Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Boot.Tidserv Drive 0x80 WinXP Norton 2012 detected

Started by dal4000 , Apr 25 2012 05:15 PM

  • Please log in to reply

#1
dal4000
Posted 25 April 2012 - 05:15 PM

dal4000

    New Member

  • Member
  • Pip
  • 5 posts
Have a HP desktop running XP Media Center SP3, single HDD with Boot.Tidserv infection on it. There were many infections on it so I did a factory restore of the computer, reloaded all apps and restored my data. However each time I boot, Norton Internet Security 2012 states I have the Boot.Tidserv virus. I have cleared the log file in Norton but soon as I reboot it comes back.
I have ran Malwarebytes,SuperAntispyware and TDSSKiller all which show I'm clean of any virus, yet Norton continues to post I have Boot.Tidserv MBR Virus.
I also re-wrote my MBR using Spotmau.
Any help on how to get rid of this would be appreciated.
TDSSKiller and OLT Logs attached.

TDSSKiller Log:
18:52:27.0468 3872 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
18:52:29.0468 3872 ============================================================
18:52:29.0468 3872 Current date / time: 2012/04/25 18:52:29.0468
18:52:29.0468 3872 SystemInfo:
18:52:29.0468 3872
18:52:29.0468 3872 OS Version: 5.1.2600 ServicePack: 3.0
18:52:29.0468 3872 Product type: Workstation
18:52:29.0468 3872 ComputerName: YOUR-B27FB1C401
18:52:29.0468 3872 UserName: HP_Administrator
18:52:29.0468 3872 Windows directory: C:\WINDOWS
18:52:29.0468 3872 System windows directory: C:\WINDOWS
18:52:29.0468 3872 Processor architecture: Intel x86
18:52:29.0468 3872 Number of processors: 1
18:52:29.0468 3872 Page size: 0x1000
18:52:29.0468 3872 Boot type: Normal boot
18:52:29.0468 3872 ============================================================
18:52:37.0406 3872 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x64F1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
18:52:37.0546 3872 Drive \Device\Harddisk5\DR12 - Size: 0x7446E00000 (465.11 Gb), SectorSize: 0x200, Cylinders: 0xED2B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:52:37.0546 3872 ============================================================
18:52:37.0546 3872 \Device\Harddisk0\DR0:
18:52:37.0546 3872 MBR partitions:
18:52:37.0546 3872 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1005231
18:52:37.0546 3872 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1005270, BlocksNum 0x164987A0
18:52:37.0546 3872 \Device\Harddisk5\DR12:
18:52:37.0546 3872 MBR partitions:
18:52:37.0546 3872 \Device\Harddisk5\DR12\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A236800
18:52:37.0546 3872 ============================================================
18:52:37.0656 3872 C: <-> \Device\Harddisk0\DR0\Partition1
18:52:37.0656 3872 D: <-> \Device\Harddisk0\DR0\Partition0
18:52:38.0187 3872 L: <-> \Device\Harddisk5\DR12\Partition0
18:52:38.0187 3872 ============================================================
18:52:38.0187 3872 Initialize success
18:52:38.0187 3872 ============================================================
18:52:45.0015 2740 ============================================================
18:52:45.0015 2740 Scan started
18:52:45.0015 2740 Mode: Manual;
18:52:45.0015 2740 ============================================================
18:52:45.0343 2740 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
18:52:45.0343 2740 !SASCORE - ok
18:52:45.0500 2740 Abiosdsk - ok
18:52:45.0500 2740 abp480n5 - ok
18:52:45.0546 2740 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:52:45.0562 2740 ACPI - ok
18:52:45.0578 2740 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:52:45.0593 2740 ACPIEC - ok
18:52:45.0687 2740 AcrSch2Svc (d5a40b566b6bf947b2e643de621b1bde) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
18:52:45.0687 2740 AcrSch2Svc - ok
18:52:45.0703 2740 adpu160m - ok
18:52:45.0734 2740 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:52:45.0750 2740 aec - ok
18:52:45.0812 2740 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:52:45.0828 2740 AFD - ok
18:52:45.0828 2740 Aha154x - ok
18:52:45.0843 2740 aic78u2 - ok
18:52:45.0843 2740 aic78xx - ok
18:52:45.0890 2740 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:52:45.0890 2740 Alerter - ok
18:52:45.0937 2740 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:52:45.0937 2740 ALG - ok
18:52:45.0953 2740 AliIde - ok
18:52:45.0968 2740 amsint - ok
18:52:46.0062 2740 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
18:52:46.0062 2740 AOL ACS - ok
18:52:46.0109 2740 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:52:46.0109 2740 AppMgmt - ok
18:52:46.0140 2740 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:52:46.0140 2740 Arp1394 - ok
18:52:46.0156 2740 asc - ok
18:52:46.0171 2740 asc3350p - ok
18:52:46.0171 2740 asc3550 - ok
18:52:46.0343 2740 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:52:46.0343 2740 aspnet_state - ok
18:52:46.0390 2740 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:52:46.0390 2740 AsyncMac - ok
18:52:46.0421 2740 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:52:46.0421 2740 atapi - ok
18:52:46.0437 2740 Atdisk - ok
18:52:46.0468 2740 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:52:46.0468 2740 Atmarpc - ok
18:52:46.0500 2740 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:52:46.0515 2740 AudioSrv - ok
18:52:46.0546 2740 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:52:46.0546 2740 audstub - ok
18:52:46.0562 2740 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
18:52:46.0578 2740 bb-run - ok
18:52:46.0578 2740 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:52:46.0593 2740 Beep - ok
18:52:46.0906 2740 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20120413.001\BHDrvx86.sys
18:52:46.0921 2740 BHDrvx86 - ok
18:52:46.0984 2740 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:52:47.0015 2740 BITS - ok
18:52:47.0078 2740 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:52:47.0078 2740 Browser - ok
18:52:47.0140 2740 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:52:47.0156 2740 cbidf2k - ok
18:52:47.0265 2740 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NIS\1307000.009\ccSetx86.sys
18:52:47.0265 2740 ccSet_NIS - ok
18:52:47.0281 2740 cd20xrnt - ok
18:52:47.0312 2740 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:52:47.0312 2740 Cdaudio - ok
18:52:47.0375 2740 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:52:47.0375 2740 Cdfs - ok
18:52:47.0390 2740 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:52:47.0390 2740 Cdrom - ok
18:52:47.0406 2740 Changer - ok
18:52:47.0453 2740 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:52:47.0453 2740 CiSvc - ok
18:52:47.0484 2740 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:52:47.0484 2740 ClipSrv - ok
18:52:47.0625 2740 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:52:47.0640 2740 clr_optimization_v2.0.50727_32 - ok
18:52:47.0656 2740 CmdIde - ok
18:52:47.0671 2740 COMSysApp - ok
18:52:47.0687 2740 Cpqarray - ok
18:52:47.0718 2740 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:52:47.0718 2740 CryptSvc - ok
18:52:47.0750 2740 dac2w2k - ok
18:52:47.0750 2740 dac960nt - ok
18:52:47.0921 2740 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:52:47.0953 2740 DcomLaunch - ok
18:52:48.0015 2740 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:52:48.0031 2740 Dhcp - ok
18:52:48.0046 2740 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:52:48.0046 2740 Disk - ok
18:52:48.0062 2740 dmadmin - ok
18:52:48.0171 2740 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:52:48.0203 2740 dmboot - ok
18:52:48.0218 2740 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:52:48.0218 2740 dmio - ok
18:52:48.0250 2740 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:52:48.0250 2740 dmload - ok
18:52:48.0312 2740 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:52:48.0312 2740 dmserver - ok
18:52:48.0343 2740 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:52:48.0343 2740 DMusic - ok
18:52:48.0406 2740 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:52:48.0406 2740 Dnscache - ok
18:52:48.0453 2740 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:52:48.0453 2740 Dot3svc - ok
18:52:48.0468 2740 dpti2o - ok
18:52:48.0484 2740 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:52:48.0484 2740 drmkaud - ok
18:52:48.0515 2740 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:52:48.0531 2740 EapHost - ok
18:52:48.0656 2740 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:52:48.0671 2740 eeCtrl - ok
18:52:48.0750 2740 ehRecvr (63f371f0248e3732a4821f86e6d0e370) C:\WINDOWS\eHome\ehRecvr.exe
18:52:48.0765 2740 ehRecvr - ok
18:52:48.0781 2740 ehSched (16910f8b482919bb6035ed053b691692) C:\WINDOWS\eHome\ehSched.exe
18:52:48.0781 2740 ehSched - ok
18:52:48.0828 2740 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:52:48.0828 2740 EraserUtilRebootDrv - ok
18:52:48.0875 2740 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:52:48.0875 2740 ERSvc - ok
18:52:48.0921 2740 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:52:48.0937 2740 Eventlog - ok
18:52:49.0000 2740 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:52:49.0015 2740 EventSystem - ok
18:52:49.0109 2740 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:52:49.0140 2740 Fastfat - ok
18:52:49.0187 2740 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:52:49.0203 2740 FastUserSwitchingCompatibility - ok
18:52:49.0265 2740 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
18:52:49.0281 2740 Fax - ok
18:52:49.0296 2740 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:52:49.0296 2740 Fdc - ok
18:52:49.0343 2740 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:52:49.0343 2740 Fips - ok
18:52:49.0375 2740 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:52:49.0375 2740 Flpydisk - ok
18:52:49.0406 2740 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:52:49.0406 2740 FltMgr - ok
18:52:49.0531 2740 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:52:49.0531 2740 FontCache3.0.0.0 - ok
18:52:49.0562 2740 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:52:49.0562 2740 Fs_Rec - ok
18:52:49.0593 2740 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:52:49.0593 2740 Ftdisk - ok
18:52:49.0609 2740 ftsata2 (92e8443c7bf5c0137671cde080655dfc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
18:52:49.0625 2740 ftsata2 - ok
18:52:49.0671 2740 GEARAspiWDM (6f55305289a0765bd8ae8e8d32f17117) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:52:49.0671 2740 GEARAspiWDM - ok
18:52:49.0671 2740 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:52:49.0687 2740 Gpc - ok
18:52:49.0718 2740 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
18:52:49.0718 2740 HdAudAddService - ok
18:52:49.0765 2740 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:52:49.0781 2740 HDAudBus - ok
18:52:49.0859 2740 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:52:49.0859 2740 helpsvc - ok
18:52:49.0921 2740 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
18:52:49.0921 2740 HidServ - ok
18:52:49.0937 2740 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:52:49.0937 2740 HidUsb - ok
18:52:49.0984 2740 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:52:49.0984 2740 hkmsvc - ok
18:52:50.0000 2740 hpn - ok
18:52:50.0171 2740 hpqcxs08 (ce0fcec4d4d860f36d972759b11eaf0f) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
18:52:50.0187 2740 hpqcxs08 - ok
18:52:50.0218 2740 hpqddsvc (7da3211ac63edd90b8eca1ca1abfd43b) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
18:52:50.0218 2740 hpqddsvc - ok
18:52:50.0312 2740 HPSLPSVC (14229263aa19c704e0d6d2e7404a8455) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
18:52:50.0328 2740 HPSLPSVC - ok
18:52:50.0390 2740 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:52:50.0390 2740 HPZid412 - ok
18:52:50.0390 2740 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:52:50.0406 2740 HPZipr12 - ok
18:52:50.0453 2740 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:52:50.0453 2740 HPZius12 - ok
18:52:50.0515 2740 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:52:50.0531 2740 HTTP - ok
18:52:50.0562 2740 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:52:50.0562 2740 HTTPFilter - ok
18:52:50.0578 2740 i2omgmt - ok
18:52:50.0593 2740 i2omp - ok
18:52:50.0640 2740 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:52:50.0640 2740 i8042prt - ok
18:52:50.0750 2740 ialm (4007984827e19e6a5b6faf8532eaefba) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
18:52:50.0781 2740 ialm - ok
18:52:50.0843 2740 iaStor (79ae2a97c120f282845d854d0f070ea9) C:\WINDOWS\system32\DRIVERS\iaStor.sys
18:52:50.0875 2740 iaStor - ok
18:52:50.0968 2740 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:52:50.0984 2740 IDriverT - ok
18:52:51.0265 2740 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:52:51.0312 2740 idsvc - ok
18:52:51.0562 2740 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20120424.001\IDSxpx86.sys
18:52:51.0562 2740 IDSxpx86 - ok
18:52:51.0703 2740 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:52:51.0703 2740 Imapi - ok
18:52:51.0750 2740 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:52:51.0765 2740 ImapiService - ok
18:52:51.0781 2740 ini910u - ok
18:52:52.0046 2740 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:52:52.0156 2740 IntcAzAudAddService - ok
18:52:52.0234 2740 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:52:52.0234 2740 IntelIde - ok
18:52:52.0250 2740 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:52:52.0250 2740 intelppm - ok
18:52:52.0281 2740 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:52:52.0281 2740 Ip6Fw - ok
18:52:52.0328 2740 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:52:52.0328 2740 IpFilterDriver - ok
18:52:52.0359 2740 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:52:52.0359 2740 IpInIp - ok
18:52:52.0390 2740 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:52:52.0406 2740 IpNat - ok
18:52:52.0500 2740 iPodService (50f2e042c33ed8d11264be5c4d533c7f) C:\Program Files\iPod\bin\iPodService.exe
18:52:52.0515 2740 iPodService - ok
18:52:52.0562 2740 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:52:52.0562 2740 IPSec - ok
18:52:52.0593 2740 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:52:52.0593 2740 IRENUM - ok
18:52:52.0625 2740 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:52:52.0625 2740 isapnp - ok
18:52:52.0671 2740 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:52:52.0671 2740 Kbdclass - ok
18:52:52.0703 2740 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:52:52.0718 2740 kmixer - ok
18:52:52.0750 2740 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:52:52.0750 2740 KSecDD - ok
18:52:52.0796 2740 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:52:52.0812 2740 lanmanserver - ok
18:52:52.0859 2740 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:52:52.0875 2740 lanmanworkstation - ok
18:52:52.0890 2740 lbrtfdc - ok
18:52:52.0984 2740 LightScribeService (00944d59948596721d17510c94cd3e4f) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:52:52.0984 2740 LightScribeService - ok
18:52:53.0031 2740 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:52:53.0031 2740 LmHosts - ok
18:52:53.0109 2740 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
18:52:53.0125 2740 ltmodem5 - ok
18:52:53.0203 2740 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:52:53.0234 2740 MDM - ok
18:52:53.0265 2740 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:52:53.0265 2740 Messenger - ok
18:52:53.0328 2740 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
18:52:53.0343 2740 MHN - ok
18:52:53.0359 2740 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
18:52:53.0359 2740 MHNDRV - ok
18:52:53.0390 2740 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:52:53.0390 2740 mnmdd - ok
18:52:53.0437 2740 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:52:53.0437 2740 mnmsrvc - ok
18:52:53.0453 2740 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:52:53.0453 2740 Modem - ok
18:52:53.0500 2740 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:52:53.0500 2740 MODEMCSA - ok
18:52:53.0515 2740 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:52:53.0515 2740 Mouclass - ok
18:52:53.0562 2740 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:52:53.0562 2740 mouhid - ok
18:52:53.0578 2740 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:52:53.0578 2740 MountMgr - ok
18:52:53.0593 2740 mraid35x - ok
18:52:53.0609 2740 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:52:53.0625 2740 MRxDAV - ok
18:52:53.0703 2740 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:52:53.0718 2740 MRxSmb - ok
18:52:53.0765 2740 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:52:53.0781 2740 MSDTC - ok
18:52:53.0796 2740 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:52:53.0796 2740 Msfs - ok
18:52:53.0812 2740 MSIServer - ok
18:52:53.0843 2740 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:52:53.0843 2740 MSKSSRV - ok
18:52:53.0859 2740 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:52:53.0859 2740 MSPCLOCK - ok
18:52:53.0875 2740 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:52:53.0875 2740 MSPQM - ok
18:52:53.0906 2740 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:52:53.0906 2740 mssmbios - ok
18:52:53.0953 2740 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:52:53.0968 2740 Mup - ok
18:52:54.0015 2740 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:52:54.0046 2740 napagent - ok
18:52:54.0265 2740 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20120425.002\NAVENG.SYS
18:52:54.0265 2740 NAVENG - ok
18:52:54.0375 2740 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20120425.002\NAVEX15.SYS
18:52:54.0437 2740 NAVEX15 - ok
18:52:54.0593 2740 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:52:54.0609 2740 NDIS - ok
18:52:54.0671 2740 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:52:54.0671 2740 NdisTapi - ok
18:52:54.0703 2740 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:52:54.0718 2740 Ndisuio - ok
18:52:54.0734 2740 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:52:54.0734 2740 NdisWan - ok
18:52:54.0765 2740 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:52:54.0765 2740 NDProxy - ok
18:52:54.0812 2740 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
18:52:54.0812 2740 Net Driver HPZ12 - ok
18:52:54.0843 2740 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:52:54.0843 2740 NetBIOS - ok
18:52:54.0859 2740 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:52:54.0875 2740 NetBT - ok
18:52:54.0921 2740 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:52:54.0937 2740 NetDDE - ok
18:52:54.0953 2740 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:52:54.0953 2740 NetDDEdsdm - ok
18:52:55.0015 2740 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:52:55.0015 2740 Netlogon - ok
18:52:55.0031 2740 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:52:55.0046 2740 Netman - ok
18:52:55.0234 2740 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:52:55.0250 2740 NetTcpPortSharing - ok
18:52:55.0296 2740 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:52:55.0312 2740 NIC1394 - ok
18:52:55.0718 2740 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
18:52:55.0718 2740 NIS - ok
18:52:55.0796 2740 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:52:55.0812 2740 Nla - ok
18:52:55.0859 2740 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:52:55.0859 2740 Npfs - ok
18:52:55.0906 2740 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:52:55.0953 2740 Ntfs - ok
18:52:56.0015 2740 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:52:56.0015 2740 NtLmSsp - ok
18:52:56.0093 2740 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:52:56.0140 2740 NtmsSvc - ok
18:52:56.0187 2740 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:52:56.0203 2740 Null - ok
18:52:56.0234 2740 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:52:56.0234 2740 NwlnkFlt - ok
18:52:56.0250 2740 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:52:56.0250 2740 NwlnkFwd - ok
18:52:56.0296 2740 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:52:56.0296 2740 ohci1394 - ok
18:52:56.0390 2740 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:52:56.0390 2740 ose - ok
18:52:56.0437 2740 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:52:56.0437 2740 Parport - ok
18:52:56.0453 2740 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:52:56.0453 2740 PartMgr - ok
18:52:56.0500 2740 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:52:56.0500 2740 ParVdm - ok
18:52:56.0515 2740 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:52:56.0515 2740 PCI - ok
18:52:56.0531 2740 PCIDump - ok
18:52:56.0546 2740 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:52:56.0546 2740 PCIIde - ok
18:52:56.0562 2740 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:52:56.0578 2740 Pcmcia - ok
18:52:56.0593 2740 PDCOMP - ok
18:52:56.0593 2740 PDFRAME - ok
18:52:56.0609 2740 PDRELI - ok
18:52:56.0625 2740 PDRFRAME - ok
18:52:56.0625 2740 perc2 - ok
18:52:56.0640 2740 perc2hib - ok
18:52:56.0703 2740 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:52:56.0718 2740 PlugPlay - ok
18:52:56.0765 2740 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
18:52:56.0765 2740 Pml Driver HPZ12 - ok
18:52:56.0765 2740 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:52:56.0781 2740 PolicyAgent - ok
18:52:56.0828 2740 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:52:56.0828 2740 PptpMiniport - ok
18:52:56.0843 2740 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:52:56.0843 2740 ProtectedStorage - ok
18:52:56.0875 2740 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
18:52:56.0875 2740 Ps2 - ok
18:52:56.0890 2740 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:52:56.0906 2740 PSched - ok
18:52:56.0906 2740 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:52:56.0906 2740 Ptilink - ok
18:52:56.0953 2740 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:52:56.0953 2740 PxHelp20 - ok
18:52:56.0953 2740 ql1080 - ok
18:52:56.0968 2740 Ql10wnt - ok
18:52:56.0984 2740 ql12160 - ok
18:52:56.0984 2740 ql1240 - ok
18:52:57.0000 2740 ql1280 - ok
18:52:57.0015 2740 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:52:57.0015 2740 RasAcd - ok
18:52:57.0046 2740 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:52:57.0062 2740 RasAuto - ok
18:52:57.0078 2740 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:52:57.0078 2740 Rasl2tp - ok
18:52:57.0125 2740 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:52:57.0125 2740 RasMan - ok
18:52:57.0140 2740 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:52:57.0140 2740 RasPppoe - ok
18:52:57.0156 2740 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:52:57.0156 2740 Raspti - ok
18:52:57.0187 2740 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:52:57.0203 2740 Rdbss - ok
18:52:57.0203 2740 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:52:57.0203 2740 RDPCDD - ok
18:52:57.0250 2740 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:52:57.0250 2740 rdpdr - ok
18:52:57.0312 2740 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:52:57.0312 2740 RDPWD - ok
18:52:57.0390 2740 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:52:57.0421 2740 RDSessMgr - ok
18:52:57.0468 2740 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:52:57.0468 2740 redbook - ok
18:52:57.0515 2740 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:52:57.0515 2740 RemoteAccess - ok
18:52:57.0562 2740 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:52:57.0562 2740 RemoteRegistry - ok
18:52:57.0578 2740 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:52:57.0578 2740 RpcLocator - ok
18:52:57.0656 2740 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:52:57.0671 2740 RpcSs - ok
18:52:57.0718 2740 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:52:57.0718 2740 RSVP - ok
18:52:57.0750 2740 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
18:52:57.0765 2740 RTL8023xp - ok
18:52:57.0796 2740 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
18:52:57.0796 2740 rtl8139 - ok
18:52:57.0843 2740 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:52:57.0843 2740 SamSs - ok
18:52:57.0953 2740 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:52:57.0953 2740 SASDIFSV - ok
18:52:57.0968 2740 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:52:57.0968 2740 SASKUTIL - ok
18:52:57.0984 2740 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:52:58.0000 2740 SCardSvr - ok
18:52:58.0046 2740 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:52:58.0062 2740 Schedule - ok
18:52:58.0109 2740 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:52:58.0109 2740 Secdrv - ok
18:52:58.0156 2740 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:52:58.0156 2740 seclogon - ok
18:52:58.0171 2740 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:52:58.0171 2740 SENS - ok
18:52:58.0187 2740 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:52:58.0187 2740 Serenum - ok
18:52:58.0218 2740 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:52:58.0218 2740 Serial - ok
18:52:58.0250 2740 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:52:58.0250 2740 Sfloppy - ok
18:52:58.0312 2740 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:52:58.0328 2740 SharedAccess - ok
18:52:58.0390 2740 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:52:58.0406 2740 ShellHWDetection - ok
18:52:58.0406 2740 Simbad - ok
18:52:58.0500 2740 smserial (0c81c75a42a4e920a91a8bb729b10449) C:\WINDOWS\system32\DRIVERS\smserial.sys
18:52:58.0531 2740 smserial - ok
18:52:58.0609 2740 snapman (90257773f4b4065bd0c6cc2164fd52e5) C:\WINDOWS\system32\DRIVERS\snapman.sys
18:52:58.0609 2740 snapman - ok
18:52:58.0625 2740 Sparrow - ok
18:52:58.0671 2740 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:52:58.0671 2740 splitter - ok
18:52:58.0734 2740 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:52:58.0734 2740 Spooler - ok
18:52:58.0781 2740 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:52:58.0781 2740 sr - ok
18:52:58.0828 2740 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:52:58.0828 2740 srservice - ok
18:52:58.0937 2740 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\System32\Drivers\NIS\1307000.009\SRTSP.SYS
18:52:59.0000 2740 SRTSP - ok
18:52:59.0015 2740 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\NIS\1307000.009\SRTSPX.SYS
18:52:59.0031 2740 SRTSPX - ok
18:52:59.0078 2740 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:52:59.0093 2740 Srv - ok
18:52:59.0140 2740 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:52:59.0140 2740 SSDPSRV - ok
18:52:59.0203 2740 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:52:59.0218 2740 stisvc - ok
18:52:59.0250 2740 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:52:59.0250 2740 swenum - ok
18:52:59.0312 2740 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:52:59.0312 2740 swmidi - ok
18:52:59.0328 2740 SwPrv - ok
18:52:59.0343 2740 symc810 - ok
18:52:59.0343 2740 symc8xx - ok
18:52:59.0406 2740 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NIS\1307000.009\SYMDS.SYS
18:52:59.0421 2740 SymDS - ok
18:52:59.0531 2740 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NIS\1307000.009\SYMEFA.SYS
18:52:59.0562 2740 SymEFA - ok
18:52:59.0609 2740 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
18:52:59.0625 2740 SymEvent - ok
18:52:59.0656 2740 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NIS\1307000.009\Ironx86.SYS
18:52:59.0671 2740 SymIRON - ok
18:52:59.0703 2740 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NIS\1307000.009\SYMTDI.SYS
18:52:59.0718 2740 SYMTDI - ok
18:52:59.0734 2740 sym_hi - ok
18:52:59.0734 2740 sym_u3 - ok
18:52:59.0781 2740 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:52:59.0781 2740 sysaudio - ok
18:52:59.0828 2740 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:52:59.0843 2740 SysmonLog - ok
18:52:59.0890 2740 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:52:59.0906 2740 TapiSrv - ok
18:52:59.0984 2740 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:53:00.0000 2740 Tcpip - ok
18:53:00.0031 2740 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:53:00.0031 2740 TDPIPE - ok
18:53:00.0046 2740 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:53:00.0046 2740 TDTCP - ok
18:53:00.0078 2740 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:53:00.0078 2740 TermDD - ok
18:53:00.0156 2740 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:53:00.0171 2740 TermService - ok
18:53:00.0218 2740 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:53:00.0234 2740 Themes - ok
18:53:00.0281 2740 tifsfilter (7369f74dd9172c6527a8aceb010e28f1) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
18:53:00.0281 2740 tifsfilter - ok
18:53:00.0328 2740 timounter (53fec95b844c46489f6683dc0a606e01) C:\WINDOWS\system32\DRIVERS\timntr.sys
18:53:00.0343 2740 timounter - ok
18:53:00.0406 2740 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:53:00.0406 2740 TlntSvr - ok
18:53:00.0421 2740 TosIde - ok
18:53:00.0468 2740 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:53:00.0468 2740 TrkWks - ok
18:53:00.0500 2740 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:53:00.0500 2740 Udfs - ok
18:53:00.0515 2740 ultra - ok
18:53:00.0546 2740 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
18:53:00.0546 2740 UMWdf - ok
18:53:00.0593 2740 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:53:00.0609 2740 Update - ok
18:53:00.0656 2740 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:53:00.0671 2740 upnphost - ok
18:53:00.0687 2740 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:53:00.0687 2740 UPS - ok
18:53:00.0734 2740 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:53:00.0734 2740 usbccgp - ok
18:53:00.0765 2740 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:53:00.0765 2740 usbehci - ok
18:53:00.0812 2740 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:53:00.0812 2740 usbhub - ok
18:53:00.0828 2740 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:53:00.0828 2740 usbprint - ok
18:53:00.0859 2740 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:53:00.0859 2740 usbscan - ok
18:53:00.0875 2740 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:53:00.0875 2740 USBSTOR - ok
18:53:00.0906 2740 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:53:00.0906 2740 usbuhci - ok
18:53:00.0921 2740 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:53:00.0937 2740 VgaSave - ok
18:53:00.0968 2740 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:53:00.0968 2740 ViaIde - ok
18:53:00.0984 2740 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:53:00.0984 2740 VolSnap - ok
18:53:01.0046 2740 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:53:01.0062 2740 VSS - ok
18:53:01.0093 2740 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:53:01.0109 2740 W32Time - ok
18:53:01.0125 2740 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:53:01.0125 2740 Wanarp - ok
18:53:01.0171 2740 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
18:53:01.0171 2740 wanatw - ok
18:53:01.0203 2740 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
18:53:01.0203 2740 WDC_SAM - ok
18:53:01.0312 2740 WDDMService (8530b35284aa20d9c614ccb3725cef37) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
18:53:01.0312 2740 WDDMService - ok
18:53:01.0328 2740 WDICA - ok
18:53:01.0359 2740 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:53:01.0375 2740 wdmaud - ok
18:53:01.0390 2740 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
18:53:01.0390 2740 WDSmartWareBackgroundService - ok
18:53:01.0453 2740 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:53:01.0453 2740 WebClient - ok
18:53:01.0562 2740 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:53:01.0578 2740 winmgmt - ok
18:53:01.0625 2740 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
18:53:01.0640 2740 WmdmPmSN - ok
18:53:01.0703 2740 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:53:01.0734 2740 Wmi - ok
18:53:01.0750 2740 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:53:01.0765 2740 WmiApSrv - ok
18:53:01.0828 2740 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:53:01.0828 2740 wscsvc - ok
18:53:01.0875 2740 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:53:01.0875 2740 wuauserv - ok
18:53:01.0953 2740 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:53:02.0000 2740 WZCSVC - ok
18:53:02.0046 2740 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:53:02.0062 2740 xmlprov - ok
18:53:02.0093 2740 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:53:02.0296 2740 \Device\Harddisk0\DR0 - ok
18:53:02.0312 2740 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR12
18:53:02.0312 2740 \Device\Harddisk5\DR12 - ok
18:53:02.0328 2740 Boot (0x1200) (752ef521f76f6772d4171c6f74556e2c) \Device\Harddisk0\DR0\Partition0
18:53:02.0328 2740 \Device\Harddisk0\DR0\Partition0 - ok
18:53:02.0328 2740 Boot (0x1200) (824a5c4b9c04dbb8cddde769d9bf9693) \Device\Harddisk0\DR0\Partition1
18:53:02.0328 2740 \Device\Harddisk0\DR0\Partition1 - ok
18:53:02.0343 2740 Boot (0x1200) (12465cb012d0ff36e8a8e89b655ef92a) \Device\Harddisk5\DR12\Partition0
18:53:02.0343 2740 \Device\Harddisk5\DR12\Partition0 - ok
18:53:02.0343 2740 ============================================================
18:53:02.0343 2740 Scan finished
18:53:02.0343 2740 ============================================================
18:53:02.0359 2996 Detected object count: 0
18:53:02.0359 2996 Actual detected object count: 0
18:53:44.0890 3864 Deinitialize success

OTL Log:
OTL logfile created on: 4/25/2012 7:01:03 PM - Run 3
OTL by OldTimer - Version 3.2.42.0 Folder = C:\ATemp
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.29 Mb Total Physical Memory | 481.61 Mb Available Physical Memory | 47.44% Memory free
2.38 Gb Paging File | 1.43 Gb Available in Paging File | 59.87% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.30 Gb Total Space | 153.73 Gb Free Space | 86.22% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 0.79 Gb Free Space | 9.88% Space Free | Partition Type: FAT32
Drive K: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive L: | 465.11 Gb Total Space | 422.99 Gb Free Space | 90.94% Space Free | Partition Type: NTFS

Computer Name: YOUR-B27FB1C401 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/25 18:08:32 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\ATemp\OTL.exe
PRC - [2012/04/12 03:37:36 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.7.0.9\ccsvchst.exe
PRC - [2012/02/14 19:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1334879659\ee\aolsoftware.exe
PRC - [2009/10/14 14:32:46 | 009,085,760 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/10/14 14:32:46 | 002,049,344 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/10/14 14:31:02 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
PRC - [2005/11/28 14:02:54 | 000,172,032 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2005/09/21 15:32:56 | 002,807,808 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2005/09/21 10:24:02 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/05/03 18:43:28 | 000,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE


========== Modules (No Company Name) ==========

MOD - [2012/04/19 22:42:11 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll
MOD - [2012/04/19 22:41:52 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll
MOD - [2012/04/19 22:41:09 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ec4a3f74cb80c9b9581d778e8645b2c\Microsoft.VisualBasic.ni.dll
MOD - [2012/04/19 19:19:42 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll
MOD - [2012/04/19 19:18:03 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll
MOD - [2012/04/19 19:10:51 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/04/19 19:10:09 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/04/19 18:20:00 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
MOD - [2012/04/19 18:18:24 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/04/19 18:15:56 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/04/19 18:15:07 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
MOD - [2012/04/19 18:11:30 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/04/19 18:10:55 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012/04/12 03:37:34 | 000,444,400 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll
MOD - [2012/04/12 03:37:33 | 003,915,248 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\pdf.dll
MOD - [2012/04/12 03:36:08 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\avutil-51.dll
MOD - [2012/04/12 03:36:06 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\avformat-53.dll
MOD - [2012/04/12 03:36:05 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll
MOD - [2012/04/12 02:51:55 | 008,743,584 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/08/19 16:49:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
MOD - [2009/07/29 16:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/09/28 11:54:48 | 000,269,824 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2002/07/04 09:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe -- (NIS)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2009/10/14 14:31:02 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Running] -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)
SRV - [2005/11/28 14:02:54 | 000,172,032 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/19 19:40:23 | 000,249,152 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2012/04/19 19:40:23 | 000,030,688 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2012/04/19 19:40:15 | 000,096,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2012/04/18 22:10:23 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/04/18 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20120425.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/04/18 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/04/18 01:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/04/18 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20120425.002\NAVENG.SYS -- (NAVENG)
DRV - [2012/04/18 00:56:02 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20120424.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/04/02 23:39:56 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20120413.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/03/29 02:28:38 | 000,388,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1307000.009\symtdi.sys -- (SYMTDI)
DRV - [2012/03/29 02:28:30 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1307000.009\symefa.sys -- (SymEFA)
DRV - [2012/03/29 02:06:25 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1307000.009\ironx86.sys -- (SymIRON)
DRV - [2012/03/29 02:03:27 | 000,574,072 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NIS\1307000.009\srtsp.sys -- (SRTSP)
DRV - [2012/03/29 02:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1307000.009\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2012/01/17 18:45:55 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1307000.009\symds.sys -- (SymDS)
DRV - [2011/11/29 18:44:14 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1307000.009\ccsetx86.sys -- (ccSet_NIS)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/04/15 00:12:12 | 000,175,616 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ftsata2.sys -- (ftsata2)
DRV - [2005/01/25 09:56:00 | 000,923,863 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005/01/08 03:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/04 08:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004/08/04 08:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 18:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/06/04 10:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...arm1=seconduser
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...arm1=seconduser
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3156204540-1018871048-2593910535-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-21-3156204540-1018871048-2593910535-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-21-3156204540-1018871048-2593910535-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-21-3156204540-1018871048-2593910535-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-21-3156204540-1018871048-2593910535-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...arm1=seconduser
IE - HKU\S-1-5-21-3156204540-1018871048-2593910535-1008\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3156204540-1018871048-2593910535-1008\..\SearchScopes,DefaultScope = {8C70B2AB-58B4-49E0-A431-DE6860028817}
IE - HKU\S-1-5-21-3156204540-1018871048-2593910535-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-3156204540-1018871048-2593910535-1008\..\SearchScopes\{8C70B2AB-58B4-49E0-A431-DE6860028817}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3156204540-1018871048-2593910535-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3156204540-1018871048-2593910535-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2061: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2122: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1059: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2012/04/18 21:05:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\IPSFFPlgn\ [2012/04/18 22:12:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\coFFPlgn\ [2012/04/25 18:04:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2012/04/18 21:05:55 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Search = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Norton Identity Protection = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.2.6_0\
CHR - Extension: Norton Identity Protection = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\
CHR - Extension: Gmail = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2004/08/10 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.7.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.7.0.9\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.7.0.9\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3156204540-1018871048-2593910535-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3156204540-1018871048-2593910535-1008\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3156204540-1018871048-2593910535-1008\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.7.0.9\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3156204540-1018871048-2593910535-1008..\Run: [Second Copy 2000] C:\Program Files\SecCopy\SecCopy.exe (Centered Systems)
O4 - HKU\S-1-5-21-3156204540-1018871048-2593910535-1008..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3156204540-1018871048-2593910535-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKU\S-1-5-21-3156204540-1018871048-2593910535-1008\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{714AE337-3357-49AC-863B-4594B44FA7F0}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/20 20:55:47 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 21:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/06/18 17:12:18 | 000,000,088 | R--- | M] () - K:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{2468f7ce-89c3-11e1-869e-0013d4ce9761}\Shell - "" = AutoRun
O33 - MountPoints2\{2468f7ce-89c3-11e1-869e-0013d4ce9761}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2468f7ce-89c3-11e1-869e-0013d4ce9761}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\{90c5dba4-8a6c-11e1-86a6-0013d4ce9761}\Shell - "" = AutoRun
O33 - MountPoints2\{90c5dba4-8a6c-11e1-86a6-0013d4ce9761}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{90c5dba4-8a6c-11e1-86a6-0013d4ce9761}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\{a6f3e0c3-89b9-11e1-869b-0013d4ce9761}\Shell - "" = AutoRun
O33 - MountPoints2\{a6f3e0c3-89b9-11e1-869b-0013d4ce9761}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a6f3e0c3-89b9-11e1-869b-0013d4ce9761}\Shell\AutoRun\command - "" = K:\WD SmartWare.exe -- [2009/10/14 17:28:45 | 003,271,968 | R--- | M] (Western Digital)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/25 16:15:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/04/23 19:09:09 | 000,388,216 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1307000.009\symtdi.sys
[2012/04/23 19:09:09 | 000,345,208 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1307000.009\symtdiv.sys
[2012/04/23 19:09:08 | 000,318,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1307000.009\symnets.sys
[2012/04/23 19:09:07 | 000,905,336 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1307000.009\symefa.sys
[2012/04/23 19:09:07 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1307000.009\symds.sys
[2012/04/23 19:09:07 | 000,032,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1307000.009\srtspx.sys
[2012/04/23 19:09:06 | 000,574,072 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1307000.009\srtsp.sys
[2012/04/23 19:09:06 | 000,149,624 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1307000.009\ironx86.sys
[2012/04/23 19:09:06 | 000,132,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1307000.009\ccsetx86.sys
[2012/04/23 19:06:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1307000.009
[2012/04/22 19:56:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\EPSON
[2012/04/22 19:54:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\ArcSoft
[2012/04/22 19:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Smart Panel
[2012/04/19 21:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Help
[2012/04/19 21:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Help
[2012/04/19 21:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Second Copy 2000
[2012/04/19 21:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\SecCopy
[2012/04/19 21:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2012/04/19 21:34:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2012/04/19 19:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
[2012/04/19 19:56:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\AOL
[2012/04/19 19:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2012/04/19 19:56:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AOL
[2012/04/19 19:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/04/19 19:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2012/04/19 19:55:37 | 000,058,696 | ---- | C] (AOL Inc.) -- C:\WINDOWS\System32\AOLParconLink.exe
[2012/04/19 19:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AOL Downloads
[2012/04/19 19:54:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2012/04/19 19:54:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\AOL
[2012/04/19 19:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\AOL
[2012/04/19 19:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2012/04/19 19:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\aolshare
[2012/04/19 19:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Desktop 9.7
[2012/04/19 19:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL
[2012/04/19 19:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2012/04/19 19:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Acronis
[2012/04/19 19:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2012/04/19 19:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2012/04/19 19:33:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OLYMPUS CAMEDIA Master
[2012/04/19 19:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\OLYMPUS
[2012/04/19 19:30:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ABBYY
[2012/04/19 19:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Leadertech
[2012/04/19 19:26:27 | 000,000,000 | ---D | C] -- C:\EPSONREG
[2012/04/19 19:25:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Epson
[2012/04/19 19:24:34 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\PCDLIB32.DLL
[2012/04/19 19:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft PhotoImpression 5
[2012/04/19 19:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2012/04/19 19:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Presto! BizCard 4.1 (English Version)
[2012/04/19 19:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\NewSoft
[2012/04/19 19:22:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ABBYY FineReader Tools
[2012/04/19 19:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 5.0 Sprint
[2012/04/19 19:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EPSON Scan to Web
[2012/04/19 19:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EPSON Utility Suite
[2012/04/19 19:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\PeachTree
[2012/04/19 19:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\Smart Panel
[2012/04/19 19:18:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EPSON Smart Panel
[2012/04/19 19:17:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EPSON Scan
[2012/04/19 19:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2012/04/19 18:59:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Peachtree
[2012/04/19 18:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Peachtree Complete Accounting 2006
[2012/04/19 18:57:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Stamps.com
[2012/04/19 18:57:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2012/04/19 18:57:25 | 000,090,112 | ---- | C] (Stamps.com Inc.) -- C:\WINDOWS\System32\SDCCInfo.dll
[2012/04/19 18:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\Stamps.com Internet Postage
[2012/04/19 18:56:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Crystal
[2012/04/19 18:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Peach
[2012/04/19 18:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\Sage Software
[2012/04/19 18:11:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator\PrivacIE
[2012/04/19 18:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2012/04/19 18:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Yahoo!
[2012/04/19 18:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\HPAppData
[2012/04/19 17:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/04/19 17:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2012/04/19 17:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/04/19 17:34:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012/04/19 17:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/04/19 17:32:15 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/04/19 16:52:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator\IECompatCache
[2012/04/19 16:30:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
[2012/04/19 16:30:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/04/19 16:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/04/19 16:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/19 03:10:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2012/04/19 03:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/04/19 03:09:56 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012/04/18 22:46:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/04/18 22:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\U3
[2012/04/18 22:10:23 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/04/18 22:10:23 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/04/18 22:10:23 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/04/18 22:09:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2012/04/18 22:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2012/04/18 22:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2012/04/18 22:09:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2012/04/18 22:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/04/18 22:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2012/04/18 22:08:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2012/04/18 22:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/18 22:08:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/18 22:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/18 22:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/18 22:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Dropbox
[2012/04/18 22:07:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Dropbox
[2012/04/18 22:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Norton
[2012/04/18 22:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2012/04/18 22:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2012/04/18 21:57:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator\IETldCache
[2012/04/18 21:50:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
[2012/04/18 21:50:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Application Data
[2012/04/18 21:50:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Favorites
[2012/04/18 21:50:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator\Cookies
[2012/04/18 21:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
[2012/04/18 21:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\SampleView
[2012/04/18 21:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Real
[2012/04/18 21:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
[2012/04/18 21:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Identities
[2012/04/18 21:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google
[2012/04/18 21:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop
[2012/04/18 21:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ApplicationHistory
[2012/04/18 21:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Apple Computer
[2012/04/18 21:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
[2012/04/18 21:50:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\SendTo
[2012/04/18 21:50:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
[2012/04/18 21:50:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu
[2012/04/18 21:50:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Videos
[2012/04/18 21:50:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Pictures
[2012/04/18 21:50:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Music
[2012/04/18 21:50:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents
[2012/04/18 21:50:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Accessories
[2012/04/18 21:50:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\Templates
[2012/04/18 21:50:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\PrintHood
[2012/04/18 21:50:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\NetHood
[2012/04/18 21:50:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings
[2012/04/18 21:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\WINDOWS
[2012/04/18 21:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft
[2012/04/18 21:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}
[2012/04/18 21:48:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/04/18 21:48:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012/04/18 21:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Trollbeads General
[2012/04/18 21:47:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/04/18 21:46:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Motorola
[2012/04/18 21:46:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Trollbead Images
[2012/04/18 21:46:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Seldom Used Files
[2012/04/18 21:46:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\SC-Inventory
[2012/04/18 21:46:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\SC-Fin. Support 10
[2012/04/18 21:46:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\SC-Ebay Store
[2012/04/18 21:45:59 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/04/18 21:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\SC Folders
[2012/04/18 21:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\SC Financial Support
[2012/04/18 21:45:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\SC 2011 Taxes
[2012/04/18 21:45:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Sales Tax
[2012/04/18 21:45:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Paypal 2012
[2012/04/18 21:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Paypal 2011
[2012/04/18 21:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Jule
[2012/04/18 21:45:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\JFS Taxes
[2012/04/18 21:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\JFS
[2012/04/18 21:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Invoices-Jule
[2012/04/18 21:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\games
[2012/04/18 21:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Competitor info
[2012/04/18 21:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Chamilia Master
[2012/04/18 21:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Chamilia Images new
[2012/04/18 21:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Chamilia Images
[2012/04/18 21:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\CB Receiving Report
[2012/04/18 21:42:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\I386
[2012/04/18 21:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Biagi Receiving Reports
[2012/04/18 21:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Biagi Master
[2012/04/18 21:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Biagi Images-Full
[2012/04/18 21:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Biagi Images
[2012/04/18 21:40:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Biagi Catalogs Order Forms
[2012/04/18 21:40:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Bead Reemer Invoices
[2012/04/18 21:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Bead Box
[2012/04/18 21:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\AOL Saved PFC
[2012/04/18 21:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Active Resale Programs
[2012/04/18 21:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\2012 Expense Reports
[2012/04/18 21:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\2011 Expense Reports
[2012/04/18 21:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\2010Summary
[2012/04/18 21:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\2010 Exp. reports
[2012/04/18 21:36:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2012/04/18 21:36:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2012/04/18 21:36:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2012/04/18 21:36:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2012/04/18 21:35:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/04/18 21:35:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/04/18 21:35:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2012/04/18 21:35:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2012/04/18 21:35:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2012/04/18 21:34:38 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2012/04/18 21:34:34 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2012/04/18 21:33:15 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2012/04/18 21:28:22 | 004,502,280 | ---- | C] (Lime Wire LLC) -- C:\Documents and Settings\HP_Administrator\My Documents\LimeWireWin.exe
[2012/04/18 21:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\The Print Shop Small Business Center Forms
[2012/04/18 21:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\TaxCut
[2012/04/18 21:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Symantec
[2012/04/18 21:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Roxio
[2012/04/18 21:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Albums
[2012/04/18 21:27:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Model Railroad
[2012/04/18 21:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\HRBlock
[2012/04/18 21:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\filelib
[2012/04/18 21:25:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Dropbox
[2012/04/18 21:25:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\BlackBerry
[2012/04/18 21:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My eBooks
[2012/04/18 21:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\BarnyardInvasionSaveData
[2012/04/18 21:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\AOL Downloads
[2012/04/18 21:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/04/18 21:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Temp
[2012/04/18 21:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Adobe
[2012/04/18 21:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\HP
[2012/04/18 21:06:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2012/04/18 21:06:04 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/04/18 21:05:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2012/04/18 21:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Western_Digital
[2012/04/18 21:02:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\hpojp8000a809
[2012/04/18 20:59:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Western Digital
[2012/04/18 20:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2012/04/18 20:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2012/04/18 20:58:50 | 000,011,520 | ---- | C] (Western Digital Technologies) -- C:\WINDOWS\System32\drivers\wdcsam.sys
[2012/04/18 20:58:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012/04/18 20:58:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WD SmartWare
[2012/04/18 20:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2012/04/18 20:55:30 | 000,000,000 | ---D | C] -- C:\ATemp
[2012/04/18 20:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Western Digital
[2012/04/18 20:49:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/04/18 20:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012/04/18 20:36:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/18 20:22:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads
[2012/04/18 20:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
[2012/04/18 20:18:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/04/18 20:11:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2012/04/18 20:11:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/04/18 20:11:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2012/04/18 20:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/04/18 20:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2012/04/18 20:07:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2012/04/18 20:05:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2012/04/18 20:00:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/04/18 19:50:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Google Chrome
[2012/04/18 19:41:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/04/18 19:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012/04/18 19:37:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/18 19:37:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2012/04/18 19:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
[2012/04/18 19:35:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent
[2012/04/18 19:34:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2012/04/18 19:33:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2012/04/18 19:32:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator\UserData
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/25 19:06:18 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{090DBC64-2D6C-46FE-A72E-0DFD89F9BABB}.job
[2012/04/25 18:47:02 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3156204540-1018871048-2593910535-1008UA.job
[2012/04/25 18:02:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/25 18:02:37 | 1064,685,568 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/24 19:47:13 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3156204540-1018871048-2593910535-1008Core.job
[2012/04/24 07:47:30 | 000,001,975 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2012/04/24 07:45:40 | 000,566,677 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\Cat.DB
[2012/04/24 07:45:22 | 000,008,942 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\VT20120410.034
[2012/04/22 20:19:29 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/04/22 20:19:29 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/04/22 19:50:03 | 000,000,029 | ---- | M] () -- C:\WINDOWS\DEBUGSM.INI
[2012/04/19 19:56:01 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AOL Desktop 9.7.lnk
[2012/04/19 19:56:01 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.7.lnk
[2012/04/19 19:46:37 | 000,058,696 | ---- | M] (AOL Inc.) -- C:\WINDOWS\System32\AOLParconLink.exe
[2012/04/19 19:45:21 | 000,000,335 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2012/04/19 19:42:19 | 000,257,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/19 19:11:17 | 000,443,098 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/19 19:11:17 | 000,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/19 19:00:15 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/19 18:59:42 | 000,001,616 | ---- | M] () -- C:\WINDOWS\PCW130.ini
[2012/04/19 18:59:42 | 000,000,793 | ---- | M] () -- C:\WINDOWS\BTI.INI
[2012/04/19 18:59:00 | 000,001,638 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Peachtree Complete Accounting 2006.lnk
[2012/04/19 18:58:58 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Peachtree Complete Accounting 2006.lnk
[2012/04/19 18:00:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/19 17:36:59 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012/04/19 16:51:36 | 000,173,082 | ---- | M] () -- C:\WINDOWS\hpwins21.dat
[2012/04/18 23:43:27 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\isolate.ini
[2012/04/18 22:10:23 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/04/18 22:10:23 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/04/18 22:10:23 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/04/18 22:10:23 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/04/18 22:09:51 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Dropbox.lnk
[2012/04/18 22:08:31 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Dropbox.lnk
[2012/04/18 21:58:23 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/18 21:49:47 | 000,001,063 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/04/18 21:49:06 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2012/04/18 21:30:33 | 000,000,129 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/04/18 21:15:29 | 000,000,249 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2012/04/18 20:58:59 | 000,001,129 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2012/04/18 20:58:59 | 000,001,068 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2012/04/18 20:22:13 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/04/18 20:05:23 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/04/18 19:50:49 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/18 19:37:20 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2012/04/18 19:31:17 | 000,001,851 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_ED906AA-ABA a1224n_YC_0Pavi_QCNH539_E54NAsyMPC1_48_IGoldfish3_SASUSTeK Computer INC._V1.xx_B3.25_T050906_WXP2_L409_M1016_J200_7Intel_8Pentium 4_93.06_#051208_N10EC8139_Z10573052_G80862582.MRK
[2012/04/13 19:09:36 | 000,027,320 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Cincinnati Ref. Express.jpg
[2012/04/11 01:15:11 | 000,051,800 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Order2104117818.pdf
[2012/04/10 16:06:49 | 000,090,263 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Joseph Smith 2011 Tax Return.T11
[2012/04/10 10:32:22 | 000,224,613 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\1099K_2011[1].pdf
[2012/04/07 08:59:26 | 000,442,048 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Joseph Smith 2011 Tax Return_T11_For_Records.pdf
[2012/04/07 08:59:09 | 000,297,305 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Joseph Smith 2011 Tax Return_T11_For_Filing.pdf
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/03 21:43:49 | 000,007,454 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\srtspx.cat
[2012/04/03 21:43:49 | 000,007,450 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\srtsp.cat
[2012/04/03 21:43:49 | 000,001,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\srtspx.inf
[2012/04/03 21:43:49 | 000,001,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\srtsp.inf
[2012/03/30 23:12:27 | 000,127,322 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\2012-03-3022.59.51.jpg
[2012/03/29 02:28:38 | 000,388,216 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1307000.009\symtdi.sys
[2012/03/29 02:28:38 | 000,318,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1307000.009\symnets.sys
[2012/03/29 02:28:37 | 000,345,208 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1307000.009\symtdiv.sys
[2012/03/29 02:28:34 | 000,007,877 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\symnetv.cat
[2012/03/29 02:28:34 | 000,007,458 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\symnet.cat
[2012/03/29 02:28:34 | 000,001,469 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\symnetv.inf
[2012/03/29 02:28:34 | 000,001,441 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\symnet.inf
[2012/03/29 02:28:30 | 000,905,336 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1307000.009\symefa.sys
[2012/03/29 02:28:30 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\symefa.cat
[2012/03/29 02:28:30 | 000,004,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\symvtcer.dat
[2012/03/29 02:28:30 | 000,003,434 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\symefa.inf
[2012/03/29 02:06:25 | 000,149,624 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1307000.009\ironx86.sys
[2012/03/29 02:06:25 | 000,007,450 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\iron.cat
[2012/03/29 02:06:25 | 000,000,742 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\iron.inf
[2012/03/29 02:03:27 | 000,574,072 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1307000.009\srtsp.sys
[2012/03/29 02:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1307000.009\srtspx.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/24 07:47:30 | 000,001,975 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2012/04/24 07:45:22 | 000,566,677 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\Cat.DB
[2012/04/24 07:45:22 | 000,008,942 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\VT20120410.034
[2012/04/23 19:09:08 | 000,007,877 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\symnetv.cat
[2012/04/23 19:09:08 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\symnet.cat
[2012/04/23 19:09:08 | 000,001,469 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\symnetv.inf
[2012/04/23 19:09:08 | 000,001,441 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\symnet.inf
[2012/04/23 19:09:07 | 000,007,492 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\symds.cat
[2012/04/23 19:09:07 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\symefa.cat
[2012/04/23 19:09:07 | 000,007,454 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\srtspx.cat
[2012/04/23 19:09:07 | 000,003,434 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\symefa.inf
[2012/04/23 19:09:07 | 000,002,852 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\symds.inf
[2012/04/23 19:09:07 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\srtspx.inf
[2012/04/23 19:09:06 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\srtsp.cat
[2012/04/23 19:09:06 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\iron.cat
[2012/04/23 19:09:06 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\srtsp.inf
[2012/04/23 19:09:06 | 000,000,827 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\ccsetx86.inf
[2012/04/23 19:09:06 | 000,000,742 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\iron.inf
[2012/04/23 19:09:05 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\ccsetx86.cat
[2012/04/23 19:06:14 | 000,004,782 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\symvtcer.dat
[2012/04/23 19:06:14 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1307000.009\isolate.ini
[2012/04/22 20:19:29 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2012/04/22 20:19:29 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/04/22 19:50:03 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2012/04/19 19:56:01 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.7.lnk
[2012/04/19 19:56:00 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOL Desktop 9.7.lnk
[2012/04/19 19:45:21 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012/04/19 19:23:21 | 000,029,521 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/04/19 19:23:21 | 000,020,910 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012/04/19 19:23:21 | 000,020,869 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/04/19 19:23:21 | 000,012,585 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_EN.cfg
[2012/04/19 19:23:21 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/04/19 19:22:56 | 000,098,304 | R--- | C] () -- C:\WINDOWS\StiRegstEng.dll
[2012/04/19 19:22:12 | 000,001,681 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\ABBYY FineReader 5.0 Sprint.lnk
[2012/04/19 19:18:34 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2012/04/19 19:18:34 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2012/04/19 19:18:34 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2012/04/19 19:17:37 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\esfw41.bin
[2012/04/19 18:59:00 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Peachtree Complete Accounting 2006.lnk
[2012/04/19 18:58:57 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Peachtree Complete Accounting 2006.lnk
[2012/04/19 18:57:28 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\rsUtil.dll
[2012/04/19 18:56:09 | 000,000,444 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{090DBC64-2D6C-46FE-A72E-0DFD89F9BABB}.job
[2012/04/19 16:39:47 | 000,000,428 | ---- | C] () -- C:\WINDOWS\hpwmdl21.dat.temp
[2012/04/18 22:10:23 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/04/18 22:10:23 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/04/18 22:09:51 | 000,001,042 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Dropbox.lnk
[2012/04/18 22:08:31 | 000,001,042 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Dropbox.lnk
[2012/04/18 21:50:48 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/04/18 21:50:47 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2012/04/18 21:50:45 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Remote Assistance.lnk
[2012/04/18 21:50:45 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Windows Media Player.lnk
[2012/04/18 21:50:45 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Outlook Express.lnk
[2012/04/18 21:47:23 | 000,044,450 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Trollbeads Direct Order-OE-10008.pdf
[2012/04/18 21:47:22 | 000,051,800 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Order2104117818.pdf
[2012/04/18 21:47:22 | 000,014,319 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SMITH1receipt.pdf
[2012/04/18 21:47:22 | 000,009,448 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Norton Internet Security_Key.pdf
[2012/04/18 21:47:20 | 007,496,411 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Kidz Catalog.pdf
[2012/04/18 21:47:20 | 000,442,048 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Joseph Smith 2011 Tax Return_T11_For_Records.pdf
[2012/04/18 21:47:20 | 000,297,305 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Joseph Smith 2011 Tax Return_T11_For_Filing.pdf
[2012/04/18 21:47:20 | 000,247,453 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\CBKidzIOF100711-US.pdf
[2012/04/18 21:47:20 | 000,100,527 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\CBCharmPriceList010311US.pdf
[2012/04/18 21:47:20 | 000,090,263 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Joseph Smith 2011 Tax Return.T11
[2012/04/18 21:47:20 | 000,027,320 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Cincinnati Ref. Express.jpg
[2012/04/18 21:47:19 | 001,068,116 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\CBBeadIOF101211-US.pdf
[2012/04/18 21:47:19 | 000,224,613 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\1099K_2011[1].pdf
[2012/04/18 21:47:19 | 000,127,322 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\2012-03-3022.59.51.jpg
[2012/04/18 21:47:19 | 000,065,160 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\5 Rod Box.jpg
[2012/04/18 21:47:19 | 000,064,533 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\9 Rod Box.jpg
[2012/04/18 21:47:19 | 000,057,077 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\9 Rod Open Box.jpg
[2012/04/18 21:47:19 | 000,049,417 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\5 Rod Open Box.JPG
[2012/04/18 21:44:24 | 000,000,249 | ---- | C] () -- C:\WINDOWS\System\hpsysdrv.dat
[2012/04/18 21:30:33 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/04/18 21:28:22 | 004,401,467 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\LoaderBackup-(2010-09-22)-1.ipd
[2012/04/18 21:28:22 | 004,401,353 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\LoaderBackup-(2010-09-22).ipd
[2012/04/18 21:28:22 | 000,024,977 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\MyTaxes.T03
[2012/04/18 21:28:22 | 000,001,357 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\MyTaxes.sbr
[2012/04/18 21:28:22 | 000,000,312 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\spider.sav
[2012/04/18 21:28:19 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\55CC0000
[2012/04/18 21:28:19 | 000,000,210 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Yahoo! Briefcase.url
[2012/04/18 20:58:59 | 000,001,129 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2012/04/18 20:58:59 | 000,001,068 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2012/04/18 20:53:12 | 000,173,082 | ---- | C] () -- C:\WINDOWS\hpwins21.dat
[2012/04/18 20:53:11 | 000,000,428 | ---- | C] () -- C:\WINDOWS\hpwmdl21.dat
[2012/04/18 20:50:27 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/18 20:47:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/18 20:47:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/04/18 20:41:52 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Startup.cpl
[2012/04/18 20:19:37 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Internet Explorer.lnk
[2012/04/18 20:19:35 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/18 19:53:35 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2012/04/18 19:53:23 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2012/04/18 19:52:00 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2012/04/18 19:50:49 | 000,002,354 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/18 19:42:54 | 000,001,022 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3156204540-1018871048-2593910535-1008UA.job
[2012/04/18 19:42:53 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3156204540-1018871048-2593910535-1008Core.job
[2012/04/18 19:37:18 | 000,000,211 | RHS- | C] () -- C:\BOOT.BAK
[2012/04/18 19:37:14 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/18 19:31:13 | 000,001,851 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_ED906AA-ABA a1224n_YC_0Pavi_QCNH539_E54NAsyMPC1_48_IGoldfish3_SASUSTeK Computer INC._V1.xx_B3.25_T050906_WXP2_L409_M1016_J200_7Intel_8Pentium 4_93.06_#051208_N10EC8139_Z10573052_G80862582.MRK
[2012/04/18 19:31:06 | 1064,685,568 | -HS- | C] () -- C:\hiberfil.sys

========== LOP Check ==========

[2005/08/20 20:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2012/04/19 21:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2012/04/19 19:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/04/19 21:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2012/04/18 20:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2005/08/20 20:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2012/04/25 19:06:18 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{090DBC64-2D6C-46FE-A72E-0DFD89F9BABB}.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
RKinner
Posted 26 April 2012 - 11:21 AM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
Do the following:
Start -> Run
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window (make sure you scroll left or right so that you can see the size of the partition) and attach the screen shot to your reply.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.

Ron
  • 0

#3
dal4000
Posted 27 April 2012 - 03:11 PM

dal4000

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here you go picture attached. Note I get the Norton message even if the My Book L:/K: are not attached. The L:/K: is a WD My Book USB External Drive.
  • 0

#4
RKinner
Posted 27 April 2012 - 03:16 PM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
Didn't work. You have to Browse (point it at the file then Open) then hit Attach This File.
  • 0

#5
dal4000
Posted 28 April 2012 - 09:58 AM

dal4000

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Trying again, I had chosen the file I hadn't hit Attach.
Is there a way I can subscribe to this thread so when there is an update I know it right away vs refreshing this page all the time.

Attached Thumbnails

  • diskmgmt.JPG

  • 0

#6
RKinner
Posted 28 April 2012 - 10:30 AM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
The 3 MB partition is a bit suspicious. Normally Tidserv will create a 2 or 8 MB partition but I suppose it could have changed. Let's run aswMBR:


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply


It will also create a file called MBR.dat on your desktop. Please rename it to MBR.txt (don't try to open it as it isn't a text file but the forum won't let you attach it with a .dat extension) and then Attach it.

When you ran TDSSKiller did you: hit Change Parameters and check the two items under Additional Options before starting the scan? In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
  • 0

#7
dal4000
Posted 28 April 2012 - 03:08 PM

dal4000

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
aswMBR ran clean, no FIX button highlighted.
Here is text log and attaching the MBR.DAT renamed as MBR.TXT
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-28 16:51:40
-----------------------------
16:51:40.046 OS Version: Windows 5.1.2600 Service Pack 3
16:51:40.046 Number of processors: 1 586 0x401
16:51:40.062 ComputerName: YOUR-B27FB1C401 UserName:
16:51:40.906 Initialze error C0000061 - driver not loaded
16:51:41.078 write error "ashBase.dll". The system cannot find the path specified.
16:53:43.359 The log file has been saved successfully to "C:\ATemp\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-28 16:59:18
-----------------------------
16:59:18.531 OS Version: Windows 5.1.2600 Service Pack 3
16:59:18.531 Number of processors: 1 586 0x401
16:59:18.531 ComputerName: YOUR-B27FB1C401 UserName:
16:59:25.953 Initialize success
16:59:44.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17
16:59:44.343 Disk 0 Vendor: ST3200822AS 3.02 Size: 190782MB BusType: 3
16:59:44.359 Disk 0 MBR read successfully
16:59:44.359 Disk 0 MBR scan
16:59:44.359 Disk 0 Windows XP default MBR code
16:59:44.359 Disk 0 Partition 1 00 0C FAT32 LBA RECOVERY 8202 MB offset 63
16:59:44.375 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 182576 MB offset 16798320
16:59:44.453 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 2 MB offset 390715920
16:59:44.453 Disk 0 scanning sectors +390721952
16:59:46.140 Disk 0 scanning C:\WINDOWS\system32\drivers
16:59:59.390 Service scanning
17:00:18.328 Modules scanning
17:00:44.281 Scan finished successfully
17:01:35.562 Disk 0 MBR has been saved successfully to "C:\ATemp\MBR.dat"
17:01:35.562 The log file has been saved successfully to "C:\ATemp\aswMBR.txt"


I did not check those boxes in TDSS, I only started and ran it as a normal scan, here is a new one.

17:02:32.0468 3112 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
17:02:32.0875 3112 ============================================================
17:02:32.0875 3112 Current date / time: 2012/04/28 17:02:32.0875
17:02:32.0875 3112 SystemInfo:
17:02:32.0875 3112
17:02:32.0875 3112 OS Version: 5.1.2600 ServicePack: 3.0
17:02:32.0875 3112 Product type: Workstation
17:02:32.0875 3112 ComputerName: YOUR-B27FB1C401
17:02:32.0875 3112 UserName: HP_Administrator
17:02:32.0875 3112 Windows directory: C:\WINDOWS
17:02:32.0875 3112 System windows directory: C:\WINDOWS
17:02:32.0875 3112 Processor architecture: Intel x86
17:02:32.0875 3112 Number of processors: 1
17:02:32.0875 3112 Page size: 0x1000
17:02:32.0875 3112 Boot type: Normal boot
17:02:32.0875 3112 ============================================================
17:02:36.0859 3112 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x64F1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
17:02:36.0875 3112 Drive \Device\Harddisk1\DR4 - Size: 0x7446E00000 (465.11 Gb), SectorSize: 0x200, Cylinders: 0xED2B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:02:37.0015 3112 ============================================================
17:02:37.0015 3112 \Device\Harddisk0\DR0:
17:02:37.0046 3112 MBR partitions:
17:02:37.0046 3112 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1005231
17:02:37.0046 3112 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1005270, BlocksNum 0x164987A0
17:02:37.0046 3112 \Device\Harddisk1\DR4:
17:02:37.0046 3112 MBR partitions:
17:02:37.0046 3112 \Device\Harddisk1\DR4\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A236800
17:02:37.0046 3112 ============================================================
17:02:37.0093 3112 C: <-> \Device\Harddisk0\DR0\Partition1
17:02:37.0093 3112 D: <-> \Device\Harddisk0\DR0\Partition0
17:02:37.0140 3112 L: <-> \Device\Harddisk1\DR4\Partition0
17:02:37.0140 3112 ============================================================
17:02:37.0140 3112 Initialize success
17:02:37.0140 3112 ============================================================
17:03:10.0046 1672 ============================================================
17:03:10.0046 1672 Scan started
17:03:10.0046 1672 Mode: Manual;
17:03:10.0046 1672 ============================================================
17:03:11.0437 1672 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:03:11.0640 1672 !SASCORE - ok
17:03:12.0078 1672 Abiosdsk - ok
17:03:12.0093 1672 abp480n5 - ok
17:03:12.0187 1672 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:03:12.0187 1672 ACPI - ok
17:03:12.0203 1672 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:03:12.0203 1672 ACPIEC - ok
17:03:12.0343 1672 AcrSch2Svc (d5a40b566b6bf947b2e643de621b1bde) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
17:03:13.0062 1672 AcrSch2Svc - ok
17:03:13.0062 1672 adpu160m - ok
17:03:13.0156 1672 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:03:13.0156 1672 aec - ok
17:03:13.0218 1672 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:03:13.0218 1672 AFD - ok
17:03:13.0234 1672 Aha154x - ok
17:03:13.0250 1672 aic78u2 - ok
17:03:13.0265 1672 aic78xx - ok
17:03:13.0328 1672 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:03:13.0453 1672 Alerter - ok
17:03:13.0500 1672 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:03:13.0515 1672 ALG - ok
17:03:13.0515 1672 AliIde - ok
17:03:13.0546 1672 amsint - ok
17:03:13.0671 1672 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
17:03:13.0687 1672 AOL ACS - ok
17:03:13.0765 1672 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
17:03:13.0906 1672 AppMgmt - ok
17:03:13.0937 1672 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:03:13.0937 1672 Arp1394 - ok
17:03:13.0968 1672 asc - ok
17:03:13.0968 1672 asc3350p - ok
17:03:13.0984 1672 asc3550 - ok
17:03:14.0187 1672 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:03:14.0421 1672 aspnet_state - ok
17:03:14.0593 1672 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:03:14.0593 1672 AsyncMac - ok
17:03:14.0640 1672 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:03:14.0640 1672 atapi - ok
17:03:14.0656 1672 Atdisk - ok
17:03:14.0750 1672 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:03:14.0750 1672 Atmarpc - ok
17:03:14.0796 1672 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:03:14.0796 1672 AudioSrv - ok
17:03:14.0890 1672 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:03:14.0890 1672 audstub - ok
17:03:14.0906 1672 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
17:03:14.0906 1672 bb-run - ok
17:03:14.0937 1672 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:03:14.0937 1672 Beep - ok
17:03:15.0281 1672 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20120413.001\BHDrvx86.sys
17:03:15.0609 1672 BHDrvx86 - ok
17:03:16.0046 1672 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:03:16.0125 1672 BITS - ok
17:03:16.0156 1672 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:03:16.0156 1672 Browser - ok
17:03:16.0203 1672 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:03:16.0203 1672 cbidf2k - ok
17:03:16.0281 1672 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NIS\1307000.009\ccSetx86.sys
17:03:16.0328 1672 ccSet_NIS - ok
17:03:16.0328 1672 cd20xrnt - ok
17:03:16.0375 1672 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:03:16.0375 1672 Cdaudio - ok
17:03:16.0531 1672 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:03:16.0531 1672 Cdfs - ok
17:03:16.0625 1672 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:03:16.0625 1672 Cdrom - ok
17:03:16.0640 1672 Changer - ok
17:03:16.0687 1672 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:03:16.0687 1672 CiSvc - ok
17:03:16.0718 1672 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:03:16.0734 1672 ClipSrv - ok
17:03:16.0921 1672 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:03:17.0062 1672 clr_optimization_v2.0.50727_32 - ok
17:03:17.0078 1672 CmdIde - ok
17:03:17.0078 1672 COMSysApp - ok
17:03:17.0109 1672 Cpqarray - ok
17:03:17.0140 1672 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:03:17.0140 1672 CryptSvc - ok
17:03:17.0156 1672 dac2w2k - ok
17:03:17.0156 1672 dac960nt - ok
17:03:17.0234 1672 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:03:17.0250 1672 DcomLaunch - ok
17:03:17.0296 1672 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:03:17.0312 1672 Dhcp - ok
17:03:17.0359 1672 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:03:17.0359 1672 Disk - ok
17:03:17.0375 1672 dmadmin - ok
17:03:17.0453 1672 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:03:17.0500 1672 dmboot - ok
17:03:17.0515 1672 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:03:17.0515 1672 dmio - ok
17:03:17.0562 1672 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:03:17.0562 1672 dmload - ok
17:03:17.0625 1672 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:03:17.0625 1672 dmserver - ok
17:03:17.0656 1672 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:03:17.0656 1672 DMusic - ok
17:03:17.0718 1672 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:03:17.0718 1672 Dnscache - ok
17:03:17.0765 1672 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:03:17.0796 1672 Dot3svc - ok
17:03:17.0812 1672 dpti2o - ok
17:03:17.0812 1672 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:03:17.0812 1672 drmkaud - ok
17:03:17.0906 1672 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:03:17.0906 1672 EapHost - ok
17:03:18.0093 1672 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:03:18.0125 1672 eeCtrl - ok
17:03:18.0406 1672 ehRecvr (63f371f0248e3732a4821f86e6d0e370) C:\WINDOWS\eHome\ehRecvr.exe
17:03:18.0468 1672 ehRecvr - ok
17:03:18.0484 1672 ehSched (16910f8b482919bb6035ed053b691692) C:\WINDOWS\eHome\ehSched.exe
17:03:18.0484 1672 ehSched - ok
17:03:18.0546 1672 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:03:18.0562 1672 EraserUtilRebootDrv - ok
17:03:18.0609 1672 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:03:18.0609 1672 ERSvc - ok
17:03:18.0656 1672 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:03:18.0671 1672 Eventlog - ok
17:03:18.0750 1672 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
17:03:18.0750 1672 EventSystem - ok
17:03:18.0812 1672 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:03:18.0828 1672 Fastfat - ok
17:03:18.0875 1672 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:03:18.0890 1672 FastUserSwitchingCompatibility - ok
17:03:18.0953 1672 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
17:03:19.0000 1672 Fax - ok
17:03:19.0031 1672 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:03:19.0031 1672 Fdc - ok
17:03:19.0046 1672 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:03:19.0046 1672 Fips - ok
17:03:19.0078 1672 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:03:19.0078 1672 Flpydisk - ok
17:03:19.0093 1672 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:03:19.0093 1672 FltMgr - ok
17:03:19.0359 1672 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:03:19.0359 1672 FontCache3.0.0.0 - ok
17:03:19.0406 1672 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:03:19.0406 1672 Fs_Rec - ok
17:03:19.0500 1672 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:03:19.0500 1672 Ftdisk - ok
17:03:19.0515 1672 ftsata2 (92e8443c7bf5c0137671cde080655dfc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
17:03:19.0531 1672 ftsata2 - ok
17:03:19.0562 1672 GEARAspiWDM (6f55305289a0765bd8ae8e8d32f17117) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:03:19.0562 1672 GEARAspiWDM - ok
17:03:19.0578 1672 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:03:19.0578 1672 Gpc - ok
17:03:19.0625 1672 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
17:03:19.0625 1672 HdAudAddService - ok
17:03:19.0671 1672 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:03:19.0671 1672 HDAudBus - ok
17:03:19.0828 1672 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:03:19.0828 1672 helpsvc - ok
17:03:19.0937 1672 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
17:03:19.0937 1672 HidServ - ok
17:03:19.0968 1672 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:03:19.0968 1672 HidUsb - ok
17:03:20.0015 1672 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:03:20.0031 1672 hkmsvc - ok
17:03:20.0031 1672 hpn - ok
17:03:20.0203 1672 hpqcxs08 (ce0fcec4d4d860f36d972759b11eaf0f) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
17:03:20.0218 1672 hpqcxs08 - ok
17:03:20.0250 1672 hpqddsvc (7da3211ac63edd90b8eca1ca1abfd43b) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
17:03:20.0265 1672 hpqddsvc - ok
17:03:20.0375 1672 HPSLPSVC (14229263aa19c704e0d6d2e7404a8455) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
17:03:20.0406 1672 HPSLPSVC - ok
17:03:20.0453 1672 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:03:20.0453 1672 HPZid412 - ok
17:03:20.0468 1672 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:03:20.0468 1672 HPZipr12 - ok
17:03:20.0500 1672 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:03:20.0500 1672 HPZius12 - ok
17:03:20.0578 1672 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:03:20.0593 1672 HTTP - ok
17:03:20.0640 1672 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:03:20.0671 1672 HTTPFilter - ok
17:03:20.0671 1672 i2omgmt - ok
17:03:20.0687 1672 i2omp - ok
17:03:20.0781 1672 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:03:20.0781 1672 i8042prt - ok
17:03:21.0031 1672 ialm (4007984827e19e6a5b6faf8532eaefba) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:03:21.0046 1672 ialm - ok
17:03:21.0265 1672 iaStor (79ae2a97c120f282845d854d0f070ea9) C:\WINDOWS\system32\DRIVERS\iaStor.sys
17:03:21.0296 1672 iaStor - ok
17:03:21.0453 1672 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
17:03:21.0468 1672 IDriverT - ok
17:03:21.0703 1672 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:03:21.0750 1672 idsvc - ok
17:03:22.0031 1672 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20120427.001\IDSxpx86.sys
17:03:22.0062 1672 IDSxpx86 - ok
17:03:22.0500 1672 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:03:22.0500 1672 Imapi - ok
17:03:22.0703 1672 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:03:22.0703 1672 ImapiService - ok
17:03:22.0718 1672 ini910u - ok
17:03:22.0984 1672 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:03:23.0062 1672 IntcAzAudAddService - ok
17:03:23.0156 1672 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:03:23.0156 1672 IntelIde - ok
17:03:23.0171 1672 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:03:23.0171 1672 intelppm - ok
17:03:23.0203 1672 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:03:23.0203 1672 Ip6Fw - ok
17:03:23.0218 1672 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:03:23.0234 1672 IpFilterDriver - ok
17:03:23.0250 1672 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:03:23.0250 1672 IpInIp - ok
17:03:23.0281 1672 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:03:23.0296 1672 IpNat - ok
17:03:23.0390 1672 iPodService (50f2e042c33ed8d11264be5c4d533c7f) C:\Program Files\iPod\bin\iPodService.exe
17:03:23.0421 1672 iPodService - ok
17:03:23.0453 1672 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:03:23.0468 1672 IPSec - ok
17:03:23.0500 1672 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:03:23.0500 1672 IRENUM - ok
17:03:23.0531 1672 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:03:23.0531 1672 isapnp - ok
17:03:23.0578 1672 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:03:23.0578 1672 Kbdclass - ok
17:03:23.0734 1672 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:03:23.0734 1672 kmixer - ok
17:03:23.0765 1672 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:03:23.0828 1672 KSecDD - ok
17:03:23.0859 1672 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:03:23.0875 1672 lanmanserver - ok
17:03:24.0062 1672 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:03:24.0062 1672 lanmanworkstation - ok
17:03:24.0078 1672 lbrtfdc - ok
17:03:24.0125 1672 LightScribeService (00944d59948596721d17510c94cd3e4f) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:03:24.0140 1672 LightScribeService - ok
17:03:24.0156 1672 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:03:24.0156 1672 LmHosts - ok
17:03:24.0234 1672 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
17:03:24.0250 1672 ltmodem5 - ok
17:03:24.0312 1672 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:03:24.0328 1672 MDM - ok
17:03:24.0390 1672 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:03:24.0406 1672 Messenger - ok
17:03:24.0484 1672 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
17:03:24.0531 1672 MHN - ok
17:03:24.0562 1672 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
17:03:24.0562 1672 MHNDRV - ok
17:03:24.0593 1672 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:03:24.0593 1672 mnmdd - ok
17:03:24.0640 1672 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:03:24.0656 1672 mnmsrvc - ok
17:03:24.0687 1672 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:03:24.0687 1672 Modem - ok
17:03:24.0718 1672 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
17:03:24.0718 1672 MODEMCSA - ok
17:03:24.0765 1672 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:03:24.0765 1672 Mouclass - ok
17:03:24.0812 1672 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:03:24.0812 1672 mouhid - ok
17:03:24.0828 1672 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:03:24.0828 1672 MountMgr - ok
17:03:24.0843 1672 mraid35x - ok
17:03:24.0875 1672 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:03:24.0875 1672 MRxDAV - ok
17:03:24.0968 1672 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:03:24.0984 1672 MRxSmb - ok
17:03:25.0031 1672 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:03:25.0031 1672 MSDTC - ok
17:03:25.0093 1672 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:03:25.0093 1672 Msfs - ok
17:03:25.0109 1672 MSIServer - ok
17:03:25.0125 1672 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:03:25.0125 1672 MSKSSRV - ok
17:03:25.0156 1672 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:03:25.0156 1672 MSPCLOCK - ok
17:03:25.0187 1672 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:03:25.0187 1672 MSPQM - ok
17:03:25.0218 1672 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:03:25.0218 1672 mssmbios - ok
17:03:25.0421 1672 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:03:25.0421 1672 Mup - ok
17:03:25.0687 1672 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:03:25.0718 1672 napagent - ok
17:03:25.0984 1672 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20120427.033\NAVENG.SYS
17:03:25.0984 1672 NAVENG - ok
17:03:26.0109 1672 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20120427.033\NAVEX15.SYS
17:03:26.0140 1672 NAVEX15 - ok
17:03:26.0328 1672 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:03:26.0328 1672 NDIS - ok
17:03:26.0375 1672 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:03:26.0375 1672 NdisTapi - ok
17:03:26.0406 1672 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:03:26.0406 1672 Ndisuio - ok
17:03:26.0421 1672 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:03:26.0421 1672 NdisWan - ok
17:03:26.0484 1672 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:03:26.0484 1672 NDProxy - ok
17:03:26.0531 1672 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
17:03:26.0546 1672 Net Driver HPZ12 - ok
17:03:26.0593 1672 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:03:26.0593 1672 NetBIOS - ok
17:03:26.0781 1672 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:03:26.0781 1672 NetBT - ok
17:03:26.0890 1672 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:03:26.0906 1672 NetDDE - ok
17:03:26.0906 1672 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:03:26.0906 1672 NetDDEdsdm - ok
17:03:27.0046 1672 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:03:27.0062 1672 Netlogon - ok
17:03:27.0093 1672 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:03:27.0093 1672 Netman - ok
17:03:27.0515 1672 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:03:27.0531 1672 NetTcpPortSharing - ok
17:03:27.0578 1672 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:03:27.0578 1672 NIC1394 - ok
17:03:28.0078 1672 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
17:03:28.0093 1672 NIS - ok
17:03:28.0281 1672 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:03:28.0281 1672 Nla - ok
17:03:28.0328 1672 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:03:28.0328 1672 Npfs - ok
17:03:28.0375 1672 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:03:28.0406 1672 Ntfs - ok
17:03:28.0468 1672 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:03:28.0468 1672 NtLmSsp - ok
17:03:28.0562 1672 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:03:28.0578 1672 NtmsSvc - ok
17:03:28.0625 1672 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:03:28.0625 1672 Null - ok
17:03:28.0656 1672 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:03:28.0656 1672 NwlnkFlt - ok
17:03:28.0656 1672 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:03:28.0671 1672 NwlnkFwd - ok
17:03:28.0750 1672 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:03:28.0750 1672 ohci1394 - ok
17:03:28.0937 1672 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:03:29.0000 1672 ose - ok
17:03:29.0031 1672 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:03:29.0031 1672 Parport - ok
17:03:29.0062 1672 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:03:29.0062 1672 PartMgr - ok
17:03:29.0093 1672 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:03:29.0093 1672 ParVdm - ok
17:03:29.0109 1672 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:03:29.0125 1672 PCI - ok
17:03:29.0125 1672 PCIDump - ok
17:03:29.0140 1672 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:03:29.0140 1672 PCIIde - ok
17:03:29.0171 1672 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:03:29.0171 1672 Pcmcia - ok
17:03:29.0171 1672 PDCOMP - ok
17:03:29.0187 1672 PDFRAME - ok
17:03:29.0187 1672 PDRELI - ok
17:03:29.0203 1672 PDRFRAME - ok
17:03:29.0203 1672 perc2 - ok
17:03:29.0218 1672 perc2hib - ok
17:03:29.0265 1672 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:03:29.0265 1672 PlugPlay - ok
17:03:29.0328 1672 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
17:03:29.0328 1672 Pml Driver HPZ12 - ok
17:03:29.0343 1672 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:03:29.0343 1672 PolicyAgent - ok
17:03:29.0484 1672 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:03:29.0484 1672 PptpMiniport - ok
17:03:29.0500 1672 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:03:29.0500 1672 ProtectedStorage - ok
17:03:29.0546 1672 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
17:03:29.0546 1672 Ps2 - ok
17:03:29.0562 1672 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:03:29.0562 1672 PSched - ok
17:03:29.0578 1672 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:03:29.0593 1672 Ptilink - ok
17:03:29.0609 1672 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:03:29.0609 1672 PxHelp20 - ok
17:03:29.0609 1672 ql1080 - ok
17:03:29.0625 1672 Ql10wnt - ok
17:03:29.0640 1672 ql12160 - ok
17:03:29.0656 1672 ql1240 - ok
17:03:29.0656 1672 ql1280 - ok
17:03:29.0687 1672 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:03:29.0687 1672 RasAcd - ok
17:03:29.0718 1672 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:03:29.0734 1672 RasAuto - ok
17:03:29.0750 1672 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:03:29.0750 1672 Rasl2tp - ok
17:03:29.0796 1672 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:03:29.0796 1672 RasMan - ok
17:03:29.0812 1672 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:03:29.0812 1672 RasPppoe - ok
17:03:29.0828 1672 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:03:29.0828 1672 Raspti - ok
17:03:29.0859 1672 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:03:29.0859 1672 Rdbss - ok
17:03:29.0875 1672 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:03:29.0890 1672 RDPCDD - ok
17:03:29.0921 1672 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:03:29.0921 1672 rdpdr - ok
17:03:29.0984 1672 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
17:03:29.0984 1672 RDPWD - ok
17:03:30.0046 1672 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:03:30.0062 1672 RDSessMgr - ok
17:03:30.0171 1672 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:03:30.0171 1672 redbook - ok
17:03:30.0265 1672 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:03:30.0281 1672 RemoteAccess - ok
17:03:30.0312 1672 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
17:03:30.0312 1672 RemoteRegistry - ok
17:03:30.0328 1672 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
17:03:30.0343 1672 RpcLocator - ok
17:03:30.0421 1672 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:03:30.0421 1672 RpcSs - ok
17:03:30.0468 1672 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:03:30.0468 1672 RSVP - ok
17:03:30.0515 1672 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
17:03:30.0515 1672 RTL8023xp - ok
17:03:30.0546 1672 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
17:03:30.0546 1672 rtl8139 - ok
17:03:30.0593 1672 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:03:30.0593 1672 SamSs - ok
17:03:30.0703 1672 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:03:30.0703 1672 SASDIFSV - ok
17:03:30.0734 1672 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:03:30.0734 1672 SASKUTIL - ok
17:03:30.0781 1672 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:03:30.0828 1672 SCardSvr - ok
17:03:31.0046 1672 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:03:31.0062 1672 Schedule - ok
17:03:31.0093 1672 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:03:31.0093 1672 Secdrv - ok
17:03:31.0140 1672 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:03:31.0140 1672 seclogon - ok
17:03:31.0156 1672 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:03:31.0156 1672 SENS - ok
17:03:31.0171 1672 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:03:31.0171 1672 Serenum - ok
17:03:31.0187 1672 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:03:31.0187 1672 Serial - ok
17:03:31.0218 1672 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:03:31.0218 1672 Sfloppy - ok
17:03:31.0328 1672 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:03:31.0343 1672 SharedAccess - ok
17:03:31.0390 1672 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:03:31.0406 1672 ShellHWDetection - ok
17:03:31.0406 1672 Simbad - ok
17:03:31.0765 1672 smserial (0c81c75a42a4e920a91a8bb729b10449) C:\WINDOWS\system32\DRIVERS\smserial.sys
17:03:31.0781 1672 smserial - ok
17:03:31.0843 1672 snapman (90257773f4b4065bd0c6cc2164fd52e5) C:\WINDOWS\system32\DRIVERS\snapman.sys
17:03:31.0843 1672 snapman - ok
17:03:31.0843 1672 Sparrow - ok
17:03:31.0890 1672 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:03:31.0890 1672 splitter - ok
17:03:31.0937 1672 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:03:31.0953 1672 Spooler - ok
17:03:31.0984 1672 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:03:31.0984 1672 sr - ok
17:03:32.0031 1672 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:03:32.0046 1672 srservice - ok
17:03:32.0156 1672 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\System32\Drivers\NIS\1307000.009\SRTSP.SYS
17:03:32.0187 1672 SRTSP - ok
17:03:32.0265 1672 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\NIS\1307000.009\SRTSPX.SYS
17:03:32.0265 1672 SRTSPX - ok
17:03:32.0734 1672 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:03:32.0750 1672 Srv - ok
17:03:32.0812 1672 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:03:32.0812 1672 SSDPSRV - ok
17:03:32.0921 1672 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:03:33.0093 1672 stisvc - ok
17:03:33.0203 1672 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:03:33.0203 1672 swenum - ok
17:03:33.0312 1672 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:03:33.0312 1672 swmidi - ok
17:03:33.0328 1672 SwPrv - ok
17:03:33.0343 1672 symc810 - ok
17:03:33.0343 1672 symc8xx - ok
17:03:33.0734 1672 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NIS\1307000.009\SYMDS.SYS
17:03:33.0859 1672 SymDS - ok
17:03:35.0937 1672 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NIS\1307000.009\SYMEFA.SYS
17:03:36.0203 1672 SymEFA - ok
17:03:36.0281 1672 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
17:03:36.0296 1672 SymEvent - ok
17:03:36.0468 1672 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NIS\1307000.009\Ironx86.SYS
17:03:36.0531 1672 SymIRON - ok
17:03:36.0640 1672 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NIS\1307000.009\SYMTDI.SYS
17:03:36.0656 1672 SYMTDI - ok
17:03:36.0671 1672 sym_hi - ok
17:03:36.0687 1672 sym_u3 - ok
17:03:36.0718 1672 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:03:36.0718 1672 sysaudio - ok
17:03:36.0765 1672 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:03:36.0781 1672 SysmonLog - ok
17:03:36.0843 1672 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:03:36.0859 1672 TapiSrv - ok
17:03:36.0921 1672 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:03:36.0937 1672 Tcpip - ok
17:03:36.0968 1672 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:03:36.0984 1672 TDPIPE - ok
17:03:37.0000 1672 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:03:37.0015 1672 TDTCP - ok
17:03:37.0046 1672 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:03:37.0046 1672 TermDD - ok
17:03:37.0140 1672 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:03:37.0156 1672 TermService - ok
17:03:37.0218 1672 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:03:37.0218 1672 Themes - ok
17:03:37.0296 1672 tifsfilter (7369f74dd9172c6527a8aceb010e28f1) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
17:03:37.0296 1672 tifsfilter - ok
17:03:37.0734 1672 timounter (53fec95b844c46489f6683dc0a606e01) C:\WINDOWS\system32\DRIVERS\timntr.sys
17:03:37.0734 1672 timounter - ok
17:03:37.0859 1672 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
17:03:37.0875 1672 TlntSvr - ok
17:03:37.0890 1672 TosIde - ok
17:03:37.0953 1672 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:03:37.0968 1672 TrkWks - ok
17:03:38.0046 1672 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:03:38.0046 1672 Udfs - ok
17:03:38.0062 1672 ultra - ok
17:03:38.0218 1672 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
17:03:38.0218 1672 UMWdf - ok
17:03:38.0500 1672 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:03:38.0515 1672 Update - ok
17:03:38.0562 1672 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:03:38.0578 1672 upnphost - ok
17:03:38.0609 1672 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:03:38.0609 1672 UPS - ok
17:03:38.0656 1672 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:03:38.0656 1672 usbccgp - ok
17:03:38.0671 1672 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:03:38.0671 1672 usbehci - ok
17:03:38.0687 1672 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:03:38.0687 1672 usbhub - ok
17:03:38.0703 1672 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:03:38.0703 1672 usbprint - ok
17:03:38.0750 1672 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:03:38.0750 1672 usbscan - ok
17:03:38.0750 1672 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:03:38.0765 1672 USBSTOR - ok
17:03:38.0781 1672 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:03:38.0781 1672 usbuhci - ok
17:03:38.0796 1672 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:03:38.0796 1672 VgaSave - ok
17:03:38.0828 1672 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:03:38.0828 1672 ViaIde - ok
17:03:38.0843 1672 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:03:38.0843 1672 VolSnap - ok
17:03:38.0875 1672 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:03:38.0921 1672 VSS - ok
17:03:39.0125 1672 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:03:39.0156 1672 W32Time - ok
17:03:39.0187 1672 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:03:39.0187 1672 Wanarp - ok
17:03:39.0234 1672 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
17:03:39.0234 1672 wanatw - ok
17:03:39.0265 1672 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
17:03:39.0265 1672 WDC_SAM - ok
17:03:39.0375 1672 WDDMService (8530b35284aa20d9c614ccb3725cef37) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
17:03:39.0390 1672 WDDMService - ok
17:03:39.0406 1672 WDICA - ok
17:03:39.0421 1672 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:03:39.0437 1672 wdmaud - ok
17:03:39.0453 1672 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
17:03:39.0468 1672 WDSmartWareBackgroundService - ok
17:03:39.0546 1672 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:03:39.0562 1672 WebClient - ok
17:03:39.0890 1672 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:03:39.0890 1672 winmgmt - ok
17:03:39.0937 1672 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
17:03:39.0937 1672 WmdmPmSN - ok
17:03:40.0015 1672 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
17:03:40.0031 1672 Wmi - ok
17:03:40.0062 1672 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:03:40.0078 1672 WmiApSrv - ok
17:03:40.0140 1672 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:03:40.0140 1672 wscsvc - ok
17:03:40.0187 1672 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:03:40.0203 1672 wuauserv - ok
17:03:40.0453 1672 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:03:40.0578 1672 WZCSVC - ok
17:03:40.0609 1672 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:03:40.0625 1672 xmlprov - ok
17:03:40.0656 1672 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:03:40.0859 1672 \Device\Harddisk0\DR0 - ok
17:03:40.0875 1672 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
17:03:40.0875 1672 \Device\Harddisk1\DR4 - ok
17:03:40.0875 1672 Boot (0x1200) (be82ae5a6a324cf25abdebd90764ed05) \Device\Harddisk0\DR0\Partition0
17:03:40.0875 1672 \Device\Harddisk0\DR0\Partition0 - ok
17:03:40.0890 1672 Boot (0x1200) (824a5c4b9c04dbb8cddde769d9bf9693) \Device\Harddisk0\DR0\Partition1
17:03:40.0906 1672 \Device\Harddisk0\DR0\Partition1 - ok
17:03:40.0906 1672 Boot (0x1200) (12465cb012d0ff36e8a8e89b655ef92a) \Device\Harddisk1\DR4\Partition0
17:03:40.0906 1672 \Device\Harddisk1\DR4\Partition0 - ok
17:03:40.0921 1672 ============================================================
17:03:40.0921 1672 Scan finished
17:03:40.0921 1672 ============================================================
17:03:40.0937 1132 Detected object count: 0
17:03:40.0937 1132 Actual detected object count: 0
17:04:27.0484 0692 Deinitialize success

Attached Files

  • Attached File  MBR.txt   512bytes   140 downloads

  • 0

#8
RKinner
Posted 28 April 2012 - 03:35 PM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
16:59:44.453 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 2 MB offset 390715920 <= This is the tidserv partition that Norton is finding.

It's not active so you should be able to delete it from diskmgmt.msc It's the one on the top of the list without a letter. It says 3 MB. Right click on it and Delete Volume.
  • 0

#9
dal4000
Posted 28 April 2012 - 04:18 PM

dal4000

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Done, rebooted no more Norton messages! Yea looks like that fixed it. Thank you very much.
I'm assuming there is no cleanup in this case.
  • 0

#10
RKinner
Posted 28 April 2012 - 05:07 PM

RKinner

    Malware Expert

  • Expert
  • 24,425 posts
  • MVP
An abbreviated cleanup:

You can uninstall or delete any tools we had you download and their logs.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP