Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

No Sound After Recent MS XP Security Update [Solved]

Started by dale1234 , Nov 28 2012 07:45 PM

This topic is locked

#1
dale1234

Posted 28 November 2012 - 07:45 PM

Member

Member
24 posts

Not even sure it's malware, but; last Sunday MS auto-updated my XP SP3 system with two security patches. Upon reboot I had no sound and could not run any programs (Outlook, Task Manager, a game or two I tried) except browsers. HDD would churn a little and a brief hourglass but nothing else. I backed out the updates and rebooted, everything ran fine for a week. Lost power to the house yesterday, when system came back up, same problem. Backed out the last two MS updates again and once again all seemed fine. Now, tonight, after no reboots or other changes (and autoUpdate now turned off), I've lost sound again (claims no devices or drivers available), although Outlook now works fine.

Under the assumption that I've got some sort of Badness going on, I ran OTL (below) a instructed.

Thanks!

-dale

OTL logfile created on: 11/28/2012 7:21:41 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads\SPYWARE\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 36.37% Memory free
3.32 Gb Paging File | 2.17 Gb Available in Paging File | 65.36% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 372.60 Gb Total Space | 195.52 Gb Free Space | 52.47% Space Free | Partition Type: NTFS
Drive D: | 29.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 1397.26 Gb Total Space | 460.77 Gb Free Space | 32.98% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 727.75 Gb Free Space | 78.13% Space Free | Partition Type: NTFS

Computer Name: STEN | User Name: Dale | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/28 19:20:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\SPYWARE\OTL\OTL.exe
PRC - [2012/10/26 15:10:12 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/15 18:42:56 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/08/19 04:19:25 | 000,871,536 | ---- | M] (BitLeader) -- C:\Program Files\lg_fwupdate\fwupdate.exe
PRC - [2012/07/02 01:21:00 | 001,390,432 | ---- | M] (Avant Force) -- C:\Program Files\Avant Browser\avant.exe
PRC - [2012/07/02 01:21:00 | 001,101,664 | ---- | M] (The Chromium Authors) -- C:\Program Files\Avant Browser\webkit\chrome.exe
PRC - [2012/06/11 13:08:00 | 000,211,288 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn3\ytbb.exe
PRC - [2012/02/06 16:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/23 14:10:58 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/05/11 11:47:24 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/05/11 11:46:54 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2002/07/11 14:31:56 | 000,045,056 | ---- | M] (DeviceGuys) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\LMpdpsrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/18 04:38:17 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\314f807b4f655af492182b597ea1e7a6\System.ServiceProcess.ni.dll
MOD - [2012/11/18 04:34:45 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\06cf816caaf03dc1d3f8945e335c5105\System.Runtime.Remoting.ni.dll
MOD - [2012/11/18 04:34:42 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\ae2ff153463bc98124e93c33296ec79c\System.EnterpriseServices.ni.dll
MOD - [2012/11/18 04:34:41 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\8531f40353107a46871aace28f057ec2\System.Transactions.ni.dll
MOD - [2012/11/18 04:09:40 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a8319839729e0e30785fcb36fb13b440\System.Windows.Forms.ni.dll
MOD - [2012/11/18 04:09:12 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9261a08aed6aa953fe0a4b90787657f1\System.Data.ni.dll
MOD - [2012/11/18 04:09:10 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\586e41e15e1d44fe197b9d1cc5575f8c\System.Xml.ni.dll
MOD - [2012/11/18 04:09:00 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\c409feb9182d01c80872f2031d68053e\System.Configuration.ni.dll
MOD - [2012/11/18 04:08:58 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\985109f2568f3251333dad29bc889421\System.Core.ni.dll
MOD - [2012/11/18 04:08:52 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\c87e56bad0d9eae13b89a0e2bb0efc1f\System.Drawing.ni.dll
MOD - [2012/11/18 04:08:46 | 009,092,608 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\982a5b70d861cb34f85e041075d5112c\System.ni.dll
MOD - [2012/11/18 04:08:31 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2012/10/26 15:10:12 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/10/09 02:38:07 | 009,814,968 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/07/02 01:21:00 | 003,972,120 | ---- | M] () -- C:\Program Files\Avant Browser\webkit\pdf.dll
MOD - [2012/07/02 01:21:00 | 001,416,192 | ---- | M] () -- C:\Program Files\Avant Browser\avantshell.dll
MOD - [2012/07/02 01:21:00 | 001,126,926 | ---- | M] () -- C:\Program Files\Avant Browser\webkit\avcodec-54.dll
MOD - [2012/07/02 01:21:00 | 000,677,376 | ---- | M] () -- C:\Program Files\Avant Browser\_sqlite3.dll
MOD - [2012/07/02 01:21:00 | 000,521,216 | ---- | M] () -- C:\Program Files\Avant Browser\webkit\libGLESv2.dll
MOD - [2012/07/02 01:21:00 | 000,430,592 | ---- | M] () -- C:\Program Files\Avant Browser\webkit\ppGoogleNaClPluginChrome.dll
MOD - [2012/07/02 01:21:00 | 000,213,518 | ---- | M] () -- C:\Program Files\Avant Browser\webkit\avformat-54.dll
MOD - [2012/07/02 01:21:00 | 000,134,670 | ---- | M] () -- C:\Program Files\Avant Browser\webkit\avutil-51.dll
MOD - [2012/07/02 01:21:00 | 000,099,328 | ---- | M] () -- C:\Program Files\Avant Browser\webkit\libEGL.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/07/28 17:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/08/09 23:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/01/07 12:00:52 | 000,094,720 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2008/03/23 14:10:58 | 000,048,640 | ---- | M] () -- C:\WINDOWS\mmfs.dll
MOD - [2008/03/23 14:10:58 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe

========== Services (SafeList) ==========

SRV - [2012/10/26 15:10:12 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/09 02:38:07 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/15 18:42:56 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/02/06 16:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe -- (NAV)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/03/23 14:10:58 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/05/11 11:46:54 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMREDRV.SYS -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMIDS.SYS -- (SYMIDS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMDNS.SYS -- (SYMDNS)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\PciCon.sys -- (PciCon)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/10/23 17:34:24 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20121106.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/09/12 19:16:34 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20121128.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/09/12 19:16:33 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20121128.016\NAVENG.SYS -- (NAVENG)
DRV - [2012/09/06 03:54:30 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20121128.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/08/08 21:07:48 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/08 21:07:48 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/04 15:23:51 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/05/02 16:12:15 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 19:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1207010.003\symtdi.sys -- (SYMTDI)
DRV - [2011/03/30 21:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NAV\1207010.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 21:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1207010.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/14 20:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1207010.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 00:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1207010.003\symds.sys -- (SymDS)
DRV - [2011/01/26 23:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1207010.003\ironx86.sys -- (SymIRON)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2007/03/16 09:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 09:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2006/07/28 21:20:28 | 000,043,392 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2006/07/27 00:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/07/05 15:35:54 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2005/12/02 03:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=AVBR
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...=AVB3DF&pc=AVBR
IE - HKCU\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = http://www.ask.com/w...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2012/02/05 17:37:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/31 05:36:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/26 15:10:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/26 15:10:07 | 000,000,000 | ---D | M]

[2008/11/12 12:45:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dale\Application Data\Mozilla\Extensions
[2012/10/23 13:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dale\Application Data\Mozilla\Firefox\Profiles\xp3g4fv2.default\extensions
[2012/10/11 13:51:28 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Dale\Application Data\Mozilla\Firefox\Profiles\xp3g4fv2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/10/11 13:51:26 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Dale\Application Data\Mozilla\Firefox\Profiles\xp3g4fv2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012/10/26 15:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/05 17:37:01 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPLGN
[2012/10/26 15:10:12 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2012/10/10 19:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/10 19:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2010/06/17 13:08:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelAudioStudio] C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\lgfw.exe (Bitleader)
O4 - HKLM..\Run: [LMPDPSRV] C:\WINDOWS\system32\spool\drivers\w32x86\3\LMpdpsrv.exe (DeviceGuys)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe (Lexmark International)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} http://simcity.ea.co...date/EARTPX.cab (EARTPatchX Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1342158861140 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} http://simcity.ea.co...ty4PatcherX.cab (MaxisSimCity4PatcherX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2F532D9-22E9-4328-AD01-E1D815227896}: DhcpNameServer = 75.75.76.76 75.75.75.75
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dale\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dale\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/27 02:35:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/02/14 22:53:50 | 000,000,027 | ---- | M] () - J:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/28 08:27:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/11/18 14:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/11/18 14:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/11/18 13:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/11/18 04:06:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/28 19:06:21 | 000,001,125 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2012/11/28 18:38:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/11/28 07:58:37 | 000,000,125 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2012/11/28 07:58:34 | 000,013,672 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/28 07:58:31 | 000,003,625 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2012/11/28 07:58:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/27 22:12:11 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/11/26 23:20:32 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\Dale\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/18 18:53:59 | 000,000,361 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2012/11/18 18:46:51 | 000,212,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/18 04:44:11 | 000,476,136 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/18 04:44:11 | 000,077,044 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/11 17:46:45 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\Dale\Desktop\Shortcut to FG.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/11 17:46:45 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\Dale\Desktop\Shortcut to FG.lnk
[2012/09/21 12:17:50 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\Dale\favicons.dat
[2012/03/18 03:31:50 | 001,097,109 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1275210071-1960408961-725345543-1003-0.dat
[2012/03/18 03:31:49 | 000,215,498 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/03/10 21:02:22 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/15 23:27:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/05 17:36:40 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2012/02/02 01:00:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\dvdtest10024.dat
[2011/02/20 14:31:42 | 000,000,182 | ---- | C] () -- C:\WINDOWS\bgn.ini
[2010/12/11 19:51:32 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/11 19:51:30 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/11 19:51:30 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/05 16:23:58 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Dale\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2008/11/13 10:25:16 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\Dale\Application Data\LMCPaper.dat
[2008/11/13 10:14:05 | 000,003,932 | ---- | C] () -- C:\Documents and Settings\Dale\Application Data\LMLayout.dat
[2008/01/01 01:38:09 | 000,051,712 | ---- | C] () -- C:\Documents and Settings\Dale\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2011/08/13 15:01:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/06/19 11:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/06/28 10:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2012/02/02 01:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD-Cloner
[2012/01/27 02:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dvdfab
[2010/06/13 11:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/11/05 17:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2012/02/05 17:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/06/19 11:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/10/23 03:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008/01/01 12:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale\Application Data\acccore
[2012/04/21 20:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale\Application Data\Amazon
[2011/09/30 22:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale\Application Data\Avant Downloader
[2011/12/31 05:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale\Application Data\DDMSettings
[2012/02/02 01:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale\Application Data\DVD-Cloner
[2009/02/04 14:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale\Application Data\FileZilla
[2012/01/15 16:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale\Application Data\HandBrake
[2010/04/05 01:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale\Application Data\Helios
[2009/12/15 12:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale\Application Data\InterVideo
[2011/05/28 15:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale\Application Data\Leadertech
[2011/09/26 02:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale\Application Data\Tific
[2012/11/18 04:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale\Application Data\uTorrent
[2009/10/23 11:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dale\Application Data\Viewpoint

========== Purity Check ==========

< End of report >

#2
dale1234

Posted 28 November 2012 - 11:27 PM

Member

Topic Starter
Member
24 posts

Ran Malwarebytes which nailed one trojan, after restart sound came back after I manually opened Volume control then dragged up the "Wave" value from 0. Lasted until I minimized Volume console, repeated this two times. When I started WinAmp the default folder to play was the win32 folder, not anywhere in my normal media folder.

-dale

#3
dale1234

Posted 29 November 2012 - 07:26 PM

Member

Topic Starter
Member
24 posts

OK, did some more checking and I'm a moron. I've been completely blowing through a new official-looking "run as" dialog box for the last week or so - sometimes I OK, sometimes Cancel, and when I DON'T click on it, I can get some programs to run.

Now what do I need to do? Another OTL?

-dale

#4
emeraldnzl

Posted 06 December 2012 - 03:37 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello dale1234,

Welcome to Geekstogo.

Sorry about the delay. You answered your topic, that can mislead us into thinking that you have already been answered by an expert.

First off it looks like you might have more than one anti-virus program running. Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

Please download Security Check by screen317 from here .

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Ran Malwarebytes which nailed one trojan,

Please post the log for that one so I can see what was found.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy and paste it back here.

So when you return please post
checkup.txt
MBAM log

#5
dale1234

Posted 08 December 2012 - 04:54 AM

Member

Topic Starter
Member
24 posts

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton AntiVirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Malwarebytes Anti-Malware version 1.65.1.1000
HijackThis 2.0.2
Java™ 6 Update 22
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Norton AntiVirus Norton AntiVirus Engine 18.7.1.3\ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 0%
````````````````````End of Log``````````````````````
=====================================================================================

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.29.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dale :: STEN [administrator]

11/28/2012 10:58:28 PM
mbam-log-2012-11-28 (22-58-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225086
Time elapsed: 8 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Dale\Local Settings\Temp\57.tmp (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.

(end)

#6
emeraldnzl

Posted 08 December 2012 - 12:09 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello dale1234,

Viewpoint Manager is considered as foistware instead of malware since it is mostly installed without users approval. Check out this article:

http://www.clickz.com/news/article.php/3561546

Up to you but I recommend removal of this program. Click on Start > Control Panel > Add or Remove Programs uninstall the following if they exist:

Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Step 2

You have Windows Firewall enabled. It will be conflicting with Norton Symantec which has it's own firewall. Normally Norton will automatically turn it off when it installs but for some reason it is showing as back on. You need to turn it off.

To disable Windows Firewall, follow these steps:

Go to Start > Run and type Firewall.cpl and click OK.
On the General tab, click Off (not recommended).
Click OK.

Next

Download aswMBR.exe ( 4.5mb ) to your desktop.

Double click the aswMBR.exe to run it.

Posted Image

Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Finally in this post

Please download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

When you return please post

aswMBR report
TDSSKiller log.txt

#7
dale1234

Posted 08 December 2012 - 04:22 PM

Member

Topic Starter
Member
24 posts

Turned off Windows firewall, removed Viewpoint.

Ran aswMBR but it hung (twice) for 20+ minutes on my My Documents Adobe Reader folder - only has 5 files in it. After 2 reboot same thing, so skipped that and ran TDSSKiller:

16:07:36.0390 3124 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:07:37.0375 3124 ============================================================
16:07:37.0375 3124 Current date / time: 2012/12/08 16:07:37.0375
16:07:37.0375 3124 SystemInfo:
16:07:37.0375 3124
16:07:37.0375 3124 OS Version: 5.1.2600 ServicePack: 3.0
16:07:37.0375 3124 Product type: Workstation
16:07:37.0375 3124 ComputerName: STEN
16:07:37.0375 3124 UserName: Dale
16:07:37.0375 3124 Windows directory: C:\WINDOWS
16:07:37.0375 3124 System windows directory: C:\WINDOWS
16:07:37.0375 3124 Processor architecture: Intel x86
16:07:37.0375 3124 Number of processors: 2
16:07:37.0375 3124 Page size: 0x1000
16:07:37.0375 3124 Boot type: Normal boot
16:07:37.0375 3124 ============================================================
16:07:40.0390 3124 BG loaded
16:07:41.0093 3124 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:07:41.0140 3124 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:07:41.0140 3124 Drive \Device\Harddisk2\DR4 - Size: 0xE8E0DB5E00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:07:41.0156 3124 ============================================================
16:07:41.0156 3124 \Device\Harddisk0\DR0:
16:07:41.0156 3124 MBR partitions:
16:07:41.0156 3124 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2E933DC1
16:07:41.0156 3124 \Device\Harddisk1\DR1:
16:07:41.0156 3124 MBR partitions:
16:07:41.0156 3124 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0xAEA86702
16:07:41.0156 3124 \Device\Harddisk2\DR4:
16:07:41.0156 3124 MBR partitions:
16:07:41.0156 3124 \Device\Harddisk2\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747059C1
16:07:41.0156 3124 ============================================================
16:07:41.0515 3124 C: <-> \Device\Harddisk0\DR0\Partition1
16:07:41.0515 3124 I: <-> \Device\Harddisk1\DR1\Partition1
16:07:41.0546 3124 J: <-> \Device\Harddisk2\DR4\Partition1
16:07:41.0625 3124 ============================================================
16:07:41.0625 3124 Initialize success
16:07:41.0625 3124 ============================================================
16:11:05.0953 1776 ============================================================
16:11:05.0953 1776 Scan started
16:11:05.0953 1776 Mode: Manual; SigCheck; TDLFS;
16:11:05.0953 1776 ============================================================
16:11:06.0062 1776 ================ Scan system memory ========================
16:11:06.0062 1776 System memory - ok
16:11:06.0078 1776 ================ Scan services =============================
16:11:06.0312 1776 Abiosdsk - ok
16:11:06.0312 1776 abp480n5 - ok
16:11:06.0359 1776 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:11:08.0937 1776 ACPI - ok
16:11:08.0968 1776 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:11:09.0125 1776 ACPIEC - ok
16:11:09.0187 1776 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:11:09.0234 1776 AdobeFlashPlayerUpdateSvc - ok
16:11:09.0234 1776 adpu160m - ok
16:11:09.0281 1776 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:11:09.0390 1776 aec - ok
16:11:09.0421 1776 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:11:09.0500 1776 AFD - ok
16:11:09.0500 1776 Aha154x - ok
16:11:09.0500 1776 aic78u2 - ok
16:11:09.0515 1776 aic78xx - ok
16:11:09.0531 1776 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:11:09.0656 1776 Alerter - ok
16:11:09.0687 1776 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:11:09.0812 1776 ALG - ok
16:11:09.0812 1776 AliIde - ok
16:11:09.0828 1776 amsint - ok
16:11:09.0875 1776 [ 486CF73F183E7ADC5575FCD47F9FB1AF ] AnyDVD C:\WINDOWS\system32\Drivers\AnyDVD.sys
16:11:09.0984 1776 AnyDVD - ok
16:11:10.0109 1776 [ 70D7BE78061126DD0C3ACCDB7E129017 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:11:10.0125 1776 Apple Mobile Device - ok
16:11:10.0171 1776 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:11:10.0375 1776 AppMgmt - ok
16:11:10.0390 1776 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:11:10.0515 1776 Arp1394 - ok
16:11:10.0531 1776 asc - ok
16:11:10.0531 1776 asc3350p - ok
16:11:10.0531 1776 asc3550 - ok
16:11:10.0640 1776 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:11:10.0703 1776 aspnet_state - ok
16:11:10.0718 1776 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:11:10.0843 1776 AsyncMac - ok
16:11:10.0890 1776 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:11:11.0000 1776 atapi - ok
16:11:11.0000 1776 Atdisk - ok
16:11:11.0031 1776 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:11:11.0140 1776 Atmarpc - ok
16:11:11.0187 1776 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:11:11.0296 1776 AudioSrv - ok
16:11:11.0328 1776 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:11:11.0453 1776 audstub - ok
16:11:11.0484 1776 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:11:11.0625 1776 Beep - ok
16:11:11.0875 1776 [ 9DFFCB249663AA3C2ECB67202280054E ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20121130.005\BHDrvx86.sys
16:11:11.0921 1776 BHDrvx86 - ok
16:11:11.0968 1776 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
16:11:12.0093 1776 BITS - ok
16:11:12.0171 1776 [ 673CF4F6BB1FBE09331B526802FBB892 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:11:12.0187 1776 Bonjour Service - ok
16:11:12.0234 1776 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
16:11:12.0281 1776 Browser - ok
16:11:12.0281 1776 Cardex - ok
16:11:12.0312 1776 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:11:12.0453 1776 cbidf2k - ok
16:11:12.0453 1776 cd20xrnt - ok
16:11:12.0484 1776 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:11:12.0609 1776 Cdaudio - ok
16:11:12.0656 1776 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:11:12.0750 1776 Cdfs - ok
16:11:12.0796 1776 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:11:12.0890 1776 Cdrom - ok
16:11:12.0906 1776 Changer - ok
16:11:12.0921 1776 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:11:13.0031 1776 CiSvc - ok
16:11:13.0046 1776 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:11:13.0171 1776 ClipSrv - ok
16:11:13.0203 1776 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:11:13.0296 1776 clr_optimization_v2.0.50727_32 - ok
16:11:13.0359 1776 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:11:13.0375 1776 clr_optimization_v4.0.30319_32 - ok
16:11:13.0390 1776 CmdIde - ok
16:11:13.0390 1776 COMSysApp - ok
16:11:13.0390 1776 Cpqarray - ok
16:11:13.0406 1776 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:11:13.0515 1776 CryptSvc - ok
16:11:13.0515 1776 dac2w2k - ok
16:11:13.0515 1776 dac960nt - ok
16:11:13.0562 1776 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:11:13.0656 1776 DcomLaunch - ok
16:11:13.0656 1776 DgiVecp - ok
16:11:13.0687 1776 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:11:13.0812 1776 Dhcp - ok
16:11:13.0843 1776 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:11:13.0953 1776 Disk - ok
16:11:13.0953 1776 dmadmin - ok
16:11:14.0000 1776 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:11:14.0156 1776 dmboot - ok
16:11:14.0171 1776 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:11:14.0312 1776 dmio - ok
16:11:14.0328 1776 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:11:14.0437 1776 dmload - ok
16:11:14.0468 1776 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:11:14.0593 1776 dmserver - ok
16:11:14.0609 1776 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:11:14.0750 1776 DMusic - ok
16:11:14.0796 1776 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:11:14.0890 1776 Dnscache - ok
16:11:14.0968 1776 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:11:15.0078 1776 Dot3svc - ok
16:11:15.0078 1776 dpti2o - ok
16:11:15.0109 1776 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:11:15.0234 1776 drmkaud - ok
16:11:15.0281 1776 [ 00192F0C612591D585594E9467E6CA8B ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
16:11:15.0406 1776 e1express - ok
16:11:15.0421 1776 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:11:15.0546 1776 EapHost - ok
16:11:15.0625 1776 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:11:15.0640 1776 eeCtrl - ok
16:11:15.0671 1776 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
16:11:15.0718 1776 ElbyCDIO - ok
16:11:15.0734 1776 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:11:15.0750 1776 EraserUtilRebootDrv - ok
16:11:15.0796 1776 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:11:15.0890 1776 ERSvc - ok
16:11:15.0921 1776 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:11:15.0984 1776 Eventlog - ok
16:11:16.0031 1776 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
16:11:16.0078 1776 EventSystem - ok
16:11:16.0109 1776 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:11:16.0218 1776 Fastfat - ok
16:11:16.0234 1776 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:11:16.0343 1776 FastUserSwitchingCompatibility - ok
16:11:16.0359 1776 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:11:16.0484 1776 Fdc - ok
16:11:16.0515 1776 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:11:16.0640 1776 Fips - ok
16:11:16.0656 1776 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:11:16.0765 1776 Flpydisk - ok
16:11:16.0812 1776 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:11:16.0937 1776 FltMgr - ok
16:11:17.0031 1776 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:11:17.0046 1776 FontCache3.0.0.0 - ok
16:11:17.0078 1776 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:11:17.0203 1776 Fs_Rec - ok
16:11:17.0218 1776 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:11:17.0359 1776 Ftdisk - ok
16:11:17.0390 1776 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:11:17.0437 1776 GEARAspiWDM - ok
16:11:17.0484 1776 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:11:17.0593 1776 Gpc - ok
16:11:17.0609 1776 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:11:17.0718 1776 HDAudBus - ok
16:11:17.0750 1776 [ 19E26D0402E6D29E67FA74650187567E ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
16:11:17.0796 1776 HECI - ok
16:11:17.0859 1776 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:11:17.0968 1776 helpsvc - ok
16:11:18.0015 1776 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:11:18.0140 1776 HidServ - ok
16:11:18.0171 1776 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:11:18.0296 1776 hidusb - ok
16:11:18.0343 1776 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:11:18.0468 1776 hkmsvc - ok
16:11:18.0468 1776 hpn - ok
16:11:18.0500 1776 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:11:18.0562 1776 HTTP - ok
16:11:18.0593 1776 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:11:18.0703 1776 HTTPFilter - ok
16:11:18.0718 1776 i2omgmt - ok
16:11:18.0718 1776 i2omp - ok
16:11:18.0750 1776 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:11:18.0859 1776 i8042prt - ok
16:11:18.0937 1776 [ 3F28B1E3E98B9EEAC1ADD1F7B69BDE77 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
16:11:18.0953 1776 IAANTMON ( UnsignedFile.Multi.Generic ) - warning
16:11:18.0953 1776 IAANTMON - detected UnsignedFile.Multi.Generic (1)
16:11:19.0031 1776 [ 294110966CEDD127629C5BE48367C8CF ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
16:11:19.0125 1776 iaStor - ok
16:11:19.0281 1776 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:11:19.0343 1776 idsvc - ok
16:11:19.0421 1776 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20121205.001\IDSxpx86.sys
16:11:19.0468 1776 IDSxpx86 - ok
16:11:19.0515 1776 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:11:19.0625 1776 Imapi - ok
16:11:19.0656 1776 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:11:19.0750 1776 ImapiService - ok
16:11:19.0765 1776 ini910u - ok
16:11:19.0765 1776 IntelIde - ok
16:11:19.0796 1776 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:11:19.0890 1776 intelppm - ok
16:11:19.0968 1776 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
16:11:19.0984 1776 IntuitUpdateServiceV4 - ok
16:11:20.0015 1776 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:11:20.0125 1776 Ip6Fw - ok
16:11:20.0140 1776 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:11:20.0265 1776 IpFilterDriver - ok
16:11:20.0281 1776 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:11:20.0406 1776 IpInIp - ok
16:11:20.0437 1776 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:11:20.0578 1776 IpNat - ok
16:11:20.0625 1776 [ 32CDEDD15E2D1A557CD54552AE78FF86 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:11:20.0656 1776 iPod Service - ok
16:11:20.0703 1776 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:11:20.0812 1776 IPSec - ok
16:11:20.0828 1776 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:11:20.0937 1776 IRENUM - ok
16:11:20.0984 1776 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:11:21.0093 1776 isapnp - ok
16:11:21.0187 1776 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
16:11:21.0203 1776 JavaQuickStarterService - ok
16:11:21.0218 1776 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:11:21.0328 1776 Kbdclass - ok
16:11:21.0359 1776 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:11:21.0484 1776 kbdhid - ok
16:11:21.0531 1776 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:11:21.0656 1776 kmixer - ok
16:11:21.0687 1776 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:11:21.0781 1776 KSecDD - ok
16:11:21.0812 1776 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:11:21.0859 1776 lanmanserver - ok
16:11:21.0890 1776 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:11:21.0937 1776 lanmanworkstation - ok
16:11:21.0937 1776 lbrtfdc - ok
16:11:21.0984 1776 [ 29FAB5363138F6E322F4CD780ED9D337 ] LicCtrlService C:\WINDOWS\runservice.exe
16:11:22.0765 1776 LicCtrlService ( UnsignedFile.Multi.Generic ) - warning
16:11:22.0765 1776 LicCtrlService - detected UnsignedFile.Multi.Generic (1)
16:11:22.0796 1776 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:11:22.0921 1776 LmHosts - ok
16:11:22.0937 1776 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:11:23.0078 1776 Messenger - ok
16:11:23.0125 1776 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:11:23.0234 1776 mnmdd - ok
16:11:23.0250 1776 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:11:23.0359 1776 mnmsrvc - ok
16:11:23.0375 1776 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:11:23.0484 1776 Modem - ok
16:11:23.0515 1776 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:11:23.0609 1776 Mouclass - ok
16:11:23.0656 1776 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:11:23.0781 1776 mouhid - ok
16:11:23.0812 1776 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:11:23.0937 1776 MountMgr - ok
16:11:23.0984 1776 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:11:24.0031 1776 MozillaMaintenance - ok
16:11:24.0031 1776 mraid35x - ok
16:11:24.0046 1776 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:11:24.0187 1776 MRxDAV - ok
16:11:24.0234 1776 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:11:24.0312 1776 MRxSmb - ok
16:11:24.0328 1776 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:11:24.0437 1776 MSDTC - ok
16:11:24.0468 1776 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:11:24.0578 1776 Msfs - ok
16:11:24.0578 1776 MSIServer - ok
16:11:24.0687 1776 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:11:24.0796 1776 MSKSSRV - ok
16:11:24.0828 1776 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:11:24.0937 1776 MSPCLOCK - ok
16:11:24.0968 1776 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:11:25.0078 1776 MSPQM - ok
16:11:25.0093 1776 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:11:25.0218 1776 mssmbios - ok
16:11:25.0250 1776 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:11:25.0421 1776 Mup - ok
16:11:25.0453 1776 [ 16EA7D22102B952621EF4D4F87E3463B ] NAL C:\WINDOWS\system32\Drivers\iqvw32.sys
16:11:25.0484 1776 NAL ( UnsignedFile.Multi.Generic ) - warning
16:11:25.0484 1776 NAL - detected UnsignedFile.Multi.Generic (1)
16:11:25.0515 1776 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:11:25.0640 1776 napagent - ok
16:11:25.0718 1776 [ E78A365CC3E0FBFC018A33DCE01909F8 ] NAV C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
16:11:25.0734 1776 NAV - ok
16:11:25.0843 1776 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20121207.020\NAVENG.SYS
16:11:25.0859 1776 NAVENG - ok
16:11:25.0921 1776 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20121207.020\NAVEX15.SYS
16:11:25.0984 1776 NAVEX15 - ok
16:11:26.0031 1776 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:11:26.0140 1776 NDIS - ok
16:11:26.0171 1776 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:11:26.0218 1776 NdisTapi - ok
16:11:26.0250 1776 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:11:26.0343 1776 Ndisuio - ok
16:11:26.0359 1776 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:11:26.0453 1776 NdisWan - ok
16:11:26.0500 1776 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:11:26.0546 1776 NDProxy - ok
16:11:26.0578 1776 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:11:26.0687 1776 NetBIOS - ok
16:11:26.0734 1776 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:11:26.0843 1776 NetBT - ok
16:11:26.0859 1776 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:11:26.0968 1776 NetDDE - ok
16:11:26.0984 1776 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:11:27.0093 1776 NetDDEdsdm - ok
16:11:27.0109 1776 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:11:27.0234 1776 Netlogon - ok
16:11:27.0265 1776 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:11:27.0359 1776 Netman - ok
16:11:27.0406 1776 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:11:27.0437 1776 NetTcpPortSharing - ok
16:11:27.0468 1776 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:11:27.0562 1776 NIC1394 - ok
16:11:27.0609 1776 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
16:11:27.0656 1776 Nla - ok
16:11:27.0750 1776 [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
16:11:27.0781 1776 NMIndexingService - ok
16:11:27.0828 1776 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:11:27.0937 1776 Npfs - ok
16:11:27.0984 1776 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:11:28.0109 1776 Ntfs - ok
16:11:28.0125 1776 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:11:28.0234 1776 NtLmSsp - ok
16:11:28.0265 1776 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:11:28.0375 1776 NtmsSvc - ok
16:11:28.0406 1776 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
16:11:28.0437 1776 NuidFltr - ok
16:11:28.0468 1776 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:11:28.0593 1776 Null - ok
16:11:28.0859 1776 [ B9B1BB146EB9A83DCF0F5635B09D3D43 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:11:29.0250 1776 nv - ok
16:11:29.0296 1776 [ CC4F8220EAD1F6A38D51679708F435B9 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
16:11:29.0328 1776 NVSvc - ok
16:11:29.0359 1776 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:11:29.0500 1776 NwlnkFlt - ok
16:11:29.0515 1776 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:11:29.0625 1776 NwlnkFwd - ok
16:11:29.0671 1776 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:11:29.0781 1776 ohci1394 - ok
16:11:29.0843 1776 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:11:29.0859 1776 ose - ok
16:11:29.0875 1776 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:11:30.0000 1776 Parport - ok
16:11:30.0015 1776 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:11:30.0125 1776 PartMgr - ok
16:11:30.0156 1776 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:11:30.0296 1776 ParVdm - ok
16:11:30.0296 1776 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:11:30.0421 1776 PCI - ok
16:11:30.0421 1776 PciCon - ok
16:11:30.0437 1776 PCIDump - ok
16:11:30.0453 1776 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:11:30.0593 1776 PCIIde - ok
16:11:30.0609 1776 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:11:30.0718 1776 Pcmcia - ok
16:11:30.0718 1776 PDCOMP - ok
16:11:30.0734 1776 PDFRAME - ok
16:11:30.0734 1776 PDRELI - ok
16:11:30.0734 1776 PDRFRAME - ok
16:11:30.0734 1776 perc2 - ok
16:11:30.0750 1776 perc2hib - ok
16:11:30.0765 1776 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:11:30.0812 1776 PlugPlay - ok
16:11:30.0828 1776 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:11:30.0921 1776 PolicyAgent - ok
16:11:30.0968 1776 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:11:31.0078 1776 PptpMiniport - ok
16:11:31.0109 1776 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:11:31.0203 1776 ProtectedStorage - ok
16:11:31.0218 1776 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:11:31.0312 1776 PSched - ok
16:11:31.0328 1776 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:11:31.0453 1776 Ptilink - ok
16:11:31.0500 1776 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
16:11:31.0531 1776 PxHelp20 - ok
16:11:31.0546 1776 ql1080 - ok
16:11:31.0546 1776 Ql10wnt - ok
16:11:31.0546 1776 ql12160 - ok
16:11:31.0562 1776 ql1240 - ok
16:11:31.0562 1776 ql1280 - ok
16:11:31.0578 1776 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:11:31.0671 1776 RasAcd - ok
16:11:31.0703 1776 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:11:31.0812 1776 RasAuto - ok
16:11:31.0828 1776 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:11:31.0953 1776 Rasl2tp - ok
16:11:31.0984 1776 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:11:32.0078 1776 RasMan - ok
16:11:32.0093 1776 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:11:32.0187 1776 RasPppoe - ok
16:11:32.0203 1776 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:11:32.0343 1776 Raspti - ok
16:11:32.0390 1776 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:11:32.0484 1776 Rdbss - ok
16:11:32.0515 1776 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:11:32.0625 1776 RDPCDD - ok
16:11:32.0640 1776 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:11:32.0765 1776 rdpdr - ok
16:11:32.0796 1776 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:11:32.0828 1776 RDPWD - ok
16:11:32.0859 1776 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:11:32.0968 1776 RDSessMgr - ok
16:11:32.0984 1776 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:11:33.0093 1776 redbook - ok
16:11:33.0156 1776 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:11:33.0250 1776 RemoteAccess - ok
16:11:33.0296 1776 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:11:33.0406 1776 RemoteRegistry - ok
16:11:33.0515 1776 [ 06A49B7BDC36CFBF97DD90804F833369 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
16:11:33.0531 1776 RichVideo - ok
16:11:33.0562 1776 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
16:11:33.0656 1776 RpcLocator - ok
16:11:33.0687 1776 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
16:11:33.0734 1776 RpcSs - ok
16:11:33.0765 1776 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:11:33.0906 1776 RSVP - ok
16:11:33.0921 1776 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:11:34.0015 1776 SamSs - ok
16:11:34.0046 1776 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:11:34.0156 1776 SCardSvr - ok
16:11:34.0203 1776 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:11:34.0328 1776 Schedule - ok
16:11:34.0343 1776 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:11:34.0453 1776 Secdrv - ok
16:11:34.0484 1776 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:11:34.0609 1776 seclogon - ok
16:11:34.0640 1776 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:11:34.0734 1776 SENS - ok
16:11:34.0765 1776 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:11:34.0875 1776 serenum - ok
16:11:34.0890 1776 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:11:34.0984 1776 Serial - ok
16:11:35.0031 1776 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:11:35.0156 1776 Sfloppy - ok
16:11:35.0187 1776 [ 5FE18FFF6FBCF218290042009EAB023D ] sfng32 C:\WINDOWS\system32\drivers\sfng32.sys
16:11:35.0281 1776 sfng32 - ok
16:11:35.0328 1776 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:11:35.0437 1776 SharedAccess - ok
16:11:35.0453 1776 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:11:35.0484 1776 ShellHWDetection - ok
16:11:35.0500 1776 Simbad - ok
16:11:35.0500 1776 Sparrow - ok
16:11:35.0546 1776 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:11:35.0656 1776 splitter - ok
16:11:35.0687 1776 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:11:35.0750 1776 Spooler - ok
16:11:35.0765 1776 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:11:35.0890 1776 sr - ok
16:11:35.0937 1776 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
16:11:36.0031 1776 srservice - ok
16:11:36.0125 1776 [ 83726CF02ECED69138948083E06B6EAC ] SRTSP C:\WINDOWS\System32\Drivers\NAV\1207010.003\SRTSP.SYS
16:11:36.0156 1776 SRTSP - ok
16:11:36.0187 1776 [ 4E7EAB2E5615D39CF1F1DF9C71E5E225 ] SRTSPX C:\WINDOWS\system32\drivers\NAV\1207010.003\SRTSPX.SYS
16:11:36.0187 1776 SRTSPX - ok
16:11:36.0250 1776 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:11:36.0343 1776 Srv - ok
16:11:36.0375 1776 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:11:36.0484 1776 SSDPSRV - ok
16:11:36.0531 1776 [ 8990440E4B2A7CA5A56A1833B03741FD ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
16:11:36.0593 1776 STHDA - ok
16:11:36.0625 1776 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:11:36.0734 1776 stisvc - ok
16:11:36.0765 1776 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:11:36.0875 1776 swenum - ok
16:11:36.0906 1776 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:11:37.0000 1776 swmidi - ok
16:11:37.0015 1776 SwPrv - ok
16:11:37.0015 1776 symc810 - ok
16:11:37.0015 1776 symc8xx - ok
16:11:37.0031 1776 SYMDNS - ok
16:11:37.0062 1776 [ 9BBEB8C6258E72D62E7560E6667AAD39 ] SymDS C:\WINDOWS\system32\drivers\NAV\1207010.003\SYMDS.SYS
16:11:37.0093 1776 SymDS - ok
16:11:37.0140 1776 [ D5C02629C02A820A7E71BCA3D44294A3 ] SymEFA C:\WINDOWS\system32\drivers\NAV\1207010.003\SYMEFA.SYS
16:11:37.0218 1776 SymEFA - ok
16:11:37.0250 1776 [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
16:11:37.0281 1776 SymEvent - ok
16:11:37.0281 1776 SYMFW - ok
16:11:37.0281 1776 SYMIDS - ok
16:11:37.0328 1776 [ A73399804D5D4A8B20BA60FCF70C9F1F ] SymIRON C:\WINDOWS\system32\drivers\NAV\1207010.003\Ironx86.SYS
16:11:37.0343 1776 SymIRON - ok
16:11:37.0359 1776 SYMNDIS - ok
16:11:37.0359 1776 SYMREDRV - ok
16:11:37.0375 1776 [ 336CACE58F0359D5CBB1AE6B8A2FB205 ] SYMTDI C:\WINDOWS\System32\Drivers\NAV\1207010.003\SYMTDI.SYS
16:11:37.0421 1776 SYMTDI - ok
16:11:37.0421 1776 sym_hi - ok
16:11:37.0421 1776 sym_u3 - ok
16:11:37.0453 1776 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:11:37.0578 1776 sysaudio - ok
16:11:37.0609 1776 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:11:37.0718 1776 SysmonLog - ok
16:11:37.0734 1776 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:11:37.0843 1776 TapiSrv - ok
16:11:37.0890 1776 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:11:37.0937 1776 Tcpip - ok
16:11:37.0968 1776 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:11:38.0078 1776 TDPIPE - ok
16:11:38.0093 1776 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:11:38.0218 1776 TDTCP - ok
16:11:38.0234 1776 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:11:38.0343 1776 TermDD - ok
16:11:38.0375 1776 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:11:38.0500 1776 TermService - ok
16:11:38.0531 1776 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
16:11:38.0546 1776 Themes - ok
16:11:38.0578 1776 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
16:11:38.0687 1776 TlntSvr - ok
16:11:38.0687 1776 TosIde - ok
16:11:38.0734 1776 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:11:38.0843 1776 TrkWks - ok
16:11:38.0875 1776 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:11:38.0968 1776 Udfs - ok
16:11:38.0984 1776 ultra - ok
16:11:39.0031 1776 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:11:39.0156 1776 Update - ok
16:11:39.0187 1776 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:11:39.0296 1776 upnphost - ok
16:11:39.0328 1776 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:11:39.0421 1776 UPS - ok
16:11:39.0453 1776 [ 4B8A9C16B6D9258ED99C512AECB8C555 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
16:11:39.0500 1776 USBAAPL - ok
16:11:39.0531 1776 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:11:39.0671 1776 usbccgp - ok
16:11:39.0687 1776 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:11:39.0796 1776 usbehci - ok
16:11:39.0843 1776 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:11:39.0968 1776 usbhub - ok
16:11:39.0984 1776 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:11:40.0109 1776 usbprint - ok
16:11:40.0140 1776 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:11:40.0265 1776 USBSTOR - ok
16:11:40.0281 1776 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:11:40.0390 1776 usbuhci - ok
16:11:40.0421 1776 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:11:40.0531 1776 VgaSave - ok
16:11:40.0531 1776 ViaIde - ok
16:11:40.0562 1776 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:11:40.0656 1776 VolSnap - ok
16:11:40.0687 1776 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:11:40.0796 1776 VSS - ok
16:11:40.0843 1776 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
16:11:40.0937 1776 W32Time - ok
16:11:40.0968 1776 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:11:41.0078 1776 Wanarp - ok
16:11:41.0125 1776 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:11:41.0156 1776 Wdf01000 - ok
16:11:41.0156 1776 WDICA - ok
16:11:41.0203 1776 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:11:41.0312 1776 wdmaud - ok
16:11:41.0359 1776 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:11:41.0484 1776 WebClient - ok
16:11:41.0562 1776 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:11:41.0656 1776 winmgmt - ok
16:11:41.0703 1776 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:11:41.0796 1776 WmdmPmSN - ok
16:11:41.0843 1776 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:11:41.0890 1776 Wmi - ok
16:11:41.0921 1776 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:11:42.0046 1776 WmiApSrv - ok
16:11:42.0109 1776 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:11:42.0171 1776 WMPNetworkSvc - ok
16:11:42.0296 1776 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:11:42.0343 1776 WPFFontCache_v0400 - ok
16:11:42.0375 1776 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:11:42.0484 1776 wscsvc - ok
16:11:42.0515 1776 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:11:42.0640 1776 wuauserv - ok
16:11:42.0656 1776 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:11:42.0718 1776 WudfPf - ok
16:11:42.0734 1776 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:11:42.0765 1776 WudfRd - ok
16:11:42.0781 1776 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:11:42.0828 1776 WudfSvc - ok
16:11:42.0875 1776 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:11:42.0984 1776 WZCSVC - ok
16:11:43.0000 1776 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:11:43.0109 1776 xmlprov - ok
16:11:43.0187 1776 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
16:11:43.0218 1776 YahooAUService - ok
16:11:43.0218 1776 ================ Scan global ===============================
16:11:43.0265 1776 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:11:43.0312 1776 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:11:43.0343 1776 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:11:43.0359 1776 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:11:43.0359 1776 [Global] - ok
16:11:43.0359 1776 ================ Scan MBR ==================================
16:11:43.0375 1776 [ 09CE7397AF23D4C0B331B89D0297CC7E ] \Device\Harddisk0\DR0
16:11:43.0375 1776 Suspicious mbr (Forged): \Device\Harddisk0\DR0
16:11:43.0406 1776 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
16:11:43.0406 1776 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
16:11:43.0437 1776 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:11:43.0437 1776 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:11:43.0453 1776 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
16:11:43.0812 1776 \Device\Harddisk1\DR1 - ok
16:11:43.0812 1776 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR4
16:11:43.0906 1776 \Device\Harddisk2\DR4 - ok
16:11:43.0906 1776 ================ Scan VBR ==================================
16:11:43.0906 1776 [ 79D1B71C06DFB2865B06450882A17CD7 ] \Device\Harddisk0\DR0\Partition1
16:11:43.0906 1776 \Device\Harddisk0\DR0\Partition1 - ok
16:11:43.0921 1776 [ 0173E7B703160D13F7E5CA7BF5E469DF ] \Device\Harddisk1\DR1\Partition1
16:11:43.0921 1776 \Device\Harddisk1\DR1\Partition1 - ok
16:11:43.0921 1776 [ C19ECAF3D29931709E01D65939D3A125 ] \Device\Harddisk2\DR4\Partition1
16:11:43.0921 1776 \Device\Harddisk2\DR4\Partition1 - ok
16:11:43.0921 1776 ================ Scan active images ========================
16:11:43.0921 1776 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
16:11:43.0921 1776 C:\WINDOWS\system32\drivers\intelppm.sys - ok
16:11:43.0921 1776 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
16:11:43.0921 1776 C:\WINDOWS\system32\drivers\videoprt.sys - ok
16:11:43.0937 1776 [ B9B1BB146EB9A83DCF0F5635B09D3D43 ] C:\WINDOWS\system32\drivers\nv4_mini.sys
16:11:43.0937 1776 C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
16:11:43.0937 1776 [ 19E26D0402E6D29E67FA74650187567E ] C:\WINDOWS\system32\drivers\HECI.sys
16:11:43.0937 1776 C:\WINDOWS\system32\drivers\HECI.sys - ok
16:11:43.0937 1776 [ 00192F0C612591D585594E9467E6CA8B ] C:\WINDOWS\system32\drivers\e1e5132.sys
16:11:43.0937 1776 C:\WINDOWS\system32\drivers\e1e5132.sys - ok
16:11:43.0937 1776 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
16:11:43.0937 1776 C:\WINDOWS\system32\drivers\usbport.sys - ok
16:11:43.0937 1776 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
16:11:43.0937 1776 C:\WINDOWS\system32\drivers\usbuhci.sys - ok
16:11:43.0953 1776 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
16:11:43.0953 1776 C:\WINDOWS\system32\drivers\usbehci.sys - ok
16:11:43.0953 1776 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
16:11:43.0953 1776 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
16:11:43.0953 1776 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] C:\WINDOWS\system32\drivers\nic1394.sys
16:11:43.0953 1776 C:\WINDOWS\system32\drivers\nic1394.sys - ok
16:11:43.0953 1776 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
16:11:43.0953 1776 C:\WINDOWS\system32\drivers\parport.sys - ok
16:11:43.0953 1776 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
16:11:43.0953 1776 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
16:11:43.0968 1776 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
16:11:43.0968 1776 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
16:11:43.0968 1776 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
16:11:43.0968 1776 C:\WINDOWS\system32\drivers\serial.sys - ok
16:11:43.0968 1776 [ 486CF73F183E7ADC5575FCD47F9FB1AF ] C:\WINDOWS\system32\drivers\AnyDVD.sys
16:11:43.0968 1776 C:\WINDOWS\system32\drivers\AnyDVD.sys - ok
16:11:43.0968 1776 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
16:11:43.0968 1776 C:\WINDOWS\system32\drivers\cdrom.sys - ok
16:11:43.0968 1776 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
16:11:43.0968 1776 C:\WINDOWS\system32\drivers\imapi.sys - ok
16:11:43.0984 1776 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys
16:11:43.0984 1776 C:\WINDOWS\system32\drivers\serenum.sys - ok
16:11:43.0984 1776 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
16:11:43.0984 1776 C:\WINDOWS\system32\drivers\ks.sys - ok
16:11:43.0984 1776 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
16:11:43.0984 1776 C:\WINDOWS\system32\drivers\audstub.sys - ok
16:11:43.0984 1776 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
16:11:43.0984 1776 C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - ok
16:11:43.0984 1776 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
16:11:43.0984 1776 C:\WINDOWS\system32\drivers\redbook.sys - ok
16:11:44.0000 1776 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
16:11:44.0000 1776 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
16:11:44.0000 1776 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
16:11:44.0000 1776 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
16:11:44.0000 1776 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
16:11:44.0000 1776 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
16:11:44.0000 1776 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
16:11:44.0000 1776 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
16:11:44.0000 1776 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
16:11:44.0000 1776 C:\WINDOWS\system32\drivers\tdi.sys - ok
16:11:44.0015 1776 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
16:11:44.0015 1776 C:\WINDOWS\system32\drivers\raspptp.sys - ok
16:11:44.0015 1776 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
16:11:44.0015 1776 C:\WINDOWS\system32\drivers\psched.sys - ok
16:11:44.0015 1776 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
16:11:44.0015 1776 C:\WINDOWS\system32\drivers\msgpc.sys - ok
16:11:44.0015 1776 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
16:11:44.0015 1776 C:\WINDOWS\system32\drivers\ptilink.sys - ok
16:11:44.0015 1776 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
16:11:44.0015 1776 C:\WINDOWS\system32\drivers\raspti.sys - ok
16:11:44.0031 1776 [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
16:11:44.0031 1776 C:\WINDOWS\system32\drivers\rdpdr.sys - ok
16:11:44.0031 1776 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
16:11:44.0031 1776 C:\WINDOWS\system32\drivers\termdd.sys - ok
16:11:44.0031 1776 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
16:11:44.0031 1776 C:\WINDOWS\system32\drivers\mouclass.sys - ok
16:11:44.0031 1776 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
16:11:44.0031 1776 C:\WINDOWS\system32\drivers\swenum.sys - ok
16:11:44.0046 1776 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
16:11:44.0046 1776 C:\WINDOWS\system32\drivers\update.sys - ok
16:11:44.0046 1776 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
16:11:44.0046 1776 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
16:11:44.0046 1776 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
16:11:44.0046 1776 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
16:11:44.0046 1776 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
16:11:44.0046 1776 C:\WINDOWS\system32\drivers\usbd.sys - ok
16:11:44.0046 1776 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
16:11:44.0046 1776 C:\WINDOWS\system32\drivers\usbhub.sys - ok
16:11:44.0062 1776 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
16:11:44.0062 1776 C:\WINDOWS\system32\drivers\drmk.sys - ok
16:11:44.0062 1776 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
16:11:44.0062 1776 C:\WINDOWS\system32\drivers\portcls.sys - ok
16:11:44.0062 1776 [ 8990440E4B2A7CA5A56A1833B03741FD ] C:\WINDOWS\system32\drivers\sthda.sys
16:11:44.0062 1776 C:\WINDOWS\system32\drivers\sthda.sys - ok
16:11:44.0062 1776 [ 5FE18FFF6FBCF218290042009EAB023D ] C:\WINDOWS\system32\drivers\sfng32.sys
16:11:44.0062 1776 C:\WINDOWS\system32\drivers\sfng32.sys - ok
16:11:44.0062 1776 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
16:11:44.0062 1776 C:\WINDOWS\system32\drivers\beep.sys - ok
16:11:44.0078 1776 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
16:11:44.0078 1776 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
16:11:44.0078 1776 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
16:11:44.0078 1776 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
16:11:44.0078 1776 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
16:11:44.0078 1776 C:\WINDOWS\system32\drivers\hidparse.sys - ok
16:11:44.0078 1776 [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
16:11:44.0078 1776 C:\WINDOWS\system32\drivers\kbdhid.sys - ok
16:11:44.0078 1776 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
16:11:44.0078 1776 C:\WINDOWS\system32\drivers\null.sys - ok
16:11:44.0093 1776 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
16:11:44.0093 1776 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
16:11:44.0093 1776 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
16:11:44.0093 1776 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
16:11:44.0093 1776 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
16:11:44.0093 1776 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
16:11:44.0093 1776 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
16:11:44.0093 1776 C:\WINDOWS\system32\drivers\vga.sys - ok
16:11:44.0093 1776 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
16:11:44.0093 1776 C:\WINDOWS\system32\drivers\msfs.sys - ok
16:11:44.0109 1776 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
16:11:44.0109 1776 C:\WINDOWS\system32\drivers\ipsec.sys - ok
16:11:44.0109 1776 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
16:11:44.0109 1776 C:\WINDOWS\system32\drivers\npfs.sys - ok
16:11:44.0109 1776 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
16:11:44.0109 1776 C:\WINDOWS\system32\drivers\rasacd.sys - ok
16:11:44.0109 1776 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
16:11:44.0109 1776 C:\WINDOWS\system32\drivers\tcpip.sys - ok
16:11:44.0109 1776 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
16:11:44.0109 1776 C:\WINDOWS\system32\drivers\ipnat.sys - ok
16:11:44.0125 1776 [ 336CACE58F0359D5CBB1AE6B8A2FB205 ] C:\WINDOWS\system32\drivers\NAV\1207010.003\symtdi.sys
16:11:44.0125 1776 C:\WINDOWS\system32\drivers\NAV\1207010.003\symtdi.sys - ok
16:11:44.0125 1776 [ AB33C3B196197CA467CBDDA717860DBA ] C:\WINDOWS\system32\drivers\SYMEVENT.SYS
16:11:44.0125 1776 C:\WINDOWS\system32\drivers\SYMEVENT.SYS - ok
16:11:44.0125 1776 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
16:11:44.0125 1776 C:\WINDOWS\system32\drivers\wanarp.sys - ok
16:11:44.0125 1776 [ C19BF2A07BE972A110220DF6B1E89D14 ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20121205.001\IDSXpx86.sys
16:11:44.0125 1776 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20121205.001\IDSXpx86.sys - ok
16:11:44.0125 1776 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
16:11:44.0125 1776 C:\WINDOWS\system32\drivers\afd.sys - ok
16:11:44.0140 1776 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
16:11:44.0140 1776 C:\WINDOWS\system32\drivers\netbios.sys - ok
16:11:44.0140 1776 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
16:11:44.0140 1776 C:\WINDOWS\system32\drivers\netbt.sys - ok
16:11:44.0140 1776 [ A73399804D5D4A8B20BA60FCF70C9F1F ] C:\WINDOWS\system32\drivers\NAV\1207010.003\ironx86.sys
16:11:44.0140 1776 C:\WINDOWS\system32\drivers\NAV\1207010.003\ironx86.sys - ok
16:11:44.0140 1776 [ 4E7EAB2E5615D39CF1F1DF9C71E5E225 ] C:\WINDOWS\system32\drivers\NAV\1207010.003\srtspx.sys
16:11:44.0140 1776 C:\WINDOWS\system32\drivers\NAV\1207010.003\srtspx.sys - ok
16:11:44.0140 1776 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
16:11:44.0140 1776 C:\WINDOWS\system32\drivers\rdbss.sys - ok
16:11:44.0156 1776 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
16:11:44.0156 1776 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
16:11:44.0156 1776 [ D71233D7CCC2E64F8715A20428D5A33B ] C:\WINDOWS\system32\drivers\ElbyCDIO.sys
16:11:44.0156 1776 C:\WINDOWS\system32\drivers\ElbyCDIO.sys - ok
16:11:44.0156 1776 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
16:11:44.0156 1776 C:\WINDOWS\system32\drivers\fips.sys - ok
16:11:44.0156 1776 [ 85B8B4032A895A746D46A288A9B30DED ] C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:11:44.0156 1776 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys - ok
16:11:44.0156 1776 [ B5B8A80875C1DEDEDA8B02765642C32F ] C:\WINDOWS\system32\drivers\arp1394.sys
16:11:44.0156 1776 C:\WINDOWS\system32\drivers\arp1394.sys - ok
16:11:44.0171 1776 [ 9DFFCB249663AA3C2ECB67202280054E ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20121130.005\BHDrvx86.sys
16:11:44.0171 1776 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20121130.005\BHDrvx86.sys - ok
16:11:44.0171 1776 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:11:44.0171 1776 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys - ok
16:11:44.0171 1776 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
16:11:44.0171 1776 C:\WINDOWS\system32\smss.exe - ok
16:11:44.0171 1776 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
16:11:44.0171 1776 C:\WINDOWS\system32\ntdll.dll - ok
16:11:44.0187 1776 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
16:11:44.0187 1776 C:\WINDOWS\system32\autochk.exe - ok
16:11:44.0187 1776 [ A32426D9B14A089EAA1D922E0C5801A9 ] C:\WINDOWS\system32\drivers\usbstor.sys
16:11:44.0187 1776 C:\WINDOWS\system32\drivers\usbstor.sys - ok
16:11:44.0187 1776 [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
16:11:44.0187 1776 C:\WINDOWS\system32\drivers\usbccgp.sys - ok
16:11:44.0187 1776 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
16:11:44.0187 1776 C:\WINDOWS\system32\drivers\hidclass.sys - ok
16:11:44.0187 1776 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
16:11:44.0187 1776 C:\WINDOWS\system32\drivers\hidusb.sys - ok
16:11:44.0203 1776 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
16:11:44.0203 1776 C:\WINDOWS\system32\drivers\mouhid.sys - ok
16:11:44.0203 1776 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
16:11:44.0203 1776 C:\WINDOWS\system32\sfcfiles.dll - ok
16:11:44.0203 1776 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
16:11:44.0203 1776 C:\WINDOWS\system32\drivers\cdfs.sys - ok
16:11:44.0203 1776 [ 294110966CEDD127629C5BE48367C8CF ] C:\WINDOWS\system32\drivers\iaStor.sys
16:11:44.0203 1776 C:\WINDOWS\system32\drivers\iaStor.sys - ok
16:11:44.0203 1776 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
16:11:44.0203 1776 C:\WINDOWS\system32\drivers\dxapi.sys - ok
16:11:44.0218 1776 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
16:11:44.0218 1776 C:\WINDOWS\system32\watchdog.sys - ok
16:11:44.0218 1776 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
16:11:44.0218 1776 C:\WINDOWS\system32\csrss.exe - ok
16:11:44.0218 1776 [ D6F934A361D7F0BE8271673988D4E7FD ] C:\WINDOWS\system32\win32k.sys
16:11:44.0218 1776 C:\WINDOWS\system32\win32k.sys - ok
16:11:44.0218 1776 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
16:11:44.0218 1776 C:\WINDOWS\system32\csrsrv.dll - ok
16:11:44.0218 1776 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:11:44.0218 1776 C:\WINDOWS\system32\basesrv.dll - ok
16:11:44.0234 1776 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:11:44.0234 1776 C:\WINDOWS\system32\winsrv.dll - ok
16:11:44.0234 1776 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
16:11:44.0234 1776 C:\WINDOWS\system32\gdi32.dll - ok
16:11:44.0234 1776 [ B921FB870C9AC0D509B2CCABBBBE95F3 ] C:\WINDOWS\system32\kernel32.dll
16:11:44.0234 1776 C:\WINDOWS\system32\kernel32.dll - ok
16:11:44.0234 1776 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
16:11:44.0234 1776 C:\WINDOWS\system32\user32.dll - ok
16:11:44.0234 1776 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
16:11:44.0234 1776 C:\WINDOWS\system32\drivers\dxg.sys - ok
16:11:44.0250 1776 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
16:11:44.0250 1776 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
16:11:44.0250 1776 [ 0B0DDC97D6E6B93C769EA61B2385F889 ] C:\WINDOWS\system32\nv4_disp.dll
16:11:44.0250 1776 C:\WINDOWS\system32\nv4_disp.dll - ok
16:11:44.0250 1776 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
16:11:44.0250 1776 C:\WINDOWS\system32\vga.dll - ok
16:11:44.0250 1776 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
16:11:44.0250 1776 C:\WINDOWS\system32\winlogon.exe - ok
16:11:44.0250 1776 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
16:11:44.0250 1776 C:\WINDOWS\system32\advapi32.dll - ok
16:11:44.0265 1776 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
16:11:44.0265 1776 C:\WINDOWS\system32\rpcrt4.dll - ok
16:11:44.0265 1776 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
16:11:44.0265 1776 C:\WINDOWS\system32\secur32.dll - ok
16:11:44.0265 1776 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
16:11:44.0265 1776 C:\WINDOWS\system32\authz.dll - ok
16:11:44.0265 1776 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
16:11:44.0265 1776 C:\WINDOWS\system32\msvcrt.dll - ok
16:11:44.0265 1776 [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
16:11:44.0265 1776 C:\WINDOWS\system32\crypt32.dll - ok
16:11:44.0281 1776 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
16:11:44.0281 1776 C:\WINDOWS\system32\msasn1.dll - ok
16:11:44.0281 1776 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
16:11:44.0281 1776 C:\WINDOWS\system32\nddeapi.dll - ok
16:11:44.0281 1776 [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
16:11:44.0281 1776 C:\WINDOWS\system32\netapi32.dll - ok
16:11:44.0281 1776 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
16:11:44.0281 1776 C:\WINDOWS\system32\profmap.dll - ok
16:11:44.0281 1776 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
16:11:44.0281 1776 C:\WINDOWS\system32\userenv.dll - ok
16:11:44.0296 1776 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
16:11:44.0296 1776 C:\WINDOWS\system32\psapi.dll - ok
16:11:44.0296 1776 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
16:11:44.0296 1776 C:\WINDOWS\system32\regapi.dll - ok
16:11:44.0296 1776 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
16:11:44.0296 1776 C:\WINDOWS\system32\setupapi.dll - ok
16:11:44.0296 1776 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
16:11:44.0296 1776 C:\WINDOWS\system32\version.dll - ok
16:11:44.0296 1776 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
16:11:44.0296 1776 C:\WINDOWS\system32\winsta.dll - ok
16:11:44.0312 1776 [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
16:11:44.0312 1776 C:\WINDOWS\system32\wintrust.dll - ok
16:11:44.0312 1776 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
16:11:44.0312 1776 C:\WINDOWS\system32\imagehlp.dll - ok
16:11:44.0312 1776 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
16:11:44.0312 1776 C:\WINDOWS\system32\ws2_32.dll - ok
16:11:44.0312 1776 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
16:11:44.0312 1776 C:\WINDOWS\system32\imm32.dll - ok
16:11:44.0312 1776 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
16:11:44.0312 1776 C:\WINDOWS\system32\ws2help.dll - ok
16:11:44.0328 1776 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
16:11:44.0328 1776 C:\WINDOWS\system32\shlwapi.dll - ok
16:11:44.0328 1776 [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
16:11:44.0328 1776 C:\WINDOWS\system32\atl.dll - ok
16:11:44.0328 1776 [ FF1C14BCA1A797CE45DD359FA2C9EDA8 ] C:\WINDOWS\system32\wininet.dll
16:11:44.0328 1776 C:\WINDOWS\system32\wininet.dll - ok
16:11:44.0328 1776 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
16:11:44.0328 1776 C:\WINDOWS\system32\normaliz.dll - ok
16:11:44.0328 1776 [ 9371862D37E8F0AF21E4DEA95E867C39 ] C:\WINDOWS\system32\urlmon.dll
16:11:44.0328 1776 C:\WINDOWS\system32\urlmon.dll - ok
16:11:44.0343 1776 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
16:11:44.0343 1776 C:\WINDOWS\system32\ole32.dll - ok
16:11:44.0343 1776 [ 1B2BE5777F69A71778F52FFEE1C798D6 ] C:\WINDOWS\system32\oleaut32.dll
16:11:44.0343 1776 C:\WINDOWS\system32\oleaut32.dll - ok
16:11:44.0343 1776 [ 0579CC3B95EDD1CE664A35E016F3DD58 ] C:\WINDOWS\system32\iertutil.dll
16:11:44.0343 1776 C:\WINDOWS\system32\iertutil.dll - ok
16:11:44.0343 1776 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
16:11:44.0343 1776 C:\WINDOWS\system32\sxs.dll - ok
16:11:44.0343 1776 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
16:11:44.0359 1776 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
16:11:44.0359 1776 [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
16:11:44.0359 1776 C:\WINDOWS\system32\shell32.dll - ok
16:11:44.0359 1776 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
16:11:44.0359 1776 C:\WINDOWS\system32\winmm.dll - ok
16:11:44.0359 1776 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
16:11:44.0359 1776 C:\WINDOWS\system32\comctl32.dll - ok
16:11:44.0359 1776 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
16:11:44.0359 1776 C:\WINDOWS\system32\kbdus.dll - ok
16:11:44.0375 1776 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
16:11:44.0375 1776 C:\WINDOWS\system32\msgina.dll - ok
16:11:44.0375 1776 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
16:11:44.0375 1776 C:\WINDOWS\system32\odbc32.dll - ok
16:11:44.0375 1776 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
16:11:44.0375 1776 C:\WINDOWS\system32\comdlg32.dll - ok
16:11:44.0375 1776 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
16:11:44.0375 1776 C:\WINDOWS\system32\odbcint.dll - ok
16:11:44.0375 1776 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
16:11:44.0375 1776 C:\WINDOWS\system32\shsvcs.dll - ok
16:11:44.0390 1776 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
16:11:44.0390 1776 C:\WINDOWS\system32\sfc.dll - ok
16:11:44.0390 1776 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
16:11:44.0390 1776 C:\WINDOWS\system32\sfc_os.dll - ok
16:11:44.0390 1776 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
16:11:44.0390 1776 C:\WINDOWS\system32\apphelp.dll - ok
16:11:44.0390 1776 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:11:44.0390 1776 C:\WINDOWS\system32\services.exe - ok
16:11:44.0390 1776 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
16:11:44.0390 1776 C:\WINDOWS\system32\lsass.exe - ok
16:11:44.0406 1776 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
16:11:44.0406 1776 C:\WINDOWS\system32\lsasrv.dll - ok
16:11:44.0406 1776 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
16:11:44.0406 1776 C:\WINDOWS\system32\ncobjapi.dll - ok
16:11:44.0406 1776 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
16:11:44.0406 1776 C:\WINDOWS\system32\msvcp60.dll - ok
16:11:44.0406 1776 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
16:11:44.0406 1776 C:\WINDOWS\system32\scesrv.dll - ok
16:11:44.0406 1776 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
16:11:44.0406 1776 C:\WINDOWS\system32\dnsapi.dll - ok
16:11:44.0421 1776 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
16:11:44.0421 1776 C:\WINDOWS\system32\mpr.dll - ok
16:11:44.0421 1776 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
16:11:44.0421 1776 C:\WINDOWS\system32\ntdsapi.dll - ok
16:11:44.0421 1776 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
16:11:44.0421 1776 C:\WINDOWS\system32\umpnpmgr.dll - ok
16:11:44.0421 1776 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
16:11:44.0421 1776 C:\WINDOWS\AppPatch\acadproc.dll - ok
16:11:44.0437 1776 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
16:11:44.0437 1776 C:\WINDOWS\system32\shimeng.dll - ok
16:11:44.0437 1776 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
16:11:44.0437 1776 C:\WINDOWS\system32\wldap32.dll - ok
16:11:44.0437 1776 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
16:11:44.0437 1776 C:\WINDOWS\system32\cryptdll.dll - ok
16:11:44.0437 1776 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
16:11:44.0437 1776 C:\WINDOWS\system32\samlib.dll - ok
16:11:44.0437 1776 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
16:11:44.0437 1776 C:\WINDOWS\system32\samsrv.dll - ok
16:11:44.0453 1776 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
16:11:44.0453 1776 C:\WINDOWS\AppPatch\acgenral.dll - ok
16:11:44.0453 1776 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
16:11:44.0453 1776 C:\WINDOWS\system32\msacm32.dll - ok
16:11:44.0453 1776 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
16:11:44.0453 1776 C:\WINDOWS\system32\uxtheme.dll - ok
16:11:44.0453 1776 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
16:11:44.0453 1776 C:\WINDOWS\system32\msapsspc.dll - ok
16:11:44.0453 1776 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
16:11:44.0453 1776 C:\WINDOWS\system32\msvcrt40.dll - ok
16:11:44.0468 1776 [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
16:11:44.0468 1776 C:\WINDOWS\system32\schannel.dll - ok
16:11:44.0468 1776 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
16:11:44.0468 1776 C:\WINDOWS\system32\digest.dll - ok
16:11:44.0468 1776 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
16:11:44.0468 1776 C:\WINDOWS\system32\msnsspc.dll - ok
16:11:44.0468 1776 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
16:11:44.0468 1776 C:\WINDOWS\system32\kerberos.dll - ok
16:11:44.0484 1776 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime
16:11:44.0484 1776 C:\WINDOWS\system32\msctfime.ime - ok
16:11:44.0484 1776 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
16:11:44.0484 1776 C:\WINDOWS\system32\msprivs.dll - ok
16:11:44.0484 1776 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
16:11:44.0484 1776 C:\WINDOWS\system32\iphlpapi.dll - ok
16:11:44.0484 1776 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
16:11:44.0484 1776 C:\WINDOWS\system32\msv1_0.dll - ok
16:11:44.0484 1776 [ 1E644E3533DCE2B580A663AE1ACBD539 ] C:\WINDOWS\system32\atmfd.dll
16:11:44.0484 1776 C:\WINDOWS\system32\atmfd.dll - ok
16:11:44.0500 1776 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
16:11:44.0500 1776 C:\WINDOWS\system32\netlogon.dll - ok
16:11:44.0500 1776 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
16:11:44.0500 1776 C:\WINDOWS\system32\w32time.dll - ok
16:11:44.0500 1776 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
16:11:44.0500 1776 C:\WINDOWS\system32\wdigest.dll - ok
16:11:44.0500 1776 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
16:11:44.0500 1776 C:\WINDOWS\system32\rsaenh.dll - ok
16:11:44.0500 1776 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
16:11:44.0500 1776 C:\WINDOWS\system32\winscard.dll - ok
16:11:44.0515 1776 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
16:11:44.0515 1776 C:\WINDOWS\system32\wtsapi32.dll - ok
16:11:44.0515 1776 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
16:11:44.0515 1776 C:\WINDOWS\system32\scecli.dll - ok
16:11:44.0515 1776 [ CC4F8220EAD1F6A38D51679708F435B9 ] C:\WINDOWS\system32\nvsvc32.exe
16:11:44.0515 1776 C:\WINDOWS\system32\nvsvc32.exe - ok
16:11:44.0515 1776 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
16:11:44.0515 1776 C:\WINDOWS\system32\powrprof.dll - ok
16:11:44.0515 1776 [ F0E62893EAD9CA1782754DB1A362302C ] C:\WINDOWS\system32\nvcpl.dll
16:11:44.0515 1776 C:\WINDOWS\system32\nvcpl.dll - ok
16:11:44.0531 1776 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
16:11:44.0531 1776 C:\WINDOWS\system32\winspool.drv - ok
16:11:44.0531 1776 [ ED1E6778AA183E3F88F084D71D0D9ADB ] C:\WINDOWS\system32\nvapi.dll
16:11:44.0531 1776 C:\WINDOWS\system32\nvapi.dll - ok
16:11:44.0531 1776 [ 9DF110638531196E4946CD6A67F360E7 ] C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll
16:11:44.0531 1776 C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll - ok
16:11:44.0531 1776 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
16:11:44.0531 1776 C:\WINDOWS\system32\logonui.exe - ok
16:11:44.0531 1776 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
16:11:44.0531 1776 C:\WINDOWS\system32\duser.dll - ok
16:11:44.0546 1776 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
16:11:44.0546 1776 C:\WINDOWS\system32\msimg32.dll - ok
16:11:44.0546 1776 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
16:11:44.0546 1776 C:\WINDOWS\system32\oleacc.dll - ok
16:11:44.0546 1776 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
16:11:44.0546 1776 C:\WINDOWS\system32\clbcatq.dll - ok
16:11:44.0546 1776 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
16:11:44.0546 1776 C:\WINDOWS\system32\comres.dll - ok
16:11:44.0546 1776 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
16:11:44.0546 1776 C:\WINDOWS\system32\shgina.dll - ok
16:11:44.0562 1776 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
16:11:44.0562 1776 C:\WINDOWS\system32\svchost.exe - ok
16:11:44.0562 1776 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
16:11:44.0562 1776 C:\WINDOWS\system32\ntmarta.dll - ok
16:11:44.0562 1776 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
16:11:44.0562 1776 C:\WINDOWS\system32\rpcss.dll - ok
16:11:44.0562 1776 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
16:11:44.0562 1776 C:\WINDOWS\system32\xpsp2res.dll - ok
16:11:44.0562 1776 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
16:11:44.0562 1776 C:\WINDOWS\system32\eventlog.dll - ok
16:11:44.0578 1776 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
16:11:44.0578 1776 C:\WINDOWS\system32\mswsock.dll - ok
16:11:44.0578 1776 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
16:11:44.0578 1776 C:\WINDOWS\system32\hnetcfg.dll - ok
16:11:44.0578 1776 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
16:11:44.0578 1776 C:\WINDOWS\system32\wshtcpip.dll - ok
16:11:44.0578 1776 [ 5F2917842D9FBB4CB11F76B0C00A1F5B ] C:\Program Files\Bonjour\mdnsNSP.dll
16:11:44.0578 1776 C:\Program Files\Bonjour\mdnsNSP.dll - ok
16:11:44.0578 1776 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
16:11:44.0578 1776 C:\WINDOWS\system32\rasadhlp.dll - ok
16:11:44.0593 1776 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
16:11:44.0593 1776 C:\WINDOWS\system32\winrnr.dll - ok
16:11:44.0593 1776 [ 4D83ED8BDDEC431FC8AD907B47CFB6E3 ] C:\WINDOWS\system32\dsound.dll
16:11:44.0593 1776 C:\WINDOWS\system32\dsound.dll - ok
16:11:44.0593 1776 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
16:11:44.0593 1776 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
16:11:44.0593 1776 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
16:11:44.0593 1776 C:\WINDOWS\system32\cscdll.dll - ok
16:11:44.0593 1776 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
16:11:44.0593 1776 C:\WINDOWS\system32\dhcpcsvc.dll - ok
16:11:44.0609 1776 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
16:11:44.0609 1776 C:\WINDOWS\system32\dimsntfy.dll - ok
16:11:44.0609 1776 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
16:11:44.0609 1776 C:\WINDOWS\system32\wlnotify.dll - ok
16:11:44.0609 1776 [ 02CF580510234E519736559A7F19EA20 ] C:\WINDOWS\system32\WgaLogon.dll
16:11:44.0609 1776 C:\WINDOWS\system32\WgaLogon.dll - ok
16:11:44.0609 1776 [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
16:11:44.0609 1776 C:\WINDOWS\system32\msxml3.dll - ok
16:11:44.0625 1776 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
16:11:44.0625 1776 C:\WINDOWS\system32\dnsrslvr.dll - ok
16:11:44.0625 1776 [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
16:11:44.0625 1776 C:\WINDOWS\system32\lmhsvc.dll - ok
16:11:44.0625 1776 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
16:11:44.0625 1776 C:\WINDOWS\system32\wzcsvc.dll - ok
16:11:44.0625 1776 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
16:11:44.0625 1776 C:\WINDOWS\system32\rtutils.dll - ok
16:11:44.0625 1776 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
16:11:44.0625 1776 C:\WINDOWS\system32\wmi.dll - ok
16:11:44.0640 1776 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
16:11:44.0640 1776 C:\WINDOWS\system32\dot3api.dll - ok
16:11:44.0640 1776 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
16:11:44.0640 1776 C:\WINDOWS\system32\eapolqec.dll - ok
16:11:44.0640 1776 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
16:11:44.0640 1776 C:\WINDOWS\system32\esent.dll - ok
16:11:44.0640 1776 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
16:11:44.0640 1776 C:\WINDOWS\system32\qutil.dll - ok
16:11:44.0640 1776 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
16:11:44.0640 1776 C:\WINDOWS\system32\cscui.dll - ok
16:11:44.0656 1776 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
16:11:44.0656 1776 C:\WINDOWS\system32\cryptui.dll - ok
16:11:44.0656 1776 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
16:11:44.0656 1776 C:\WINDOWS\system32\rastls.dll - ok
16:11:44.0656 1776 [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll
16:11:44.0656 1776 C:\WINDOWS\system32\dpcdll.dll - ok
16:11:44.0656 1776 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
16:11:44.0656 1776 C:\WINDOWS\system32\activeds.dll - ok
16:11:44.0671 1776 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
16:11:44.0671 1776 C:\WINDOWS\system32\mprapi.dll - ok
16:11:44.0671 1776 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
16:11:44.0671 1776 C:\WINDOWS\system32\adsldpc.dll - ok
16:11:44.0671 1776 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
16:11:44.0671 1776 C:\WINDOWS\system32\rasapi32.dll - ok
16:11:44.0671 1776 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
16:11:44.0671 1776 C:\WINDOWS\system32\rasman.dll - ok
16:11:44.0671 1776 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
16:11:44.0671 1776 C:\WINDOWS\system32\riched20.dll - ok
16:11:44.0687 1776 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
16:11:44.0687 1776 C:\WINDOWS\system32\tapi32.dll - ok
16:11:44.0687 1776 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
16:11:44.0687 1776 C:\WINDOWS\system32\raschap.dll - ok
16:11:44.0687 1776 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
16:11:44.0687 1776 C:\WINDOWS\system32\netman.dll - ok
16:11:44.0687 1776 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
16:11:44.0687 1776 C:\WINDOWS\system32\netshell.dll - ok
16:11:44.0687 1776 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
16:11:44.0687 1776 C:\WINDOWS\system32\credui.dll - ok
16:11:44.0703 1776 [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\system32\drprov.dll
16:11:44.0703 1776 C:\WINDOWS\system32\drprov.dll - ok
16:11:44.0703 1776 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
16:11:44.0703 1776 C:\WINDOWS\system32\dot3dlg.dll - ok
16:11:44.0703 1776 [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll
16:11:44.0703 1776 C:\WINDOWS\system32\netui0.dll - ok
16:11:44.0703 1776 [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll
16:11:44.0703 1776 C:\WINDOWS\system32\ntlanman.dll - ok
16:11:44.0703 1776 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
16:11:44.0703 1776 C:\WINDOWS\system32\onex.dll - ok
16:11:44.0718 1776 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
16:11:44.0718 1776 C:\WINDOWS\system32\eappcfg.dll - ok
16:11:44.0718 1776 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
16:11:44.0718 1776 C:\WINDOWS\system32\eappprxy.dll - ok
16:11:44.0718 1776 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
16:11:44.0718 1776 C:\WINDOWS\system32\netrap.dll - ok
16:11:44.0718 1776 [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll
16:11:44.0718 1776 C:\WINDOWS\system32\netui1.dll - ok
16:11:44.0718 1776 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
16:11:44.0718 1776 C:\WINDOWS\system32\wzcsapi.dll - ok
16:11:44.0734 1776 [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll
16:11:44.0734 1776 C:\WINDOWS\system32\davclnt.dll - ok
16:11:44.0734 1776 [ 69A5ADF546505F4C69EF3046BF798B49 ] C:\WINDOWS\system32\mprui.dll
16:11:44.0734 1776 C:\WINDOWS\system32\mprui.dll - ok
16:11:44.0734 1776 [ 1414E666316CA7D9823DBD2D4ADA5971 ] C:\WINDOWS\system32\netui2.dll
16:11:44.0734 1776 C:\WINDOWS\system32\netui2.dll - ok
16:11:44.0734 1776 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
16:11:44.0734 1776 C:\WINDOWS\system32\schedsvc.dll - ok
16:11:44.0734 1776 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
16:11:44.0734 1776 C:\WINDOWS\system32\netmsg.dll - ok
16:11:44.0750 1776 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
16:11:44.0750 1776 C:\WINDOWS\system32\msidle.dll - ok
16:11:44.0750 1776 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
16:11:44.0750 1776 C:\WINDOWS\system32\spoolsv.exe - ok
16:11:44.0750 1776 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
16:11:44.0750 1776 C:\WINDOWS\system32\audiosrv.dll - ok
16:11:44.0750 1776 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
16:11:44.0750 1776 C:\WINDOWS\system32\wkssvc.dll - ok
16:11:44.0750 1776 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
16:11:44.0750 1776 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
16:11:44.0765 1776 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
16:11:44.0765 1776 C:\WINDOWS\system32\wdmaud.drv - ok
16:11:44.0765 1776 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
16:11:44.0765 1776 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
16:11:44.0765 1776 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
16:11:44.0765 1776 C:\WINDOWS\system32\drivers\splitter.sys - ok
16:11:44.0765 1776 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
16:11:44.0765 1776 C:\WINDOWS\system32\drivers\aec.sys - ok
16:11:44.0765 1776 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
16:11:44.0781 1776 C:\WINDOWS\system32\drivers\dmusic.sys - ok
16:11:44.0781 1776 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
16:11:44.0781 1776 C:\WINDOWS\system32\drivers\swmidi.sys - ok
16:11:44.0781 1776 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
16:11:44.0781 1776 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
16:11:44.0781 1776 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
16:11:44.0781 1776 C:\WINDOWS\system32\drivers\kmixer.sys - ok
16:11:44.0781 1776 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
16:11:44.0781 1776 C:\WINDOWS\system32\midimap.dll - ok
16:11:44.0796 1776 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
16:11:44.0796 1776 C:\WINDOWS\system32\msacm32.drv - ok
16:11:44.0796 1776 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
16:11:44.0796 1776 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
16:11:44.0796 1776 [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
16:11:44.0796 1776 C:\WINDOWS\system32\webclnt.dll - ok
16:11:44.0796 1776 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] C:\WINDOWS\system32\drivers\parvdm.sys
16:11:44.0796 1776 C:\WINDOWS\system32\drivers\parvdm.sys - ok
16:11:44.0796 1776 [ 70D7BE78061126DD0C3ACCDB7E129017 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:11:44.0796 1776 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
16:11:44.0812 1776 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
16:11:44.0812 1776 C:\WINDOWS\system32\wsock32.dll - ok
16:11:44.0812 1776 [ 673CF4F6BB1FBE09331B526802FBB892 ] C:\Program Files\Bonjour\mDNSResponder.exe
16:11:44.0812 1776 C:\Program Files\Bonjour\mDNSResponder.exe - ok
16:11:44.0812 1776 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:11:44.0812 1776 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
16:11:44.0812 1776 [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
16:11:44.0812 1776 C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
16:11:44.0812 1776 [ 08A73B0E7EE6E32983B5F9E540A8E380 ] C:\WINDOWS\system32\mscoree.dll
16:11:44.0812 1776 C:\WINDOWS\system32\mscoree.dll - ok
16:11:44.0828 1776 [ 3F28B1E3E98B9EEAC1ADD1F7B69BDE77 ] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
16:11:44.0828 1776 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe - ok
16:11:44.0828 1776 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
16:11:44.0828 1776 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
16:11:44.0828 1776 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
16:11:44.0828 1776 C:\WINDOWS\system32\certcli.dll - ok
16:11:44.0828 1776 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
16:11:44.0828 1776 C:\WINDOWS\system32\cryptsvc.dll - ok
16:11:44.0828 1776 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
16:11:44.0828 1776 C:\WINDOWS\system32\es.dll - ok
16:11:44.0843 1776 [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
16:11:44.0843 1776 C:\WINDOWS\system32\ersvc.dll - ok
16:11:44.0843 1776 [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
16:11:44.0843 1776 C:\WINDOWS\system32\dmserver.dll - ok
16:11:44.0843 1776 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
16:11:44.0843 1776 C:\WINDOWS\system32\hid.dll - ok
16:11:44.0843 1776 [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
16:11:44.0843 1776 C:\WINDOWS\system32\hidserv.dll - ok
16:11:44.0843 1776 [ 1663A135865F0BA6E853353E98E67F2A ] C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
16:11:44.0843 1776 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe - ok
16:11:44.0859 1776 [ 83BA5E873164A3711B44052F58C8FE9F ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
16:11:44.0859 1776 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
16:11:44.0859 1776 [ 82A98D0EB83505529AD81E4C1FADC37D ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll
16:11:44.0859 1776 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll - ok
16:11:44.0859 1776 [ D573DEB87CB2DF4E5116D2A4E284EAB4 ] C:\WINDOWS\system32\ieframe.dll
16:11:44.0859 1776 C:\WINDOWS\system32\ieframe.dll - ok
16:11:44.0859 1776 [ 4FB3EC44D763C1977B46F7290DF492D9 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
16:11:44.0859 1776 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll - ok
16:11:44.0859 1776 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
16:11:44.0859 1776 C:\WINDOWS\system32\rasmans.dll - ok
16:11:44.0875 1776 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
16:11:44.0875 1776 C:\WINDOWS\system32\netcfgx.dll - ok
16:11:44.0875 1776 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
16:11:44.0875 1776 C:\WINDOWS\system32\sens.dll - ok
16:11:44.0875 1776 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
16:11:44.0875 1776 C:\WINDOWS\system32\winipsec.dll - ok
16:11:44.0875 1776 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
16:11:44.0875 1776 C:\WINDOWS\system32\clusapi.dll - ok
16:11:44.0875 1776 [ 1986443C2F2C0E2A18E908DD241BF84D ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Culture.dll
16:11:44.0875 1776 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Culture.dll - ok
16:11:44.0890 1776 [ E5BC8D93CDCB957146D971647849A154 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
16:11:44.0890 1776 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll - ok
16:11:44.0890 1776 [ 781BF72F57CC9E5F85CB109C24D00FDC ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
16:11:44.0890 1776 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clrjit.dll - ok
16:11:44.0890 1776 [ 5A25125960E5D3842E5BC95AEACC44E6 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\982a5b70d861cb34f85e041075d5112c\System.ni.dll
16:11:44.0890 1776 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\982a5b70d861cb34f85e041075d5112c\System.ni.dll - ok
16:11:44.0890 1776 [ 86114FD1C51EECFA9BBA4214EF0D3C84 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\314f807b4f655af492182b597ea1e7a6\System.ServiceProcess.ni.dll
16:11:44.0890 1776 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\314f807b4f655af492182b597ea1e7a6\System.ServiceProcess.ni.dll - ok
16:11:44.0906 1776 [ A12175F063302CD68F8FC6D572D7E5FD ] C:\Program Files\Java\jre7\bin\jqs.exe
16:11:44.0906 1776 C:\Program Files\Java\jre7\bin\jqs.exe - ok
16:11:44.0906 1776 [ 1AC6B36A1B773A7F7FB3FA3B732171C1 ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\v4.0_4.0.0.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
16:11:44.0906 1776 C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\v4.0_4.0.0.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll - ok
16:11:44.0906 1776 [ D00B879C3676A21AAA09CA322CE113F4 ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\v4.0_4.0.0.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
16:11:44.0906 1776 C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\v4.0_4.0.0.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll - ok
16:11:44.0906 1776 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
16:11:44.0906 1776 C:\WINDOWS\system32\shfolder.dll - ok
16:11:44.0906 1776 [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Java\jre7\bin\msvcr100.dll
16:11:44.0906 1776 C:\Program Files\Java\jre7\bin\msvcr100.dll - ok
16:11:44.0921 1776 [ 848449F41B6E9553FF5D5F864191B834 ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.Common.dll
16:11:44.0921 1776 C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.Common.dll - ok
16:11:44.0921 1776 [ 0EF54B7814EFA5C1364A7C6495BD1DBD ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
16:11:44.0921 1776 C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll - ok
16:11:44.0921 1776 [ 36B31861AD1B53433E8C9D09035E23D1 ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\v4.0_4.0.22.0__3ff6b78e2989595a\Intuit.Spc.Esd.Core.dll
16:11:44.0921 1776 C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\v4.0_4.0.22.0__3ff6b78e2989595a\Intuit.Spc.Esd.Core.dll - ok
16:11:44.0921 1776 [ EAD7F8749BB2B19EF7DA62E20E008D6B ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
16:11:44.0921 1776 C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll - ok
16:11:44.0921 1776 [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
16:11:44.0921 1776 C:\WINDOWS\system32\pdh.dll - ok
16:11:44.0937 1776 [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
16:11:44.0937 1776 C:\WINDOWS\system32\odbcbcp.dll - ok
16:11:44.0937 1776 [ A6726EE86369C32DC660EE6372E1E283 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\c409feb9182d01c80872f2031d68053e\System.Configuration.ni.dll
16:11:44.0937 1776 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\c409feb9182d01c80872f2031d68053e\System.Configuration.ni.dll - ok
16:11:44.0937 1776 [ 29FAB5363138F6E322F4CD780ED9D337 ] C:\WINDOWS\Runservice.exe
16:11:44.0937 1776 C:\WINDOWS\Runservice.exe - ok
16:11:44.0937 1776 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
16:11:44.0937 1776 C:\WINDOWS\system32\srvsvc.dll - ok
16:11:44.0937 1776 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
16:11:44.0937 1776 C:\WINDOWS\system32\drivers\srv.sys - ok
16:11:44.0953 1776 [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
16:11:44.0953 1776 C:\WINDOWS\system32\perfos.dll - ok
16:11:44.0953 1776 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
16:11:44.0953 1776 C:\WINDOWS\system32\spoolss.dll - ok
16:11:44.0953 1776 [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
16:11:44.0953 1776 C:\WINDOWS\system32\localspl.dll - ok
16:11:44.0953 1776 [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
16:11:44.0953 1776 C:\WINDOWS\system32\perfdisk.dll - ok
16:11:44.0953 1776 [ 60CC0F6DE59CB3DD5B1C168FC9C655DC ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
16:11:44.0953 1776 C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll - ok
16:11:44.0968 1776 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
16:11:44.0968 1776 C:\WINDOWS\system32\cnbjmon.dll - ok
16:11:44.0968 1776 [ B713077223334DD7AB07EED7A16334DC ] C:\WINDOWS\system32\LMPDPMON.DLL
16:11:44.0968 1776 C:\WINDOWS\system32\LMPDPMON.DLL - ok
16:11:44.0968 1776 [ F034FA8142E312A2455C86DAB12CE5D2 ] C:\WINDOWS\system32\LXBGMDM.DLL
16:11:44.0968 1776 C:\WINDOWS\system32\LXBGMDM.DLL - ok
16:11:44.0968 1776 [ CF0376023360AADD55C89BA50564AFDC ] C:\WINDOWS\system32\mdimon.dll
16:11:44.0968 1776 C:\WINDOWS\system32\mdimon.dll - ok
16:11:44.0984 1776 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
16:11:44.0984 1776 C:\WINDOWS\system32\msi.dll - ok
16:11:44.0984 1776 [ 94FB3DBF6BA736930BD926CFA8239EAC ] C:\WINDOWS\mmfs.dll
16:11:44.0984 1776 C:\WINDOWS\mmfs.dll - ok
16:11:44.0984 1776 [ E78A365CC3E0FBFC018A33DCE01909F8 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe
16:11:44.0984 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe - ok
16:11:44.0984 1776 [ 151375A2F276FBE67A31FC43C2799981 ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
16:11:44.0984 1776 C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - ok
16:11:44.0984 1776 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
16:11:44.0984 1776 C:\WINDOWS\system32\pjlmon.dll - ok
16:11:45.0000 1776 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
16:11:45.0000 1776 C:\WINDOWS\system32\tcpmon.dll - ok
16:11:45.0000 1776 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
16:11:45.0000 1776 C:\WINDOWS\system32\usbmon.dll - ok
16:11:45.0000 1776 [ B2EEE3DEE31F50E082E9C720A6D7757D ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\microsoft.vc90.crt\msvcp90.dll
16:11:45.0000 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\microsoft.vc90.crt\msvcp90.dll - ok
16:11:45.0000 1776 [ C682215ADD92DD6A9D740CDAF2F60CD2 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\LMPriNT.dll
16:11:45.0000 1776 C:\WINDOWS\system32\spool\prtprocs\w32x86\LMPriNT.dll - ok
16:11:45.0000 1776 [ 05C28105F8DEAC99213D612E8356111C ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\586e41e15e1d44fe197b9d1cc5575f8c\System.Xml.ni.dll
16:11:45.0000 1776 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\586e41e15e1d44fe197b9d1cc5575f8c\System.Xml.ni.dll - ok
16:11:45.0015 1776 [ 9D9B8BB6C90344FA3B56F7BAF9A142CE ] C:\WINDOWS\system32\LMLayout.dll
16:11:45.0015 1776 C:\WINDOWS\system32\LMLayout.dll - ok
16:11:45.0015 1776 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
16:11:45.0015 1776 C:\WINDOWS\system32\userinit.exe - ok
16:11:45.0015 1776 [ 58E13A2292839321D3CDC918D5A4F5AE ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
16:11:45.0015 1776 C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok
16:11:45.0015 1776 [ B1296D52B0D2096EC4759EEEB806D759 ] C:\WINDOWS\system32\WgaTray.exe
16:11:45.0015 1776 C:\WINDOWS\system32\WgaTray.exe - ok
16:11:45.0015 1776 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
16:11:45.0015 1776 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
16:11:45.0031 1776 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
16:11:45.0031 1776 C:\WINDOWS\system32\win32spl.dll - ok
16:11:45.0031 1776 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
16:11:45.0031 1776 C:\WINDOWS\system32\inetpp.dll - ok
16:11:45.0031 1776 [ 7538050656FE5D63CB4B80349DD1CFE3 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\microsoft.vc90.crt\msvcr90.dll
16:11:45.0031 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\microsoft.vc90.crt\msvcr90.dll - ok
16:11:45.0031 1776 [ 7A03683FDEC05543A5CF7AA968129A1F ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccl100u.dll
16:11:45.0031 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccl100u.dll - ok
16:11:45.0046 1776 [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
16:11:45.0046 1776 C:\WINDOWS\system32\dbghelp.dll - ok
16:11:45.0046 1776 [ ABFF5F1E970DBC68E2CAE682378DC717 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccvrtrst.dll
16:11:45.0046 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccvrtrst.dll - ok
16:11:45.0046 1776 [ 177364F26F682529220AF4906131DC2A ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\efacli.dll
16:11:45.0046 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\efacli.dll - ok
16:11:45.0046 1776 [ 1286F9939CC963D379F87A0FB05F6184 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\symneti.dll
16:11:45.0046 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\symneti.dll - ok
16:11:45.0046 1776 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
16:11:45.0046 1776 C:\WINDOWS\explorer.exe - ok
16:11:45.0062 1776 [ EA02C32DF4B25296540634C45CD90340 ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
16:11:45.0062 1776 C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll - ok
16:11:45.0062 1776 [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
16:11:45.0062 1776 C:\WINDOWS\system32\browseui.dll - ok
16:11:45.0062 1776 [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll
16:11:45.0062 1776 C:\WINDOWS\system32\shdocvw.dll - ok
16:11:45.0062 1776 [ CBDB42644849DC69D7D6169680272E1E ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Api.Net.dll
16:11:45.0062 1776 C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Api.Net.dll - ok
16:11:45.0062 1776 [ DF150B1D8AC2BCD91BDE25E2E2AB4634 ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.DataAccess.dll
16:11:45.0062 1776 C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.DataAccess.dll - ok
16:11:45.0078 1776 [ E8F87E9951F1BA6CB6DB9CDA1B22F9A4 ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.BusinessLogic.dll
16:11:45.0078 1776 C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.BusinessLogic.dll - ok
16:11:45.0078 1776 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
16:11:45.0078 1776 C:\WINDOWS\system32\cryptnet.dll - ok
16:11:45.0078 1776 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
16:11:45.0078 1776 C:\WINDOWS\system32\sensapi.dll - ok
16:11:45.0078 1776 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
16:11:45.0078 1776 C:\WINDOWS\system32\desk.cpl - ok
16:11:45.0078 1776 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
16:11:45.0078 1776 C:\WINDOWS\system32\winhttp.dll - ok
16:11:45.0093 1776 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
16:11:45.0093 1776 C:\WINDOWS\system32\themeui.dll - ok
16:11:45.0093 1776 [ 650464CA12ED30AC31A8D4FE0353223C ] C:\Program Files\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\System.Data.SqlServerCe.dll
16:11:45.0093 1776 C:\Program Files\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\System.Data.SqlServerCe.dll - ok
16:11:45.0093 1776 [ BE61598835CDD48FD022B8D269B533DA ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\985109f2568f3251333dad29bc889421\System.Core.ni.dll
16:11:45.0093 1776 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\985109f2568f3251333dad29bc889421\System.Core.ni.dll - ok
16:11:45.0093 1776 [ CC26451A90025F6C55F64146C333DEA5 ] C:\WINDOWS\system32\LegitCheckControl.dll
16:11:45.0093 1776 C:\WINDOWS\system32\LegitCheckControl.dll - ok
16:11:45.0109 1776 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
16:11:45.0109 1776 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
16:11:45.0109 1776 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
16:11:45.0109 1776 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
16:11:45.0109 1776 [ F5247FFCE33595BEB7A2D1F40D555CF4 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9261a08aed6aa953fe0a4b90787657f1\System.Data.ni.dll
16:11:45.0109 1776 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9261a08aed6aa953fe0a4b90787657f1\System.Data.ni.dll - ok
16:11:45.0109 1776 [ 621B8A1AA85635B59837F44D853B5859 ] C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
16:11:45.0109 1776 C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll - ok
16:11:45.0109 1776 [ 7954D434098E1BFEF52E604476D86B7D ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\8531f40353107a46871aace28f057ec2\System.Transactions.ni.dll
16:11:45.0109 1776 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\8531f40353107a46871aace28f057ec2\System.Transactions.ni.dll - ok
16:11:45.0125 1776 [ 41962D5E18E9874390BC1F074571A6BB ] C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
16:11:45.0125 1776 C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll - ok
16:11:45.0125 1776 [ 484E37FF77E377C4B8D3A439F4D2D173 ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\v4.0_6.0.28.0__30bbd97113d631f1\Intuit.Spc.Map.Reporter.dll
16:11:45.0125 1776 C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\v4.0_6.0.28.0__30bbd97113d631f1\Intuit.Spc.Map.Reporter.dll - ok
16:11:45.0125 1776 [ 4BF940A921BFAC209EC6CF31E091EA05 ] C:\Program Files\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\sqlceme40.dll
16:11:45.0125 1776 C:\Program Files\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\sqlceme40.dll - ok
16:11:45.0125 1776 [ 7538050656FE5D63CB4B80349DD1CFE3 ] C:\Program Files\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\Microsoft.VC90.CRT\msvcr90.dll
16:11:45.0125 1776 C:\Program Files\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\Microsoft.VC90.CRT\msvcr90.dll - ok
16:11:45.0125 1776 [ A836803227004B6F513C825B25665E73 ] C:\Program Files\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\sqlceer40EN.dll
16:11:45.0125 1776 C:\Program Files\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\sqlceer40EN.dll - ok
16:11:45.0140 1776 [ EC133C3E2A97AA6FBC276DCCCD0645BF ] C:\Program Files\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\sqlcese40.dll
16:11:45.0140 1776 C:\Program Files\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\sqlcese40.dll - ok
16:11:45.0140 1776 [ AB97D171A77B5F4BAFB033BF539BED42 ] C:\Program Files\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\sqlceqp40.dll
16:11:45.0140 1776 C:\Program Files\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\sqlceqp40.dll - ok
16:11:45.0140 1776 [ D8B9CCBFB6AEB4A15DFB2E20F48A94EE ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\ae2ff153463bc98124e93c33296ec79c\System.EnterpriseServices.ni.dll
16:11:45.0140 1776 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\ae2ff153463bc98124e93c33296ec79c\System.EnterpriseServices.ni.dll - ok
16:11:45.0140 1776 [ F8C1508FAF0DD3CC9A61A02BF0CEC2B6 ] C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
16:11:45.0140 1776 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll - ok
16:11:45.0156 1776 [ C755E17BAC396F9A9F468320B3F6CF46 ] C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
16:11:45.0156 1776 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll - ok
16:11:45.0156 1776 [ 2CA0B0C4460898ED5371E4988954F466 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccsvc.dll
16:11:45.0156 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccsvc.dll - ok
16:11:45.0156 1776 [ 39D6403ADF3E02248C42F8AB6D940AF5 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\srtsp32.dll
16:11:45.0156 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\srtsp32.dll - ok
16:11:45.0156 1776 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
16:11:45.0156 1776 C:\WINDOWS\system32\ipsecsvc.dll - ok
16:11:45.0156 1776 [ 06A49B7BDC36CFBF97DD90804F833369 ] C:\Program Files\CyberLink\Shared Files\RichVideo.exe
16:11:45.0156 1776 C:\Program Files\CyberLink\Shared Files\RichVideo.exe - ok
16:11:45.0171 1776 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
16:11:45.0171 1776 C:\WINDOWS\system32\oakley.dll - ok
16:11:45.0171 1776 [ 5B19B557B0C188210A56A6B699D90B8F ] C:\WINDOWS\system32\regsvc.dll
16:11:45.0171 1776 C:\WINDOWS\system32\regsvc.dll - ok
16:11:45.0171 1776 [ DB7951146CA1E218E1D3BCFF115848A3 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccipc.dll
16:11:45.0171 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccipc.dll - ok
16:11:45.0171 1776 [ 972E0F9D74FA23C0F5B0044A77C6C37E ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\dimaster.dll
16:11:45.0171 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\dimaster.dll - ok
16:11:45.0171 1776 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
16:11:45.0171 1776 C:\WINDOWS\system32\psbase.dll - ok
16:11:45.0187 1776 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
16:11:45.0187 1776 C:\WINDOWS\system32\pstorsvc.dll - ok
16:11:45.0187 1776 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
16:11:45.0187 1776 C:\WINDOWS\system32\dssenh.dll - ok
16:11:45.0187 1776 [ 6FEE15B53D624E06D86759258E1F6A9C ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccset.dll
16:11:45.0187 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccset.dll - ok
16:11:45.0187 1776 [ 59F27B1AA8C5D1F1B6B6D777D7D680BE ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\06cf816caaf03dc1d3f8945e335c5105\System.Runtime.Remoting.ni.dll
16:11:45.0187 1776 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\06cf816caaf03dc1d3f8945e335c5105\System.Runtime.Remoting.ni.dll - ok
16:11:45.0187 1776 [ ED6463919045F584C9696D4876F65DDE ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
16:11:45.0187 1776 C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - ok
16:11:45.0203 1776 [ EF4E4231057F9887CDA435A0697A8334 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccgevt.dll
16:11:45.0203 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccgevt.dll - ok
16:11:45.0203 1776 [ F9AC3D7E84F7A996E921D9B2DA084F7D ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccglog.dll
16:11:45.0203 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccglog.dll - ok
16:11:45.0203 1776 [ A78BB17117AA9590925F1D4C14D16CE1 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\c87e56bad0d9eae13b89a0e2bb0efc1f\System.Drawing.ni.dll
16:11:45.0203 1776 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\c87e56bad0d9eae13b89a0e2bb0efc1f\System.Drawing.ni.dll - ok
16:11:45.0203 1776 [ 2F33AF526667313ECC13D85DA103CC2E ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccjobmgr.dll
16:11:45.0203 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccjobmgr.dll - ok
16:11:45.0218 1776 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
16:11:45.0218 1776 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe - ok
16:11:45.0218 1776 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
16:11:45.0218 1776 C:\WINDOWS\system32\seclogon.dll - ok
16:11:45.0218 1776 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
16:11:45.0218 1776 C:\WINDOWS\system32\srsvc.dll - ok
16:11:45.0218 1776 [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
16:11:45.0218 1776 C:\WINDOWS\system32\trkwks.dll - ok
16:11:45.0218 1776 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
16:11:45.0218 1776 C:\WINDOWS\system32\wuauserv.dll - ok
16:11:45.0234 1776 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
16:11:45.0234 1776 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
16:11:45.0234 1776 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
16:11:45.0234 1776 C:\WINDOWS\system32\vssapi.dll - ok
16:11:45.0234 1776 [ C59F4FC0C28C236BDDE2FD35167DE054 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccsubeng.dll
16:11:45.0234 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccsubeng.dll - ok
16:11:45.0234 1776 [ 939F327171B94A14D43A54D4BBF2129B ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccemlpxy.dll
16:11:45.0234 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccemlpxy.dll - ok
16:11:45.0234 1776 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
16:11:45.0234 1776 C:\WINDOWS\system32\wuaueng.dll - ok
16:11:45.0250 1776 [ 291FF480EE525B23575FE9D4DED60FAE ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\iron.dll
16:11:45.0250 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\iron.dll - ok
16:11:45.0250 1776 [ 4779E21FB491F1FA974ED855622BA887 ] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a8319839729e0e30785fcb36fb13b440\System.Windows.Forms.ni.dll
16:11:45.0250 1776 C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a8319839729e0e30785fcb36fb13b440\System.Windows.Forms.ni.dll - ok
16:11:45.0250 1776 [ A4A6CC47F54E193D3610D422669FF995 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\sndsvc.dll
16:11:45.0250 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\sndsvc.dll - ok
16:11:45.0250 1776 [ 266AA534FDB2224395B4C9BE6F5BD7F0 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\symredir.dll
16:11:45.0250 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\symredir.dll - ok
16:11:45.0250 1776 [ 721487B5FE3D97D54D36122DB2FE8E1B ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\symrdrsv.dll
16:11:45.0250 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\symrdrsv.dll - ok
16:11:45.0265 1776 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
16:11:45.0265 1776 C:\WINDOWS\system32\cabinet.dll - ok
16:11:45.0265 1776 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
16:11:45.0265 1776 C:\WINDOWS\system32\mspatcha.dll - ok
16:11:45.0265 1776 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
16:11:45.0265 1776 C:\WINDOWS\system32\comsvcs.dll - ok
16:11:45.0265 1776 [ D1462F61B9E14A377EEEC36761D3D863 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\hncore.dll
16:11:45.0265 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\hncore.dll - ok
16:11:45.0265 1776 [ 49D782BB8883AB386D2DF11CDFBC217B ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\appmgr32.dll
16:11:45.0265 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\appmgr32.dll - ok
16:11:45.0281 1776 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
16:11:45.0281 1776 C:\WINDOWS\system32\colbact.dll - ok
16:11:45.0281 1776 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
16:11:45.0281 1776 C:\WINDOWS\system32\mtxclu.dll - ok
16:11:45.0281 1776 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
16:11:45.0281 1776 C:\WINDOWS\system32\resutils.dll - ok
16:11:45.0281 1776 [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
16:11:45.0281 1776 C:\WINDOWS\system32\wscsvc.dll - ok
16:11:45.0281 1776 [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
16:11:45.0281 1776 C:\WINDOWS\system32\ipnathlp.dll - ok
16:11:45.0296 1776 [ 3C99B37C4A98D1BFEF9F7867E400D273 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\isdatapr.dll
16:11:45.0296 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\isdatapr.dll - ok
16:11:45.0296 1776 [ EE38AE50F164E3A581470AB28D246FA3 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\avmodule.dll
16:11:45.0296 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\avmodule.dll - ok
16:11:45.0296 1776 [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
16:11:45.0296 1776 C:\WINDOWS\system32\browser.dll - ok
16:11:45.0296 1776 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
16:11:45.0296 1776 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
16:11:45.0296 1776 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
16:11:45.0296 1776 C:\WINDOWS\system32\wbem\esscli.dll - ok
16:11:45.0312 1776 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
16:11:45.0312 1776 C:\WINDOWS\system32\wbem\fastprox.dll - ok
16:11:45.0312 1776 [ 2F5D445AB96764D0A9EB26DFA0D0F5A3 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\defutdcd.dll
16:11:45.0312 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\defutdcd.dll - ok
16:11:45.0312 1776 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
16:11:45.0312 1776 C:\WINDOWS\system32\actxprxy.dll - ok
16:11:45.0312 1776 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
16:11:45.0312 1776 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
16:11:45.0328 1776 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
16:11:45.0328 1776 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
16:11:45.0328 1776 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
16:11:45.0328 1776 C:\WINDOWS\system32\wups.dll - ok
16:11:45.0328 1776 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
16:11:45.0328 1776 C:\WINDOWS\system32\wups2.dll - ok
16:11:45.0328 1776 [ 20429EBE00CD72682860F7F00CD50354 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ducclib.dll
16:11:45.0328 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ducclib.dll - ok
16:11:45.0328 1776 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
16:11:45.0328 1776 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
16:11:45.0343 1776 [ A1353D56BF527AC22AE16AF3787E82D1 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ncw.dll
16:11:45.0343 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ncw.dll - ok
16:11:45.0343 1776 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
16:11:45.0343 1776 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
16:11:45.0343 1776 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
16:11:45.0343 1776 C:\WINDOWS\system32\wbem\wbemess.dll - ok
16:11:45.0343 1776 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
16:11:45.0343 1776 C:\WINDOWS\system32\wuapi.dll - ok
16:11:45.0343 1776 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
16:11:45.0343 1776 C:\WINDOWS\system32\wuauclt.exe - ok
16:11:45.0359 1776 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
16:11:45.0359 1776 C:\WINDOWS\system32\wbem\ncprov.dll - ok
16:11:45.0359 1776 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
16:11:45.0359 1776 C:\WINDOWS\system32\cmd.exe - ok
16:11:45.0359 1776 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
16:11:45.0359 1776 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
16:11:45.0359 1776 [ 6589179CE0739C9AAA29DC7D214AC37F ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
16:11:45.0359 1776 C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - ok
16:11:45.0359 1776 [ 6505164B4E4CA5E4D6D8C0390848CBF9 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\avpsvc32.dll
16:11:45.0359 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\avpsvc32.dll - ok
16:11:45.0375 1776 [ 73EC60501FE247C811B640F69E0FAE6B ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\cltlmc.dll
16:11:45.0375 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\cltlmc.dll - ok
16:11:45.0375 1776 [ 6116EE137D60420D665ABC49C622B65E ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\iserror.dll
16:11:45.0375 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\iserror.dll - ok
16:11:45.0375 1776 [ 1FA14DD3668EE4127260FFF495D85551 ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
16:11:45.0375 1776 C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - ok
16:11:45.0375 1776 [ FCB82479AE5DC880AD85B9DFCA4C2D45 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\cltlms.dll
16:11:45.0375 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\cltlms.dll - ok
16:11:45.0375 1776 [ E85CC019BCE47F61B253BDD254C6D139 ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\CLT\cltLMSx.dll
16:11:45.0375 1776 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\CLT\cltLMSx.dll - ok
16:11:45.0390 1776 [ BECAE02803277EFEC3FFB6C31FECA370 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\bhsvcplg.dll
16:11:45.0390 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\bhsvcplg.dll - ok
16:11:45.0390 1776 [ EDBDE5BE736E77A64D8D47069B536299 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\IPSPlug.dll
16:11:45.0390 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\IPSPlug.dll - ok
16:11:45.0390 1776 [ 2D7D4066488DE42A8E7081110268C555 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\isdatasv.dll
16:11:45.0390 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\isdatasv.dll - ok
16:11:45.0390 1776 [ 0137C7150F01DB5C2C36C3D98841BE07 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\dscli.dll
16:11:45.0390 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\dscli.dll - ok
16:11:45.0390 1776 [ 14D289F63D9538306CB560C4CD12172F ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20121205.001\IDSxpx86.dll
16:11:45.0390 1776 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20121205.001\IDSxpx86.dll - ok
16:11:45.0406 1776 [ CF6041854E73301B7FCE3390D34BDEC8 ] C:\WINDOWS\Microsoft.NET\assembly\GAC_32\Intuit.Spc.Map.WindowsFirewallUtilities\v4.0_6.0.28.0__30bbd97113d631f1\Intuit.Spc.Map.WindowsFirewallUtilities.dll
16:11:45.0406 1776 C:\WINDOWS\Microsoft.NET\assembly\GAC_32\Intuit.Spc.Map.WindowsFirewallUtilities\v4.0_6.0.28.0__30bbd97113d631f1\Intuit.Spc.Map.WindowsFirewallUtilities.dll - ok
16:11:45.0406 1776 [ 24AF833D9DD4D2DC9DA9475CA380185B ] C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
16:11:45.0406 1776 C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - ok
16:11:45.0406 1776 [ 7ED9C26E0A2FB9DEE200DB04B3DBD6E9 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\fwcore.dll
16:11:45.0406 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\fwcore.dll - ok
16:11:45.0406 1776 [ 1DCDB839F2AE57CC4637DBA49CFCD5BC ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\avifc.dll
16:11:45.0406 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\avifc.dll - ok
16:11:45.0421 1776 [ E1F30977A2BBFF12F5E2D66A7F38048C ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\fwgenplg.dll
16:11:45.0421 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\fwgenplg.dll - ok
16:11:45.0421 1776 [ 437F738DD2DEC6A988A6DEFB11543333 ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20121130.005\BHEngine.dll
16:11:45.0421 1776 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20121130.005\BHEngine.dll - ok
16:11:45.0421 1776 [ 83842A4D7B277EE97933B9E143903745 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\avmail.dll
16:11:45.0421 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\avmail.dll - ok
16:11:45.0421 1776 [ 33C3A5CD1D4F95AED46D6C6081EDD3F3 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\bhclient.dll
16:11:45.0421 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\bhclient.dll - ok
16:11:45.0421 1776 [ 67AE800B0E2CA8A9402AFEDB11CB7E66 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\fwsetup.dll
16:11:45.0421 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\fwsetup.dll - ok
16:11:45.0437 1776 [ 983C27A0A76F89D19AF85AF60B7BEDB3 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\npctray.dll
16:11:45.0437 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\npctray.dll - ok
16:11:45.0437 1776 [ 25362FF652A10729FF9591DB759BA575 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\avpapp32.dll
16:11:45.0437 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\avpapp32.dll - ok
16:11:45.0437 1776 [ F5879CC8C94CB87E0B9E3A7EAD4E5DC8 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\cltaldis.dll
16:11:45.0437 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\cltaldis.dll - ok
16:11:45.0437 1776 [ DA40159AB82A2E9AF64F4E30B1BF05F0 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\MUI\18.7.1.3\09\01\cltres.loc
16:11:45.0437 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\MUI\18.7.1.3\09\01\cltres.loc - ok
16:11:45.0437 1776 [ 5815E0AFC8C671C26D1516C30E0887C6 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\cltelprv.dll
16:11:45.0437 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\cltelprv.dll - ok
16:11:45.0453 1776 [ E392BF51CE0078A9FF682585109D8215 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\fwsesal.dll
16:11:45.0453 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\fwsesal.dll - ok
16:11:45.0453 1776 [ 70512B221F1A69DD768C8555B0967F70 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\sdkcmn.dll
16:11:45.0453 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\sdkcmn.dll - ok
16:11:45.0453 1776 [ 9C88AD938BECED2CCE2334AADD48F520 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\uialert.dll
16:11:45.0453 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\uialert.dll - ok
16:11:45.0453 1776 [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
16:11:45.0453 1776 C:\WINDOWS\system32\termsrv.dll - ok
16:11:45.0453 1776 [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
16:11:45.0453 1776 C:\WINDOWS\system32\icaapi.dll - ok
16:11:45.0468 1776 [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
16:11:45.0468 1776 C:\WINDOWS\system32\mstlsapi.dll - ok
16:11:45.0468 1776 [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
16:11:45.0468 1776 C:\WINDOWS\system32\tapisrv.dll - ok
16:11:45.0468 1776 [ 83726CF02ECED69138948083E06B6EAC ] C:\WINDOWS\system32\drivers\NAV\1207010.003\srtsp.sys
16:11:45.0468 1776 C:\WINDOWS\system32\drivers\NAV\1207010.003\srtsp.sys - ok
16:11:45.0468 1776 [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe
16:11:45.0468 1776 C:\WINDOWS\system32\rundll32.exe - ok
16:11:45.0468 1776 [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
16:11:45.0468 1776 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
16:11:45.0484 1776 [ 826F699B69E88A3920C70F344DD42D88 ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20121207.020\NAVEX15.SYS
16:11:45.0484 1776 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20121207.020\NAVEX15.SYS - ok
16:11:45.0484 1776 [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
16:11:45.0484 1776 C:\WINDOWS\system32\rastapi.dll - ok
16:11:45.0484 1776 [ 8E4C77AD9BB279900C00F870CC0C674B ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20121207.020\NAVENG.SYS
16:11:45.0484 1776 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20121207.020\NAVENG.SYS - ok
16:11:45.0484 1776 [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
16:11:45.0484 1776 C:\WINDOWS\system32\unimdm.tsp - ok
16:11:45.0500 1776 [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
16:11:45.0500 1776 C:\WINDOWS\system32\uniplat.dll - ok
16:11:45.0500 1776 [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
16:11:45.0500 1776 C:\WINDOWS\system32\kmddsp.tsp - ok
16:11:45.0500 1776 [ 6895427873D6C37A6D6DA7C3DB37DA14 ] C:\WINDOWS\system32\licwmi.dll
16:11:45.0500 1776 C:\WINDOWS\system32\licwmi.dll - ok
16:11:45.0500 1776 [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
16:11:45.0500 1776 C:\WINDOWS\system32\ndptsp.tsp - ok
16:11:45.0500 1776 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
16:11:45.0500 1776 C:\WINDOWS\system32\wbem\framedyn.dll - ok
16:11:45.0515 1776 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
16:11:45.0515 1776 C:\WINDOWS\system32\ipconf.tsp - ok
16:11:45.0515 1776 [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
16:11:45.0515 1776 C:\WINDOWS\system32\h323.tsp - ok
16:11:45.0515 1776 [ A693A49A67673F2C8D76797EA9A628D0 ] C:\WINDOWS\system32\licdll.dll
16:11:45.0515 1776 C:\WINDOWS\system32\licdll.dll - ok
16:11:45.0515 1776 [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
16:11:45.0515 1776 C:\WINDOWS\system32\hidphone.tsp - ok
16:11:45.0515 1776 [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
16:11:45.0515 1776 C:\WINDOWS\system32\rasppp.dll - ok
16:11:45.0531 1776 [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
16:11:45.0531 1776 C:\WINDOWS\system32\ntlsapi.dll - ok
16:11:45.0531 1776 [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
16:11:45.0531 1776 C:\WINDOWS\system32\rasqec.dll - ok
16:11:45.0531 1776 [ A0AE7F043497C9971E9D7FE291099D40 ] C:\WINDOWS\system32\msxml6.dll
16:11:45.0531 1776 C:\WINDOWS\system32\msxml6.dll - ok
16:11:45.0531 1776 [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
16:11:45.0531 1776 C:\WINDOWS\system32\alg.exe - ok
16:11:45.0531 1776 [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
16:11:45.0531 1776 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
16:11:45.0546 1776 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
16:11:45.0546 1776 C:\WINDOWS\system32\cfgmgr32.dll - ok
16:11:45.0546 1776 [ AFDCC326174D131C374766FEB946F496 ] C:\Program Files\Java\jre7\bin\awt.dll
16:11:45.0546 1776 C:\Program Files\Java\jre7\bin\awt.dll - ok
16:11:45.0546 1776 [ 47B5CF49EF651E9954231BA079A95058 ] C:\Program Files\Java\jre7\bin\client\jvm.dll
16:11:45.0546 1776 C:\Program Files\Java\jre7\bin\client\jvm.dll - ok
16:11:45.0546 1776 [ 615F729DF8E1E7160445858C6D32C910 ] C:\Program Files\Java\jre7\bin\dcpr.dll
16:11:45.0546 1776 C:\Program Files\Java\jre7\bin\dcpr.dll - ok
16:11:45.0546 1776 [ 40D1D0A2569395D34A7CE070F99A5365 ] C:\Program Files\Java\jre7\bin\deploy.dll
16:11:45.0546 1776 C:\Program Files\Java\jre7\bin\deploy.dll - ok
16:11:45.0562 1776 [ DA443EC760094294B23EBDE1CB1FF213 ] C:\Program Files\Java\jre7\bin\fontmanager.dll
16:11:45.0562 1776 C:\Program Files\Java\jre7\bin\fontmanager.dll - ok
16:11:45.0562 1776 [ 26F2B2669BBEEFA02DCC8052701D9563 ] C:\Program Files\Java\jre7\bin\java.dll
16:11:45.0562 1776 C:\Program Files\Java\jre7\bin\java.dll - ok
16:11:45.0562 1776 [ 5BD255C0051A41738FCB67F3A0C68DCA ] C:\Program Files\Java\jre7\bin\javaw.exe
16:11:45.0562 1776 C:\Program Files\Java\jre7\bin\javaw.exe - ok
16:11:45.0562 1776 [ 8CB1564D5084BAA5B79A77CBC92621C5 ] C:\Program Files\Java\jre7\bin\jp2native.dll
16:11:45.0562 1776 C:\Program Files\Java\jre7\bin\jp2native.dll - ok
16:11:45.0562 1776 [ 9A85F6C0D35643AA02199C95ECCE2CF1 ] C:\Program Files\Java\jre7\bin\jpeg.dll
16:11:45.0562 1776 C:\Program Files\Java\jre7\bin\jpeg.dll - ok
16:11:45.0578 1776 [ 687A1BEA3FEF91B75F8CF46B0620C9D7 ] C:\Program Files\Java\jre7\bin\net.dll
16:11:45.0578 1776 C:\Program Files\Java\jre7\bin\net.dll - ok
16:11:45.0578 1776 [ 8C1D980BD50D81261B770B47C1553976 ] C:\Program Files\Java\jre7\bin\nio.dll
16:11:45.0578 1776 C:\Program Files\Java\jre7\bin\nio.dll - ok
16:11:45.0578 1776 [ 8CC69BCE988C0921CCFE7AFFEA394B17 ] C:\Program Files\Java\jre7\bin\verify.dll
16:11:45.0578 1776 C:\Program Files\Java\jre7\bin\verify.dll - ok
16:11:45.0578 1776 [ 2A65F096DFEFD5AF498A43CD53D53B0C ] C:\Program Files\Java\jre7\bin\zip.dll
16:11:45.0578 1776 C:\Program Files\Java\jre7\bin\zip.dll - ok
16:11:45.0593 1776 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\DOCUME~1\Dale\LOCALS~1\Temp\7D94CB51-80B9-4A5C-9E2A-8E29E9695DA1.exe
16:11:45.0593 1776 C:\DOCUME~1\Dale\LOCALS~1\Temp\7D94CB51-80B9-4A5C-9E2A-8E29E9695DA1.exe - ok
16:11:45.0593 1776 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
16:11:45.0593 1776 C:\WINDOWS\system32\linkinfo.dll - ok
16:11:45.0593 1776 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
16:11:45.0593 1776 C:\WINDOWS\system32\ntshrui.dll - ok
16:11:45.0593 1776 [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
16:11:45.0593 1776 C:\WINDOWS\system32\verclsid.exe - ok
16:11:45.0593 1776 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\38591397.sys
16:11:45.0593 1776 C:\WINDOWS\system32\drivers\38591397.sys - ok
16:11:45.0609 1776 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
16:11:45.0609 1776 C:\WINDOWS\system32\webcheck.dll - ok
16:11:45.0609 1776 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\system32\imapi.exe
16:11:45.0609 1776 C:\WINDOWS\system32\imapi.exe - ok
16:11:45.0609 1776 [ 0462CBEF952EC8764932351DECDFB842 ] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
16:11:45.0609 1776 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe - ok
16:11:45.0609 1776 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
16:11:45.0609 1776 C:\WINDOWS\system32\mlang.dll - ok
16:11:45.0625 1776 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
16:11:45.0625 1776 C:\WINDOWS\system32\stobject.dll - ok
16:11:45.0625 1776 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
16:11:45.0625 1776 C:\WINDOWS\system32\batmeter.dll - ok
16:11:45.0625 1776 [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
16:11:45.0625 1776 C:\WINDOWS\system32\security.dll - ok
16:11:45.0625 1776 [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
16:11:45.0625 1776 C:\WINDOWS\system32\WPDShServiceObj.dll - ok
16:11:45.0625 1776 [ 6B03F75CB944B1A8FEFF4FB573EACD2F ] C:\WINDOWS\system32\spool\drivers\w32x86\3\LMpdpsrv.exe
16:11:45.0625 1776 C:\WINDOWS\system32\spool\drivers\w32x86\3\LMpdpsrv.exe - ok
16:11:45.0640 1776 [ B2B2FE2671DD98A322B0AD7079C0B2B2 ] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
16:11:45.0640 1776 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe - ok
16:11:45.0640 1776 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
16:11:45.0640 1776 C:\WINDOWS\system32\upnp.dll - ok
16:11:45.0640 1776 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
16:11:45.0640 1776 C:\WINDOWS\system32\ssdpapi.dll - ok
16:11:45.0640 1776 [ 393FC0C76E18A96D26B2D0404F32C6C8 ] C:\Program Files\FileZilla FTP Client\fzshellext.dll
16:11:45.0640 1776 C:\Program Files\FileZilla FTP Client\fzshellext.dll - ok
16:11:45.0656 1776 [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll
16:11:45.0656 1776 C:\WINDOWS\system32\mydocs.dll - ok
16:11:45.0656 1776 [ A4E85BDA66CF4DE8070D6F744D181C12 ] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
16:11:45.0656 1776 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe - ok
16:11:45.0656 1776 [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll
16:11:45.0656 1776 C:\WINDOWS\system32\wbem\wmipcima.dll - ok
16:11:45.0656 1776 [ 9D56299FA5C9B3D9E67FF3ACB301139F ] C:\Program Files\lg_fwupdate\lgfw.exe
16:11:45.0656 1776 C:\Program Files\lg_fwupdate\lgfw.exe - ok
16:11:45.0656 1776 [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
16:11:45.0656 1776 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
16:11:45.0671 1776 [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
16:11:45.0671 1776 C:\WINDOWS\system32\PortableDeviceApi.dll - ok
16:11:45.0671 1776 [ 8C2DB4B2962D47DF7F21935DBEAF5E88 ] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe
16:11:45.0671 1776 C:\Program Files\NVIDIA Corporation\nView\nwiz.exe - ok
16:11:45.0671 1776 [ 237DC940D25BFC351000D00B5F7F2CCD ] C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll
16:11:45.0671 1776 C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll - ok
16:11:45.0671 1776 [ 69581380E69C8DCE30EDE2A463C912EE ] C:\Program Files\QuickTime\QTTask.exe
16:11:45.0671 1776 C:\Program Files\QuickTime\QTTask.exe - ok
16:11:45.0671 1776 [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
16:11:45.0671 1776 C:\WINDOWS\system32\drivers\http.sys - ok
16:11:45.0687 1776 [ B0B99C20EF2D7848A478ABB3DACAEC1F ] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
16:11:45.0687 1776 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe - ok
16:11:45.0687 1776 [ 4ED24D7E8D3AFBA482BCBFF76C914399 ] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaamon_ENU.dll
16:11:45.0687 1776 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaamon_ENU.dll - ok
16:11:45.0687 1776 [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
16:11:45.0687 1776 C:\WINDOWS\system32\ssdpsrv.dll - ok
16:11:45.0687 1776 [ 165AE7A443F2139DD2C078AD87699F91 ] C:\Program Files\Microsoft Office\OFFICE11\MSOHEV.DLL
16:11:45.0687 1776 C:\Program Files\Microsoft Office\OFFICE11\MSOHEV.DLL - ok
16:11:45.0703 1776 [ 407811B64B588FE80FA2E27E783B41EA ] C:\Program Files\iTunes\iTunesHelper.exe
16:11:45.0703 1776 C:\Program Files\iTunes\iTunesHelper.exe - ok
16:11:45.0703 1776 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
16:11:45.0703 1776 C:\WINDOWS\system32\rasdlg.dll - ok
16:11:45.0703 1776 [ 215C025C508961A6278DD45F12559C43 ] C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
16:11:45.0703 1776 C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe - ok
16:11:45.0703 1776 [ 4EB0C6C3EF4D8885CF2B5D0062F31E44 ] C:\Program Files\DivX\DivX Update\DivXUpdate.exe
16:11:45.0703 1776 C:\Program Files\DivX\DivX Update\DivXUpdate.exe - ok
16:11:45.0703 1776 [ D01F0643525B29C6B49FD1EA6E84A788 ] C:\Program Files\CyberLink\PowerDVD\CLRCEngine3.dll
16:11:45.0703 1776 C:\Program Files\CyberLink\PowerDVD\CLRCEngine3.dll - ok
16:11:45.0718 1776 [ DF3C3CA94CBC9DE07AC3EB49440A8D45 ] C:\WINDOWS\system32\mshtml.dll
16:11:45.0718 1776 C:\WINDOWS\system32\mshtml.dll - ok
16:11:45.0718 1776 [ 96CE1FCB4579147B49F63DB46E3E191B ] C:\Program Files\CyberLink\PowerDVD\msvcr71.dll
16:11:45.0718 1776 C:\Program Files\CyberLink\PowerDVD\msvcr71.dll - ok
16:11:45.0718 1776 [ 0600CB2613BEA0C6C0987B58D56D77B9 ] C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
16:11:45.0718 1776 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe - ok
16:11:45.0718 1776 [ 60CBD3108328691FFFAAD369A0DF0032 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\qbackup.dll
16:11:45.0718 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\qbackup.dll - ok
16:11:45.0718 1776 [ B63E5C7807334A3A8F731062F15462CC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
16:11:45.0718 1776 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
16:11:45.0734 1776 [ 8E16BF5600797E678EA97051CF93E6BF ] C:\WINDOWS\system32\dumprep.exe
16:11:45.0734 1776 C:\WINDOWS\system32\dumprep.exe - ok
16:11:45.0734 1776 [ 12916E0642E92561C98B18A2A2D01B14 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
16:11:45.0734 1776 C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
16:11:45.0734 1776 [ 2F26EF0396AE2D2B43A174A4BF3D28BC ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccscanw.dll
16:11:45.0734 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccscanw.dll - ok
16:11:45.0734 1776 [ 2ACCD352451EC0F99AF2AD9DB6DB4439 ] C:\WINDOWS\system32\msls31.dll
16:11:45.0734 1776 C:\WINDOWS\system32\msls31.dll - ok
16:11:45.0734 1776 [ AE60B9A32E648E65CB2C831D9E38C230 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ecmldr32.dll
16:11:45.0734 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ecmldr32.dll - ok
16:11:45.0750 1776 [ E11457C66FDD966EE415FBBC6D9BE643 ] C:\WINDOWS\system32\msimtf.dll
16:11:45.0750 1776 C:\WINDOWS\system32\msimtf.dll - ok
16:11:45.0750 1776 [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\msctf.dll
16:11:45.0750 1776 C:\WINDOWS\system32\msctf.dll - ok
16:11:45.0750 1776 [ 0689622E6484934EB6E5F4D3A96311F9 ] C:\WINDOWS\system32\jscript.dll
16:11:45.0750 1776 C:\WINDOWS\system32\jscript.dll - ok
16:11:45.0750 1776 [ 5744FFF8E72D105C138DAE9E17BB29FE ] C:\Program Files\Mozilla Firefox\firefox.exe
16:11:45.0750 1776 C:\Program Files\Mozilla Firefox\firefox.exe - ok
16:11:45.0750 1776 [ 9EC8510AB428F079BFCC96A7B2F8709C ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20121207.020\ECMSVR32.DLL
16:11:45.0750 1776 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20121207.020\ECMSVR32.DLL - ok
16:11:45.0765 1776 [ 69F88751C739AE79908B5BFCE8D9915B ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20121207.020\NAVEX32A.DLL
16:11:45.0765 1776 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20121207.020\NAVEX32A.DLL - ok
16:11:45.0765 1776 [ 64B33CC5BF131DEF2721394CF9B3F8ED ] C:\WINDOWS\system32\msvbvm60.dll
16:11:45.0765 1776 C:\WINDOWS\system32\msvbvm60.dll - ok
16:11:45.0765 1776 [ B2A71BBFFB31A196DE001CF94EB8D3B4 ] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
16:11:45.0765 1776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe - ok
16:11:45.0765 1776 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe
16:11:45.0765 1776 C:\WINDOWS\system32\ctfmon.exe - ok
16:11:45.0765 1776 [ C84A5C60883395B875F01140F48BB887 ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20121207.020\NAVENG32.DLL
16:11:45.0765 1776 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20121207.020\NAVENG32.DLL - ok
16:11:45.0781 1776 [ 55BC290755F545FF16910799F3D86B59 ] C:\WINDOWS\system32\nvmctray.dll
16:11:45.0781 1776 C:\WINDOWS\system32\nvmctray.dll - ok
16:11:45.0781 1776 [ B06F0B4297AFA7E76A8B2D81082FA426 ] C:\Program Files\AIM\aim.exe
16:11:45.0781 1776 C:\Program Files\AIM\aim.exe - ok
16:11:45.0781 1776 [ CC4C812E4BB09FD47AA38E5D3172CFFE ] C:\Program Files\Download Manager\DLM.exe
16:11:45.0781 1776 C:\Program Files\Download Manager\DLM.exe - ok
16:11:45.0781 1776 [ 83F59DF33950CC21AEAB737C681AFC6F ] C:\Program Files\NVIDIA Corporation\nView\nView.dll
16:11:45.0781 1776 C:\Program Files\NVIDIA Corporation\nView\nView.dll - ok
16:11:45.0796 1776 [ 58D8F10B1F2C2C4F8C3A57830EB72852 ] C:\WINDOWS\system32\nvwddi.dll
16:11:45.0796 1776 C:\WINDOWS\system32\nvwddi.dll - ok
16:11:45.0796 1776 [ BD7F0161D800071BDF23146FCEC7C056 ] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
16:11:45.0796 1776 C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe - ok
16:11:45.0796 1776 [ 88BEEF09C654252F3E46B6167B7F4ECB ] C:\WINDOWS\system32\msisip.dll
16:11:45.0796 1776 C:\WINDOWS\system32\msisip.dll - ok
16:11:45.0796 1776 [ 3A6D465F379E5C815F4AD565391E654C ] C:\WINDOWS\system32\wshext.dll
16:11:45.0796 1776 C:\WINDOWS\system32\wshext.dll - ok
16:11:45.0796 1776 [ F0B0D86C7E5CE1781BB92F300169A257 ] C:\PROGRA~1\MICROS~3\OFFICE11\MCPS.DLL
16:11:45.0796 1776 C:\PROGRA~1\MICROS~3\OFFICE11\MCPS.DLL - ok
16:11:45.0812 1776 [ D1F235A87A3940C376001BD8A8A4AA26 ] C:\Program Files\iTunes\iTunesHelper.dll
16:11:45.0812 1776 C:\Program Files\iTunes\iTunesHelper.dll - ok
16:11:45.0812 1776 [ 6C925386E1395925B1A199A64B6726C7 ] C:\Program Files\Lexmark X125\LEX125SU.exe
16:11:45.0812 1776 C:\Program Files\Lexmark X125\LEX125SU.exe - ok
16:11:45.0812 1776 [ CEF20CB83B36EC2DBB99D38DC80FC826 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
16:11:45.0812 1776 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
16:11:45.0812 1776 [ 54F4EEB0930BDC9C065FD5350D521708 ] C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
16:11:45.0812 1776 C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE - ok
16:11:45.0812 1776 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
16:11:45.0812 1776 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
16:11:45.0828 1776 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
16:11:45.0828 1776 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
16:11:45.0828 1776 [ 0EEE814627F4384291687671F76419F6 ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
16:11:45.0828 1776 C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
16:11:45.0828 1776 [ D16903B9431F799877AD6DF13D16BDA0 ] C:\Program Files\Adobe\Reader 9.0\Reader\atl.dll
16:11:45.0828 1776 C:\Program Files\Adobe\Reader 9.0\Reader\atl.dll - ok
16:11:45.0828 1776 [ 554BD99F802FCC7BFE7FA7102384A2D2 ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
16:11:45.0828 1776 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
16:11:45.0843 1776 [ 1F2C969E902CCEF296B465052FAB04E8 ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
16:11:45.0843 1776 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
16:11:45.0843 1776 [ EB4CDF2ECA64FBACAFBAD2B04B1B2862 ] C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
16:11:45.0843 1776 C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll - ok
16:11:45.0843 1776 [ 39C821EF59F82FF6CDCCA768E5E36BBE ] C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll
16:11:45.0843 1776 C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll - ok
16:11:45.0843 1776 [ 1F4F52372A6DE6266313018E62B046AE ] C:\WINDOWS\system32\IASDLL.dll
16:11:45.0843 1776 C:\WINDOWS\system32\IASDLL.dll - ok
16:11:45.0843 1776 [ EBF4A4251A7174B6C94AF0455C8181DD ] C:\WINDOWS\system32\stacapi.dll
16:11:45.0843 1776 C:\WINDOWS\system32\stacapi.dll - ok
16:11:45.0859 1776 [ 3075B86A8EE385CADA46F69386430FCF ] C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll
16:11:45.0859 1776 C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll - ok
16:11:45.0859 1776 [ 608E159EC424C6B54D04ABFDF2E8F8B0 ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll
16:11:45.0859 1776 C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll - ok
16:11:45.0859 1776 [ C88C65DF1ED4DFD34CFBD11CDFE519A3 ] C:\WINDOWS\system32\wucltui.dll
16:11:45.0859 1776 C:\WINDOWS\system32\wucltui.dll - ok
16:11:45.0859 1776 [ 4707F5DC3FD96F7A5DAE3FFD79B72A4B ] C:\WINDOWS\system32\SFIMLARK.dll
16:11:45.0859 1776 C:\WINDOWS\system32\SFIMLARK.dll - ok
16:11:45.0859 1776 [ 9B9F1C38D559047B8AC0DBA2D5FEBDE9 ] C:\WINDOWS\system32\ksuser.dll
16:11:45.0859 1776 C:\WINDOWS\system32\ksuser.dll - ok
16:11:45.0875 1776 [ 836FD591D68E1A30FFC2185E1792C08D ] C:\WINDOWS\system32\IASMXDLL.dll
16:11:45.0875 1776 C:\WINDOWS\system32\IASMXDLL.dll - ok
16:11:45.0875 1776 [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Mozilla Firefox\msvcr100.dll
16:11:45.0875 1776 C:\Program Files\Mozilla Firefox\msvcr100.dll - ok
16:11:45.0875 1776 [ C2EFE31691B0220BA2D366F6ECD9EEBC ] C:\Program Files\Mozilla Firefox\mozglue.dll
16:11:45.0875 1776 C:\Program Files\Mozilla Firefox\mozglue.dll - ok
16:11:45.0875 1776 [ 4D8CAE21D3617DBC539F0A7ACEB66FAD ] C:\Program Files\Mozilla Firefox\nspr4.dll
16:11:45.0875 1776 C:\Program Files\Mozilla Firefox\nspr4.dll - ok
16:11:45.0890 1776 [ 03E9314004F504A14A61C3D364B62F66 ] C:\Program Files\Mozilla Firefox\msvcp100.dll
16:11:45.0890 1776 C:\Program Files\Mozilla Firefox\msvcp100.dll - ok
16:11:45.0890 1776 [ 2D64A5315260AAD1D6BEEE65D2681DB3 ] C:\Program Files\Mozilla Firefox\mozjs.dll
16:11:45.0890 1776 C:\Program Files\Mozilla Firefox\mozjs.dll - ok
16:11:45.0890 1776 [ 3CA6F14A03799707748558BC724882E1 ] C:\WINDOWS\system32\IASBB.dll
16:11:45.0890 1776 C:\WINDOWS\system32\IASBB.dll - ok
16:11:45.0890 1776 [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
16:11:45.0890 1776 C:\WINDOWS\system32\msutb.dll - ok
16:11:45.0890 1776 [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\sptip.dll
16:11:45.0890 1776 C:\WINDOWS\ime\sptip.dll - ok
16:11:45.0906 1776 [ 0206166F245BE09DC9C1550AFB2C0B8D ] C:\Program Files\Mozilla Firefox\nss3.dll
16:11:45.0906 1776 C:\Program Files\Mozilla Firefox\nss3.dll - ok
16:11:45.0906 1776 [ 15A9691C1F00631BC5475CEEF9A6EA62 ] C:\Program Files\Mozilla Firefox\nssutil3.dll
16:11:45.0906 1776 C:\Program Files\Mozilla Firefox\nssutil3.dll - ok
16:11:45.0906 1776 [ 6F255F96534FCF5FF4B611B52C1AB813 ] C:\Program Files\Mozilla Firefox\plc4.dll
16:11:45.0906 1776 C:\Program Files\Mozilla Firefox\plc4.dll - ok
16:11:45.0906 1776 [ 6B85D6ADEF244F9077BD7874610574A9 ] C:\Program Files\Mozilla Firefox\plds4.dll
16:11:45.0906 1776 C:\Program Files\Mozilla Firefox\plds4.dll - ok
16:11:45.0906 1776 [ 9F135327116E63D522BFEF39F37CB2E6 ] C:\Program Files\Mozilla Firefox\smime3.dll
16:11:45.0906 1776 C:\Program Files\Mozilla Firefox\smime3.dll - ok
16:11:45.0921 1776 [ F5720ED4EEA3D62A3C9AF0950F2B7D23 ] C:\Program Files\Mozilla Firefox\ssl3.dll
16:11:45.0921 1776 C:\Program Files\Mozilla Firefox\ssl3.dll - ok
16:11:45.0921 1776 [ 3D2706E87D3E4433DB929B86207CA928 ] C:\Program Files\Mozilla Firefox\mozsqlite3.dll
16:11:45.0921 1776 C:\Program Files\Mozilla Firefox\mozsqlite3.dll - ok
16:11:45.0921 1776 [ 52652560BCE03F232CE6AF381D82CE5F ] C:\Program Files\Mozilla Firefox\mozalloc.dll
16:11:45.0921 1776 C:\Program Files\Mozilla Firefox\mozalloc.dll - ok
16:11:45.0921 1776 [ A38B82A306CDDA0BB141225F92FC9F85 ] C:\Program Files\Mozilla Firefox\gkmedias.dll
16:11:45.0921 1776 C:\Program Files\Mozilla Firefox\gkmedias.dll - ok
16:11:45.0921 1776 [ D47FDF1E73D17405CD9A3BE24B96E699 ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
16:11:45.0921 1776 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
16:11:45.0937 1776 [ 605C6370240FC79CADBCD34960A741D2 ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
16:11:45.0937 1776 C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
16:11:45.0937 1776 [ A0609BDC6F6FB484897C9D93EDB72F2B ] C:\Program Files\Yahoo!\Messenger\YImage.dll
16:11:45.0937 1776 C:\Program Files\Yahoo!\Messenger\YImage.dll - ok
16:11:45.0937 1776 [ A41CFD35F3E135D92B4A29424968F07D ] C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
16:11:45.0937 1776 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok
16:11:45.0937 1776 [ 2F359693EFBB3C0866CE37A9C1C94BA7 ] C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll
16:11:45.0937 1776 C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok
16:11:45.0937 1776 [ DB57437554169643CB7E83E2331090CE ] C:\Program Files\Yahoo!\Messenger\YCPFoundation.dll
16:11:45.0937 1776 C:\Program Files\Yahoo!\Messenger\YCPFoundation.dll - ok
16:11:45.0953 1776 [ B82A8501EC8D157C538AD39ABC2F232B ] C:\Program Files\Yahoo!\Messenger\nspr4.dll
16:11:45.0953 1776 C:\Program Files\Yahoo!\Messenger\nspr4.dll - ok
16:11:45.0953 1776 [ 4E0469BAD610FC6A83669A2DAEA120C2 ] C:\Program Files\AIM\xprt6.dll
16:11:45.0953 1776 C:\Program Files\AIM\xprt6.dll - ok
16:11:45.0953 1776 [ 9E03DC5AB51CFD0190541CE2038D819D ] C:\WINDOWS\system32\usp10.dll
16:11:45.0953 1776 C:\WINDOWS\system32\usp10.dll - ok
16:11:45.0953 1776 [ 850909AF581A65F770681090CE60AD99 ] C:\Program Files\Yahoo!\Messenger\ylog.dll
16:11:45.0953 1776 C:\Program Files\Yahoo!\Messenger\ylog.dll - ok
16:11:45.0953 1776 [ 4D03CA609E68F4C90CF66515218017F8 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
16:11:45.0953 1776 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll - ok
16:11:45.0968 1776 [ 47EE953ABA2F4BB6B2F48C20C7BB5BD7 ] C:\Program Files\Yahoo!\Messenger\clientmanager.dll
16:11:45.0968 1776 C:\Program Files\Yahoo!\Messenger\clientmanager.dll - ok
16:11:45.0968 1776 [ 871F979D70414C900B35E56222932DAF ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
16:11:45.0968 1776 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll - ok
16:11:45.0968 1776 [ 85305594B545D97D0D6E28B6E7B8786A ] C:\Program Files\Yahoo!\Messenger\yui.dll
16:11:45.0968 1776 C:\Program Files\Yahoo!\Messenger\yui.dll - ok
16:11:45.0968 1776 [ 5532E51DE040535AB5F9FAB82BB8AB94 ] C:\Program Files\Download Manager\XceedZip.dll
16:11:45.0968 1776 C:\Program Files\Download Manager\XceedZip.dll - ok
16:11:45.0968 1776 [ 66C91A227660D474DC1A8158631C0DEB ] C:\Program Files\QuickTime\QTSystem\QuickTime.qts
16:11:45.0968 1776 C:\Program Files\QuickTime\QTSystem\QuickTime.qts - ok
16:11:45.0984 1776 [ 81002C543A557AB167BD0F74139DEA97 ] C:\WINDOWS\system32\ElbyCDIO.dll
16:11:45.0984 1776 C:\WINDOWS\system32\ElbyCDIO.dll - ok
16:11:45.0984 1776 [ F783400E2FE67363BCAF43872CCF03A0 ] C:\Program Files\Yahoo!\Messenger\ymsglite.dll
16:11:45.0984 1776 C:\Program Files\Yahoo!\Messenger\ymsglite.dll - ok
16:11:45.0984 1776 [ CC0A1B28BC7825ACFB876D51F4563226 ] C:\WINDOWS\system32\ltkrn12n.dll
16:11:45.0984 1776 C:\WINDOWS\system32\ltkrn12n.dll - ok
16:11:45.0984 1776 [ 94FE9036311D4B1E076BF3F1B3CD4229 ] C:\Program Files\SlySoft\AnyDVD\AnyDialog.dll
16:11:45.0984 1776 C:\Program Files\SlySoft\AnyDVD\AnyDialog.dll - ok
16:11:45.0984 1776 [ 10274C74857FC47B86B85E6410091F56 ] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
16:11:46.0000 1776 C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll - ok
16:11:46.0000 1776 [ 315C866CFF1BF16DC5CDEF7E9C16ED6C ] C:\WINDOWS\system32\ltfil12n.DLL
16:11:46.0000 1776 C:\WINDOWS\system32\ltfil12n.DLL - ok
16:11:46.0000 1776 [ 0099D24356585743B0B35C222092FD8F ] C:\WINDOWS\system32\faultrep.dll
16:11:46.0000 1776 C:\WINDOWS\system32\faultrep.dll - ok
16:11:46.0000 1776 [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
16:11:46.0000 1776 C:\WINDOWS\system32\oledlg.dll - ok
16:11:46.0000 1776 [ 14C0CEED8B287EC6427719872669F159 ] C:\Program Files\Yahoo!\Messenger\YHTTP.dll
16:11:46.0000 1776 C:\Program Files\Yahoo!\Messenger\YHTTP.dll - ok
16:11:46.0000 1776 [ 6B5070F063CE5536A6C883B671E05884 ] C:\WINDOWS\twain_32.dll
16:11:46.0000 1776 C:\WINDOWS\twain_32.dll - ok
16:11:46.0015 1776 [ 91A2FEB2D72E2C6C929CD2EEF39174A5 ] C:\WINDOWS\system32\ltimg12n.dll
16:11:46.0015 1776 C:\WINDOWS\system32\ltimg12n.dll - ok
16:11:46.0015 1776 [ B1F58927E8ECFDF07CCF58CD65C652DE ] C:\Program Files\Yahoo!\Messenger\RGX.dll
16:11:46.0015 1776 C:\Program Files\Yahoo!\Messenger\RGX.dll - ok
16:11:46.0015 1776 [ A15953B45C1C46F89BD465E82EF62889 ] C:\WINDOWS\system32\LTDIS12n.dll
16:11:46.0015 1776 C:\WINDOWS\system32\LTDIS12n.dll - ok
16:11:46.0015 1776 [ 3155F44E152978608BA1B781282A304B ] C:\Program Files\Yahoo!\Messenger\YCPSSL.dll
16:11:46.0015 1776 C:\Program Files\Yahoo!\Messenger\YCPSSL.dll - ok
16:11:46.0015 1776 [ 22BBED8DE9C7104E82AE4AB031C8BBBA ] C:\Program Files\Yahoo!\Messenger\yalertcenterM.dll
16:11:46.0015 1776 C:\Program Files\Yahoo!\Messenger\yalertcenterM.dll - ok
16:11:46.0031 1776 [ 85D602CD410FC2C340D22F65EC4B6D27 ] C:\WINDOWS\system32\LXBGUSB.DLL
16:11:46.0031 1776 C:\WINDOWS\system32\LXBGUSB.DLL - ok
16:11:46.0031 1776 [ 4A98FDC9BC93E663BDB1B55F847CDCE1 ] C:\Program Files\QuickTime\QTSystem\QTCF.dll
16:11:46.0031 1776 C:\Program Files\QuickTime\QTSystem\QTCF.dll - ok
16:11:46.0031 1776 [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
16:11:46.0031 1776 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
16:11:46.0031 1776 [ 4C44A99BB7584D6B70507987BE786259 ] C:\Program Files\Mozilla Firefox\xul.dll
16:11:46.0031 1776 C:\Program Files\Mozilla Firefox\xul.dll - ok
16:11:46.0031 1776 [ 108127A4DC670EFC3D3CBBD533668C14 ] C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
16:11:46.0031 1776 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
16:11:46.0046 1776 [ 855F6333E3A4DFC6F3C8B0520C261FCD ] C:\WINDOWS\system32\msftedit.dll
16:11:46.0046 1776 C:\WINDOWS\system32\msftedit.dll - ok
16:11:46.0046 1776 [ 1793CC660605F63B14FB96C7707F75BA ] C:\WINDOWS\system32\perfproc.dll
16:11:46.0046 1776 C:\WINDOWS\system32\perfproc.dll - ok
16:11:46.0046 1776 [ 10A3BE228F8C14BE1E4FD716336E4889 ] C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
16:11:46.0046 1776 C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
16:11:46.0046 1776 [ 3AA2EC0B41F20CB4F0D226C49392612F ] C:\Program Files\Yahoo!\Messenger\res_msgr.dll
16:11:46.0046 1776 C:\Program Files\Yahoo!\Messenger\res_msgr.dll - ok
16:11:46.0062 1776 [ 85D2A186AFD93A318935791421EFC605 ] C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
16:11:46.0062 1776 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll - ok
16:11:46.0062 1776 [ 55C2E2127B7CE19BA4F68980896B1BA1 ] C:\Program Files\AIM\acccore.dll
16:11:46.0062 1776 C:\Program Files\AIM\acccore.dll - ok
16:11:46.0062 1776 [ E5CDAC7F5A7B0F6C2B7EDDC54B928018 ] C:\Program Files\AIM\coolcore61.dll
16:11:46.0062 1776 C:\Program Files\AIM\coolcore61.dll - ok
16:11:46.0062 1776 [ A340CD71EB535A3DD751B5F28723E50C ] C:\WINDOWS\system32\ddraw.dll
16:11:46.0062 1776 C:\WINDOWS\system32\ddraw.dll - ok
16:11:46.0062 1776 [ D8B91D94ECB123862B390FDE3250D3BB ] C:\WINDOWS\system32\dciman32.dll
16:11:46.0062 1776 C:\WINDOWS\system32\dciman32.dll - ok
16:11:46.0078 1776 [ F96E7E2F6E0FA294B4C117F53C8115D4 ] C:\Program Files\AIM\nss3.dll
16:11:46.0078 1776 C:\Program Files\AIM\nss3.dll - ok
16:11:46.0078 1776 [ 0EFB3626C2899955BC22C050842C1DB1 ] C:\Program Files\AIM\softokn3.dll
16:11:46.0078 1776 C:\Program Files\AIM\softokn3.dll - ok
16:11:46.0078 1776 [ 2BCBE95AF7810258983813B870EA0166 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\imcfg.dll
16:11:46.0078 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\imcfg.dll - ok
16:11:46.0078 1776 [ ECF7A68F841E6B44FD943788146798CA ] C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
16:11:46.0078 1776 C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok
16:11:46.0078 1776 [ 60B8974FA964F568C25A55C19D59883A ] C:\Program Files\AIM\plc4.dll
16:11:46.0078 1776 C:\Program Files\AIM\plc4.dll - ok
16:11:46.0093 1776 [ 4D774B94671141D491CFCB4CA3650EBF ] C:\Program Files\Mozilla Firefox\xpcom.dll
16:11:46.0093 1776 C:\Program Files\Mozilla Firefox\xpcom.dll - ok
16:11:46.0093 1776 [ 537DBA28451A112EFECCBD850B8C961F ] C:\Program Files\AIM\nspr4.dll
16:11:46.0093 1776 C:\Program Files\AIM\nspr4.dll - ok
16:11:46.0093 1776 [ 3BB617EF942280B0BE09D844BDE4AF56 ] C:\Program Files\AIM\plds4.dll
16:11:46.0093 1776 C:\Program Files\AIM\plds4.dll - ok
16:11:46.0093 1776 [ 31C79E69AAB3F66F84853B6A78DE8239 ] C:\Program Files\AIM\ssl3.dll
16:11:46.0093 1776 C:\Program Files\AIM\ssl3.dll - ok
16:11:46.0093 1776 [ B1DDF206A4B97C1ED89C3ABE2ECBE3EF ] C:\Program Files\AIM\smime3.dll
16:11:46.0093 1776 C:\Program Files\AIM\smime3.dll - ok
16:11:46.0109 1776 [ 32CDEDD15E2D1A557CD54552AE78FF86 ] C:\Program Files\iPod\bin\iPodService.exe
16:11:46.0109 1776 C:\Program Files\iPod\bin\iPodService.exe - ok
16:11:46.0109 1776 [ 520B9EF148145FDE39E4FB77E0C7FC48 ] C:\Program Files\Mozilla Firefox\components\browsercomps.dll
16:11:46.0109 1776 C:\Program Files\Mozilla Firefox\components\browsercomps.dll - ok
16:11:46.0109 1776 [ D0049860B63DD87A73A5D165C829C65F ] C:\WINDOWS\system32\t2embed.dll
16:11:46.0109 1776 C:\WINDOWS\system32\t2embed.dll - ok
16:11:46.0109 1776 [ C3200506FB212A0F4FB736A80E646C40 ] C:\WINDOWS\system32\lz32.dll
16:11:46.0109 1776 C:\WINDOWS\system32\lz32.dll - ok
16:11:46.0109 1776 [ 8C6B3E7CE7FA66EBD40549AEEBB51B8B ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll
16:11:46.0109 1776 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll - ok
16:11:46.0125 1776 [ 3DBAA8D7C333BA7FEB5AB2BF7A8EF65C ] C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll
16:11:46.0125 1776 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll - ok
16:11:46.0125 1776 [ 1667F3CAB41AE70A067DA1C2B13195FC ] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20121205.001\Scxpx86.dll
16:11:46.0125 1776 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20121205.001\Scxpx86.dll - ok
16:11:46.0125 1776 [ 0CFA8E4E0557BDC93484F3B679A3F810 ] C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll
16:11:46.0125 1776 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll - ok
16:11:46.0125 1776 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
16:11:46.0125 1776 C:\WINDOWS\system32\mscms.dll - ok
16:11:46.0140 1776 [ 5726D1AEFAE0B83D8491D03F80B5AC3C ] C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
16:11:46.0140 1776 C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe - ok
16:11:46.0140 1776 [ 9662E514A77389EB6F7E846DB8B44C4D ] C:\Program Files\Mozilla Firefox\softokn3.dll
16:11:46.0140 1776 C:\Program Files\Mozilla Firefox\softokn3.dll - ok
16:11:46.0140 1776 [ CF7C83513AD0F22070B6795590F6BA68 ] C:\Program Files\Mozilla Firefox\nssdbm3.dll
16:11:46.0140 1776 C:\Program Files\Mozilla Firefox\nssdbm3.dll - ok
16:11:46.0140 1776 [ D9FA57CBA32ABA63D5C30B854F660F07 ] C:\Program Files\Mozilla Firefox\freebl3.dll
16:11:46.0140 1776 C:\Program Files\Mozilla Firefox\freebl3.dll - ok
16:11:46.0140 1776 [ 2944201BCD2BCC92897551A95757DDBE ] C:\Program Files\Mozilla Firefox\nssckbi.dll
16:11:46.0140 1776 C:\Program Files\Mozilla Firefox\nssckbi.dll - ok
16:11:46.0156 1776 [ 303A63F4B913AA5D8998161CB77A8CE7 ] C:\WINDOWS\system32\feclient.dll
16:11:46.0156 1776 C:\WINDOWS\system32\feclient.dll - ok
16:11:46.0156 1776 [ 0607CBC6FA20114CB491EFE4B2F9EFAD ] C:\WINDOWS\system32\d3d9.dll
16:11:46.0156 1776 C:\WINDOWS\system32\d3d9.dll - ok
16:11:46.0156 1776 [ 31B067C412FA1A9BAD3CA2A63D7DA440 ] C:\WINDOWS\system32\d3d8thk.dll
16:11:46.0156 1776 C:\WINDOWS\system32\d3d8thk.dll - ok
16:11:46.0156 1776 [ 79128EF15A21117F4423230F08B1CB38 ] C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\distrptr.dll
16:11:46.0156 1776 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\distrptr.dll - ok
16:11:46.0156 1776 [ C142445B59C1DABA31F6397A34C42C74 ] C:\Program Files\Mozilla Firefox\plugin-container.exe
16:11:46.0156 1776 C:\Program Files\Mozilla Firefox\plugin-container.exe - ok
16:11:46.0171 1776 [ E7BC792810EC02DD1F7ED25D830E9324 ] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
16:11:46.0171 1776 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll - ok
16:11:46.0171 1776 [ 93DEB816C6985DD75D5A84AD5D266CAC ] C:\Program Files\AIM\nssckbi.dll
16:11:46.0171 1776 C:\Program Files\AIM\nssckbi.dll - ok
16:11:46.0171 1776 [ 86042F6F6A5287EAF9379C91D0BF72B6 ] C:\WINDOWS\system32\dwwin.exe
16:11:46.0171 1776 C:\WINDOWS\system32\dwwin.exe - ok
16:11:46.0171 1776 [ EF32415C2755E66CA1B345DF68C71243 ] C:\WINDOWS\system32\1033\dwintl.dll
16:11:46.0171 1776 C:\WINDOWS\system32\1033\dwintl.dll - ok
16:11:46.0171 1776 ============================================================
16:11:46.0171 1776 Scan finished
16:11:46.0171 1776 ============================================================
16:11:46.0281 3380 Detected object count: 5
16:11:46.0281 3380 Actual detected object count: 5
16:13:16.0781 3380 IAANTMON ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:16.0781 3380 IAANTMON ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:16.0781 3380 LicCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:16.0781 3380 LicCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:16.0781 3380 NAL ( UnsignedFile.Multi.Generic ) - skipped by user
16:13:16.0781 3380 NAL ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:13:17.0671 3380 \Device\Harddisk0\DR0\# - copied to quarantine
16:13:17.0671 3380 \Device\Harddisk0\DR0 - copied to quarantine
16:13:17.0718 3380 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
16:13:17.0718 3380 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
16:13:17.0718 3380 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
16:13:17.0734 3380 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
16:13:17.0750 3380 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
16:13:17.0750 3380 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
16:13:17.0750 3380 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
16:13:17.0750 3380 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
16:13:17.0750 3380 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
16:13:17.0765 3380 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
16:13:17.0765 3380 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
16:13:17.0765 3380 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
16:13:17.0796 3380 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
16:13:17.0796 3380 \Device\Harddisk0\DR0 - ok
16:13:17.0843 3380 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
16:13:17.0843 3380 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:13:17.0843 3380 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
16:13:33.0484 3080 Deinitialize success

#8
emeraldnzl

Posted 08 December 2012 - 04:37 PM

GeekU Instructor

GeekU Moderator
20,051 posts

16:13:17.0796 3380 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

I take it you did reboot and the cure was successful?

Ran aswMBR but it hung (twice) for 20+ minutes on my My Documents Adobe Reader folder - only has 5 files in it. After 2 reboot same thing, so skipped that and ran TDSSKiller:

Try this one:

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

#9
dale1234

Posted 08 December 2012 - 05:43 PM

Member

Topic Starter
Member
24 posts

16:13:17.0796 3380 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

I take it you did reboot and the cure was successful?

Yes.

Last report:

16:17:07.0828 2892 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:17:08.0187 2892 ============================================================
16:17:08.0187 2892 Current date / time: 2012/12/08 16:17:08.0187
16:17:08.0187 2892 SystemInfo:
16:17:08.0187 2892
16:17:08.0187 2892 OS Version: 5.1.2600 ServicePack: 3.0
16:17:08.0187 2892 Product type: Workstation
16:17:08.0187 2892 ComputerName: STEN
16:17:08.0187 2892 UserName: Dale
16:17:08.0187 2892 Windows directory: C:\WINDOWS
16:17:08.0187 2892 System windows directory: C:\WINDOWS
16:17:08.0187 2892 Processor architecture: Intel x86
16:17:08.0187 2892 Number of processors: 2
16:17:08.0187 2892 Page size: 0x1000
16:17:08.0187 2892 Boot type: Normal boot
16:17:08.0187 2892 ============================================================
16:17:10.0640 2892 BG loaded
16:17:11.0609 2892 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:17:11.0640 2892 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:17:11.0640 2892 Drive \Device\Harddisk2\DR4 - Size: 0xE8E0DB5E00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:17:11.0656 2892 ============================================================
16:17:11.0656 2892 \Device\Harddisk0\DR0:
16:17:11.0687 2892 MBR partitions:
16:17:11.0687 2892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2E933DC1
16:17:11.0687 2892 \Device\Harddisk1\DR1:
16:17:11.0687 2892 MBR partitions:
16:17:11.0687 2892 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0xAEA86702
16:17:11.0687 2892 \Device\Harddisk2\DR4:
16:17:11.0687 2892 MBR partitions:
16:17:11.0687 2892 \Device\Harddisk2\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747059C1
16:17:11.0687 2892 ============================================================
16:17:12.0093 2892 C: <-> \Device\Harddisk0\DR0\Partition1
16:17:12.0093 2892 I: <-> \Device\Harddisk1\DR1\Partition1
16:17:12.0140 2892 J: <-> \Device\Harddisk2\DR4\Partition1
16:17:12.0234 2892 ============================================================
16:17:12.0234 2892 Initialize success
16:17:12.0234 2892 ============================================================
16:20:05.0171 2856 Deinitialize success

Try this one:

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 133):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 00712684.sys
0xB7F4B000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F3A000 pci.sys
0xB80A8000 isapnp.sys
0xB80B8000 ohci1394.sys
0xB80C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80D8000 MountMgr.sys
0xB7F1B000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7EF5000 dmio.sys
0xB8330000 PartMgr.sys
0xB80E8000 VolSnap.sys
0xB7EDD000 atapi.sys
0xB7E26000 iaStor.sys
0xB80F8000 disk.sys
0xB8108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7E06000 fltmgr.sys
0xB7DAF000 SYMDS.SYS
0xB7CF4000 SYMEFA.SYS
0xB8118000 PxHelp20.sys
0xB7CDD000 KSecDD.sys
0xB7C50000 Ntfs.sys
0xB7C23000 NDIS.sys
0xB7C09000 Mup.sys
0xB56A0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xABB9F000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xABB8B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB5690000 \SystemRoot\system32\DRIVERS\HECI.sys
0xABB52000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xB8410000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xABB2E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8448000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xABB06000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB5680000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xABAF2000 \SystemRoot\system32\DRIVERS\parport.sys
0xB5670000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB8498000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB5660000 \SystemRoot\system32\DRIVERS\serial.sys
0xAE781000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB5650000 \SystemRoot\system32\DRIVERS\imapi.sys
0xABAD6000 \SystemRoot\System32\Drivers\AnyDVD.sys
0xB5640000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB5630000 \SystemRoot\system32\DRIVERS\redbook.sys
0xABAB3000 \SystemRoot\system32\DRIVERS\ks.sys
0xB83A0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB8709000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB3DAD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xAE771000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xABA9C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB3D9D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB3D8D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB83D8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xABA8B000 \SystemRoot\system32\DRIVERS\psched.sys
0xACB5B000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xAC64D000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xAC63D000 \SystemRoot\system32\DRIVERS\raspti.sys
0xABA5B000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xACB4B000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB5590000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85E4000 \SystemRoot\system32\DRIVERS\swenum.sys
0xAB9FD000 \SystemRoot\system32\DRIVERS\update.sys
0xADCFE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xACB3B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xACB1B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85EC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA97CA000 \SystemRoot\system32\drivers\sthda.sys
0xA97A6000 \SystemRoot\system32\drivers\portcls.sys
0xACB0B000 \SystemRoot\system32\drivers\drmk.sys
0xACAFB000 \SystemRoot\system32\drivers\sfng32.sys
0xB85F2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xAC4D6000 \SystemRoot\System32\Drivers\Null.SYS
0xB85F6000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8440000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB8420000 \SystemRoot\System32\drivers\vga.sys
0xB85F8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB85FC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8430000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8450000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB7BB8000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA9760000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA9707000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA96AE000 \SystemRoot\System32\Drivers\NAV\1207010.003\SYMTDI.SYS
0xA9688000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xACAEB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA9662000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xACADB000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA9603000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20121205.001\IDSxpx86.sys
0xA95DB000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA95B9000 \SystemRoot\System32\drivers\afd.sys
0xACACB000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA9595000 \SystemRoot\system32\drivers\NAV\1207010.003\Ironx86.SYS
0xB3D7D000 \SystemRoot\system32\drivers\NAV\1207010.003\SRTSPX.SYS
0xA956A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA94FA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB3D6D000 \SystemRoot\System32\Drivers\Fips.SYS
0xB3D5D000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xA949B000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xA947D000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xA9387000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20121130.005\BHDrvx86.sys
0xB3E05000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB3DF5000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB1307000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB3D3D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB12FF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB12FB000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB3D2D000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA92D0000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xB8594000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8460000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB8721000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBD623000 \SystemRoot\System32\ATMFD.DLL
0xB76E4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA864D000 \SystemRoot\system32\drivers\wdmaud.sys
0xB5DB9000 \SystemRoot\system32\drivers\sysaudio.sys
0xA85D2000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB85CE000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA8462000 \SystemRoot\system32\DRIVERS\srv.sys
0xA7E0E000 \SystemRoot\System32\Drivers\NAV\1207010.003\SRTSP.SYS
0xA7C88000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20121207.020\NAVEX15.SYS
0xA7BD3000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20121207.020\NAVENG.SYS
0xA7B3C000 \SystemRoot\System32\Drivers\HTTP.sys
0xA6A0E000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 40):
0 System Idle Process
4 System
680 C:\WINDOWS\system32\smss.exe
756 csrss.exe
784 C:\WINDOWS\system32\winlogon.exe
828 C:\WINDOWS\system32\services.exe
840 C:\WINDOWS\system32\lsass.exe
1016 C:\WINDOWS\system32\nvsvc32.exe
1096 C:\WINDOWS\system32\svchost.exe
1164 svchost.exe
1260 C:\WINDOWS\system32\svchost.exe
1336 svchost.exe
1456 svchost.exe
1696 C:\WINDOWS\system32\spoolsv.exe
1928 svchost.exe
1972 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1984 C:\Program Files\Bonjour\mDNSResponder.exe
168 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
228 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
444 C:\Program Files\Java\jre7\bin\jqs.exe
468 C:\WINDOWS\Runservice.exe
484 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe
744 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
1088 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
500 C:\WINDOWS\explorer.exe
2092 C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe
2680 alg.exe
2992 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3012 C:\WINDOWS\system32\spool\drivers\w32x86\3\LMpdpsrv.exe
3052 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
3376 C:\WINDOWS\system32\rundll32.exe
3476 C:\Program Files\iTunes\iTunesHelper.exe
3544 C:\WINDOWS\system32\wuauclt.exe
3568 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3872 C:\WINDOWS\system32\ctfmon.exe
272 C:\Program Files\iPod\bin\iPodService.exe
2024 C:\Program Files\Mozilla Firefox\firefox.exe
4028 C:\Program Files\Mozilla Firefox\plugin-container.exe
1840 wmiprvse.exe
972 C:\Documents and Settings\Dale\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\I: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\J: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3400620AS, Rev: 3.AAK
PhysicalDrive1 Model Number: ST31500341AS, Rev: CC1H
PhysicalDrive2 Model Number: SeagateFA GoFlex Desk, Rev: 0D0B

Size Device Name MBR Status
--------------------------------------------
372 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 31D100779DE502702C374F7C15687B56FCFD5528
1397 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
931 GB \\.\PhysicalDrive2 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Edited by dale1234, 08 December 2012 - 05:44 PM.

#10
emeraldnzl

Posted 08 December 2012 - 06:37 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Please run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[resethosts]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.

Next

Close all windows and open OTL again.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
/md5start
services.*
wbemess.dill
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
qmgr.dll
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%USERPROFILE%\..|smtmp;true;true;true /FP 
CREATERESTOREPOINT

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open a notepad window. OTL.Txt. This is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Note: If the log doesn't appear where you saved OTL when you downloaded it then a copy of the OTL log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles

When you return please post

OTL fix.txt
OTL scan. txt

#11
dale1234

Posted 08 December 2012 - 07:31 PM

Member

Topic Starter
Member
24 posts

FIX:

All processes killed
========== OTL ==========
C:\WINDOWS\System32\SET71EB.tmp deleted successfully.
C:\WINDOWS\System32\SET71F0.tmp deleted successfully.
C:\WINDOWS\System32\SET71F7.tmp deleted successfully.
C:\WINDOWS\System32\SET723F.tmp deleted successfully.
C:\WINDOWS\003028_.tmp deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Downloads\SPYWARE\OTL\cmd.bat deleted successfully.
C:\Downloads\SPYWARE\OTL\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Dale
->Temp folder emptied: 583306833 bytes
->Temporary Internet Files folder emptied: 119880514 bytes
->Java cache emptied: 2527273 bytes
->FireFox cache emptied: 92971716 bytes
->Flash cache emptied: 283247 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 154976 bytes
->Flash cache emptied: 492 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4040988 bytes
->Flash cache emptied: 626 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 52837069 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 298844588 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 9731581602 bytes

Total Files Cleaned = 10,382.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 12082012_190619

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_1e4.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

===================================
SCAN:

OTL logfile created on: 12/8/2012 7:19:09 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads\SPYWARE\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.32% Memory free
3.32 Gb Paging File | 2.83 Gb Available in Paging File | 85.41% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 372.60 Gb Total Space | 200.38 Gb Free Space | 53.78% Space Free | Partition Type: NTFS
Drive I: | 1397.26 Gb Total Space | 464.37 Gb Free Space | 33.23% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 729.93 Gb Free Space | 78.36% Space Free | Partition Type: NTFS

Computer Name: STEN | User Name: Dale | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/28 19:20:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\SPYWARE\OTL\OTL.exe
PRC - [2012/09/15 18:42:56 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/02/06 16:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/23 14:10:58 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe
PRC - [2006/05/11 11:47:24 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/05/11 11:46:54 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2002/07/11 14:31:56 | 000,045,056 | ---- | M] (DeviceGuys) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\LMpdpsrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/18 04:38:17 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\314f807b4f655af492182b597ea1e7a6\System.ServiceProcess.ni.dll
MOD - [2012/11/18 04:34:45 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\06cf816caaf03dc1d3f8945e335c5105\System.Runtime.Remoting.ni.dll
MOD - [2012/11/18 04:34:42 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\ae2ff153463bc98124e93c33296ec79c\System.EnterpriseServices.ni.dll
MOD - [2012/11/18 04:34:41 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\8531f40353107a46871aace28f057ec2\System.Transactions.ni.dll
MOD - [2012/11/18 04:09:40 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a8319839729e0e30785fcb36fb13b440\System.Windows.Forms.ni.dll
MOD - [2012/11/18 04:09:12 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9261a08aed6aa953fe0a4b90787657f1\System.Data.ni.dll
MOD - [2012/11/18 04:09:10 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\586e41e15e1d44fe197b9d1cc5575f8c\System.Xml.ni.dll
MOD - [2012/11/18 04:09:00 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\c409feb9182d01c80872f2031d68053e\System.Configuration.ni.dll
MOD - [2012/11/18 04:08:58 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\985109f2568f3251333dad29bc889421\System.Core.ni.dll
MOD - [2012/11/18 04:08:52 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\c87e56bad0d9eae13b89a0e2bb0efc1f\System.Drawing.ni.dll
MOD - [2012/11/18 04:08:46 | 009,092,608 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\982a5b70d861cb34f85e041075d5112c\System.ni.dll
MOD - [2012/11/18 04:08:31 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2011/07/28 17:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/08/09 23:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/03/23 14:10:58 | 000,048,640 | ---- | M] () -- C:\WINDOWS\mmfs.dll
MOD - [2008/03/23 14:10:58 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe

========== Services (SafeList) ==========

SRV - [2012/12/04 18:15:52 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/09 02:38:07 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/15 18:42:56 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/02/06 16:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe -- (NAV)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/03/23 14:10:58 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
SRV - [2006/05/11 11:46:54 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMREDRV.SYS -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMIDS.SYS -- (SYMIDS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMDNS.SYS -- (SYMDNS)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\PciCon.sys -- (PciCon)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPANEL.SYS -- (Cardex)
DRV - [2012/10/23 17:34:24 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20121130.005\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/09/12 19:16:34 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20121208.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/09/12 19:16:33 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20121208.007\NAVENG.SYS -- (NAVENG)
DRV - [2012/09/06 03:54:30 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20121205.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/08/08 21:07:48 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/08 21:07:48 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/04 15:23:51 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/05/02 16:12:15 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 19:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1207010.003\symtdi.sys -- (SYMTDI)
DRV - [2011/03/30 21:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NAV\1207010.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 21:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1207010.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/14 20:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1207010.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 00:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1207010.003\symds.sys -- (SymDS)
DRV - [2011/01/26 23:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1207010.003\ironx86.sys -- (SymIRON)
DRV - [2006/07/28 21:20:28 | 000,043,392 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2006/07/27 00:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/07/05 15:35:54 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2005/12/02 03:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=AVBR
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...=AVB3DF&pc=AVBR
IE - HKCU\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = http://www.ask.com/w...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.1.1.5%20-%203
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2012/02/05 17:37:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/31 05:36:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/04 18:15:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/08 13:46:05 | 000,000,000 | ---D | M]

[2008/11/12 12:45:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dale\Application Data\Mozilla\Extensions
[2012/10/23 13:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dale\Application Data\Mozilla\Firefox\Profiles\xp3g4fv2.default\extensions
[2012/10/11 13:51:28 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Dale\Application Data\Mozilla\Firefox\Profiles\xp3g4fv2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/10/11 13:51:26 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Dale\Application Data\Mozilla\Firefox\Profiles\xp3g4fv2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012/12/04 18:15:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/05 17:37:01 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPLGN
[2012/12/04 18:15:52 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/10 19:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/10 19:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/12/08 19:07:15 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelAudioStudio] C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\lgfw.exe (Bitleader)
O4 - HKLM..\Run: [LMPDPSRV] C:\WINDOWS\system32\spool\drivers\w32x86\3\LMpdpsrv.exe (DeviceGuys)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe (Lexmark International)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} http://simcity.ea.co...date/EARTPX.cab (EARTPatchX Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1342158861140 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} http://simcity.ea.co...ty4PatcherX.cab (MaxisSimCity4PatcherX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2F532D9-22E9-4328-AD01-E1D815227896}: DhcpNameServer = 75.75.76.76 75.75.75.75
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dale\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dale\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/27 02:35:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/02/14 22:53:50 | 000,000,027 | ---- | M] () - J:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.ZMBV - C:\WINDOWS\System32\zmbv.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/12/08 19:06:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/08 16:13:16 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/12/08 15:29:32 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dale\Desktop\tdsskiller.exe
[2012/12/08 13:56:09 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dale\Desktop\aswMBR.exe
[2012/12/04 18:15:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/11/28 08:27:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/11/18 14:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/11/18 14:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/11/18 13:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/11/18 04:06:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/18 04:03:14 | 001,866,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[2012/12/08 19:12:24 | 000,000,125 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2012/12/08 19:10:24 | 000,013,672 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/08 19:10:13 | 000,003,625 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2012/12/08 19:09:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/08 19:07:15 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/12/08 18:38:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/08 17:49:30 | 000,067,072 | ---- | M] () -- C:\Documents and Settings\Dale\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/08 17:39:58 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Dale\Desktop\MBRCheck.exe
[2012/12/08 16:01:03 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dale\Desktop\tdsskiller.exe
[2012/12/08 13:56:39 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dale\Desktop\aswMBR.exe
[2012/12/08 04:48:54 | 000,856,731 | ---- | M] () -- C:\Documents and Settings\Dale\Desktop\SecurityCheck.exe
[2012/12/05 22:37:29 | 000,001,125 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2012/11/28 22:51:02 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/27 22:12:11 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/11/18 18:53:59 | 000,000,361 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2012/11/18 18:46:51 | 000,212,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/18 04:44:11 | 000,476,136 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/18 04:44:11 | 000,077,044 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/11 17:46:45 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\Dale\Desktop\Shortcut to FG.lnk

========== Files Created - No Company Name ==========

[2012/12/08 17:39:58 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Dale\Desktop\MBRCheck.exe
[2012/11/28 22:51:02 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/11 17:46:45 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\Dale\Desktop\Shortcut to FG.lnk
[2012/09/21 12:17:50 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\Dale\favicons.dat
[2012/03/18 03:31:50 | 001,097,109 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1275210071-1960408961-725345543-1003-0.dat
[2012/03/18 03:31:49 | 000,215,498 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/03/10 21:02:22 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/15 23:27:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/05 17:36:40 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2012/02/02 01:00:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\dvdtest10024.dat
[2011/02/20 14:31:42 | 000,000,182 | ---- | C] () -- C:\WINDOWS\bgn.ini
[2010/12/11 19:51:32 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/11 19:51:30 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/11 19:51:30 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/05 16:23:58 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Dale\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2008/11/13 10:25:16 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\Dale\Application Data\LMCPaper.dat
[2008/11/13 10:14:05 | 000,003,932 | ---- | C] () -- C:\Documents and Settings\Dale\Application Data\LMLayout.dat
[2008/01/01 01:38:09 | 000,067,072 | ---- | C] () -- C:\Documents and Settings\Dale\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2011/08/13 15:01:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2007/12/27 02:35:30 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/12/27 02:30:43 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/06/07 10:29:08 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2004/08/03 22:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2007/12/27 02:35:30 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/10/27 23:53:47 | 000,000,120 | ---- | M] () -- C:\drmHeader.bin
[2007/12/27 02:35:30 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/07/09 17:38:26 | 000,001,924 | -H-- | M] () -- C:\IPH.PH
[2010/06/21 13:06:47 | 000,006,079 | ---- | M] () -- C:\JavaRa.log
[2007/12/27 02:35:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/28 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/06/24 00:03:39 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/12/08 19:09:48 | 1585,446,912 | -HS- | M] () -- C:\pagefile.sys
[2012/08/16 12:11:53 | 000,000,339 | ---- | M] () -- C:\RESUMESTUFF2012.txt
[2007/12/27 02:47:57 | 000,000,172 | ---- | M] () -- C:\sigmatel.log
[2007/12/27 02:44:33 | 000,000,090 | ---- | M] () -- C:\storage.log
[2012/12/08 16:03:22 | 000,005,138 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_08.12.2012_16.02.45_log.txt
[2012/12/08 16:13:33 | 000,346,418 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_08.12.2012_16.07.36_log.txt
[2012/12/08 16:20:05 | 000,005,200 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_08.12.2012_16.17.07_log.txt
[2012/08/13 02:50:01 | 000,000,280 | ---- | M] () -- C:\{44642451-0C54-445C-9E64-0B6D673E67B2}
[2011/03/16 12:19:17 | 000,000,280 | ---- | M] () -- C:\{E17CF5F5-A2D0-4B0C-8BE0-2BE571AA4A17}

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 05:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2006/02/28 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: QMGR.DLL >
[2006/02/28 06:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2006/02/28 06:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/13 18:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 18:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 18:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SERVICES >
[2006/02/28 06:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.EXE >
[2009/02/06 05:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 18:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 18:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 11:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 11:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 04:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2006/02/28 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< MD5 for: SERVICES.LNK >
[2007/12/27 02:35:30 | 000,001,602 | ---- | M] () MD5=9A3DC150419CEFD8F5D593B58CA84AAE -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2006/02/28 06:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2006/02/28 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2006/02/28 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\ERDNT\cache\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2006/02/28 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2006/02/28 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
"Type" = 32
"Start" = 3
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation)
"DisplayName" = Background Intelligent Transfer Service
"DependOnService" = Rpcss [binary data] -- [2009/02/09 06:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation)
"DependOnGroup" = [binary data]
"ObjectName" = LocalSystem
"Description" = Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
"FailureActions" = 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = C:\WINDOWS\system32\qmgr.dll -- [2008/04/13 18:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Enum]
"0" = Root\LEGACY_BITS\0000
"Count" = 1
"NextInstance" = 1

< %systemroot%\System32\config\*.sav >
[2007/12/26 21:20:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2007/12/26 21:20:44 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2007/12/26 21:20:44 | 000,909,312 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-11-18 10:13:52

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Avant Browser\shell\open\command\\: C:\Program Files\Avant Browser\avant.exe [2012/07/02 01:21:00 | 001,390,432 | ---- | M] (Avant Force)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Avant.Browser\shell\open\command\\: C:\Program Files\Avant Browser\avant.exe [2012/07/02 01:21:00 | 001,390,432 | ---- | M] (Avant Force)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\avant.exe\shell\open\command\\: "C:\Program Files\Avant Browser\avant.exe" [2012/07/02 01:21:00 | 001,390,432 | ---- | M] (Avant Force)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\AvantBrowser\shell\open\command\\: C:\Program Files\Avant Browser\avant.exe [2012/07/02 01:21:00 | 001,390,432 | ---- | M] (Avant Force)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/12/04 18:15:51 | 000,890,048 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/12/04 18:15:51 | 000,890,048 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/12/04 18:15:51 | 000,890,048 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/12/04 18:15:52 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/12/04 18:15:52 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/12/04 18:15:52 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 06:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 06:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 06:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Avant Browser\shell\open\command\\: C:\Program Files\Avant Browser\avant.exe [2012/07/02 01:21:00 | 001,390,432 | ---- | M] (Avant Force)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Avant.Browser\shell\open\command\\: C:\Program Files\Avant Browser\avant.exe [2012/07/02 01:21:00 | 001,390,432 | ---- | M] (Avant Force)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\avant.exe\shell\open\command\\: "C:\Program Files\Avant Browser\avant.exe" [2012/07/02 01:21:00 | 001,390,432 | ---- | M] (Avant Force)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\AvantBrowser\shell\open\command\\: C:\Program Files\Avant Browser\avant.exe [2012/07/02 01:21:00 | 001,390,432 | ---- | M] (Avant Force)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/12/04 18:15:51 | 000,890,048 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/12/04 18:15:51 | 000,890,048 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/12/04 18:15:51 | 000,890,048 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/12/04 18:15:52 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/12/04 18:15:52 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/12/04 18:15:52 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 06:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 06:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 06:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< End of report >

#12
emeraldnzl

Posted 08 December 2012 - 08:06 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello dale1234,

I assume partition J is an external hard drive and not one you ever use to boot your computer from? Tell me when you return.

For now

Your Adobe Acrobat Reader is out of date. Older versions are vunerable to attack.

Please go to the link below to update.

Note: Before you download ensure you uncheck the "Yes install McAfee" option. That is foistware.

http://www.adobe.com.../readstep2.html

Step 2

Your Java is out of date. Older versions are vunerable to attack.

Please follow these steps:

Download Java for Windows

Reboot your computer.
You also need to unininstall older versions of Java.
Click Start > Control Panel > Add or Remove Programs
Remove all Java updates except the latest one you have just installed.

After that

Please run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKCU\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = http://www.ask.com/w...q={searchTerms}

:Commands
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.

Finally in this post

Please download AdwCleaner from here to your desktop

Click on the green downward facing arrow on the right to commence download.
Run AdwCleaner and select Delete

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

So when you return please post

OTL.txt
AdwCleaner.log
tell me about that external drive
and tell me how your machine is now

#13
dale1234

Posted 08 December 2012 - 09:05 PM

Member

Topic Starter
Member
24 posts

emerald-

Fell off the rails a little here:

Tried updating Adobe and the "script on page" keeps breaking. Rebooted and tried again, same. Tried different browsers, same. Tried opening from program files and letting it find its own update, same. So something is rotten in my state of Adobe.

I uninstalled Java completely before reboot - if I need it again I'll grab the latest version.

I did not proceed with the OTL, etc., because I don't know if Adobe has to be fixed first.

Question 1: What's next?
Question 2: At what point should I auto-update Windows (since I pulled back the last couple of security patches when I thought they were the reason for the odd behavior)?

Thanks!

-dale

P.S. Woops, forgot to answer: Yes, the J: drive is an external HDD for data only - it's not a bootable drive.

Edited by dale1234, 08 December 2012 - 09:10 PM.

#14
emeraldnzl

Posted 08 December 2012 - 09:18 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Don't worry about the Adobe update for now.

Yes, the J: drive is an external HDD for data only - it's not a bootable drive.

That's fine, it showed up as an unknown MBR, probably not a problem but even if it was infected (which I doubt) it would only cause difficulties if it was used to boot up. Won't work otherwise.

Now

Do the OTL and AdwCleaner ones and post back the logs.

#15
dale1234

Posted 09 December 2012 - 01:20 AM

Member

Topic Starter
Member
24 posts

Don't worry about the Adobe update for now.

Yes, the J: drive is an external HDD for data only - it's not a bootable drive.

That's fine, it showed up as an unknown MBR, probably not a problem but even if it was infected (which I doubt) it would only cause difficulties if it was used to boot up. Won't work otherwise.

Now

Do the OTL and AdwCleaner ones and post back the logs.

Now I feel stupid - OTL isn't producing a log upon reboot.

ADW is:

# AdwCleaner v2.011 - Logfile created 12/09/2012 at 01:12:27
# Updated 02/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Dale - STEN
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Dale\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Common Files\Software Update Utility

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Dale\Application Data\Mozilla\Firefox\Profiles\xp3g4fv2.default\prefs.js

C:\Documents and Settings\Dale\Application Data\Mozilla\Firefox\Profiles\xp3g4fv2.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2891 octets] - [09/12/2012 01:12:27]

########## EOF - C:\AdwCleaner[S1].txt - [2951 octets] ##########
=============================================

the little "run as" pop-up is still appearing upon boot. Sound appears normal. Outlook runs (was not running more often than not before.)

-dale