EF77C0FC8106417C56DD0 ] C:\WINDOWS\system32\hppamon0.dll
08:06:14.0343 3636  C:\WINDOWS\system32\hppamon0.dll - ok
08:06:14.0343 3636  [ AAE2820726FF1346B501610CC56A9D9C ] C:\WINDOWS\system32\HPDOMON.DLL
08:06:14.0343 3636  C:\WINDOWS\system32\HPDOMON.DLL - ok
08:06:14.0343 3636  [ DC1339B840C83E5561947D632C2E47BE ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\notesext.dll
08:06:14.0343 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\notesext.dll - ok
08:06:14.0359 3636  [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
08:06:14.0359 3636  C:\WINDOWS\system32\pjlmon.dll - ok
08:06:14.0359 3636  [ 9A3CB2A9F8CFDB9F7D0E2EEF24A60A40 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\notesextRes.dll
08:06:14.0359 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\notesextRes.dll - ok
08:06:14.0375 3636  [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
08:06:14.0375 3636  C:\WINDOWS\system32\usbmon.dll - ok
08:06:14.0375 3636  [ C51A3D62B0F81897EB0CEF4E47392CB8 ] C:\WINDOWS\system32\HPBHEALR.DLL
08:06:14.0375 3636  C:\WINDOWS\system32\HPBHEALR.DLL - ok
08:06:14.0375 3636  [ 98AEBCC217A554C8DF759F888F289668 ] C:\WINDOWS\system32\hptcpmon.dll
08:06:14.0375 3636  C:\WINDOWS\system32\hptcpmon.dll - ok
08:06:14.0390 3636  [ 46517ABDF6EDA06B6469E234E0AE2527 ] C:\WINDOWS\system32\hpzjsn01.dll
08:06:14.0390 3636  C:\WINDOWS\system32\hpzjsn01.dll - ok
08:06:14.0390 3636  [ 277F3E3333F1D10CA428568197FCCE70 ] C:\WINDOWS\system32\wsnmp32.dll
08:06:14.0390 3636  C:\WINDOWS\system32\wsnmp32.dll - ok
08:06:14.0406 3636  [ 76848CB1AA5818DB47D5F5986E0A7485 ] C:\WINDOWS\system32\mfc42.dll
08:06:14.0406 3636  C:\WINDOWS\system32\mfc42.dll - ok
08:06:14.0406 3636  [ EA51BCB1DAE57A0EC8FC5EFB5FC65703 ] C:\WINDOWS\system32\hptcpmib.dll
08:06:14.0406 3636  C:\WINDOWS\system32\hptcpmib.dll - ok
08:06:14.0406 3636  [ 04D9B4C1065103B4A636EC264B875CC9 ] C:\WINDOWS\system32\hpzjfw01.dll
08:06:14.0406 3636  C:\WINDOWS\system32\hpzjfw01.dll - ok
08:06:14.0421 3636  [ 1E744353BD534405187A404667DA3DC3 ] C:\WINDOWS\system32\mgmtapi.dll
08:06:14.0421 3636  C:\WINDOWS\system32\mgmtapi.dll - ok
08:06:14.0421 3636  [ 0DFA4D5E8205614EDA53394E637812E4 ] C:\WINDOWS\system32\vdmdbg.dll
08:06:14.0421 3636  C:\WINDOWS\system32\vdmdbg.dll - ok
08:06:14.0437 3636  [ 5C1F0537E61F87B435F56E00B4F20EE8 ] C:\WINDOWS\system32\snmpapi.dll
08:06:14.0437 3636  C:\WINDOWS\system32\snmpapi.dll - ok
08:06:14.0437 3636  [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
08:06:14.0437 3636  C:\WINDOWS\system32\tcpmon.dll - ok
08:06:14.0437 3636  [ 654D466216DDF41DFC336EA9F5A1C318 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\HPZPP041.DLL
08:06:14.0437 3636  C:\WINDOWS\system32\spool\prtprocs\w32x86\HPZPP041.DLL - ok
08:06:14.0453 3636  [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
08:06:14.0453 3636  C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
08:06:14.0453 3636  [ CC4637C7BFC2A2F83C7BA18A4763B9BA ] C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4wm.dll
08:06:14.0453 3636  C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4wm.dll - ok
08:06:14.0453 3636  [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
08:06:14.0453 3636  C:\WINDOWS\system32\win32spl.dll - ok
08:06:14.0468 3636  [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
08:06:14.0468 3636  C:\WINDOWS\system32\netrap.dll - ok
08:06:14.0468 3636  [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
08:06:14.0468 3636  C:\WINDOWS\system32\inetpp.dll - ok
08:06:14.0484 3636  [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\AWULF~1.PCA\LOCALS~1\temp\7C579586-5546-46A1-9526-F82D0062C0C5.exe
08:06:14.0484 3636  C:\DOCUME~1\AWULF~1.PCA\LOCALS~1\temp\7C579586-5546-46A1-9526-F82D0062C0C5.exe - ok
08:06:14.0484 3636  [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
08:06:14.0484 3636  C:\WINDOWS\system32\linkinfo.dll - ok
08:06:14.0484 3636  [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
08:06:14.0484 3636  C:\WINDOWS\system32\ntshrui.dll - ok
08:06:14.0484 3636  [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
08:06:14.0484 3636  C:\WINDOWS\system32\verclsid.exe - ok
08:06:14.0500 3636  [ 5B6E8E09BE6401A7E022F52FDFCB2FF8 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
08:06:14.0500 3636  C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
08:06:14.0500 3636  [ 48BE298F7FD1BEF4D8FBACB04D8D95C4 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
08:06:14.0500 3636  C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
08:06:14.0515 3636  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe
08:06:14.0515 3636  C:\WINDOWS\system32\ctfmon.exe - ok
08:06:14.0515 3636  [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\msctf.dll
08:06:14.0515 3636  C:\WINDOWS\system32\msctf.dll - ok
08:06:14.0515 3636  [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
08:06:14.0515 3636  C:\WINDOWS\system32\msutb.dll - ok
08:06:14.0531 3636  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\78570126.sys
08:06:14.0531 3636  C:\WINDOWS\system32\drivers\78570126.sys - ok
08:06:14.0531 3636  [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\sptip.dll
08:06:14.0531 3636  C:\WINDOWS\ime\sptip.dll - ok
08:06:14.0546 3636  [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
08:06:14.0546 3636  C:\WINDOWS\system32\oleacc.dll - ok
08:06:14.0546 3636  [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
08:06:14.0546 3636  C:\WINDOWS\system32\webcheck.dll - ok
08:06:14.0546 3636  [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
08:06:14.0546 3636  C:\WINDOWS\system32\mlang.dll - ok
08:06:14.0562 3636  [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
08:06:14.0562 3636  C:\WINDOWS\system32\stobject.dll - ok
08:06:14.0562 3636  [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
08:06:14.0562 3636  C:\WINDOWS\system32\batmeter.dll - ok
08:06:14.0562 3636  [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
08:06:14.0562 3636  C:\WINDOWS\system32\WPDShServiceObj.dll - ok
08:06:14.0562 3636  [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll
08:06:14.0562 3636  C:\WINDOWS\system32\mydocs.dll - ok
08:06:14.0578 3636  [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
08:06:14.0578 3636  C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
08:06:14.0578 3636  [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
08:06:14.0578 3636  C:\WINDOWS\system32\PortableDeviceApi.dll - ok
08:06:14.0578 3636  [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
08:06:14.0578 3636  C:\WINDOWS\system32\rasdlg.dll - ok
08:06:14.0593 3636  [ 58B8702C20DE211D1FCB248D2FDD71D1 ] C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe
08:06:14.0593 3636  C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe - ok
08:06:14.0593 3636  [ E3C817F7FE44CC870ECDBCBC3EA36132 ] C:\WINDOWS\system32\msvcp100.dll
08:06:14.0593 3636  C:\WINDOWS\system32\msvcp100.dll - ok
08:06:14.0593 3636  [ BF38660A9125935658CFA3E53FDC7D65 ] C:\WINDOWS\system32\msvcr100.dll
08:06:14.0593 3636  C:\WINDOWS\system32\msvcr100.dll - ok
08:06:14.0609 3636  [ AF1656B216A25ED10F9FCAE778941067 ] C:\Program Files\Java\jre7\bin\awt.dll
08:06:14.0609 3636  C:\Program Files\Java\jre7\bin\awt.dll - ok
08:06:14.0609 3636  [ BC1E86DB93E59D929CCACB95D89D4C2D ] C:\Program Files\Java\jre7\bin\client\jvm.dll
08:06:14.0609 3636  C:\Program Files\Java\jre7\bin\client\jvm.dll - ok
08:06:14.0609 3636  [ D2CD50FB826440014F50C93D94AF1382 ] C:\Program Files\Java\jre7\bin\dcpr.dll
08:06:14.0609 3636  C:\Program Files\Java\jre7\bin\dcpr.dll - ok
08:06:14.0625 3636  [ EA64783277F6866FEF1207FFA65211D4 ] C:\Program Files\Java\jre7\bin\deploy.dll
08:06:14.0625 3636  C:\Program Files\Java\jre7\bin\deploy.dll - ok
08:06:14.0625 3636  [ 41CD4B1E36186EC96B8DA810471866DE ] C:\Program Files\Java\jre7\bin\fontmanager.dll
08:06:14.0625 3636  C:\Program Files\Java\jre7\bin\fontmanager.dll - ok
08:06:14.0625 3636  [ CC40A2162851B6F0C47A8A301AE17480 ] C:\Program Files\Java\jre7\bin\java.dll
08:06:14.0625 3636  C:\Program Files\Java\jre7\bin\java.dll - ok
08:06:14.0640 3636  [ EC94122E6DCB6E731D8513A89AC9CF12 ] C:\Program Files\Java\jre7\bin\javaw.exe
08:06:14.0640 3636  C:\Program Files\Java\jre7\bin\javaw.exe - ok
08:06:14.0640 3636  [ 60C8EF0A9FB924AD9D2203B05E9062CB ] C:\Program Files\Java\jre7\bin\jp2native.dll
08:06:14.0640 3636  C:\Program Files\Java\jre7\bin\jp2native.dll - ok
08:06:14.0640 3636  [ EE15563AD78A1B6F3DA4D7239DC782DB ] C:\Program Files\Java\jre7\bin\jpeg.dll
08:06:14.0640 3636  C:\Program Files\Java\jre7\bin\jpeg.dll - ok
08:06:14.0640 3636  [ 19BDA5ED7B51D8AB46A57194EE81F78F ] C:\Program Files\Java\jre7\bin\net.dll
08:06:14.0640 3636  C:\Program Files\Java\jre7\bin\net.dll - ok
08:06:14.0656 3636  [ BABC1D948BE0E4F2BD87C0EC2B08A066 ] C:\Program Files\Java\jre7\bin\nio.dll
08:06:14.0656 3636  C:\Program Files\Java\jre7\bin\nio.dll - ok
08:06:14.0656 3636  [ 681FEDBFB74021C5D5424C2ED0A0F1CD ] C:\Program Files\Java\jre7\bin\verify.dll
08:06:14.0656 3636  C:\Program Files\Java\jre7\bin\verify.dll - ok
08:06:14.0656 3636  [ ACC4971D49C16D6403B2BC86AAC6386A ] C:\Program Files\Java\jre7\bin\zip.dll
08:06:14.0656 3636  C:\Program Files\Java\jre7\bin\zip.dll - ok
08:06:14.0671 3636  [ 63E8D944AFBEEBB243F25C4ED07E74C5 ] C:\WINDOWS\system32\inetmib1.dll
08:06:14.0671 3636  C:\WINDOWS\system32\inetmib1.dll - ok
08:06:14.0671 3636  [ FE3E687913BE0789A9E3531B2A24A87B ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\SgHIRes.dll
08:06:14.0671 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\SgHIRes.dll - ok
08:06:14.0671 3636  [ CA118CB3BD7DA5C1C1BE6299FD5FD5C1 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\Tse.dll
08:06:14.0671 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\Tse.dll - ok
08:06:14.0687 3636  [ B5B2D83ED4A0BE31DFCEEC6B02108964 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\SpNetRes.dll
08:06:14.0687 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\SpNetRes.dll - ok
08:06:14.0687 3636  [ 774385445BAB7D89A17F5F53871057BF ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\tfman.dll
08:06:14.0687 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\tfman.dll - ok
08:06:14.0687 3636  [ 846FF85CCD055E04C0BA0A9E7CD0B43B ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\PSSensor.dll
08:06:14.0687 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\PSSensor.dll - ok
08:06:14.0703 3636  [ EDC77919350B89236F1607A80DB95514 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\IdsTrafficPipe.dll
08:06:14.0703 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\IdsTrafficPipe.dll - ok
08:06:14.0703 3636  [ 806B9538BE0BC5F9BB0DFF7EF3DB536E ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SyLinkSymInterfaceProxy.dll
08:06:14.0703 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Bin\SyLinkSymInterfaceProxy.dll - ok
08:06:14.0703 3636  [ 16665DF4FB3B8AEC95074CEDBD111C6F ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\TseRes.dll
08:06:14.0703 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\TseRes.dll - ok
08:06:14.0718 3636  [ A7F361875622AA5829AA39BA248F68E9 ] C:\WINDOWS\system32\adsldp.dll
08:06:14.0718 3636  C:\WINDOWS\system32\adsldp.dll - ok
08:06:14.0718 3636  [ 89AC94A431DCB5CA76DFE333105449E3 ] C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\SyLinkRes.dll
08:06:14.0718 3636  C:\Program Files\Symantec AntiVirus\12.1.671.4971.105\Res\1033\SyLinkRes.dll - ok
08:06:14.0718 3636  ============================================================
08:06:14.0718 3636  Scan finished
08:06:14.0718 3636  ============================================================
08:06:14.0859 3628  Detected object count: 4
08:06:14.0859 3628  Actual detected object count: 4
08:06:31.0187 3628  BANTExt ( UnsignedFile.Multi.Generic ) - skipped by user
08:06:31.0187 3628  BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:06:31.0187 3628  KdsMm ( UnsignedFile.Multi.Generic ) - skipped by user
08:06:31.0187 3628  KdsMm ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:06:31.0187 3628  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:06:31.0187 3628  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:06:31.0187 3628  SMBios ( UnsignedFile.Multi.Generic ) - skipped by user
08:06:31.0187 3628  SMBios ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:06:38.0843 3016  Deinitialize success
 



#10 alexjeppson

alexjeppson
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 PM

Posted 19 September 2013 - 11:53 AM

Here is the RougeKiller Log. Sorry about the multiple posts. Too many characters for one.

 

 

RogueKiller V8.6.12 [Sep 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : awulf [Admin rights]
Mode : Remove -- Date : 09/19/2013 08:10:38
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ][PUM] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[12] : NtAlertResumeThread @ 0x805D4C0C -> HOOKED (Unknown @ 0x869FCB18)
[Address] SSDT[13] : NtAlertThread @ 0x805D4BBC -> HOOKED (Unknown @ 0x86A02D80)
[Address] SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AEE -> HOOKED (Unknown @ 0x861C7258)
[Address] SSDT[19] : NtAssignProcessToJobObject @ 0x805D66D0 -> HOOKED (Unknown @ 0x86A1B940)
[Address] SSDT[31] : NtConnectPort @ 0x805A4604 -> HOOKED (Unknown @ 0x86A8A218)
[Address] SSDT[43] : NtCreateMutant @ 0x80617822 -> HOOKED (Unknown @ 0x86B872D8)
[Address] SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A2E -> HOOKED (Unknown @ 0x861CF7F8)
[Address] SSDT[53] : NtCreateThread @ 0x805D1068 -> HOOKED (Unknown @ 0x861CB570)
[Address] SSDT[57] : NtDebugActiveProcess @ 0x80643CB2 -> HOOKED (Unknown @ 0x86282610)
[Address] SSDT[68] : NtDuplicateObject @ 0x805BE03C -> HOOKED (Unknown @ 0x86B72200)
[Address] SSDT[83] : NtFreeVirtualMemory @ 0x805B2FE6 -> HOOKED (Unknown @ 0x861BC700)
[Address] SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9362 -> HOOKED (Unknown @ 0x86B4D3B0)
[Address] SSDT[91] : NtImpersonateThread @ 0x805D7890 -> HOOKED (Unknown @ 0x86B7B5A8)
[Address] SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x86CC6050)
[Address] SSDT[108] : NtMapViewOfSection @ 0x805B206E -> HOOKED (Unknown @ 0x86A57568)
[Address] SSDT[114] : NtOpenEvent @ 0x8060F1E0 -> HOOKED (Unknown @ 0x86A14288)
[Address] SSDT[122] : NtOpenProcess @ 0x805CB486 -> HOOKED (Unknown @ 0x869C3790)
[Address] SSDT[123] : NtOpenProcessToken @ 0x805EE030 -> HOOKED (Unknown @ 0x86B501E8)
[Address] SSDT[125] : NtOpenSection @ 0x805AA420 -> HOOKED (Unknown @ 0x861C0A58)
[Address] SSDT[128] : NtOpenThread @ 0x805CB712 -> HOOKED (Unknown @ 0x869BFE58)
[Address] SSDT[137] : NtProtectVirtualMemory @ 0x805B8452 -> HOOKED (Unknown @ 0x861AA568)
[Address] SSDT[206] : NtResumeThread @ 0x805D4A48 -> HOOKED (Unknown @ 0x86A07708)
[Address] SSDT[213] : NtSetContextThread @ 0x805D2C4A -> HOOKED (Unknown @ 0x869FD780)
[Address] SSDT[228] : NtSetInformationProcess @ 0x805CDED0 -> HOOKED (Unknown @ 0x86A03948)
[Address] SSDT[240] : NtSetSystemInformation @ 0x8060FE98 -> HOOKED (Unknown @ 0x861CABA8)
[Address] SSDT[253] : NtSuspendProcess @ 0x805D4B10 -> HOOKED (Unknown @ 0x86212568)
[Address] SSDT[254] : NtSuspendThread @ 0x805D4982 -> HOOKED (Unknown @ 0x8696C5E8)
[Address] SSDT[257] : NtTerminateProcess @ 0x805D2308 -> HOOKED (Unknown @ 0x869C7380)
[Address] SSDT[258] : NtTerminateThread @ 0x805D2502 -> HOOKED (Unknown @ 0x8696C668)
[Address] SSDT[267] : NtUnmapViewOfSection @ 0x805B2E7C -> HOOKED (Unknown @ 0x86A14DA8)
[Address] SSDT[277] : NtWriteVirtualMemory @ 0x805B4400 -> HOOKED (Unknown @ 0x86AEB5A0)
[Address] Shadow SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x86A30158)
[Address] Shadow SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x86B1A9B8)
[Address] Shadow SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x861F6318)
[Address] Shadow SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x869C19B8)
[Address] Shadow SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x861AE9A8)
[Address] Shadow SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x861D0A00)
[Address] Shadow SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x869CC120)
[Address] Shadow SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x861F3528)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x86ACA008)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8626B998)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD1600JS-00MHB0 +++++
--- User ---
[MBR] e048fc4e3d02ce8cef057240002d48cc
[BSP] d4ec26482d25ce99c9f83ccfce4e8727 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) (Standard disk drives) - SanDisk Cruzer Glide USB Device +++++
--- User ---
[MBR] b3f10b85c6b4a00a5fbd2fb5a79c5a7e
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 32 | Size: 30532 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_D_09192013_081038.txt >>
RKreport[0]_S_09192013_081029.txt

 

 

 

After all scans the computer is still turning off its firewall after reboot. Everything else works fine.



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:51 PM

Posted 19 September 2013 - 12:29 PM

Which firewall is getting turned off - Symantec or windows?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 alexjeppson

alexjeppson
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 PM

Posted 19 September 2013 - 12:37 PM

Windows Firewall. If I disable Symanted it doesn't happen though.



#13 alexjeppson

alexjeppson
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 PM

Posted 19 September 2013 - 05:12 PM

Just to clarify. It is the Windows Firewall which keeps turning itself off upon reboot. Symantec firewall stays on without a problem. The only way I've been able to make the windows firewall stay on after a reboot is by turning off the smc in the command promt by typing:  "start smc -stop" .  Obviously without the quotation marks. I'm wondering if my operating system is corrupted because of the pre-mentioned issue of not being able to uninstall Windows Explorer 8 and Windows XP service pack 3 (both of which are still happening). I haven't tried using the recovery console to remove the service pack yet.. but I'm hoping to avoid that.

 

I hope this gives you an idea of what to do next... because I'm at a loss at this point. LOL

 

Thanks Gringo!



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:51 PM

Posted 19 September 2013 - 09:05 PM

Hello

Nortons firewall is turning windows firewall off and that is normal


I would like to see a report that combofix makes.

extra combofix report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:51 PM

Posted 23 September 2013 - 03:45 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users