• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Solved would like to make a really laptop (somewhat) functional

Status
Not open for further replies.
#21
Hi - I found this log generated also - I think it is the same as the one above, but just pasting this onenow, just in case:

ComboFix 17-07-07.01 - Patricia Murphy 07/19/2017 12:16:26.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.211 [GMT -4:00]
Running from: c:\documents and settings\Patricia Murphy\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\ntuser.pol
c:\documents and settings\NetworkService\Local Settings\Application Data\dsisetup14885002.exe
c:\documents and settings\NetworkService\Local Settings\Application Data\dsisetup5314062.exe
c:\documents and settings\NetworkService\Local Settings\Application Data\dsisetup6967652.exe
c:\documents and settings\Patricia Murphy\WINDOWS
C:\Documents
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2017-06-19 to 2017-07-19 )))))))))))))))))))))))))))))))
.
.
2017-07-18 14:05 . 2017-07-08 03:48 10685920 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{1A1DB36B-94CF-4B2F-8880-E8E693A4562A}\mpengine.dll
2017-07-14 04:03 . 2017-07-18 14:12 -------- d-----w- C:\FRST
2017-07-09 04:02 . 2017-07-09 04:04 -------- d-----w- c:\documents and settings\Patricia Murphy\Local Settings\Application Data\{512E6772-7586-0BCA-181E-2E223C76D2BA}
2017-07-08 08:49 . 2017-07-08 08:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Vosteran
2017-07-08 08:49 . 2017-07-08 08:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2017-07-08 05:30 . 2017-07-08 05:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Chromium
2017-07-08 05:29 . 2017-07-08 05:29 -------- d-----w- c:\documents and settings\Patricia Murphy\Local Settings\Application Data\chromium
2017-07-08 05:28 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2017-07-08 05:28 . 2017-07-08 05:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\{512E6772-7586-0BCA-181E-2E223C76D2BA}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-07-08 03:48 . 2013-05-04 23:11 10685920 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-01-23 21:19 . 2014-10-16 13:23 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Download"="c:\documents and settings\Patricia Murphy\Local Settings\Application Data\SupportSoft\ddoctorv2\Patricia Murphy\ssGet.exe" [2012-01-11 987648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-03-27 98304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 136704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]
[X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2005-08-31 17:06 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-12-06 16:45 839680 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 07:05 127035 ----a-w- c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 02:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 20:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-12-14 05:41 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-12-14 05:45 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-12-14 05:44 98304 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2005-12-28 17:56 602182 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2005-12-28 17:55 667718 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-09-09 01:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-09-09 01:20 110592 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 08:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
2005-12-12 21:06 874064 ----a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-03-27 14:35 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-03-27 14:35 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-11-17 03:35 397312 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-11-30 00:56 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [12/12/2011 12:03 PM 363128]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 MapsGalaxy_39Service;MapsGalaxyService;c:\progra~1\MAPSGA~2\bar\1.bin\39barsvc.exe [7/31/2014 4:27 PM 88648]
S2 Update EnterDigital;Update EnterDigital;"c:\program files\EnterDigital\updateEnterDigital.exe" --> c:\program files\EnterDigital\updateEnterDigital.exe [?]
S2 Util EnterDigital;Util EnterDigital;"c:\program files\EnterDigital\bin\utilEnterDigital.exe" --> c:\program files\EnterDigital\bin\utilEnterDigital.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-09-22 17:10 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2017-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-19 17:02]
.
2017-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-19 17:02]
.
2017-07-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/SpeedOptimizer/FiOS/vzTCPConfig.CAB
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
FF - ProfilePath - c:\documents and settings\Patricia Murphy\Application Data\Mozilla\Firefox\Profiles\y3tr1glo.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=pr-bfr-10FTI__alt__ddc_dsssyc_bd_com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bfr-10FTI__alt__ddc_dss_bd_com&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - ExtSQL: !HIDDEN! 2009-09-01 21:44; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2009-09-15 20:17; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF - user.js: extensions.srchvstrn.hmpg - true
FF - user.js: extensions.srchvstrn.hmpgUrl - hxxp://Vosteran.com/?f=1&a=vst_tier1_14_47_ch&cd=2XzuyEtN2Y1L1QzutDtDtCyD0CyDtD0AyB0D0EzyyBtCyEyBtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0FyD0E0A0ByCtAtG0Czz0AzztG0CyCzyyBtGzy0F0BtDtGyEyD0BtB0FtBtAzz0F0EyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG0A0ByDzztGyEyE0C0EtGzzyBzzyBtGtByEtAyBtCzz0F0B0FyE0A0E2Q&cr=444550780&ir=
FF - user.js: extensions.srchvstrn.dfltSrch - true
FF - user.js: extensions.srchvstrn.srchPrvdr - Vosteran
FF - user.js: extensions.srchvstrn.dnsErr - true
FF - user.js: extensions.srchvstrn_i.newTab - true
FF - user.js: extensions.srchvstrn.newTabUrl - hxxp://Vosteran.com/?f=2&a=vst_tier1_14_47_ch&cd=2XzuyEtN2Y1L1QzutDtDtCyD0CyDtD0AyB0D0EzyyBtCyEyBtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0FyD0E0A0ByCtAtG0Czz0AzztG0CyCzyyBtGzy0F0BtDtGyEyD0BtB0FtBtAzz0F0EyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG0A0ByDzztGyEyE0C0EtGzzyBzzyBtGtByEtAyBtCzz0F0B0FyE0A0E2Q&cr=444550780&ir=
FF - user.js: extensions.srchvstrn.tlbrSrchUrl - hxxp://Vosteran.com/?f=3&a=vst_tier1_14_47_ch&cd=2XzuyEtN2Y1L1QzutDtDtCyD0CyDtD0AyB0D0EzyyBtCyEyBtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0FyD0E0A0ByCtAtG0Czz0AzztG0CyCzyyBtGzy0F0BtDtGyEyD0BtB0FtBtAzz0F0EyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG0A0ByDzztGyEyE0C0EtGzzyBzzyBtGtByEtAyBtCzz0F0B0FyE0A0E2Q&cr=444550780&ir=&q=
FF - user.js: extensions.srchvstrn.id - 0015C50A7DE97147
FF - user.js: extensions.srchvstrn.instlDay - 16394
FF - user.js: extensions.srchvstrn.vrsn -
FF - user.js: extensions.srchvstrn.vrsni -
FF - user.js: extensions.srchvstrn_i.vrsnTs - 10:0:55
FF - user.js: extensions.srchvstrn.prtnrId - WSE_Vosteran
FF - user.js: extensions.srchvstrn.prdct - srchvstrn
FF - user.js: extensions.srchvstrn.aflt - vst_tier1_14_47_ch
FF - user.js: extensions.srchvstrn_i.smplGrp - none
FF - user.js: extensions.srchvstrn.tlbrId -
FF - user.js: extensions.srchvstrn.instlRef - 142905_a
FF - user.js: extensions.srchvstrn.dfltLng -
FF - user.js: extensions.srchvstrn.appId - {4CB3598A-82E8-4D1F-983F-061238AE696E}
FF - user.js: extensions.srchvstrn.excTlbr - false
FF - user.js: extensions.srchvstrn.cr - 444550780
FF - user.js: extensions.srchvstrn.cd - 2XzuyEtN2Y1L1QzutDtDtCyD0CyDtD0AyB0D0EzyyBtCyEyBtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0FyD0E0A0ByCtAtG0Czz0AzztG0CyCzyyBtGzy0F0BtDtGyEyD0BtB0FtBtAzz0F0EyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG0A0ByDzztGyEyE0C0EtGzzyBzzyBtGtByEtAyBtCzz0F0B0FyE0A0E2Q
FF - user.js: extensions.srchvstrn.AL - 2
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: xpinstall.signatures.required - false
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE "%1"
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil9e.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-EnterDigital - c:\program files\EnterDigital\EnterDigitalUn.exe
AddRemove-Verizon Help and Support - c:\program files\Verizon\Uninstall.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-07-19 12:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\À*¬ Æ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
Completion time: 2017-07-19 12:41:08
ComboFix-quarantined-files.txt 2017-07-19 16:41
.
Pre-Run: 56,571,883,520 bytes free
Post-Run: 55,920,693,248 bytes free
.
- - End Of File - - EE699859D6F416609A51CF5B708E6B50
DEA9E81F0228B68C9ADAF84C9B0CF931
 
#22
Ok, here is the most recent FRST log, and I will follow with the Addition.txt log:

ComboFix 17-07-07.01 - Patricia Murphy 07/19/2017 12:16:26.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.211 [GMT -4:00]
Running from: c:\documents and settings\Patricia Murphy\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\ntuser.pol
c:\documents and settings\NetworkService\Local Settings\Application Data\dsisetup14885002.exe
c:\documents and settings\NetworkService\Local Settings\Application Data\dsisetup5314062.exe
c:\documents and settings\NetworkService\Local Settings\Application Data\dsisetup6967652.exe
c:\documents and settings\Patricia Murphy\WINDOWS
C:\Documents
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2017-06-19 to 2017-07-19 )))))))))))))))))))))))))))))))
.
.
2017-07-18 14:05 . 2017-07-08 03:48 10685920 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{1A1DB36B-94CF-4B2F-8880-E8E693A4562A}\mpengine.dll
2017-07-14 04:03 . 2017-07-18 14:12 -------- d-----w- C:\FRST
2017-07-09 04:02 . 2017-07-09 04:04 -------- d-----w- c:\documents and settings\Patricia Murphy\Local Settings\Application Data\{512E6772-7586-0BCA-181E-2E223C76D2BA}
2017-07-08 08:49 . 2017-07-08 08:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Vosteran
2017-07-08 08:49 . 2017-07-08 08:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2017-07-08 05:30 . 2017-07-08 05:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Chromium
2017-07-08 05:29 . 2017-07-08 05:29 -------- d-----w- c:\documents and settings\Patricia Murphy\Local Settings\Application Data\chromium
2017-07-08 05:28 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2017-07-08 05:28 . 2017-07-08 05:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\{512E6772-7586-0BCA-181E-2E223C76D2BA}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-07-08 03:48 . 2013-05-04 23:11 10685920 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-01-23 21:19 . 2014-10-16 13:23 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Download"="c:\documents and settings\Patricia Murphy\Local Settings\Application Data\SupportSoft\ddoctorv2\Patricia Murphy\ssGet.exe" [2012-01-11 987648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-03-27 98304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 136704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]
[X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2005-08-31 17:06 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-12-06 16:45 839680 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 07:05 127035 ----a-w- c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 02:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 20:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-12-14 05:41 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-12-14 05:45 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-12-14 05:44 98304 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2005-12-28 17:56 602182 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2005-12-28 17:55 667718 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-09-09 01:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-09-09 01:20 110592 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 08:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
2005-12-12 21:06 874064 ----a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-03-27 14:35 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-03-27 14:35 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-11-17 03:35 397312 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-11-30 00:56 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [12/12/2011 12:03 PM 363128]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 MapsGalaxy_39Service;MapsGalaxyService;c:\progra~1\MAPSGA~2\bar\1.bin\39barsvc.exe [7/31/2014 4:27 PM 88648]
S2 Update EnterDigital;Update EnterDigital;"c:\program files\EnterDigital\updateEnterDigital.exe" --> c:\program files\EnterDigital\updateEnterDigital.exe [?]
S2 Util EnterDigital;Util EnterDigital;"c:\program files\EnterDigital\bin\utilEnterDigital.exe" --> c:\program files\EnterDigital\bin\utilEnterDigital.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-09-22 17:10 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2017-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-19 17:02]
.
2017-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-19 17:02]
.
2017-07-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/SpeedOptimizer/FiOS/vzTCPConfig.CAB
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
FF - ProfilePath - c:\documents and settings\Patricia Murphy\Application Data\Mozilla\Firefox\Profiles\y3tr1glo.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=pr-bfr-10FTI__alt__ddc_dsssyc_bd_com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bfr-10FTI__alt__ddc_dss_bd_com&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - ExtSQL: !HIDDEN! 2009-09-01 21:44; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2009-09-15 20:17; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF - user.js: extensions.srchvstrn.hmpg - true
FF - user.js: extensions.srchvstrn.hmpgUrl - hxxp://Vosteran.com/?f=1&a=vst_tier1_14_47_ch&cd=2XzuyEtN2Y1L1QzutDtDtCyD0CyDtD0AyB0D0EzyyBtCyEyBtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0FyD0E0A0ByCtAtG0Czz0AzztG0CyCzyyBtGzy0F0BtDtGyEyD0BtB0FtBtAzz0F0EyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG0A0ByDzztGyEyE0C0EtGzzyBzzyBtGtByEtAyBtCzz0F0B0FyE0A0E2Q&cr=444550780&ir=
FF - user.js: extensions.srchvstrn.dfltSrch - true
FF - user.js: extensions.srchvstrn.srchPrvdr - Vosteran
FF - user.js: extensions.srchvstrn.dnsErr - true
FF - user.js: extensions.srchvstrn_i.newTab - true
FF - user.js: extensions.srchvstrn.newTabUrl - hxxp://Vosteran.com/?f=2&a=vst_tier1_14_47_ch&cd=2XzuyEtN2Y1L1QzutDtDtCyD0CyDtD0AyB0D0EzyyBtCyEyBtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0FyD0E0A0ByCtAtG0Czz0AzztG0CyCzyyBtGzy0F0BtDtGyEyD0BtB0FtBtAzz0F0EyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG0A0ByDzztGyEyE0C0EtGzzyBzzyBtGtByEtAyBtCzz0F0B0FyE0A0E2Q&cr=444550780&ir=
FF - user.js: extensions.srchvstrn.tlbrSrchUrl - hxxp://Vosteran.com/?f=3&a=vst_tier1_14_47_ch&cd=2XzuyEtN2Y1L1QzutDtDtCyD0CyDtD0AyB0D0EzyyBtCyEyBtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0FyD0E0A0ByCtAtG0Czz0AzztG0CyCzyyBtGzy0F0BtDtGyEyD0BtB0FtBtAzz0F0EyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG0A0ByDzztGyEyE0C0EtGzzyBzzyBtGtByEtAyBtCzz0F0B0FyE0A0E2Q&cr=444550780&ir=&q=
FF - user.js: extensions.srchvstrn.id - 0015C50A7DE97147
FF - user.js: extensions.srchvstrn.instlDay - 16394
FF - user.js: extensions.srchvstrn.vrsn -
FF - user.js: extensions.srchvstrn.vrsni -
FF - user.js: extensions.srchvstrn_i.vrsnTs - 10:0:55
FF - user.js: extensions.srchvstrn.prtnrId - WSE_Vosteran
FF - user.js: extensions.srchvstrn.prdct - srchvstrn
FF - user.js: extensions.srchvstrn.aflt - vst_tier1_14_47_ch
FF - user.js: extensions.srchvstrn_i.smplGrp - none
FF - user.js: extensions.srchvstrn.tlbrId -
FF - user.js: extensions.srchvstrn.instlRef - 142905_a
FF - user.js: extensions.srchvstrn.dfltLng -
FF - user.js: extensions.srchvstrn.appId - {4CB3598A-82E8-4D1F-983F-061238AE696E}
FF - user.js: extensions.srchvstrn.excTlbr - false
FF - user.js: extensions.srchvstrn.cr - 444550780
FF - user.js: extensions.srchvstrn.cd - 2XzuyEtN2Y1L1QzutDtDtCyD0CyDtD0AyB0D0EzyyBtCyEyBtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0FyD0E0A0ByCtAtG0Czz0AzztG0CyCzyyBtGzy0F0BtDtGyEyD0BtB0FtBtAzz0F0EyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG0A0ByDzztGyEyE0C0EtGzzyBzzyBtGtByEtAyBtCzz0F0B0FyE0A0E2Q
FF - user.js: extensions.srchvstrn.AL - 2
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: xpinstall.signatures.required - false
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE "%1"
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil9e.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-EnterDigital - c:\program files\EnterDigital\EnterDigitalUn.exe
AddRemove-Verizon Help and Support - c:\program files\Verizon\Uninstall.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-07-19 12:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\À*¬ Æ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
Completion time: 2017-07-19 12:41:08
ComboFix-quarantined-files.txt 2017-07-19 16:41
.
Pre-Run: 56,571,883,520 bytes free
Post-Run: 55,920,693,248 bytes free
.
- - End Of File - - EE699859D6F416609A51CF5B708E6B50
DEA9E81F0228B68C9ADAF84C9B0CF931
 
#23
Here is the Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-07-2017
Ran by Patricia Murphy (19-07-2017 14:36:43)
Running from C:\Documents and Settings\Patricia Murphy\Local Settings\Temporary Internet Files\Content.IE5\S7H2IYQK
Microsoft Windows XP Professional Service Pack 3 (X86) (2006-04-14 01:36:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-693440143-1380487613-1125637980-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-693440143-1380487613-1125637980-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-693440143-1380487613-1125637980-1005 - Limited - Disabled)
Patricia Murphy (S-1-5-21-693440143-1380487613-1125637980-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Patricia Murphy
SUPPORT_388945a0 (S-1-5-21-693440143-1380487613-1125637980-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

FW: Norton Internet Worm Protection (Disabled) {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (HKLM\...\{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}) (Version: 2.1.4 - Hewlett-Packard) Hidden
7zip Packages (HKU\S-1-5-21-693440143-1380487613-1125637980-1006\...\7zip Packages) (Version: - ) <==== ATTENTION
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader 7.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70000000000}) (Version: 7.0.0 - Adobe Systems Incorporated)
Bicycle® Bridge (HKLM\...\Bicycle® Bridge) (Version: - )
Blackhawk Striker 2 (HKLM\...\C0A0AA4D-C79B-48CA-8843-2B02B626C9E6) (Version: 09/20/2005 11:54 AM - WildTangent)
Blasterball 2 (HKLM\...\D1A6F3FD-7B40-443F-8767-BADB25A0D222) (Version: 09/20/2005 11:55 AM - WildTangent)
Broadcom Management Programs (HKLM\...\{26E1BFB0-E87E-4696-9F89-B467F01F81E5}) (Version: 8.65.05 - Broadcom Corporation)
BufferChm (HKLM\...\{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Cards_Calendar_OrderGift_DoMorePlugout (HKLM\...\{E535C94A-B87F-4182-BEA8-1E9322078D3E}) (Version: 2.03.0000 - Hewlett-Packard) Hidden
Chromium (HKLM\...\{887960B9-D8F9-B139-6979-C1B9B9F91239}) (Version: - )
Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version: - )
Copy (HKLM\...\{E133E97F-5186-4503-BEC8-752EB9E8EBD7}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Corel Paint Shop Pro X (HKLM\...\{1A15507A-8551-4626-915D-3D5FA095CC1B}) (Version: 10.0 - Corel Inc)
Corel Photo Album 6 (HKLM\...\{8A9B8148-DDD7-448F-BD6C-358386D32354}) (Version: 6.00 - Corel, Inc.)
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
Dell Digital Jukebox Driver (HKLM\...\Dell Digital Jukebox Driver) (Version: - )
Dell Game Console (HKLM\...\Dell Game Console) (Version: - WildTangent)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3062 - Dell)
Desktop Doctor (HKLM\...\{D87149B3-7A1D-4548-9CBF-032B791E5908}) (Version: 2.5.5 - Comcast)
Destination Component (HKLM\...\{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}) (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (HKLM\...\{AB5D51AE-EBC3-438D-872C-705C7C2084B0}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Digital Content Portal (HKLM\...\{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}) (Version: 1.00.0000 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.15 - BVRP Software, Inc)
DJ_AIO_03_F4200_ProductContext (HKLM\...\{6365C963-4B72-43F8-8392-2A5441EC2A86}) (Version: 110.0.206.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software (HKLM\...\{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}) (Version: 110.0.206.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software_Min (HKLM\...\{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}) (Version: 110.0.206.000 - Hewlett-Packard) Hidden
Driver Support (HKLM\...\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}) (Version: 9.1.4.44 - PC Drivers Headquarters, LP) <==== ATTENTION
EducateU (HKLM\...\{A683A2C0-821C-486F-858C-FA634DB5E864}) (Version: 1.00.0000 - Dell)
eSupportQFolder (HKLM\...\{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
F4200 (HKLM\...\{B61A79BE-E94C-42C0-921D-8B7E5217069C}) (Version: 110.0.206.000 - Hewlett-Packard) Hidden
F4200_Help (HKLM\...\{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}) (Version: 110.0.206.000 - Hewlett-Packard) Hidden
GemMaster Mystic (HKLM\...\12133444-BF36-4d4e-B7FB-A3424C645DE4) (Version: - )
Get High Speed Internet! (HKLM\...\{7A3F0566-5E05-4919-9C98-456F6B5CF831}) (Version: 1.00.0000 - Dell)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService (HKLM\...\{D16B4BE6-8B10-422f-8034-96D1CA9483B5}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
Hoyle Card Games 2005 (HKLM\...\{B44AA698-B221-4B3B-8CA5-E65EF6A5AF26}) (Version: 1.2.0.0 - Encore, Inc.)
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3 (HKLM\...\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}) (Version: 11.0 - HP)
HP Imaging Device Functions 11.0 (HKLM\...\HP Imaging Device Functions) (Version: 11.0 - HP)
HP Photosmart Essential 3.0 (HKLM\...\HP Photosmart Essential) (Version: 3.0 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.0 - HP)
HP Solution Center 11.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 11.0 - HP)
HPProductAssistant (HKLM\...\{27197499-7680-4208-8FD8-5439CDB0FDC1}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
IHA_MessageCenter (HKLM\...\{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}) (Version: 1.8.17 - Verizon)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4446 - )
Intel(R) PROSet/Wireless Software (HKLM\...\ProInst) (Version: 10.1.0.3 - Intel Corporation)
Internal Network Card Power Management (HKLM\...\{1F528948-0E80-4C96-B455-DE4167CB1DF7}) (Version: 1.7.2 - )
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version: - )
MapsGalaxy Internet Explorer Toolbar (HKLM\...\MapsGalaxy_39bar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
mCore (HKLM\...\{E81667C6-2856-46D6-ABEA-6A2F42166779}) (Version: 5.45.0000 - Intel Corporation) Hidden
mDrWiFi (HKLM\...\{F6090A17-0967-4A8A-B3C3-422A1B514D49}) (Version: 5.45.0000 - Intel Corporation) Hidden
mHlpDell (HKLM\...\{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}) (Version: 5.45.0000 - Intel) Hidden
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation)
Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
mIWA (HKLM\...\{3E9D596A-61D4-4239-BD19-2DB984D2A16F}) (Version: 5.45.0000 - Intel Corporation) Hidden
mLogView (HKLM\...\{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}) (Version: 5.45.0000 - Intel Corporation) Hidden
mMHouse (HKLM\...\{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}) (Version: 5.45.0000 - Intel Corporation) Hidden
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 3.01 - BVRP Software)
Mozilla Firefox 19.0 (x86 en-US) (HKLM\...\Mozilla Firefox 19.0 (x86 en-US)) (Version: 19.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 19.0 - Mozilla)
mPfMgr (HKLM\...\{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}) (Version: 5.45.0000 - Intel Corporation) Hidden
mPfWiz (HKLM\...\{90B0D222-8C21-4B35-9262-53B042F18AF9}) (Version: 5.45.0000 - Intel Corporation) Hidden
mProSafe (HKLM\...\{23FB368F-1399-4EAC-817C-4B83ECBE3D83}) (Version: 9.00.0000 - Intel) Hidden
MSN (HKLM\...\MSNINST) (Version: - )
mSSO (HKLM\...\{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}) (Version: 5.45.0000 - Intel Corporation) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
Musicmatch for Windows Media Player (HKLM\...\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}) (Version: 0.00.000 - )
Musicmatch® Jukebox (HKLM\...\{85D3CC30-8859-481A-9654-FD9B74310BEF}) (Version: 10.10.0097 - )
mWlsSafe (HKLM\...\{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}) (Version: 9.00.0000 - Intel) Hidden
mWMI (HKLM\...\{63DB9CCD-2B56-4217-9A3D-507AC78320CA}) (Version: 5.45.0000 - Intel Corporation) Hidden
mXML (HKLM\...\{9CC89556-3578-48DD-8408-04E66EBEF401}) (Version: 5.45.0000 - Intel Corporation) Hidden
mZConfig (HKLM\...\{94658027-9F16-4509-BBD7-A59FE57C3023}) (Version: 5.45.0000 - Intel Corporation) Hidden
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.23 - BVRP Software, Inc)
PowerDVD 5.7 (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
PSSWCORE (HKLM\...\{09633A5E-3089-41A8-9FF1-382171423C5D}) (Version: 2.03.0000 - Hewlett-Packard) Hidden
Pure Networks Network Magic (HKLM\...\Network Magic) (Version: 2.0.5346.1 - Pure Networks)
QuickSet (HKLM\...\{C5074CC4-0E26-4716-A307-960272A90040}) (Version: 7.0.9 - )
QuickTime (HKLM\...\QuickTime) (Version: - )
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version: - )
Scan (HKLM\...\{C89B5E3A-690F-4CEE-909A-BF869E198B0A}) (Version: 11.0.0.0 - Hewlett-Packard) Hidden
Search Assist (HKLM\...\{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}) (Version: 1.00.0000 - Dell)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 11.0 - HP)
SmartWebPrinting (HKLM\...\{CC0E1AE3-091D-4969-B151-7AC142062C28}) (Version: 110.0.182.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM\...\{593A6CAF-E114-4e31-884F-74FF349E8E36}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.95 - Sonic Solutions)
Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Status (HKLM\...\{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.4.3 - Synaptics)
Toolbox (HKLM\...\{E96B0085-6659-486b-A221-5042A042728D}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version: - Microsoft Corporation)
URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - )
VideoToolkit01 (HKLM\...\{22F761D1-8063-4170-ADF7-2D2F47834CA9}) (Version: 110.0.171.000 - Hewlett-Packard) Hidden
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - )
Vz In Home Agent (HKLM\...\{CC4C261A-B915-4F23-BD23-7E1AE5713B4E}) (Version: 5.0207 - Verizon)
Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.76.0 - Verizon)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (HKLM\...\{AA2E8A46-B45E-4aea-8A23-88AB57D04523}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
WildTangent Web Driver (HKLM\...\WildTangent CDA) (Version: - )
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.21 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0018.5 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: - Microsoft Corporation)
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20070813.185237 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information] (HKLM\...\EmeraldQFE2) (Version: - Microsoft Corporation)
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB908246 (HKLM\...\KB908246) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (HKLM\...\XpsEPSC) (Version: - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers02: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06] (Sonic Solutions)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2005-12-14] (Intel Corporation)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Documents and Settings\Patricia Murphy\Desktop\Email.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://webmail.verizon.net
ShortcutWithArgument: C:\Documents and Settings\Patricia Murphy\Desktop\Laptop Items\Dell Download Center.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.dell.com/download/

==================== Loaded Modules (Whitelisted) ==============

2005-12-28 14:11 - 2005-12-28 14:11 - 00876544 _____ () C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll
2005-12-28 14:11 - 2005-12-28 14:11 - 00053322 _____ () C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
2005-12-28 14:11 - 2005-12-28 14:11 - 00208965 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2005-08-16 06:18 - 2011-02-04 18:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2005-08-16 06:18 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2005-08-16 06:18 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2005-08-16 06:18 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2005-08-16 06:18 - 2017-07-19 12:34 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-693440143-1380487613-1125637980-1006\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Bliss.bmp
DNS Servers: 192.168.1.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
MSCONFIG\startupreg: Corel Photo Downloader => C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: ddoctorv2 => "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
MSCONFIG\startupreg: Dell QuickSet => C:\Program Files\Dell\QuickSet\quickset.exe
MSCONFIG\startupreg: DellSupport => "C:\Program Files\DellSupport\DSAgnt.exe" /startup
MSCONFIG\startupreg: dla => C:\WINDOWS\system32\dla\tfswctrl.exe
MSCONFIG\startupreg: DVDLauncher => "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
MSCONFIG\startupreg: ehTray => C:\WINDOWS\ehome\ehtray.exe
MSCONFIG\startupreg: igfxhkcmd => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: igfxpers => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: igfxtray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: IntelWireless => "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
MSCONFIG\startupreg: IntelZeroConfig => "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
MSCONFIG\startupreg: ISUSPM Startup => "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: MimBoot => C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
MSCONFIG\startupreg: MMTray => C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
MSCONFIG\startupreg: ModemOnHold => C:\Program Files\NetWaiting\netWaiting.exe
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: nmapp => "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: RealTray => C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
MSCONFIG\startupreg: ShowLOMControl =>
MSCONFIG\startupreg: SigmatelSysTrayApp => stsystra.exe
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:mad:xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:mad:xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:mad:xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:mad:xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [50000:UDP] => Enabled:IHA_MessageCenter

==================== Restore Points =========================

07-07-2017 23:44:56 Software Distribution Service 3.0
09-07-2017 03:00:26 Software Distribution Service 3.0
13-07-2017 00:19:38 System Checkpoint
13-07-2017 19:59:18 Software Distribution Service 3.0
14-07-2017 21:57:05 System Checkpoint
14-07-2017 23:39:09 Removed HP Update
14-07-2017 23:46:38 Removed Java 2 Runtime Environment, SE v1.4.2_03
14-07-2017 23:47:39 Removed Java 7 Update 21
14-07-2017 23:54:27 Removed NetZeroInstallers
16-07-2017 02:35:54 System Checkpoint
18-07-2017 10:05:04 Software Distribution Service 3.0
18-07-2017 10:24:25 Windows Defender Checkpoint
19-07-2017 13:31:33 System Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2017 08:00:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application grep.3xe, version 0.0.0.0, faulting module grep.3xe, version 0.0.0.0, fault address 0x00009216.
Processing media-specific event for [grep.3xe!ws!]

Error: (07/19/2017 04:47:02 AM) (Source: PerfNet) (EventID: 2006) (User: )
Description: Unable to read Server Queue performance data from the Server service.
No Server Queue performance data will be returned in this sample.
Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and
the IOSB.Information is DWORD 2.

Error: (07/19/2017 04:47:02 AM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data from the Server service.
No Server performance data will be returned in this sample.
Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and
the IOSB.Information is DWORD 2.

Error: (07/19/2017 04:47:00 AM) (Source: PerfNet) (EventID: 2006) (User: )
Description: Unable to read Server Queue performance data from the Server service.
No Server Queue performance data will be returned in this sample.
Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and
the IOSB.Information is DWORD 2.

Error: (07/19/2017 04:47:00 AM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data from the Server service.
No Server performance data will be returned in this sample.
Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and
the IOSB.Information is DWORD 2.

Error: (07/14/2017 12:05:21 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/14/2017 12:05:21 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/13/2017 07:50:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application hpqsrmon.exe, version 11.0.0.142, faulting module hpqsrmon.exe, version 11.0.0.142, fault address 0x000033c5.
Processing media-specific event for [hpqsrmon.exe!ws!]

Error: (07/13/2017 07:11:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application ehshell.exe, version 5.1.2715.3011, faulting module ehui.dll, version 5.1.2715.3011, fault address 0x00061f80.
Processing media-specific event for [ehshell.exe!ws!]

Error: (09/22/2016 12:45:43 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (07/19/2017 04:42:48 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.

Error: (07/19/2017 04:23:19 AM) (Source: 0) (EventID: 9) (User: )
Description: Event-ID 9

Error: (07/19/2017 04:22:59 AM) (Source: 0) (EventID: 9) (User: )
Description: Event-ID 9

Error: (07/19/2017 04:21:12 AM) (Source: 0) (EventID: 9) (User: )
Description: Event-ID 9

Error: (07/19/2017 04:16:32 AM) (Source: 0) (EventID: 9) (User: )
Description: Event-ID 9

Error: (07/19/2017 04:16:04 AM) (Source: 0) (EventID: 9) (User: )
Description: Event-ID 9

Error: (07/19/2017 01:02:41 AM) (Source: 0) (EventID: 9) (User: )
Description: Event-ID 9

Error: (07/19/2017 01:01:02 AM) (Source: 0) (EventID: 9) (User: )
Description: Event-ID 9

Error: (07/19/2017 01:00:08 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
An instance of the service is already running.

Error: (07/19/2017 01:00:05 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
An instance of the service is already running.


==================== Memory info ===========================

Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz
Percentage of memory in use: 62%
Total physical RAM: 502.37 MB
Available physical RAM: 190.66 MB
Total Virtual: 1226.68 MB
Available Virtual: 739.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:68.44 GB) (Free:52.67 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 73.1 GB) (Disk ID: E686F016)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=68.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4.6 GB) - (Type=DB)

==================== End of Addition.txt ============================
 
#24
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

File::
c:\documents and settings\LocalService\Local Settings\Application Data\Vosteran

Firefox::
FF - ProfilePath - c:\documents and settings\Patricia Murphy\Application Data\Mozilla\Firefox\Profiles\y3tr1glo.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=pr-bfr-10FTI__alt__ddc_dsssyc_bd_com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bfr-10FTI__alt__ddc_dss_bd_com&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - user.js: extensions.srchvstrn.hmpg - true
FF - user.js: extensions.srchvstrn.hmpgUrl - hxxp://Vosteran.com/?f=1&a=vst_tier1_14_47_ch&cd=2XzuyEtN2Y1L1QzutDtDtCyD0CyDtD0AyB0D0EzyyBtCyEyBtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0FyD0E0A0ByCtAtG0Czz0AzztG0CyCzyyBtGzy0F0BtDtGyEyD0BtB0FtBtAzz0F0EyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG0A0ByDzztGyEyE0C0EtGzzyBzzyBtGtByEtAyBtCzz0F0B0FyE0A0E2Q&cr=444550780&ir=
FF - user.js: extensions.srchvstrn.dfltSrch - true
FF - user.js: extensions.srchvstrn.srchPrvdr - Vosteran
FF - user.js: extensions.srchvstrn.dnsErr - true
FF - user.js: extensions.srchvstrn_i.newTab - true
FF - user.js: extensions.srchvstrn.newTabUrl - hxxp://Vosteran.com/?f=2&a=vst_tier1_14_47_ch&cd=2XzuyEtN2Y1L1QzutDtDtCyD0CyDtD0AyB0D0EzyyBtCyEyBtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0FyD0E0A0ByCtAtG0Czz0AzztG0CyCzyyBtGzy0F0BtDtGyEyD0BtB0FtBtAzz0F0EyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG0A0ByDzztGyEyE0C0EtGzzyBzzyBtGtByEtAyBtCzz0F0B0FyE0A0E2Q&cr=444550780&ir=
FF - user.js: extensions.srchvstrn.tlbrSrchUrl - hxxp://Vosteran.com/?f=3&a=vst_tier1_14_47_ch&cd=2XzuyEtN2Y1L1QzutDtDtCyD0CyDtD0AyB0D0EzyyBtCyEyBtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0FyD0E0A0ByCtAtG0Czz0AzztG0CyCzyyBtGzy0F0BtDtGyEyD0BtB0FtBtAzz0F0EyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG0A0ByDzztGyEyE0C0EtGzzyBzzyBtGtByEtAyBtCzz0F0B0FyE0A0E2Q&cr=444550780&ir=&q=
FF - user.js: extensions.srchvstrn.id - 0015C50A7DE97147
FF - user.js: extensions.srchvstrn.instlDay - 16394
FF - user.js: extensions.srchvstrn.vrsn -
FF - user.js: extensions.srchvstrn.vrsni -
FF - user.js: extensions.srchvstrn_i.vrsnTs - 10:0:55
FF - user.js: extensions.srchvstrn.prtnrId - WSE_Vosteran
FF - user.js: extensions.srchvstrn.prdct - srchvstrn
FF - user.js: extensions.srchvstrn.aflt - vst_tier1_14_47_ch
FF - user.js: extensions.srchvstrn_i.smplGrp - none
FF - user.js: extensions.srchvstrn.tlbrId -
FF - user.js: extensions.srchvstrn.instlRef - 142905_a
FF - user.js: extensions.srchvstrn.dfltLng -
FF - user.js: extensions.srchvstrn.appId - {4CB3598A-82E8-4D1F-983F-061238AE696E}
FF - user.js: extensions.srchvstrn.excTlbr - false
FF - user.js: extensions.srchvstrn.cr - 444550780
FF - user.js: extensions.srchvstrn.cd - 2XzuyEtN2Y1L1QzutDtDtCyD0CyDtD0AyB0D0EzyyBtCyEyBtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0FyD0E0A0ByCtAtG0Czz0AzztG0CyCzyyBtGzy0F0BtDtGyEyD0BtB0FtBtAzz0F0EyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG0A0ByDzztGyEyE0C0EtGzzyBzzyBtGtByEtAyBtCzz0F0B0FyE0A0E2Q
FF - user.js: extensions.srchvstrn.AL - 2
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: xpinstall.signatures.required - false

Driver::
MapsGalaxy_39Service
Update EnterDigital
Util EnterDigital

Folder::
c:\documents and settings\LocalService\Local Settings\Application Data\Vosteran
c:\progra~1\MAPSGA~2
c:\program files\EnterDigital
C:\RECYCLER\S-1-5-21-693440143-1380487613-1125637980-1006

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Download"=-

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.


Run FRST scan again with Addition.txt checked and post both logs.
 
#25
Hi - I started to do as you instructed, and Combofix started to run. And then there was a popup that read as follows, and ComboFix momentarily stopped:

Microsoft Windows Recovery Console
This machine does not have the 'Microsoft Windows recovery console' installed. Alternately, an existing installation of the recovery console may be present but requires updating.

Without it, CombFix shall not attempt the fixing of some serious infections.
Click 'Yes' to have ComboFix download/install it.
NOTE: this requires an active Internet connection

So, it gave me the yes and no click options. I have not clicked on either yet - what should I do here?

Also, on the anti-virus - I looked for this on the machine, and I do not think there is an active anti-virus program. Is there an easy way to see about this, like going to Control Panel or something? I don't find any icon for an anti-virus program in the lower right corner either
 
#26
Hi - ok, I went ahead and clicked on the 'yes' button as described in my previous post, and it could not download/install 'Microsoft Windows recovery console' anyway. When it is finished scanning and when I have the log, I will post it as instructed and then follow through with the FRST again.
 
#27
sorry, the machine shut down and I had to restart it. My question is this: on the instructions for 'between the stars' - can I just start to follow through with them again, or do other modifications have to be made? As always, many thanks for any help you can provide.
 
#29
Hi - ok, I've had to restart with the between-the-stars instructions. When I did that, what happened on the screen was the following: an 'AutoScan' window popped up, and inside of it, it said this:
'Scanning for infected files...
This typically doesn't take more than 10 minutes
However, scan times for badly infected machines may easily double'

That screen has been there with the scanning taking place overnight, for about 12-13 hours now. It seems like something has gone wrong with this, so wondering what to do.
 
#30
Overnight is too long. Stop it and see if there is a log file. Usually it's at C:\combofix.txt or C:\Combofix\combofix.txt

You may need to reboot to regain control of your PC.

When you started the between the stars stuff did you make the text log and drag it over to the combofix icon? Did it start from that?

Perhaps the killall: command is causing the problem. Some programs will fight it.
This is first time I've tried Combofix on this forum so there may be something in the way it formats the posts so I'll make up a CFScript and attach it. Download it to the same folder where Combofix lives and drag it over to the combofix icon.
 

Attachments

  • CFScript.txt
    3.7 KB · Views: 6
#31
Hi - yes, when I did the between the stars instructions, I did make the text log as you described above.
One thing: just a few minutes ago, there was a change to the AutoScan screen that I described before. Now it appears that there is some progress being made, or some process coming to competion. Now, below the line that says, 'However, scan times for badly infected machines may easily double', there are some added lines, as follows:

Completed Stage_1
Completed Stage_2
Completed Stage_3
Completed Stage_4
Completed Stage_5
Completed Stage_6
Completed Stage_6A

(and all the way through like this, and the scan is currently moving faster, and is at Completed Stage_48)

I think I'd like to wait a few minutes and see what happens here before stopping it, if that would be feasible
 
#32
Ok, now ComboFix is rebooting the machine, and told me to allow it to reboot, and not for me to reboot manually. I'll see what happens when it reboots, and if it reboots ok, I will then look to see if there is a log.
 
#33
what do you know, it rebooted and generated a log. Here is the Combofix log. Let me know if it is sufficient or if I have to follow through with your CFScript download also.

ComboFix 17-07-07.01 - Patricia Murphy 07/24/2017 14:02:09.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.162 [GMT -4:00]
Running from: c:\documents and settings\Patricia Murphy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Patricia Murphy\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"c:\documents and settings\LocalService\Local Settings\Application Data\Vosteran"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\ntuser.pol
c:\documents and settings\LocalService\Local Settings\Application Data\Vosteran
c:\documents and settings\LocalService\Local Settings\Application Data\Vosteran\User Data\Default\Extensions\bcdilgmfebioicioimhbfoaclhgnbahl\1.0.1_0\background.js
c:\documents and settings\LocalService\Local Settings\Application Data\Vosteran\User Data\Default\Extensions\bcdilgmfebioicioimhbfoaclhgnbahl\1.0.1_0\content.js
c:\documents and settings\LocalService\Local Settings\Application Data\Vosteran\User Data\Default\Extensions\bcdilgmfebioicioimhbfoaclhgnbahl\1.0.1_0\icon.png
c:\documents and settings\LocalService\Local Settings\Application Data\Vosteran\User Data\Default\Extensions\bcdilgmfebioicioimhbfoaclhgnbahl\1.0.1_0\manifest.json
c:\progra~1\MAPSGA~2
c:\progra~1\MAPSGA~2\bar\1.bin\39auxstb.dll
c:\progra~1\MAPSGA~2\bar\1.bin\39auxstb64.dll
c:\progra~1\MAPSGA~2\bar\1.bin\39barsvc.exe
c:\progra~1\MAPSGA~2\bar\1.bin\39bprtct.dll
c:\progra~1\MAPSGA~2\bar\1.bin\39brmon.exe
c:\progra~1\MAPSGA~2\bar\1.bin\39brmon64.exe
c:\progra~1\MAPSGA~2\bar\1.bin\39brstub.dll
c:\progra~1\MAPSGA~2\bar\1.bin\39brstub64.dll
c:\progra~1\MAPSGA~2\bar\1.bin\39datact.dll
c:\progra~1\MAPSGA~2\bar\1.bin\39dlghk.dll
c:\progra~1\MAPSGA~2\bar\1.bin\39dlghk64.dll
c:\progra~1\MAPSGA~2\bar\1.bin\39feedmg.dll
c:\progra~1\MAPSGA~2\bar\1.bin\39highin.exe
c:\progra~1\MAPSGA~2\bar\1.bin\39hkstub.dll
c:\progra~1\MAPSGA~2\bar\1.bin\39htmlmu.dll
c:\progra~1\MAPSGA~2\bar\1.bin\39httpct.dll
c:\progra~1\MAPSGA~2\bar\1.bin\39idle.dll
c:\progra~1\MAPSGA~2\bar\1.bin\39ieovr.dll
c:\progra~1\MAPSGA~2\bar\1.bin\39medint.exe
c:\progra~1\MAPSGA~2\bar\1.bin\39mlbtn.dll
c:\progra~1\MAPSGA~2\bar\1.bin\39Plugin.dll
c:\progra~1\MAPSGA~2\bar\1.bin\39radio.dll
c:\progra~1\MAPSGA~2\bar\1.bin\39regfft.dll
c:\progra~1\MAPSGA~2\bar\1.bin\39reghk.dll
c:\progra~1\MAPSGA~2\bar\1.bin\39regiet.dll
c:\progra~1\MAPSGA~2\bar\1.bin\39script.dll
c:\progra~1\MAPSGA~2\bar\1.bin\39skin.dll
c:\progra~1\MAPSGA~2\bar\1.bin\39skplay.exe
c:\progra~1\MAPSGA~2\bar\1.bin\39SrchMn.exe
c:\progra~1\MAPSGA~2\bar\1.bin\39srchmr.dll
c:\progra~1\MAPSGA~2\bar\1.bin\39tpinst.dll
c:\progra~1\MAPSGA~2\bar\1.bin\APPINTEGRATOR.EXE
c:\progra~1\MAPSGA~2\bar\1.bin\AppIntegrator64.exe
c:\progra~1\MAPSGA~2\bar\1.bin\AppIntegratorStub64.dll
c:\progra~1\MAPSGA~2\bar\1.bin\ASSISTMONITOR.DLL
c:\progra~1\MAPSGA~2\bar\1.bin\ASSISTMONITOR64.DLL
c:\progra~1\MAPSGA~2\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL
c:\progra~1\MAPSGA~2\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL
c:\progra~1\MAPSGA~2\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE
c:\progra~1\MAPSGA~2\bar\1.bin\assists\ie_default_search_provider\CONFIG.XML
c:\progra~1\MAPSGA~2\bar\1.bin\BOOTSTRAP.JS
c:\progra~1\MAPSGA~2\bar\1.bin\CHROME.MANIFEST
c:\progra~1\MAPSGA~2\bar\1.bin\chrome\39ffxtbr.jar
c:\progra~1\MAPSGA~2\bar\1.bin\CREXT.DLL
c:\progra~1\MAPSGA~2\bar\1.bin\CrExtP39.exe
c:\progra~1\MAPSGA~2\bar\1.bin\DPNMNGR.DLL
c:\progra~1\MAPSGA~2\bar\1.bin\EXEMANAGER.DLL
c:\progra~1\MAPSGA~2\bar\1.bin\FF-NativeMessagingDispatcher.dll
c:\progra~1\MAPSGA~2\bar\1.bin\Hpg64.dll
c:\progra~1\MAPSGA~2\bar\1.bin\INSTALL.RDF
c:\progra~1\MAPSGA~2\bar\1.bin\installKeys.js
c:\progra~1\MAPSGA~2\bar\1.bin\LOGO.BMP
c:\progra~1\MAPSGA~2\bar\1.bin\NP39Stub.dll
c:\progra~1\MAPSGA~2\bar\1.bin\T8EPMSUP.DLL
c:\progra~1\MAPSGA~2\bar\1.bin\T8EXTEX.DLL
c:\progra~1\MAPSGA~2\bar\1.bin\T8EXTPEX.DLL
c:\progra~1\MAPSGA~2\bar\1.bin\T8HTML.DLL
c:\progra~1\MAPSGA~2\bar\1.bin\T8RES.DLL
c:\progra~1\MAPSGA~2\bar\1.bin\T8TICKER.DLL
c:\progra~1\MAPSGA~2\bar\1.bin\TPIMANAGERCONSOLE.EXE
c:\progra~1\MAPSGA~2\bar\1.bin\UNIFIEDLOGGING.DLL
c:\progra~1\MAPSGA~2\bar\1.bin\VERIFY.DLL
c:\progra~1\MAPSGA~2\bar\Cache\00115F92.bmp
c:\progra~1\MAPSGA~2\bar\Cache\0011602E.cab
c:\progra~1\MAPSGA~2\bar\Cache\002C3784
c:\progra~1\MAPSGA~2\bar\Cache\002C4242.bmp
c:\progra~1\MAPSGA~2\bar\Cache\002C42EE.bmp
c:\progra~1\MAPSGA~2\bar\Cache\002C438B.bmp
c:\progra~1\MAPSGA~2\bar\Cache\002C43D9.bmp
c:\progra~1\MAPSGA~2\bar\Cache\002C4485.cab
c:\progra~1\MAPSGA~2\bar\Cache\002C4688.bmp
c:\progra~1\MAPSGA~2\bar\Cache\002C4705.bmp
c:\progra~1\MAPSGA~2\bar\Cache\002C481E.bmp
c:\progra~1\MAPSGA~2\bar\Cache\002C487C.bmp
c:\progra~1\MAPSGA~2\bar\Cache\002C48BB.bmp
c:\progra~1\MAPSGA~2\bar\Cache\002C4976.cab
c:\progra~1\MAPSGA~2\bar\Cache\002C4C26.bmp
c:\progra~1\MAPSGA~2\bar\Cache\002C4D10.cab
c:\progra~1\MAPSGA~2\bar\Cache\002C50AA.bmp
c:\progra~1\MAPSGA~2\bar\Cache\002C51E2.cab
c:\progra~1\MAPSGA~2\bar\Cache\files.ini
c:\progra~1\MAPSGA~2\bar\gen1\COMMON.T8S
c:\progra~1\MAPSGA~2\bar\History\search3
c:\progra~1\MAPSGA~2\bar\IE9Mesg\COMMON.T8S
c:\progra~1\MAPSGA~2\bar\Message\COMMON.T8S
c:\progra~1\MAPSGA~2\bar\Settings\prevcfg2.htm
c:\progra~1\MAPSGA~2\bar\Settings\s_pid.dat
c:\windows\system32\con
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MAPSGALAXY_39SERVICE
-------\Legacy_UPDATE_ENTERDIGITAL
-------\Legacy_UTIL_ENTERDIGITAL
-------\Service_MapsGalaxy_39Service
-------\Service_Update EnterDigital
-------\Service_Util EnterDigital
.
.
((((((((((((((((((((((((( Files Created from 2017-06-24 to 2017-07-24 )))))))))))))))))))))))))))))))
.
.
2017-07-23 16:03 . 2017-07-23 16:03 62576 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{1A1DB36B-94CF-4B2F-8880-E8E693A4562A}\offreg.1276.dll
2017-07-21 04:11 . 2017-07-21 04:11 62576 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{1A1DB36B-94CF-4B2F-8880-E8E693A4562A}\offreg.1232.dll
2017-07-18 14:05 . 2017-07-08 03:48 10685920 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{1A1DB36B-94CF-4B2F-8880-E8E693A4562A}\mpengine.dll
2017-07-14 04:03 . 2017-07-19 18:37 -------- d-----w- C:\FRST
2017-07-09 04:02 . 2017-07-09 04:04 -------- d-----w- c:\documents and settings\Patricia Murphy\Local Settings\Application Data\{512E6772-7586-0BCA-181E-2E223C76D2BA}
2017-07-08 08:49 . 2017-07-08 08:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2017-07-08 05:30 . 2017-07-08 05:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Chromium
2017-07-08 05:29 . 2017-07-08 05:29 -------- d-----w- c:\documents and settings\Patricia Murphy\Local Settings\Application Data\chromium
2017-07-08 05:28 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2017-07-08 05:28 . 2017-07-08 05:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\{512E6772-7586-0BCA-181E-2E223C76D2BA}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-07-08 03:48 . 2013-05-04 23:11 10685920 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-01-23 21:19 . 2014-10-16 13:23 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-03-27 98304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-04-14 136704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]
[X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2005-08-31 17:06 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-12-06 16:45 839680 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 07:05 127035 ----a-w- c:\windows\system32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 02:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 20:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-12-14 05:41 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-12-14 05:45 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-12-14 05:44 98304 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2005-12-28 17:56 602182 ----a-w- c:\program files\Intel\Wireless\Bin\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
2005-12-28 17:55 667718 ----a-w- c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 16:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2005-09-09 01:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-09-09 01:20 110592 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 08:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
2005-12-12 21:06 874064 ----a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-03-27 14:35 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-03-27 14:35 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-11-17 03:35 397312 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-11-30 00:56 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [12/12/2011 12:03 PM 363128]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-09-22 17:10 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2017-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-19 17:02]
.
2017-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-19 17:02]
.
2017-07-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/SpeedOptimizer/FiOS/vzTCPConfig.CAB
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
FF - ProfilePath - c:\documents and settings\Patricia Murphy\Application Data\Mozilla\Firefox\Profiles\y3tr1glo.default\
FF - ExtSQL: !HIDDEN! 2009-09-01 21:44; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2009-09-15 20:17; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-07-24 14:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\À*¬ Æ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2704)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\Pure Networks\Network Magic\nmsrvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2017-07-24 14:24:12 - machine was rebooted
ComboFix-quarantined-files.txt 2017-07-24 18:24
ComboFix2.txt 2017-07-19 16:41
.
Pre-Run: 56,449,961,984 bytes free
Post-Run: 56,344,772,608 bytes free
.
- - End Of File - - FC05979F38039E7F1137DB7A804A7B65
DEA9E81F0228B68C9ADAF84C9B0CF931
 
#34
Here is the most recent FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-07-2017
Ran by Patricia Murphy (administrator) on PMURPHY (24-07-2017 15:08:33)
Running from C:\Documents and Settings\Patricia Murphy\Local Settings\Temporary Internet Files\Content.IE5\JGH77FOW
Loaded Profiles: Patricia Murphy (Available Profiles: Patricia Murphy & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(Intel(R) Corporation) C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Dell Inc.) C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
(Pure Networks, Inc.) C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(SupportSoft, Inc.) C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
(Farbar) C:\Documents and Settings\Patricia Murphy\Local Settings\Temporary Internet Files\Content.IE5\JGH77FOW\FRST[1].exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [249856 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2008-03-25] (Hewlett-Packard)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [81920 2008-03-13] (Hewlett-Packard)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2006-03-27] (Apple Computer, Inc.)
HKLM\...\RunOnce: [WIAWizardMenu] => RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
HKU\S-1-5-21-693440143-1380487613-1125637980-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\wpgldfsh.scr [4396544 2004-08-10] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [39264 2007-03-13] (Microsoft Corporation)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2009-09-15]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D40B5A10-3DE7-4CE9-AFED-16F34991AC17}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-693440143-1380487613-1125637980-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-693440143-1380487613-1125637980-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131448614696875000&GUID=00000000-0000-0000-0000-000000000000
SearchScopes: HKLM -> DefaultScope {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm025^YYA^us&si=291929_&ptb=3BFC65E5-2DF9-4427-B27B-FE429A3901A0&ind=2014073116&n=780c511c&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_tier1_14_47_ch&cd=2XzuyEtN2Y1L1QzutDtDtCyD0CyDtD0AyB0D0EzyyBtCyEyBtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0FyD0E0A0ByCtAtG0Czz0AzztG0CyCzyyBtGzy0F0BtDtGyEyD0BtB0FtBtAzz0F0EyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG0A0ByDzztGyEyE0C0EtGzzyBzzyBtGtByEtAyBtCzz0F0B0FyE0A0E2Q&cr=444550780&ir=
SearchScopes: HKU\S-1-5-21-693440143-1380487613-1125637980-1006 -> DefaultScope {F6B74647-E0BE-4F3D-96E1-9F7DCB107EF7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-693440143-1380487613-1125637980-1006 -> OldSearch URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bir-10FTI__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-693440143-1380487613-1125637980-1006 -> {F6B74647-E0BE-4F3D-96E1-9F7DCB107EF7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-03-27] (Hewlett-Packard Co.)
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14] (Adobe Systems Incorporated)
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06] (Sonic Solutions)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-27] (Hewlett-Packard Co.)
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\.DEFAULT -> No Name - {364EA597-E728-4CE4-BB4A-ED846EF47970} - No File
Toolbar: HKU\S-1-5-21-693440143-1380487613-1125637980-1006 -> No Name - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
Toolbar: HKU\S-1-5-21-693440143-1380487613-1125637980-1006 -> No Name - {C4069E3A-68F1-403E-B40E-20066696354B} - No File
DPF: {01113300-3E00-11D2-8470-0060089874ED} hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} hxxps://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll [2005-12-12] (Pure Networks, Inc.)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Patricia Murphy\Application Data\Mozilla\Firefox\Profiles\y3tr1glo.default [2017-07-24]
FF user.js: detected! => C:\Documents and Settings\Patricia Murphy\Application Data\Mozilla\Firefox\Profiles\y3tr1glo.default\user.js [2017-07-24]
FF SearchEngineOrder.1: C:\Documents and Settings\Patricia Murphy\Application Data\Mozilla\Firefox\Profiles\y3tr1glo.default -> Ask.com
FF NewTab: C:\Documents and Settings\Patricia Murphy\Application Data\Mozilla\Firefox\Profiles\y3tr1glo.default -> hxxp://search.yahoo.com/?fr=hp-ddc-bd-tab&type=pr-bfr-10FTI__alt__ddc_dsssyctab_bd_com
FF DefaultSearchEngine: C:\Documents and Settings\Patricia Murphy\Application Data\Mozilla\Firefox\Profiles\y3tr1glo.default -> Yahoo! Search
FF Extension: (MapsGalaxy) - C:\Documents and Settings\Patricia Murphy\Application Data\Mozilla\Firefox\Profiles\y3tr1glo.default\Extensions\39ffxtbr@MapsGalaxy_39.com [2014-10-16] [not signed]
FF Extension: (Test Pilot) - C:\Documents and Settings\Patricia Murphy\Application Data\Mozilla\Firefox\Profiles\y3tr1glo.default\Extensions\testpilot@labs.mozilla.com.xpi [2014-10-16] [not signed]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Documents and Settings\Patricia Murphy\Application Data\Mozilla\Firefox\Profiles\y3tr1glo.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-10-16] [not signed]
FF SearchPlugin: C:\Documents and Settings\Patricia Murphy\Application Data\Mozilla\Firefox\Profiles\y3tr1glo.default\searchplugins\ask-web-search.xml [2014-10-16]
FF SearchPlugin: C:\Documents and Settings\Patricia Murphy\Application Data\Mozilla\Firefox\Profiles\y3tr1glo.default\searchplugins\askcom.xml [2014-10-16]
FF SearchPlugin: C:\Documents and Settings\Patricia Murphy\Application Data\Mozilla\Firefox\Profiles\y3tr1glo.default\searchplugins\search-simple.xml [2017-07-14]
FF SearchPlugin: C:\Documents and Settings\Patricia Murphy\Application Data\Mozilla\Firefox\Profiles\y3tr1glo.default\searchplugins\Vosteran.xml [2014-11-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-01] [not signed]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009-09-15] [not signed]
FF HKU\S-1-5-21-693440143-1380487613-1125637980-1006\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-05-07] (Oracle Corporation)
FF Plugin: @MapsGalaxy_39.com/Plugin -> C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll [No File]
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-07] (Google Inc.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2004-12-14] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://Vosteran.com/?f=1&a=vst_tier1_14_47_ch&cd=2XzuyEtN2Y1L1QzutDtDtCyD0CyDtD0AyB0D0EzyyBtCyEyBtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0FyD0E0A0ByCtAtG0Czz0AzztG0CyCzyyBtGzy0F0BtDtGyEyD0BtB0FtBtAzz0F0EyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Czz0ByD0FtB0AtG0A0ByDzztGyEyE0C0EtGzzyBzzyBtGtByEtAyBtCzz0F0B0FyE0A0E2Q&cr=444550780&ir=
CHR RestoreOnStartup: Default -> "hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=pr-bcr-10FTI__alt__ddc_dsssyc_bd_com"
CHR StartupUrls: Default -> "hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=pr-bcr-10FTI__alt__ddc_dsssyc_bd_com"

CHR DefaultSearchURL: Default -> hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bcr-10FTI__alt__ddc_dss_bd_com&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR DefaultNewTabURL: Default -> hxxp://search.yahoo.com/?fr=hp-ddc-bd-tab&type=pr-bcr-10FTI__alt__ddc_dsssyctab_bd_com
CHR Profile: C:\Documents and Settings\Patricia Murphy\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-07-15]
CHR Extension: (Google Slides) - C:\Documents and Settings\Patricia Murphy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-22]
CHR Extension: (Google Docs) - C:\Documents and Settings\Patricia Murphy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-22]
CHR Extension: (Google Drive) - C:\Documents and Settings\Patricia Murphy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-22]
CHR Extension: (YouTube) - C:\Documents and Settings\Patricia Murphy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-22]
CHR Extension: (Google Search) - C:\Documents and Settings\Patricia Murphy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-09-22]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Patricia Murphy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-22]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Patricia Murphy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-08]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Patricia Murphy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-08]
CHR Extension: (Gmail) - C:\Documents and Settings\Patricia Murphy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-22]
CHR HKLM\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\.DEFAULT\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-693440143-1380487613-1125637980-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - hxxps://clients2.google.com/service/update2/crx
CHR crx: C:\Program Files\Google\Chrome\Application\44.0.2403.125\default_apps\search.crx [2015-07-25]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [114753 2005-12-28] (Intel Corporation) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-03-25] (Hewlett-Packard Co.) [File not signed]
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon) [File not signed]
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2008-02-28] (Hewlett-Packard) [File not signed]
R2 NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [380928 2005-12-06] (Dell Inc.) [File not signed]
S3 nmraapache; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [12800 2005-11-17] (Pure Networks, Inc.) [File not signed]
R2 nmservice; C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe [190032 2005-12-12] (Pure Networks, Inc.)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2008-02-28] (Hewlett-Packard) [File not signed]
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [217164 2005-12-28] (Intel Corporation) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [540745 2005-12-28] (Intel Corporation ) [File not signed]
R2 sprtsvc_ddoctorv2; C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [202560 2008-04-24] (SupportSoft, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
R2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [262217 2005-12-28] (Intel(R) Corporation) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21275 2006-03-27] (Meetinghouse Data Communications) [File not signed]
R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2006-03-27] (Windows (R) 2000 DDK provider) [File not signed]
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [87488 2004-12-01] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions) [File not signed]
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-01-24] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-01-24] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-01-24] (HP)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [201600 2005-07-22] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-22] (Conexant Systems, Inc.)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17153 2004-02-13] (Dell Inc) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-04-25] (Sonic Solutions) [File not signed]
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13568 2005-12-28] (Intel Corporation) [File not signed]
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1047816 2005-11-16] (SigmaTel, Inc.)
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25883 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34843 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4123 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2239 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86586 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15227 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6363 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98714 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100603 2004-12-06] (Sonic Solutions) [File not signed]
R3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1428096 2005-12-04] (Intel® Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-24 14:24 - 2017-07-24 15:09 - 00000000 ____D C:\Documents and Settings\Patricia Murphy\Local Settings\temp
2017-07-24 14:24 - 2017-07-24 14:37 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2017-07-24 14:24 - 2017-07-24 14:24 - 00020012 _____ C:\ComboFix.txt
2017-07-24 14:24 - 2017-07-24 14:24 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2017-07-24 14:24 - 2017-07-24 14:24 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2017-07-19 01:00 - 2011-06-26 02:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2017-07-19 01:00 - 2010-11-07 13:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2017-07-19 01:00 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2017-07-19 01:00 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2017-07-19 01:00 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2017-07-19 01:00 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2017-07-19 01:00 - 2000-08-30 20:00 - 00098816 _____ C:\WINDOWS\sed.exe
2017-07-19 01:00 - 2000-08-30 20:00 - 00080412 _____ C:\WINDOWS\grep.exe
2017-07-19 01:00 - 2000-08-30 20:00 - 00068096 _____ C:\WINDOWS\zip.exe
2017-07-19 00:58 - 2017-07-24 14:24 - 00000000 ____D C:\Qoobox
2017-07-19 00:57 - 2017-07-24 14:15 - 00000000 ____D C:\WINDOWS\erdnt
2017-07-19 00:54 - 2017-07-19 00:55 - 05659794 ____R (Swearware) C:\Documents and Settings\Patricia Murphy\Desktop\ComboFix.exe
2017-07-18 10:08 - 2017-07-18 10:08 - 00000000 ____D C:\Documents and Settings\Patricia Murphy\Desktop\FRST-OlderVersion
2017-07-17 17:24 - 2017-07-18 10:19 - 00061108 _____ C:\Documents and Settings\Patricia Murphy\My Documents\Shortcut.txt
2017-07-15 01:13 - 2017-07-15 01:13 - 00031832 _____ C:\Documents and Settings\Patricia Murphy\Desktop\Addition.txt
2017-07-15 00:30 - 2017-07-18 10:08 - 01780736 _____ (Farbar) C:\Documents and Settings\Patricia Murphy\Desktop\FRST.exe
2017-07-15 00:30 - 2017-07-15 00:33 - 00004257 _____ C:\Documents and Settings\Patricia Murphy\Desktop\Fixlog.txt
2017-07-14 20:51 - 2017-07-14 20:51 - 00007310 _____ C:\Documents and Settings\Patricia Murphy\Desktop\System Idle Process.txt
2017-07-14 19:05 - 2017-07-14 19:05 - 02724512 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Patricia Murphy\Desktop\procexp.exe
2017-07-14 00:03 - 2017-07-24 15:08 - 00000000 ____D C:\FRST
2017-07-09 00:02 - 2017-07-09 00:04 - 00000000 ____D C:\Documents and Settings\Patricia Murphy\Local Settings\Application Data\{512E6772-7586-0BCA-181E-2E223C76D2BA}
2017-07-08 04:49 - 2017-07-08 04:49 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2017-07-08 01:30 - 2017-07-08 01:31 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Chromium
2017-07-08 01:29 - 2017-07-08 01:29 - 00000000 ____D C:\Documents and Settings\Patricia Murphy\Local Settings\Application Data\chromium
2017-07-08 01:28 - 2017-07-09 00:03 - 00001519 _____ C:\Documents and Settings\All Users\Start Menu\Programs\HowToRemove.html.lnk
2017-07-08 01:28 - 2017-07-08 01:31 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\{512E6772-7586-0BCA-181E-2E223C76D2BA}
2017-07-08 01:28 - 2017-07-08 01:28 - 00000782 _____ C:\Documents and Settings\Patricia Murphy\Desktop\Windows Media Player.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-24 14:58 - 2014-11-19 18:39 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-07-24 14:24 - 2005-08-16 06:49 - 00000000 __SHD C:\Documents and Settings\NetworkService
2017-07-24 14:20 - 2013-05-04 19:07 - 00000330 ____H C:\WINDOWS\Tasks\MP Scheduled Scan.job
2017-07-24 14:18 - 2005-08-16 06:28 - 00000000 ____D C:\Documents and Settings\All Users
2017-07-24 14:18 - 2005-08-16 06:18 - 00000227 _____ C:\WINDOWS\system.ini
2017-07-24 14:17 - 2014-11-19 18:39 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-07-24 14:17 - 2006-03-27 10:27 - 00004608 _____ C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2017-07-24 14:17 - 2005-08-16 06:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-24 14:17 - 2005-08-16 06:38 - 00000000 ____D C:\WINDOWS\Registration
2017-07-24 14:17 - 2005-08-16 06:18 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-07-24 14:16 - 2006-04-13 21:36 - 00000178 ___SH C:\Documents and Settings\Patricia Murphy\ntuser.ini
2017-07-24 14:16 - 2006-03-27 16:00 - 07602176 _____ C:\WINDOWS\system32\config\SYSTEM.bak
2017-07-24 14:16 - 2005-08-16 00:27 - 34865152 _____ C:\WINDOWS\system32\config\SOFTWARE.bak
2017-07-24 14:16 - 2005-08-16 00:27 - 00524288 _____ C:\WINDOWS\system32\config\DEFAULT.bak
2017-07-24 14:16 - 2005-08-16 00:27 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak
2017-07-24 14:16 - 2005-08-16 00:27 - 00024576 _____ C:\WINDOWS\system32\config\SAM.bak
2017-07-23 21:18 - 2005-08-16 06:49 - 00032558 _____ C:\WINDOWS\SchedLgU.Txt
2017-07-23 21:06 - 2006-04-14 11:34 - 00000000 __SHD C:\WINDOWS\CSC
2017-07-19 13:07 - 2005-08-16 06:33 - 00524888 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-19 13:01 - 2014-05-21 18:02 - 00392944 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2017-07-19 12:41 - 2005-08-16 06:28 - 00000000 ___HD C:\Documents and Settings\Default User
2017-07-19 12:32 - 2006-04-13 21:36 - 00000000 ____D C:\Documents and Settings\Patricia Murphy
2017-07-19 04:42 - 2009-09-15 20:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HP
2017-07-18 10:24 - 2006-04-13 21:36 - 00000807 _____ C:\Documents and Settings\Patricia Murphy\Start Menu\Programs\Internet Explorer.lnk
2017-07-18 10:24 - 2005-08-16 06:50 - 00000807 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2017-07-16 04:40 - 2007-11-23 13:51 - 00113152 _____ C:\Documents and Settings\Patricia Murphy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-07-14 23:50 - 2014-11-20 11:07 - 00000000 ____D C:\Documents and Settings\Patricia Murphy\Local Settings\Application Data\Vosteran
2017-07-14 23:46 - 2006-03-27 10:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java Web Start
2017-07-14 23:39 - 2009-09-15 20:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HP
2017-07-14 23:39 - 2009-09-15 20:08 - 00000000 ____D C:\Program Files\HP
2017-07-14 23:32 - 2005-08-16 06:18 - 00000740 _____ C:\WINDOWS\win.ini
2017-07-13 18:06 - 2005-08-16 06:22 - 00000000 ___HD C:\WINDOWS\inf
2017-07-13 16:08 - 2006-04-13 21:36 - 00000000 ____D C:\Documents and Settings\Patricia Murphy\Local Settings\Application Data\ApplicationHistory
2017-07-09 03:03 - 2005-08-16 06:22 - 00000000 _RSHD C:\WINDOWS\system32\dllcache
2017-07-09 00:29 - 2009-09-15 20:19 - 00000000 ____D C:\Program Files\Yahoo!
2017-07-09 00:02 - 2015-02-18 12:24 - 00000281 _____ C:\Documents and Settings\Patricia Murphy\Application Data\WB.CFG
2017-07-08 14:02 - 2009-11-12 16:26 - 00000000 ____D C:\Documents and Settings\Patricia Murphy\My Documents\My PSP Files
2017-07-08 14:02 - 2007-11-23 13:48 - 00006580 ___SH C:\WINDOWS\system32\KGyGaAvL.sys
2017-07-08 01:28 - 2006-04-13 21:36 - 00000788 _____ C:\Documents and Settings\Patricia Murphy\Start Menu\Programs\Windows Media Player.lnk
2017-07-08 00:02 - 2014-11-21 13:02 - 00000347 _____ C:\Documents and Settings\NetworkService\Application Data\WB.CFG
2017-07-07 23:54 - 2009-09-15 21:51 - 00000000 ____D C:\Documents and Settings\Patricia Murphy\Application Data\HPAppData

==================== Files in the root of some directories =======

2008-01-10 12:16 - 2007-08-10 19:17 - 0007982 _____ () C:\Documents and Settings\Patricia Murphy\Application Data\ComcastSecurity.ico
2008-01-10 12:16 - 2007-05-17 18:43 - 0015086 _____ () C:\Documents and Settings\Patricia Murphy\Application Data\ComcastWebmail.ico
2015-02-18 12:24 - 2017-07-09 00:02 - 0000281 _____ () C:\Documents and Settings\Patricia Murphy\Application Data\WB.CFG
2007-11-23 13:51 - 2017-07-16 04:40 - 0113152 _____ () C:\Documents and Settings\Patricia Murphy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-18 12:24 - 2015-02-18 12:24 - 0234679 _____ () C:\Documents and Settings\Patricia Murphy\Local Settings\Application Data\dsi1.dat
2015-02-18 12:24 - 2015-02-18 12:24 - 0161916 _____ () C:\Documents and Settings\Patricia Murphy\Local Settings\Application Data\dsi2.dat
2006-04-13 21:36 - 2006-05-13 17:00 - 0000138 _____ () C:\Documents and Settings\Patricia Murphy\Local Settings\Application Data\fusioncache.dat
2010-10-20 17:31 - 2010-12-02 16:02 - 0001940 _____ () C:\Documents and Settings\Patricia Murphy\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2009-09-15 20:04 - 2009-09-15 20:29 - 0001150 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2006-03-27 10:28 - 2006-03-27 10:28 - 0000004 ____H () C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================
 
#35
Here is the most recent Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-07-2017
Ran by Patricia Murphy (24-07-2017 15:10:03)
Running from C:\Documents and Settings\Patricia Murphy\Local Settings\Temporary Internet Files\Content.IE5\JGH77FOW
Microsoft Windows XP Professional Service Pack 3 (X86) (2006-04-14 01:36:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-693440143-1380487613-1125637980-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-693440143-1380487613-1125637980-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-693440143-1380487613-1125637980-1005 - Limited - Disabled)
Patricia Murphy (S-1-5-21-693440143-1380487613-1125637980-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Patricia Murphy
SUPPORT_388945a0 (S-1-5-21-693440143-1380487613-1125637980-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

FW: Norton Internet Worm Protection (Disabled) {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (HKLM\...\{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}) (Version: 2.1.4 - Hewlett-Packard) Hidden
7zip Packages (HKU\S-1-5-21-693440143-1380487613-1125637980-1006\...\7zip Packages) (Version: - ) <==== ATTENTION
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader 7.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70000000000}) (Version: 7.0.0 - Adobe Systems Incorporated)
Bicycle® Bridge (HKLM\...\Bicycle® Bridge) (Version: - )
Blackhawk Striker 2 (HKLM\...\C0A0AA4D-C79B-48CA-8843-2B02B626C9E6) (Version: 09/20/2005 11:54 AM - WildTangent)
Blasterball 2 (HKLM\...\D1A6F3FD-7B40-443F-8767-BADB25A0D222) (Version: 09/20/2005 11:55 AM - WildTangent)
Broadcom Management Programs (HKLM\...\{26E1BFB0-E87E-4696-9F89-B467F01F81E5}) (Version: 8.65.05 - Broadcom Corporation)
BufferChm (HKLM\...\{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Cards_Calendar_OrderGift_DoMorePlugout (HKLM\...\{E535C94A-B87F-4182-BEA8-1E9322078D3E}) (Version: 2.03.0000 - Hewlett-Packard) Hidden
Chromium (HKLM\...\{887960B9-D8F9-B139-6979-C1B9B9F91239}) (Version: - )
Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version: - )
Copy (HKLM\...\{E133E97F-5186-4503-BEC8-752EB9E8EBD7}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Corel Paint Shop Pro X (HKLM\...\{1A15507A-8551-4626-915D-3D5FA095CC1B}) (Version: 10.0 - Corel Inc)
Corel Photo Album 6 (HKLM\...\{8A9B8148-DDD7-448F-BD6C-358386D32354}) (Version: 6.00 - Corel, Inc.)
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
Dell Digital Jukebox Driver (HKLM\...\Dell Digital Jukebox Driver) (Version: - )
Dell Game Console (HKLM\...\Dell Game Console) (Version: - WildTangent)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3062 - Dell)
Desktop Doctor (HKLM\...\{D87149B3-7A1D-4548-9CBF-032B791E5908}) (Version: 2.5.5 - Comcast)
Destination Component (HKLM\...\{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}) (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (HKLM\...\{AB5D51AE-EBC3-438D-872C-705C7C2084B0}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Digital Content Portal (HKLM\...\{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}) (Version: 1.00.0000 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.15 - BVRP Software, Inc)
DJ_AIO_03_F4200_ProductContext (HKLM\...\{6365C963-4B72-43F8-8392-2A5441EC2A86}) (Version: 110.0.206.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software (HKLM\...\{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}) (Version: 110.0.206.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software_Min (HKLM\...\{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}) (Version: 110.0.206.000 - Hewlett-Packard) Hidden
Driver Support (HKLM\...\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}) (Version: 9.1.4.44 - PC Drivers Headquarters, LP) <==== ATTENTION
EducateU (HKLM\...\{A683A2C0-821C-486F-858C-FA634DB5E864}) (Version: 1.00.0000 - Dell)
eSupportQFolder (HKLM\...\{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
F4200 (HKLM\...\{B61A79BE-E94C-42C0-921D-8B7E5217069C}) (Version: 110.0.206.000 - Hewlett-Packard) Hidden
F4200_Help (HKLM\...\{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}) (Version: 110.0.206.000 - Hewlett-Packard) Hidden
GemMaster Mystic (HKLM\...\12133444-BF36-4d4e-B7FB-A3424C645DE4) (Version: - )
Get High Speed Internet! (HKLM\...\{7A3F0566-5E05-4919-9C98-456F6B5CF831}) (Version: 1.00.0000 - Dell)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService (HKLM\...\{D16B4BE6-8B10-422f-8034-96D1CA9483B5}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
Hoyle Card Games 2005 (HKLM\...\{B44AA698-B221-4B3B-8CA5-E65EF6A5AF26}) (Version: 1.2.0.0 - Encore, Inc.)
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3 (HKLM\...\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}) (Version: 11.0 - HP)
HP Imaging Device Functions 11.0 (HKLM\...\HP Imaging Device Functions) (Version: 11.0 - HP)
HP Photosmart Essential 3.0 (HKLM\...\HP Photosmart Essential) (Version: 3.0 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.0 - HP)
HP Solution Center 11.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 11.0 - HP)
HPProductAssistant (HKLM\...\{27197499-7680-4208-8FD8-5439CDB0FDC1}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
IHA_MessageCenter (HKLM\...\{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}) (Version: 1.8.17 - Verizon)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4446 - )
Intel(R) PROSet/Wireless Software (HKLM\...\ProInst) (Version: 10.1.0.3 - Intel Corporation)
Internal Network Card Power Management (HKLM\...\{1F528948-0E80-4C96-B455-DE4167CB1DF7}) (Version: 1.7.2 - )
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version: - )
MapsGalaxy Internet Explorer Toolbar (HKLM\...\MapsGalaxy_39bar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
mCore (HKLM\...\{E81667C6-2856-46D6-ABEA-6A2F42166779}) (Version: 5.45.0000 - Intel Corporation) Hidden
mDrWiFi (HKLM\...\{F6090A17-0967-4A8A-B3C3-422A1B514D49}) (Version: 5.45.0000 - Intel Corporation) Hidden
mHlpDell (HKLM\...\{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}) (Version: 5.45.0000 - Intel) Hidden
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation)
Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
mIWA (HKLM\...\{3E9D596A-61D4-4239-BD19-2DB984D2A16F}) (Version: 5.45.0000 - Intel Corporation) Hidden
mLogView (HKLM\...\{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}) (Version: 5.45.0000 - Intel Corporation) Hidden
mMHouse (HKLM\...\{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}) (Version: 5.45.0000 - Intel Corporation) Hidden
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 3.01 - BVRP Software)
Mozilla Firefox 19.0 (x86 en-US) (HKLM\...\Mozilla Firefox 19.0 (x86 en-US)) (Version: 19.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 19.0 - Mozilla)
mPfMgr (HKLM\...\{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}) (Version: 5.45.0000 - Intel Corporation) Hidden
mPfWiz (HKLM\...\{90B0D222-8C21-4B35-9262-53B042F18AF9}) (Version: 5.45.0000 - Intel Corporation) Hidden
mProSafe (HKLM\...\{23FB368F-1399-4EAC-817C-4B83ECBE3D83}) (Version: 9.00.0000 - Intel) Hidden
MSN (HKLM\...\MSNINST) (Version: - )
mSSO (HKLM\...\{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}) (Version: 5.45.0000 - Intel Corporation) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
Musicmatch for Windows Media Player (HKLM\...\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}) (Version: 0.00.000 - )
Musicmatch® Jukebox (HKLM\...\{85D3CC30-8859-481A-9654-FD9B74310BEF}) (Version: 10.10.0097 - )
mWlsSafe (HKLM\...\{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}) (Version: 9.00.0000 - Intel) Hidden
mWMI (HKLM\...\{63DB9CCD-2B56-4217-9A3D-507AC78320CA}) (Version: 5.45.0000 - Intel Corporation) Hidden
mXML (HKLM\...\{9CC89556-3578-48DD-8408-04E66EBEF401}) (Version: 5.45.0000 - Intel Corporation) Hidden
mZConfig (HKLM\...\{94658027-9F16-4509-BBD7-A59FE57C3023}) (Version: 5.45.0000 - Intel Corporation) Hidden
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.23 - BVRP Software, Inc)
PowerDVD 5.7 (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
PSSWCORE (HKLM\...\{09633A5E-3089-41A8-9FF1-382171423C5D}) (Version: 2.03.0000 - Hewlett-Packard) Hidden
Pure Networks Network Magic (HKLM\...\Network Magic) (Version: 2.0.5346.1 - Pure Networks)
QuickSet (HKLM\...\{C5074CC4-0E26-4716-A307-960272A90040}) (Version: 7.0.9 - )
QuickTime (HKLM\...\QuickTime) (Version: - )
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version: - )
Scan (HKLM\...\{C89B5E3A-690F-4CEE-909A-BF869E198B0A}) (Version: 11.0.0.0 - Hewlett-Packard) Hidden
Search Assist (HKLM\...\{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}) (Version: 1.00.0000 - Dell)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 11.0 - HP)
SmartWebPrinting (HKLM\...\{CC0E1AE3-091D-4969-B151-7AC142062C28}) (Version: 110.0.182.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM\...\{593A6CAF-E114-4e31-884F-74FF349E8E36}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.95 - Sonic Solutions)
Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Status (HKLM\...\{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.4.3 - Synaptics)
Toolbox (HKLM\...\{E96B0085-6659-486b-A221-5042A042728D}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version: - Microsoft Corporation)
URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - )
VideoToolkit01 (HKLM\...\{22F761D1-8063-4170-ADF7-2D2F47834CA9}) (Version: 110.0.171.000 - Hewlett-Packard) Hidden
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - )
Vz In Home Agent (HKLM\...\{CC4C261A-B915-4F23-BD23-7E1AE5713B4E}) (Version: 5.0207 - Verizon)
Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.76.0 - Verizon)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (HKLM\...\{AA2E8A46-B45E-4aea-8A23-88AB57D04523}) (Version: 110.0.180.000 - Hewlett-Packard) Hidden
WildTangent Web Driver (HKLM\...\WildTangent CDA) (Version: - )
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.21 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0018.5 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: - Microsoft Corporation)
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20070813.185237 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information] (HKLM\...\EmeraldQFE2) (Version: - Microsoft Corporation)
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB908246 (HKLM\...\KB908246) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (HKLM\...\XpsEPSC) (Version: - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers02: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06] (Sonic Solutions)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2005-12-14] (Intel Corporation)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Documents and Settings\Patricia Murphy\Desktop\Email.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://webmail.verizon.net
ShortcutWithArgument: C:\Documents and Settings\Patricia Murphy\Desktop\Laptop Items\Dell Download Center.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.dell.com/download/

==================== Loaded Modules (Whitelisted) ==============

2005-12-28 14:11 - 2005-12-28 14:11 - 00876544 _____ () C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll
2005-12-28 14:11 - 2005-12-28 14:11 - 00053322 _____ () C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
2005-12-28 14:11 - 2005-12-28 14:11 - 00208965 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2005-08-16 06:18 - 2011-02-04 18:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2005-08-16 06:18 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2005-08-16 06:18 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2005-08-16 06:18 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2005-08-16 06:18 - 2017-07-24 14:17 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-693440143-1380487613-1125637980-1006\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Bliss.bmp
DNS Servers: 192.168.1.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
MSCONFIG\startupreg: Corel Photo Downloader => C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: ddoctorv2 => "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
MSCONFIG\startupreg: Dell QuickSet => C:\Program Files\Dell\QuickSet\quickset.exe
MSCONFIG\startupreg: DellSupport => "C:\Program Files\DellSupport\DSAgnt.exe" /startup
MSCONFIG\startupreg: dla => C:\WINDOWS\system32\dla\tfswctrl.exe
MSCONFIG\startupreg: DVDLauncher => "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
MSCONFIG\startupreg: ehTray => C:\WINDOWS\ehome\ehtray.exe
MSCONFIG\startupreg: igfxhkcmd => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: igfxpers => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: igfxtray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: IntelWireless => "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
MSCONFIG\startupreg: IntelZeroConfig => "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
MSCONFIG\startupreg: ISUSPM Startup => "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: MimBoot => C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
MSCONFIG\startupreg: MMTray => C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
MSCONFIG\startupreg: ModemOnHold => C:\Program Files\NetWaiting\netWaiting.exe
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: nmapp => "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: RealTray => C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
MSCONFIG\startupreg: ShowLOMControl =>
MSCONFIG\startupreg: SigmatelSysTrayApp => stsystra.exe
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:mad:xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:mad:xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:mad:xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:mad:xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [50000:UDP] => Enabled:IHA_MessageCenter

==================== Restore Points =========================

07-07-2017 23:44:56 Software Distribution Service 3.0
09-07-2017 03:00:26 Software Distribution Service 3.0
13-07-2017 00:19:38 System Checkpoint
13-07-2017 19:59:18 Software Distribution Service 3.0
14-07-2017 21:57:05 System Checkpoint
14-07-2017 23:39:09 Removed HP Update
14-07-2017 23:46:38 Removed Java 2 Runtime Environment, SE v1.4.2_03
14-07-2017 23:47:39 Removed Java 7 Update 21
14-07-2017 23:54:27 Removed NetZeroInstallers
16-07-2017 02:35:54 System Checkpoint
18-07-2017 10:05:04 Software Distribution Service 3.0
18-07-2017 10:24:25 Windows Defender Checkpoint
19-07-2017 13:31:33 System Checkpoint
21-07-2017 00:03:01 System Checkpoint
22-07-2017 23:40:17 System Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/24/2017 12:32:05 PM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Error: (07/24/2017 02:38:28 AM) (Source: Userenv) (EventID: 1090) (User: NT AUTHORITY)
Description: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Error: (07/23/2017 11:31:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application VzDetectAgent.exe, version 2.0.2.20, faulting module VzDetectAgent.exe, version 2.0.2.20, fault address 0x0010d992.
Processing media-specific event for [VzDetectAgent.exe!ws!]

Error: (07/23/2017 05:34:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application VzDetectAgent.exe, version 2.0.2.20, faulting module VzDetectAgent.exe, version 2.0.2.20, fault address 0x00001b5b.
Processing media-specific event for [VzDetectAgent.exe!ws!]

Error: (07/19/2017 08:00:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application grep.3xe, version 0.0.0.0, faulting module grep.3xe, version 0.0.0.0, fault address 0x00009216.
Processing media-specific event for [grep.3xe!ws!]

Error: (07/19/2017 04:47:02 AM) (Source: PerfNet) (EventID: 2006) (User: )
Description: Unable to read Server Queue performance data from the Server service.
No Server Queue performance data will be returned in this sample.
Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and
the IOSB.Information is DWORD 2.

Error: (07/19/2017 04:47:02 AM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data from the Server service.
No Server performance data will be returned in this sample.
Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and
the IOSB.Information is DWORD 2.

Error: (07/19/2017 04:47:00 AM) (Source: PerfNet) (EventID: 2006) (User: )
Description: Unable to read Server Queue performance data from the Server service.
No Server Queue performance data will be returned in this sample.
Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and
the IOSB.Information is DWORD 2.

Error: (07/19/2017 04:47:00 AM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data from the Server service.
No Server performance data will be returned in this sample.
Error code returned is in data DWORD 0, IOSB.Status is DWORD 1 and
the IOSB.Information is DWORD 2.

Error: (07/14/2017 12:05:21 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (07/23/2017 10:49:09 PM) (Source: 0) (EventID: 11) (User: )
Description: Event-ID 11

Error: (07/23/2017 10:46:55 PM) (Source: 0) (EventID: 9) (User: )
Description: Event-ID 9

Error: (07/23/2017 10:45:48 PM) (Source: 0) (EventID: 9) (User: )
Description: Event-ID 9

Error: (07/23/2017 10:45:36 PM) (Source: 0) (EventID: 11) (User: )
Description: Event-ID 11

Error: (07/23/2017 10:45:30 PM) (Source: 0) (EventID: 11) (User: )
Description: Event-ID 11

Error: (07/23/2017 10:44:51 PM) (Source: 0) (EventID: 9) (User: )
Description: Event-ID 9

Error: (07/23/2017 10:44:35 PM) (Source: 0) (EventID: 11) (User: )
Description: Event-ID 11

Error: (07/23/2017 10:44:13 PM) (Source: 0) (EventID: 11) (User: )
Description: Event-ID 11

Error: (07/23/2017 09:06:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util EnterDigital service failed to start due to the following error:
The system cannot find the path specified.

Error: (07/23/2017 09:06:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update EnterDigital service failed to start due to the following error:
The system cannot find the path specified.


==================== Memory info ===========================

Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz
Percentage of memory in use: 65%
Total physical RAM: 502.37 MB
Available physical RAM: 175.54 MB
Total Virtual: 1226.61 MB
Available Virtual: 781.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:68.44 GB) (Free:52.5 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 73.1 GB) (Disk ID: E686F016)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=68.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4.6 GB) - (Type=DB)

==================== End of Addition.txt ============================
 
#36
Looks better. No Zero Access warnings. Let's run
TDSSKiller to make sure:
http://support.kaspersky.com/viruses/utility#TDSSKiller
Use the EXE download. Save it to your desktop then run it.
Double click on TDSSKiller.exe to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Then let's look to see what is still broken:

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.
Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwareremoval.com/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
  • Like
Reactions: Malnutrition
#37
Hi - ok thanks. Here is the TDSSkiller.txt log:

00:31:08.0313 0x0fbc TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02
00:31:31.0753 0x0fbc ============================================================
00:31:31.0753 0x0fbc Current date / time: 2017/07/26 00:31:31.0753
00:31:31.0753 0x0fbc SystemInfo:
00:31:31.0753 0x0fbc
00:31:31.0753 0x0fbc OS Version: 5.1.2600 ServicePack: 3.0
00:31:31.0753 0x0fbc Product type: Workstation
00:31:31.0753 0x0fbc ComputerName: PMURPHY
00:31:31.0753 0x0fbc UserName: Patricia Murphy
00:31:31.0753 0x0fbc Windows directory: C:\WINDOWS
00:31:31.0753 0x0fbc System windows directory: C:\WINDOWS
00:31:31.0753 0x0fbc Processor architecture: Intel x86
00:31:31.0753 0x0fbc Number of processors: 2
00:31:31.0753 0x0fbc Page size: 0x1000
00:31:31.0753 0x0fbc Boot type: Normal boot
00:31:31.0753 0x0fbc ============================================================
00:31:34.0878 0x0fbc KLMD registered as C:\WINDOWS\system32\drivers\37857466.sys
00:31:34.0878 0x0fbc KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 2600.6419, osProperties = 0x0
00:31:35.0222 0x0fbc System UUID: {2E75C928-3D46-4119-C7D9-9C1CD799817E}
00:31:36.0379 0x0fbc Drive \Device\Harddisk0\DR0 - Size: 0x1248119400 ( 73.13 Gb ), SectorSize: 0x200, Cylinders: 0x254A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:31:36.0410 0x0fbc ============================================================
00:31:36.0410 0x0fbc \Device\Harddisk0\DR0:
00:31:36.0410 0x0fbc MBR partitions:
00:31:36.0410 0x0fbc \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x88E0366
00:31:36.0410 0x0fbc ============================================================
00:31:36.0457 0x0fbc C: <-> \Device\Harddisk0\DR0\Partition1
00:31:36.0457 0x0fbc ============================================================
00:31:36.0457 0x0fbc Initialize success
00:31:36.0457 0x0fbc ============================================================
00:31:40.0254 0x02a4 ============================================================
00:31:40.0254 0x02a4 Scan started
00:31:40.0254 0x02a4 Mode: Manual;
00:31:40.0254 0x02a4 ============================================================
00:31:40.0254 0x02a4 KSN ping started
00:31:40.0410 0x02a4 KSN ping finished: true
00:31:42.0364 0x02a4 ================ Scan system memory ========================
00:31:46.0302 0x02a4 System memory - ok
00:31:46.0302 0x02a4 ================ Scan services =============================
00:31:46.0458 0x02a4 Abiosdsk - ok
00:31:46.0505 0x02a4 [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
00:31:46.0505 0x02a4 abp480n5 - ok
00:31:46.0708 0x02a4 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:31:46.0724 0x02a4 ACPI - ok
00:31:46.0770 0x02a4 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
00:31:46.0770 0x02a4 ACPIEC - ok
00:31:46.0802 0x02a4 [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
00:31:46.0802 0x02a4 adpu160m - ok
00:31:46.0833 0x02a4 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
00:31:46.0833 0x02a4 aec - ok
00:31:46.0880 0x02a4 [ 12DAFD934641DCF61E446313BC261EC2, 1731C21DE26B8898531CFF37EFDD362D4B854CE2441C98EC8084BE03EBB19DB1 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
00:31:46.0880 0x02a4 AegisP - ok
00:31:46.0942 0x02a4 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
00:31:46.0942 0x02a4 AFD - ok
00:31:46.0989 0x02a4 [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
00:31:46.0989 0x02a4 agp440 - ok
00:31:47.0005 0x02a4 [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
00:31:47.0005 0x02a4 agpCPQ - ok
00:31:47.0020 0x02a4 [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
00:31:47.0020 0x02a4 Aha154x - ok
00:31:47.0036 0x02a4 [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
00:31:47.0036 0x02a4 aic78u2 - ok
00:31:47.0052 0x02a4 [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
00:31:47.0052 0x02a4 aic78xx - ok
00:31:47.0099 0x02a4 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
00:31:47.0099 0x02a4 Alerter - ok
00:31:47.0114 0x02a4 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
00:31:47.0114 0x02a4 ALG - ok
00:31:47.0130 0x02a4 [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
00:31:47.0130 0x02a4 AliIde - ok
00:31:47.0161 0x02a4 [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
00:31:47.0161 0x02a4 alim1541 - ok
00:31:47.0177 0x02a4 [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
00:31:47.0177 0x02a4 amdagp - ok
00:31:47.0192 0x02a4 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
00:31:47.0208 0x02a4 amsint - ok
00:31:47.0255 0x02a4 [ EC94E05B76D033B74394E7B2175103CF, 4F0993951B72478D87AD15A6FC33D3D18FEFAF2A08698CFC63BBD1EDB784B0FE ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
00:31:47.0255 0x02a4 APPDRV - ok
00:31:47.0302 0x02a4 [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
00:31:47.0317 0x02a4 AppMgmt - ok
00:31:47.0349 0x02a4 [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:31:47.0349 0x02a4 Arp1394 - ok
00:31:47.0380 0x02a4 [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
00:31:47.0380 0x02a4 asc - ok
00:31:47.0395 0x02a4 [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
00:31:47.0411 0x02a4 asc3350p - ok
00:31:47.0411 0x02a4 [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
00:31:47.0427 0x02a4 asc3550 - ok
00:31:47.0458 0x02a4 [ D880831279ED91F9A4190A2DB9539EA9, EAF7D48E026C99EE9C4BC838A3004966517F948051B39DA5B5072F6DE81165AB ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
00:31:47.0458 0x02a4 ASCTRM - ok
00:31:47.0583 0x02a4 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
00:31:47.0645 0x02a4 aspnet_state - ok
00:31:47.0692 0x02a4 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:31:47.0692 0x02a4 AsyncMac - ok
00:31:47.0755 0x02a4 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
00:31:47.0755 0x02a4 atapi - ok
00:31:47.0771 0x02a4 Atdisk - ok
00:31:47.0817 0x02a4 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:31:47.0817 0x02a4 Atmarpc - ok
00:31:47.0896 0x02a4 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
00:31:47.0896 0x02a4 AudioSrv - ok
00:31:47.0942 0x02a4 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
00:31:47.0942 0x02a4 audstub - ok
00:31:47.0989 0x02a4 [ C768C8A463D32C219CE291645A0621A4, 04878E954E36731445F216017E4FB89686461D6FFD1815803EFBC9DAFAD4CD1E ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
00:31:47.0989 0x02a4 bcm4sbxp - ok
00:31:48.0036 0x02a4 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
00:31:48.0036 0x02a4 Beep - ok
00:31:48.0114 0x02a4 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
00:31:48.0177 0x02a4 BITS - ok
00:31:48.0239 0x02a4 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
00:31:48.0255 0x02a4 Browser - ok
00:31:48.0255 0x02a4 catchme - ok
00:31:48.0271 0x02a4 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
00:31:48.0271 0x02a4 cbidf - ok
00:31:48.0286 0x02a4 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
00:31:48.0286 0x02a4 cbidf2k - ok
00:31:48.0286 0x02a4 [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
00:31:48.0286 0x02a4 cd20xrnt - ok
00:31:48.0302 0x02a4 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
00:31:48.0302 0x02a4 Cdaudio - ok
00:31:48.0317 0x02a4 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
00:31:48.0317 0x02a4 Cdfs - ok
00:31:48.0333 0x02a4 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:31:48.0333 0x02a4 Cdrom - ok
00:31:48.0349 0x02a4 Changer - ok
00:31:48.0364 0x02a4 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
00:31:48.0364 0x02a4 CiSvc - ok
00:31:48.0380 0x02a4 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
00:31:48.0380 0x02a4 ClipSrv - ok
00:31:48.0427 0x02a4 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:31:48.0489 0x02a4 clr_optimization_v2.0.50727_32 - ok
00:31:48.0505 0x02a4 [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:31:48.0505 0x02a4 CmBatt - ok
00:31:48.0536 0x02a4 [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
00:31:48.0536 0x02a4 CmdIde - ok
00:31:48.0552 0x02a4 [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:31:48.0552 0x02a4 Compbatt - ok
00:31:48.0552 0x02a4 COMSysApp - ok
00:31:48.0567 0x02a4 [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
00:31:48.0567 0x02a4 Cpqarray - ok
00:31:48.0646 0x02a4 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
00:31:48.0646 0x02a4 CryptSvc - ok
00:31:48.0693 0x02a4 [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
00:31:48.0708 0x02a4 dac2w2k - ok
00:31:48.0724 0x02a4 [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
00:31:48.0724 0x02a4 dac960nt - ok
00:31:48.0849 0x02a4 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
00:31:48.0864 0x02a4 DcomLaunch - ok
00:31:48.0943 0x02a4 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
00:31:48.0943 0x02a4 Dhcp - ok
00:31:48.0958 0x02a4 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
00:31:48.0958 0x02a4 Disk - ok
00:31:48.0958 0x02a4 dmadmin - ok
00:31:49.0036 0x02a4 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
00:31:49.0083 0x02a4 dmboot - ok
00:31:49.0099 0x02a4 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
00:31:49.0099 0x02a4 dmio - ok
00:31:49.0130 0x02a4 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
00:31:49.0146 0x02a4 dmload - ok
00:31:49.0161 0x02a4 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
00:31:49.0161 0x02a4 dmserver - ok
00:31:49.0193 0x02a4 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
00:31:49.0193 0x02a4 DMusic - ok
00:31:49.0255 0x02a4 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
00:31:49.0255 0x02a4 Dnscache - ok
00:31:49.0333 0x02a4 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
00:31:49.0333 0x02a4 Dot3svc - ok
00:31:49.0364 0x02a4 [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
00:31:49.0364 0x02a4 dpti2o - ok
00:31:49.0396 0x02a4 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
00:31:49.0396 0x02a4 drmkaud - ok
00:31:49.0458 0x02a4 [ E814854E6B246CCF498874839AB64D77, D7BD17AD9709DA8305FF58710EE5EAA14BA5857F4B64C1CBDD21751625BFF2A3 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
00:31:49.0458 0x02a4 drvmcdb - ok
00:31:49.0474 0x02a4 [ EE83A4EBAE70BC93CF14879D062F548B, CCA423C19BC8A6807EE29DA7FA9F545FDF2D0AAA8D4556E13B864ED6F6683827 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
00:31:49.0474 0x02a4 drvnddm - ok
00:31:49.0614 0x02a4 [ FE80901578E7E3DA70299A5AEB2B7FBD, E68E8BAAA37AE26318BE8C084CFDD9040E97714C75EAA64B9720AB41FB1C9EF5 ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
00:31:49.0614 0x02a4 DSBrokerService - ok
00:31:49.0693 0x02a4 [ 413F2D5F9D802688242C23B38F767ECB, 6D5B6B8FC6E8E45555C444D3E881D3E44DE4C6F2602ADBB4D0E8E9F834089827 ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
00:31:49.0693 0x02a4 DSproct - ok
00:31:49.0740 0x02a4 [ DFEABB7CFFFADEA4A912AB95BDC3177A, 9A93956CF826F419ACB2B3CA8809917E345ACFD43B102EAB18DB46F49859D1C7 ] dsunidrv C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
00:31:49.0740 0x02a4 dsunidrv - ok
00:31:49.0802 0x02a4 [ 3FCA03CBCA11269F973B70FA483C88EF, 0995989B9EBE5CE1C5489139849FB2AD69DE9749650BBC262AD754E5CE457C59 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
00:31:49.0802 0x02a4 E100B - ok
00:31:49.0833 0x02a4 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
00:31:49.0833 0x02a4 EapHost - ok
00:31:49.0990 0x02a4 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9, F3CA10753B7D76C87A71A0FEDB5EACE77E2E10E8DD44BEE7C66BCE17BD3EFD71 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
00:31:49.0990 0x02a4 ehRecvr - ok
00:31:50.0021 0x02a4 [ A53243709439AC2A4C216B817F8D7411, AF4624EEA9B165DE873B7D104D1EA3BE9A14BBC5B4CABE26544F90B78689EEF9 ] ehSched C:\WINDOWS\eHome\ehSched.exe
00:31:50.0036 0x02a4 ehSched - ok
00:31:50.0068 0x02a4 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
00:31:50.0068 0x02a4 ERSvc - ok
00:31:50.0115 0x02a4 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
00:31:50.0146 0x02a4 Eventlog - ok
00:31:50.0208 0x02a4 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll
00:31:50.0224 0x02a4 EventSystem - ok
00:31:50.0302 0x02a4 [ ED9C755312F29D55B8C815EEC7115635, FF4DDB10EC7878856641EDFAFA82259FF18F641A10F46E324EEA9361B6D71B4C ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
00:31:50.0302 0x02a4 EvtEng - ok
00:31:50.0365 0x02a4 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
00:31:50.0380 0x02a4 Fastfat - ok
00:31:50.0443 0x02a4 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
00:31:50.0443 0x02a4 FastUserSwitchingCompatibility - ok
00:31:50.0490 0x02a4 [ E97D6A8684466DF94FF3BC24FB787A07, 89E5A6889E3C5AB9AD3E80FFC16DD608278F3ADC282048B40B60196336A5CBEB ] Fax C:\WINDOWS\system32\fxssvc.exe
00:31:50.0490 0x02a4 Fax - ok
00:31:50.0552 0x02a4 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
00:31:50.0552 0x02a4 Fdc - ok
00:31:50.0568 0x02a4 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
00:31:50.0583 0x02a4 Fips - ok
00:31:50.0599 0x02a4 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:31:50.0615 0x02a4 Flpydisk - ok
00:31:50.0693 0x02a4 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
00:31:50.0693 0x02a4 FltMgr - ok
00:31:50.0896 0x02a4 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:31:50.0896 0x02a4 FontCache3.0.0.0 - ok
00:31:50.0943 0x02a4 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:31:50.0943 0x02a4 Fs_Rec - ok
00:31:50.0990 0x02a4 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:31:50.0990 0x02a4 Ftdisk - ok
00:31:51.0021 0x02a4 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:31:51.0021 0x02a4 Gpc - ok
00:31:51.0208 0x02a4 [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
00:31:51.0208 0x02a4 gupdate - ok
00:31:51.0224 0x02a4 [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
00:31:51.0224 0x02a4 gupdatem - ok
00:31:51.0255 0x02a4 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:31:51.0271 0x02a4 HDAudBus - ok
00:31:51.0365 0x02a4 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:31:51.0365 0x02a4 helpsvc - ok
00:31:51.0427 0x02a4 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
00:31:51.0427 0x02a4 HidServ - ok
00:31:51.0474 0x02a4 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:31:51.0474 0x02a4 HidUsb - ok
00:31:51.0552 0x02a4 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
00:31:51.0552 0x02a4 hkmsvc - ok
00:31:51.0583 0x02a4 [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
00:31:51.0583 0x02a4 hpn - ok
00:31:51.0818 0x02a4 [ ED377B3C83FDEA8D906109A085D219BA, 9D55E19A219D40F4866EDBD33CB0B20CEB03F66423417EE4DBC4EC123E552557 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
00:31:51.0834 0x02a4 hpqcxs08 - ok
00:31:51.0880 0x02a4 [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
00:31:51.0880 0x02a4 HPZid412 - ok
00:31:51.0896 0x02a4 [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
00:31:51.0896 0x02a4 HPZipr12 - ok
00:31:51.0912 0x02a4 [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
00:31:51.0912 0x02a4 HPZius12 - ok
00:31:51.0974 0x02a4 [ 1C8CAA80E91FB71864E9426F9EED048D, 2D5AC07A984235E5E01604A64740D1E96F16F0CB09F2D6331CF4B5871C6FABBA ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
00:31:51.0974 0x02a4 HSFHWAZL - ok
00:31:52.0052 0x02a4 [ 698204D9C2832E53633E53A30A53FC3D, AD16E9BDB4CAD80C00AD163A9EBB9D734A06AA4B45AF3B72EE73EA908D4645C4 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
00:31:52.0099 0x02a4 HSF_DPV - ok
00:31:52.0146 0x02a4 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
00:31:52.0146 0x02a4 HTTP - ok
00:31:52.0193 0x02a4 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
00:31:52.0193 0x02a4 HTTPFilter - ok
00:31:52.0255 0x02a4 [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
00:31:52.0255 0x02a4 i2omgmt - ok
00:31:52.0302 0x02a4 [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
00:31:52.0302 0x02a4 i2omp - ok
00:31:52.0318 0x02a4 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:31:52.0334 0x02a4 i8042prt - ok
00:31:52.0427 0x02a4 [ CC449157474D5E43DAEA7E20F52C635A, 5C65259E32096949F1E7E449E7F6058408AD28B6276564BD477A700E048977DE ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
00:31:52.0490 0x02a4 ialm - ok
00:31:52.0693 0x02a4 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:31:52.0740 0x02a4 idsvc - ok
00:31:52.0943 0x02a4 [ 922EFF369684B31BE2BCF0663ECF8560, 97B484EF0BAB546C0E27CB8A3CBB21B946824EFB4CACA98237DC09110FB5642A ] IHA_MessageCenter C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
00:31:52.0959 0x02a4 IHA_MessageCenter - ok
00:31:52.0990 0x02a4 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
00:31:52.0990 0x02a4 Imapi - ok
00:31:53.0052 0x02a4 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
00:31:53.0052 0x02a4 ImapiService - ok
00:31:53.0084 0x02a4 [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
00:31:53.0084 0x02a4 ini910u - ok
00:31:53.0115 0x02a4 [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
00:31:53.0115 0x02a4 IntelIde - ok
00:31:53.0162 0x02a4 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:31:53.0162 0x02a4 intelppm - ok
00:31:53.0193 0x02a4 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
00:31:53.0209 0x02a4 Ip6Fw - ok
00:31:53.0256 0x02a4 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:31:53.0256 0x02a4 IpFilterDriver - ok
00:31:53.0271 0x02a4 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:31:53.0271 0x02a4 IpInIp - ok
00:31:53.0318 0x02a4 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:31:53.0318 0x02a4 IpNat - ok
00:31:53.0334 0x02a4 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:31:53.0349 0x02a4 IPSec - ok
00:31:53.0365 0x02a4 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
00:31:53.0365 0x02a4 IRENUM - ok
00:31:53.0396 0x02a4 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:31:53.0396 0x02a4 isapnp - ok
00:31:53.0412 0x02a4 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:31:53.0412 0x02a4 Kbdclass - ok
00:31:53.0443 0x02a4 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
00:31:53.0443 0x02a4 kmixer - ok
00:31:53.0474 0x02a4 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
00:31:53.0490 0x02a4 KSecDD - ok
00:31:53.0521 0x02a4 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
00:31:53.0537 0x02a4 lanmanserver - ok
00:31:53.0584 0x02a4 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
00:31:53.0599 0x02a4 lanmanworkstation - ok
00:31:53.0599 0x02a4 lbrtfdc - ok
00:31:53.0646 0x02a4 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
00:31:53.0646 0x02a4 LmHosts - ok
00:31:53.0709 0x02a4 [ DF0A511F38F16016BF658FCA0090CB87, 6D2F6360A4E1D369607F2F394B4A8C6EE8EEE9FA46A67394769E9C0044529B6C ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
00:31:53.0709 0x02a4 McrdSvc - ok
00:31:53.0802 0x02a4 [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
00:31:53.0818 0x02a4 MDM - ok
00:31:53.0834 0x02a4 [ 3C318B9CD391371BED62126581EE9961, 1254273DE950EF8D5922F26D67B55C9D9082F45CDE168E3DAB20A2E53208DC3A ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
00:31:53.0834 0x02a4 mdmxsdk - ok
00:31:53.0896 0x02a4 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
00:31:53.0896 0x02a4 Messenger - ok
00:31:53.0959 0x02a4 [ B7521F69C0A9B29D356157229376FB21, A77C89BDC181038DD0F9A8AC0F7164B10EF9C54B0C57D8BAB8BC27932EBF890B ] MHN C:\WINDOWS\System32\mhn.dll
00:31:53.0959 0x02a4 MHN - ok
00:31:53.0959 0x02a4 [ 7F2F1D2815A6449D346FCCCBC569FBD6, 1C5A321CE95CE4D9AA2CB5A00E9B7E711521A6BBB25D36F7F49A397C361585C6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
00:31:53.0959 0x02a4 MHNDRV - ok
00:31:53.0990 0x02a4 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
00:31:53.0990 0x02a4 mnmdd - ok
00:31:54.0037 0x02a4 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
00:31:54.0037 0x02a4 mnmsrvc - ok
00:31:54.0068 0x02a4 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
00:31:54.0068 0x02a4 Modem - ok
00:31:54.0084 0x02a4 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:31:54.0084 0x02a4 Mouclass - ok
00:31:54.0131 0x02a4 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:31:54.0146 0x02a4 mouhid - ok
00:31:54.0178 0x02a4 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
00:31:54.0178 0x02a4 MountMgr - ok
00:31:54.0303 0x02a4 [ 0E984C9D23342F33B7B855BE79FBA358, 3943F4D3F1063A555F537D666A81F7D85BB0226D8662CA7DAB4D60BC56061F04 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:31:54.0303 0x02a4 MozillaMaintenance - ok
00:31:54.0334 0x02a4 [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
00:31:54.0349 0x02a4 mraid35x - ok
00:31:54.0412 0x02a4 [ 9BD4DCB5412921864A7AACDEDFBD1923, 46DEE9B9414D26203B62F0D6CAEBF37A3CEFD118556129547B2C5FC7B6FDBA05 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
00:31:54.0412 0x02a4 MREMP50 - ok
00:31:54.0412 0x02a4 MREMP50a64 - ok
00:31:54.0412 0x02a4 MREMPR5 - ok
00:31:54.0428 0x02a4 MRENDIS5 - ok
00:31:54.0459 0x02a4 [ 07C02C892E8E1A72D6BF35004F0E9C5E, 09ECD59AADF08E2AA0C1BAF5D3D7CBB0948153E531E1F82ECACD43F14F88106B ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
00:31:54.0459 0x02a4 MRESP50 - ok
00:31:54.0459 0x02a4 MRESP50a64 - ok
00:31:54.0474 0x02a4 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:31:54.0474 0x02a4 MRxDAV - ok
00:31:54.0553 0x02a4 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:31:54.0584 0x02a4 MRxSmb - ok
00:31:54.0615 0x02a4 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
00:31:54.0631 0x02a4 MSDTC - ok
00:31:54.0631 0x02a4 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
00:31:54.0631 0x02a4 Msfs - ok
00:31:54.0646 0x02a4 MSIServer - ok
00:31:54.0740 0x02a4 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:31:54.0756 0x02a4 MSKSSRV - ok
00:31:54.0771 0x02a4 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:31:54.0771 0x02a4 MSPCLOCK - ok
00:31:54.0787 0x02a4 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
00:31:54.0787 0x02a4 MSPQM - ok
00:31:54.0818 0x02a4 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:31:54.0818 0x02a4 mssmbios - ok
00:31:54.0849 0x02a4 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
00:31:54.0849 0x02a4 Mup - ok
00:31:54.0959 0x02a4 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
00:31:54.0959 0x02a4 napagent - ok
00:31:54.0990 0x02a4 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
00:31:55.0006 0x02a4 NDIS - ok
00:31:55.0006 0x02a4 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:31:55.0021 0x02a4 NdisTapi - ok
00:31:55.0021 0x02a4 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:31:55.0021 0x02a4 Ndisuio - ok
00:31:55.0037 0x02a4 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:31:55.0053 0x02a4 NdisWan - ok
00:31:55.0100 0x02a4 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
00:31:55.0100 0x02a4 NDProxy - ok
00:31:55.0146 0x02a4 [ 949941E4DE88DF1FAF49A4B3CFFB756F, 982136CC33D46FE251955498AA67A17EF33CB3B86E87489B4B787240202839CF ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
00:31:55.0146 0x02a4 Net Driver HPZ12 - ok
00:31:55.0162 0x02a4 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
00:31:55.0162 0x02a4 NetBIOS - ok
00:31:55.0193 0x02a4 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
00:31:55.0193 0x02a4 NetBT - ok
00:31:55.0256 0x02a4 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
00:31:55.0271 0x02a4 NetDDE - ok
00:31:55.0271 0x02a4 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
00:31:55.0287 0x02a4 NetDDEdsdm - ok
00:31:55.0334 0x02a4 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
00:31:55.0334 0x02a4 Netlogon - ok
00:31:55.0365 0x02a4 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
00:31:55.0381 0x02a4 Netman - ok
00:31:55.0412 0x02a4 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:31:55.0428 0x02a4 NetTcpPortSharing - ok
00:31:55.0459 0x02a4 [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:31:55.0459 0x02a4 NIC1394 - ok
00:31:55.0600 0x02a4 [ 24D29A87A141B5CCDF34260D4890BE89, 283EE7937931184E6FBECFD9BD00F4145E8D1C090E8854DA57D8A2282D6B6A10 ] NICCONFIGSVC C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
00:31:55.0615 0x02a4 NICCONFIGSVC - ok
00:31:55.0678 0x02a4 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
00:31:55.0693 0x02a4 Nla - ok
00:31:55.0850 0x02a4 [ 13350DDD0976CEB5F125396C7BFB05B4, C5B109C8680CBAC60E45EC95C7C257BF3D2E7C2A2CF8B301BB54443C9A8F5DA1 ] nmraapache C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
00:31:55.0850 0x02a4 nmraapache - ok
00:31:55.0912 0x02a4 [ 0413A99F3A728D245DFD1DF443E9CFC1, 4C943D0C9207513A6C46A739A58B1D8AC074DD665BA21AF6F0CE6BE7AF1FEB0F ] nmservice C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
00:31:55.0912 0x02a4 nmservice - ok
00:31:55.0975 0x02a4 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
00:31:55.0975 0x02a4 Npfs - ok
00:31:56.0022 0x02a4 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
00:31:56.0053 0x02a4 Ntfs - ok
00:31:56.0068 0x02a4 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
00:31:56.0068 0x02a4 NtLmSsp - ok
00:31:56.0147 0x02a4 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
00:31:56.0162 0x02a4 NtmsSvc - ok
00:31:56.0193 0x02a4 [ CF7E041663119E09D2E118521ADA9300, 0BDDEDA787CCBE34D515945717AF972143A3684F6D37F87B639D6A5371F381CC ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
00:31:56.0193 0x02a4 NuidFltr - ok
00:31:56.0272 0x02a4 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
00:31:56.0272 0x02a4 Null - ok
00:31:56.0428 0x02a4 [ 2B298519EDBFCF451D43E0F1E8F1006D, 67F3F2001F4C8DABD253D60AB3222793635532DC51AD977954286F8A246F5592 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:31:56.0522 0x02a4 nv - ok
00:31:56.0568 0x02a4 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:31:56.0568 0x02a4 NwlnkFlt - ok
00:31:56.0584 0x02a4 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:31:56.0584 0x02a4 NwlnkFwd - ok
00:31:56.0662 0x02a4 [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:31:56.0678 0x02a4 ohci1394 - ok
00:31:56.0756 0x02a4 [ B17228142CEC9B3C222239FD935A37CA, 862498084CBF4579FCC12807F30BACDAAC16115CC6DB56274B7C49796B62A5CC ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
00:31:56.0756 0x02a4 omci - ok
00:31:56.0834 0x02a4 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:31:56.0834 0x02a4 ose - ok
00:31:56.0881 0x02a4 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
00:31:56.0881 0x02a4 Parport - ok
00:31:56.0881 0x02a4 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
00:31:56.0897 0x02a4 PartMgr - ok
00:31:56.0912 0x02a4 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
00:31:56.0928 0x02a4 ParVdm - ok
00:31:56.0928 0x02a4 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
00:31:56.0928 0x02a4 PCI - ok
00:31:56.0944 0x02a4 PCIDump - ok
00:31:56.0944 0x02a4 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
00:31:56.0944 0x02a4 PCIIde - ok
00:31:56.0990 0x02a4 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
00:31:57.0006 0x02a4 Pcmcia - ok
00:31:57.0006 0x02a4 PDCOMP - ok
00:31:57.0006 0x02a4 PDFRAME - ok
00:31:57.0022 0x02a4 PDRELI - ok
00:31:57.0022 0x02a4 PDRFRAME - ok
00:31:57.0037 0x02a4 [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
00:31:57.0037 0x02a4 perc2 - ok
00:31:57.0053 0x02a4 [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
00:31:57.0053 0x02a4 perc2hib - ok
00:31:57.0084 0x02a4 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
00:31:57.0084 0x02a4 PlugPlay - ok
00:31:57.0131 0x02a4 [ 2F4CA141A609CAF5C98F6E4760EF1B9B, 42002F65B7EAAAC695D0C45B6132962A61A13FB50F334883C4C7C1A3E348EAD4 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
00:31:57.0147 0x02a4 Pml Driver HPZ12 - ok
00:31:57.0147 0x02a4 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
00:31:57.0162 0x02a4 PolicyAgent - ok
00:31:57.0178 0x02a4 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:31:57.0178 0x02a4 PptpMiniport - ok
00:31:57.0178 0x02a4 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
00:31:57.0178 0x02a4 ProtectedStorage - ok
00:31:57.0209 0x02a4 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
00:31:57.0209 0x02a4 PSched - ok
00:31:57.0272 0x02a4 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:31:57.0272 0x02a4 Ptilink - ok
00:31:57.0303 0x02a4 [ 86724469CD077901706854974CD13C3E, 23C6B45928E43AC2893033DFC4265C2C87B3D185CB20553B9EAB818A46FB8C18 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:31:57.0303 0x02a4 PxHelp20 - ok
00:31:57.0319 0x02a4 [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
00:31:57.0334 0x02a4 ql1080 - ok
00:31:57.0334 0x02a4 [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
00:31:57.0334 0x02a4 Ql10wnt - ok
00:31:57.0350 0x02a4 [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
00:31:57.0350 0x02a4 ql12160 - ok
00:31:57.0381 0x02a4 [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
00:31:57.0381 0x02a4 ql1240 - ok
00:31:57.0397 0x02a4 [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
00:31:57.0412 0x02a4 ql1280 - ok
00:31:57.0428 0x02a4 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:31:57.0428 0x02a4 RasAcd - ok
00:31:57.0475 0x02a4 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
00:31:57.0475 0x02a4 RasAuto - ok
00:31:57.0506 0x02a4 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:31:57.0506 0x02a4 Rasl2tp - ok
00:31:57.0569 0x02a4 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
00:31:57.0569 0x02a4 RasMan - ok
00:31:57.0584 0x02a4 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:31:57.0584 0x02a4 RasPppoe - ok
00:31:57.0662 0x02a4 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
00:31:57.0662 0x02a4 Raspti - ok
00:31:57.0709 0x02a4 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:31:57.0709 0x02a4 Rdbss - ok
00:31:57.0756 0x02a4 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:31:57.0772 0x02a4 RDPCDD - ok
00:31:57.0787 0x02a4 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:31:57.0803 0x02a4 rdpdr - ok
00:31:57.0865 0x02a4 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
00:31:57.0865 0x02a4 RDPWD - ok
00:31:57.0912 0x02a4 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
00:31:57.0928 0x02a4 RDSessMgr - ok
00:31:57.0944 0x02a4 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
00:31:57.0944 0x02a4 redbook - ok
00:31:57.0975 0x02a4 [ 6F81C8A63FB824EB8A2401AB45795553, 15A583037E609A62CCC8B9C5CCC0D8F6F0B114EECD9C5FD953A1822F32A1C7B6 ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
00:31:57.0991 0x02a4 RegSrvc - ok
00:31:58.0037 0x02a4 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
00:31:58.0037 0x02a4 RemoteAccess - ok
00:31:58.0053 0x02a4 [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
00:31:58.0069 0x02a4 RemoteRegistry - ok
00:31:58.0084 0x02a4 [ 24ED7AF20651F9FA1F249482E7C1F165, 6F7BD68CBA0CACDCB6B43A401887A190FD825B4EE1974D07271224CB225A8DC2 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
00:31:58.0084 0x02a4 rimmptsk - ok
00:31:58.0116 0x02a4 [ 1BDBA2D2D402415A78A4BA766DFE0F7B, 894EB6956B8F28DE96B846AC87E4FDD9614240871D6A326CEFB7F99184BC3E79 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
00:31:58.0116 0x02a4 rimsptsk - ok
00:31:58.0162 0x02a4 [ F774ECD11A064F0DEBB2D4395418153C, 053CBC85E40C6D8D1FC2968A2B7FD43445E6B0FDEED5905A905F953A236052C9 ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
00:31:58.0178 0x02a4 rismxdp - ok
00:31:58.0209 0x02a4 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
00:31:58.0209 0x02a4 RpcLocator - ok
00:31:58.0287 0x02a4 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\System32\rpcss.dll
00:31:58.0303 0x02a4 RpcSs - ok
00:31:58.0366 0x02a4 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
00:31:58.0366 0x02a4 RSVP - ok
00:31:58.0459 0x02a4 [ B792F2C647B1FC3E4987DE582EE00FE3, 761D7F5C591A103B844183A2EDA32925742441C3F27EF4ABDA9AD85ED4A5FDD2 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
00:31:58.0475 0x02a4 S24EventMonitor - ok
00:31:58.0506 0x02a4 [ 2E4E912CE95F5EF4D4A5079F6CE367FC, 7B8E0BC81737A4B9A6DC5ECB1B66D78652DD346B0F09719F4225B4FE56568D69 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
00:31:58.0506 0x02a4 s24trans - ok
00:31:58.0522 0x02a4 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
00:31:58.0522 0x02a4 SamSs - ok
00:31:58.0537 0x02a4 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
00:31:58.0553 0x02a4 SCardSvr - ok
00:31:58.0600 0x02a4 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
00:31:58.0616 0x02a4 Schedule - ok
00:31:58.0694 0x02a4 [ 8D04819A3CE51B9EB47E5689B44D43C4, B0588AF967A7611F05BC8A8AD0C945DBB7BF995D7DA5C28FD0D007E33BF1F502 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
00:31:58.0694 0x02a4 sdbus - ok
00:31:58.0741 0x02a4 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:31:58.0741 0x02a4 Secdrv - ok
00:31:58.0803 0x02a4 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
00:31:58.0803 0x02a4 seclogon - ok
00:31:58.0866 0x02a4 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
00:31:58.0866 0x02a4 SENS - ok
00:31:58.0944 0x02a4 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
00:31:58.0944 0x02a4 serenum - ok
00:31:58.0959 0x02a4 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
00:31:58.0975 0x02a4 Serial - ok
00:31:58.0991 0x02a4 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
00:31:58.0991 0x02a4 Sfloppy - ok
00:31:59.0053 0x02a4 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
00:31:59.0069 0x02a4 SharedAccess - ok
00:31:59.0084 0x02a4 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
00:31:59.0100 0x02a4 ShellHWDetection - ok
00:31:59.0100 0x02a4 Simbad - ok
00:31:59.0131 0x02a4 [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
00:31:59.0131 0x02a4 sisagp - ok
00:31:59.0163 0x02a4 [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
00:31:59.0178 0x02a4 Sparrow - ok
00:31:59.0194 0x02a4 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
00:31:59.0194 0x02a4 splitter - ok
00:31:59.0272 0x02a4 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
00:31:59.0272 0x02a4 Spooler - ok
00:31:59.0397 0x02a4 [ C3716EC0D36AD924B6888D794563E647, 15D9796FA6AB380C8BF01CCAB5136CEE7E698BD9573B64FB82641A8C2375FEAE ] sprtsvc_ddoctorv2 C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
00:31:59.0397 0x02a4 sprtsvc_ddoctorv2 - ok
00:31:59.0428 0x02a4 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
00:31:59.0428 0x02a4 sr - ok
00:31:59.0491 0x02a4 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
00:31:59.0506 0x02a4 srservice - ok
00:31:59.0569 0x02a4 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
00:31:59.0584 0x02a4 Srv - ok
00:31:59.0616 0x02a4 [ D7968049BE0ADBB6A57CEE3960320911, 6FB6D7BE384324211DAEDCCD80BA983E32183D08DF6C5B5B5453773DCC0F4D5B ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
00:31:59.0616 0x02a4 sscdbhk5 - ok
00:31:59.0631 0x02a4 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
00:31:59.0631 0x02a4 SSDPSRV - ok
00:31:59.0631 0x02a4 SSHRMD - ok
00:31:59.0647 0x02a4 SSIDRV - ok
00:31:59.0647 0x02a4 [ C3FFD65ABFB6441E7606CF74F1155273, EFA481D5075A9C0490CEBA5F8223BE322EB3811465F41A1FB3386E30E8C81714 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
00:31:59.0647 0x02a4 ssrtln - ok
00:31:59.0819 0x02a4 [ 2A2DC39623ADEF8AB3703AB9FAC4B440, A7D66F8364363085EA8BC54AB41E0C1E509A7A88753D6E6707FACF0265DF2A75 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
00:31:59.0881 0x02a4 STHDA - ok
00:31:59.0944 0x02a4 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
00:31:59.0959 0x02a4 stisvc - ok
00:31:59.0991 0x02a4 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
00:31:59.0991 0x02a4 swenum - ok
00:32:00.0053 0x02a4 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
00:32:00.0053 0x02a4 swmidi - ok
00:32:00.0053 0x02a4 SwPrv - ok
00:32:00.0100 0x02a4 [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
00:32:00.0100 0x02a4 symc810 - ok
00:32:00.0116 0x02a4 [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
00:32:00.0116 0x02a4 symc8xx - ok
00:32:00.0147 0x02a4 [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
00:32:00.0147 0x02a4 sym_hi - ok
00:32:00.0163 0x02a4 [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
00:32:00.0163 0x02a4 sym_u3 - ok
00:32:00.0225 0x02a4 [ 35D5B3632E0BCEBE27B391157DE05996, 9B0C4E1F0201FCB27A1CF600C6B7B8A288596ECDA10A980F24FB58B775746222 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
00:32:00.0241 0x02a4 SynTP - ok
00:32:00.0303 0x02a4 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
00:32:00.0303 0x02a4 sysaudio - ok
00:32:00.0350 0x02a4 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
00:32:00.0366 0x02a4 SysmonLog - ok
00:32:00.0397 0x02a4 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
00:32:00.0413 0x02a4 TapiSrv - ok
00:32:00.0491 0x02a4 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:32:00.0506 0x02a4 Tcpip - ok
00:32:00.0538 0x02a4 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
00:32:00.0538 0x02a4 TDPIPE - ok
00:32:00.0569 0x02a4 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
00:32:00.0569 0x02a4 TDTCP - ok
00:32:00.0600 0x02a4 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
00:32:00.0600 0x02a4 TermDD - ok
00:32:00.0663 0x02a4 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
00:32:00.0678 0x02a4 TermService - ok
00:32:00.0788 0x02a4 [ 30698355067D07DA5F9EB81132C9FDD6, 80457F8DBB089FFF23ED220924F5C872D896707F4B31E9C77DAB78421B9B2F6D ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
00:32:00.0788 0x02a4 tfsnboio - ok
00:32:00.0803 0x02a4 [ FB9D825BB4A2ABDF24600F7505050E2B, A7A11366525C4DEAD588822F4C57C7ED5D6F3578F2DB2124BF0441133B3169B9 ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
00:32:00.0803 0x02a4 tfsncofs - ok
00:32:00.0819 0x02a4 [ CAFD8CCA11AA1E8B6D2EA1BA8F70EC33, AA5BDE527B67A14654D930252894FEDB8976EAE1F33C2BC0E7747D2B4EB93C4E ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
00:32:00.0819 0x02a4 tfsndrct - ok
00:32:00.0835 0x02a4 [ 8DB1E78FBF7C426D8EC3D8F1A33D6485, FF437EFD667EFE00729188B18C7E17E8C15D06A2C1F58A0F79E22DFADCECF969 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
00:32:00.0835 0x02a4 tfsndres - ok
00:32:00.0850 0x02a4 [ B92F67A71CC8176F331B8AA8D9F555AD, F59E8464E44E08C18C3C7D32408D7661923F30FDD35390082DC7F2C02DCC40A3 ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
00:32:00.0850 0x02a4 tfsnifs - ok
00:32:00.0866 0x02a4 [ 85985FAA9A71E2358FCC2EDEFC2A3C5C, 9ADD1077C3B34E0EFA85EC4762822330D85F43EB4557C9ED015D8D1575E52885 ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
00:32:00.0866 0x02a4 tfsnopio - ok
00:32:00.0881 0x02a4 [ BBA22094F0F7C210567EFDAF11F64495, C55D3F3628C73FFA776C9B61BA735CB24DEE9F80F6E74A2F9BD70CFFB863BA57 ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
00:32:00.0881 0x02a4 tfsnpool - ok
00:32:00.0881 0x02a4 [ 81340BEF80B9811E98CE64611E67E3FF, CD6679A4D1A7932CD64F1F6AACF09CEC2D8E7DD001F812CC49756D8F582D907A ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
00:32:00.0897 0x02a4 tfsnudf - ok
00:32:00.0913 0x02a4 [ C035FD116224CCC8325F384776B6A8BB, CB97AD56288F916DE2AF5B1EC9D04AF3A1C2A2FA0A738282DA3763036DD18F12 ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
00:32:00.0928 0x02a4 tfsnudfa - ok
00:32:00.0944 0x02a4 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
00:32:00.0960 0x02a4 Themes - ok
00:32:01.0006 0x02a4 [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
00:32:01.0006 0x02a4 TlntSvr - ok
00:32:01.0038 0x02a4 [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
00:32:01.0038 0x02a4 TosIde - ok
00:32:01.0085 0x02a4 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
00:32:01.0085 0x02a4 TrkWks - ok
00:32:01.0116 0x02a4 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
00:32:01.0116 0x02a4 Udfs - ok
00:32:01.0163 0x02a4 [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
00:32:01.0163 0x02a4 ultra - ok
00:32:01.0241 0x02a4 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
00:32:01.0257 0x02a4 Update - ok
00:32:01.0303 0x02a4 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
00:32:01.0319 0x02a4 upnphost - ok
00:32:01.0335 0x02a4 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
00:32:01.0350 0x02a4 UPS - ok
00:32:01.0397 0x02a4 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:32:01.0397 0x02a4 usbccgp - ok
00:32:01.0413 0x02a4 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:32:01.0428 0x02a4 usbehci - ok
00:32:01.0460 0x02a4 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:32:01.0460 0x02a4 usbhub - ok
00:32:01.0507 0x02a4 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:32:01.0507 0x02a4 usbprint - ok
00:32:01.0538 0x02a4 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:32:01.0538 0x02a4 usbscan - ok
00:32:01.0585 0x02a4 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:32:01.0585 0x02a4 USBSTOR - ok
00:32:01.0663 0x02a4 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:32:01.0663 0x02a4 usbuhci - ok
00:32:01.0678 0x02a4 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
00:32:01.0678 0x02a4 VgaSave - ok
00:32:01.0741 0x02a4 [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
00:32:01.0741 0x02a4 viaagp - ok
00:32:01.0788 0x02a4 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
00:32:01.0788 0x02a4 ViaIde - ok
00:32:01.0835 0x02a4 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
00:32:01.0835 0x02a4 VolSnap - ok
00:32:01.0897 0x02a4 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
00:32:01.0913 0x02a4 VSS - ok
00:32:01.0944 0x02a4 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] w32time C:\WINDOWS\system32\w32time.dll
00:32:01.0960 0x02a4 w32time - ok
00:32:02.0085 0x02a4 [ B1F126E7E28877106D60E6FF3998D033, 1F59798DF18994AA720522CC5FBA5B79F9BD167DBBC2B9D670F796E1DFD10C0C ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
00:32:02.0147 0x02a4 w39n51 - ok
00:32:02.0210 0x02a4 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:32:02.0210 0x02a4 Wanarp - ok
00:32:02.0225 0x02a4 wanatw - ok
00:32:02.0350 0x02a4 [ FD47474BD21794508AF449D9D91AF6E6, 2AD586390824F673B5DC5D86FC2423ED9252413D221E1C7EC3A760782DB6436A ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
00:32:02.0382 0x02a4 Wdf01000 - ok
00:32:02.0382 0x02a4 WDICA - ok
00:32:02.0413 0x02a4 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
00:32:02.0413 0x02a4 wdmaud - ok
00:32:02.0460 0x02a4 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
00:32:02.0475 0x02a4 WebClient - ok
00:32:02.0569 0x02a4 [ 74CF3F2E4E40C4A2E18D39D6300A5C24, D688190C5C5F3B31AA0CB7843C480EECFE98FB3AD4FB897B5993B14CECE8BBB2 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
00:32:02.0600 0x02a4 winachsf - ok
00:32:02.0772 0x02a4 [ F45DD1E1365D857DD08BC23563370D0E, D95AEBB2095579D716C62152C8B805E119812FD2E40F14F9A5BA2EFDE133303B ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
00:32:02.0772 0x02a4 WinDefend - ok
00:32:02.0882 0x02a4 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
00:32:02.0882 0x02a4 winmgmt - ok
00:32:02.0960 0x02a4 [ AFB5A2A79BB01699A269C316D8B9BEF1, 20FCEE3EC71472A4180BEA6D148EAE37FD5C6FAB853AA417F961348837478667 ] WLANKEEPER C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
00:32:02.0975 0x02a4 WLANKEEPER - ok
00:32:03.0022 0x02a4 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
00:32:03.0022 0x02a4 WmdmPmSN - ok
00:32:03.0116 0x02a4 [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi C:\WINDOWS\System32\advapi32.dll
00:32:03.0147 0x02a4 Wmi - ok
00:32:03.0194 0x02a4 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:32:03.0210 0x02a4 WmiApSrv - ok
00:32:03.0366 0x02a4 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
00:32:03.0397 0x02a4 WMPNetworkSvc - ok
00:32:03.0429 0x02a4 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:32:03.0429 0x02a4 WS2IFSL - ok
00:32:03.0491 0x02a4 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
00:32:03.0491 0x02a4 wscsvc - ok
00:32:03.0507 0x02a4 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
00:32:03.0507 0x02a4 wuauserv - ok
00:32:03.0554 0x02a4 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:32:03.0569 0x02a4 WudfPf - ok
00:32:03.0616 0x02a4 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:32:03.0616 0x02a4 WudfRd - ok
00:32:03.0710 0x02a4 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
00:32:03.0741 0x02a4 WudfSvc - ok
00:32:04.0007 0x02a4 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
00:32:04.0148 0x02a4 WZCSVC - ok
00:32:04.0241 0x02a4 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
00:32:04.0304 0x02a4 xmlprov - ok
00:32:04.0319 0x02a4 ================ Scan global ===============================
00:32:04.0882 0x02a4 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
00:32:05.0241 0x02a4 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
00:32:05.0335 0x02a4 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
00:32:05.0413 0x02a4 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
00:32:05.0523 0x02a4 [ Global ] - ok
00:32:05.0523 0x02a4 ================ Scan MBR ==================================
00:32:05.0913 0x02a4 [ DEA9E81F0228B68C9ADAF84C9B0CF931 ] \Device\Harddisk0\DR0
00:32:06.0429 0x02a4 \Device\Harddisk0\DR0 - ok
00:32:06.0429 0x02a4 ================ Scan VBR ==================================
00:32:06.0460 0x02a4 [ C17840DB80D692FDC7A66F9C24437E14 ] \Device\Harddisk0\DR0\Partition1
00:32:06.0460 0x02a4 \Device\Harddisk0\DR0\Partition1 - ok
00:32:06.0460 0x02a4 ================ Scan generic autorun ======================
00:32:06.0554 0x02a4 [ 9E109B03018763FDCB075CE74547BE22, 7321873E646F24B63B7C88B6BC9F4BE5D4DAB60284A9C2E9F0EB895A9E90231B ] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
00:32:06.0570 0x02a4 ISUSPM Startup - ok
00:32:06.0632 0x02a4 [ 583B7D111304BE63D7D9CB65482D2187, BD9618C9EFED73BC0EB1029502FE0AE0AECD8B0ABA506797C78327E71FF0FC0F ] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
00:32:06.0648 0x02a4 ISUSScheduler - ok
00:32:06.0757 0x02a4 [ 062F3DB9AFA9C3CE0DA52F28595C0C6D, E1709230623C645418AC949D782F2A2B932315DA73AF29D15FA69F47F62F3749 ] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
00:32:06.0804 0x02a4 HP Software Update - ok
00:32:06.0835 0x02a4 [ 0D9F0763B213DF519012DF96F02E9633, 80EF4B16FFEC8DBE01E0C9BC7F3649DAF39B2A80CBD58C2D5B285E1313D6F764 ] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
00:32:06.0835 0x02a4 hpqSRMon - ok
00:32:06.0945 0x02a4 [ C341CCFBE98BC7DF6E0B856BB9FC265A, 7EA0A5407591EC8D97A9658DBEB7CB57550E143C526C3502E73F12FEF46F778C ] C:\Program Files\QuickTime\qttask.exe
00:32:06.0945 0x02a4 QuickTime Task - ok
00:32:06.0960 0x02a4 WIAWizardMenu - ok
00:32:07.0023 0x02a4 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
00:32:07.0023 0x02a4 ctfmon.exe - ok
00:32:07.0195 0x02a4 [ D9009C0433DD64FEBA944189174E6212, DE90C5457A9A3F2A157B6D48171F85F67DC0E82C90FA2FA347AA2014155CFF8A ] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_15_0_0_189_ActiveX.exe
00:32:07.0257 0x02a4 FlashPlayerUpdate - ok
00:32:07.0304 0x02a4 [ 676B1D0BFA5EF8005395AB43F33DE1F1, 86A26EEB50051DC9D90017212B4200BE2301546404F652D4C0B0578B7CE75759 ] C:\Program Files\NetWaiting\netWaiting.exe
00:32:07.0304 0x02a4 ModemOnHold - ok
00:32:07.0429 0x02a4 [ B75FDBF14073D72C50624CC8338DD534, 953C7E16B56597ABCCD805A379769B0FD76298669DDE6E1172C728F410371CE8 ] C:\Program Files\DellSupport\DSAgnt.exe
00:32:07.0460 0x02a4 DellSupport - ok
00:32:07.0460 0x02a4 Waiting for KSN requests completion. In queue: 301
00:32:09.0320 0x02a4 FW detected via SS1: Norton Internet Worm Protection, 2006, disabled
00:32:09.0351 0x02a4 Win FW state via NFM: enabled
00:32:09.0586 0x02a4 ============================================================
00:32:09.0586 0x02a4 Scan finished
00:32:09.0586 0x02a4 ============================================================
00:32:09.0586 0x0440 Detected object count: 0
00:32:09.0586 0x0440 Actual detected object count: 0
00:33:59.0802 0x0d20 ============================================================
00:33:59.0802 0x0d20 Scan started
00:33:59.0802 0x0d20 Mode: Manual; SigCheck; TDLFS;
00:33:59.0802 0x0d20 ============================================================
00:33:59.0802 0x0d20 KSN ping started
00:33:59.0880 0x0d20 KSN ping finished: true
00:34:00.0927 0x0d20 ================ Scan system memory ========================
00:34:02.0474 0x0d20 System memory - ok
00:34:02.0474 0x0d20 ================ Scan services =============================
00:34:02.0662 0x0d20 Abiosdsk - ok
00:34:02.0709 0x0d20 [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
00:34:04.0568 0x0d20 abp480n5 - ok
00:34:04.0647 0x0d20 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:34:05.0147 0x0d20 ACPI - ok
00:34:05.0193 0x0d20 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
00:34:05.0350 0x0d20 ACPIEC - ok
00:34:05.0397 0x0d20 [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
00:34:05.0584 0x0d20 adpu160m - ok
00:34:05.0678 0x0d20 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
00:34:05.0834 0x0d20 aec - ok
00:34:05.0865 0x0d20 [ 12DAFD934641DCF61E446313BC261EC2, 1731C21DE26B8898531CFF37EFDD362D4B854CE2441C98EC8084BE03EBB19DB1 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
00:34:05.0865 0x0d20 AegisP - detected UnsignedFile.Multi.Generic ( 1 )
00:34:05.0865 0x0d20 Detect skipped due to KSN trusted
00:34:05.0865 0x0d20 AegisP - ok
00:34:05.0928 0x0d20 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
00:34:06.0006 0x0d20 AFD - ok
00:34:06.0037 0x0d20 [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
00:34:06.0194 0x0d20 agp440 - ok
00:34:06.0209 0x0d20 [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
00:34:06.0365 0x0d20 agpCPQ - ok
00:34:06.0381 0x0d20 [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
00:34:06.0459 0x0d20 Aha154x - ok
00:34:06.0459 0x0d20 [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
00:34:06.0631 0x0d20 aic78u2 - ok
00:34:06.0631 0x0d20 [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
00:34:06.0803 0x0d20 aic78xx - ok
00:34:06.0834 0x0d20 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
00:34:06.0991 0x0d20 Alerter - ok
00:34:07.0022 0x0d20 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
00:34:07.0100 0x0d20 ALG - ok
00:34:07.0116 0x0d20 [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
00:34:07.0256 0x0d20 AliIde - ok
00:34:07.0303 0x0d20 [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
00:34:07.0428 0x0d20 alim1541 - ok
00:34:07.0459 0x0d20 [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
00:34:07.0600 0x0d20 amdagp - ok
00:34:07.0663 0x0d20 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
00:34:07.0725 0x0d20 amsint - ok
00:34:07.0756 0x0d20 [ EC94E05B76D033B74394E7B2175103CF, 4F0993951B72478D87AD15A6FC33D3D18FEFAF2A08698CFC63BBD1EDB784B0FE ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
00:34:07.0772 0x0d20 APPDRV - detected UnsignedFile.Multi.Generic ( 1 )
00:34:07.0772 0x0d20 Detect skipped due to KSN trusted
00:34:07.0772 0x0d20 APPDRV - ok
00:34:07.0819 0x0d20 [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
00:34:07.0897 0x0d20 AppMgmt - ok
00:34:07.0913 0x0d20 [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:34:08.0053 0x0d20 Arp1394 - ok
00:34:08.0084 0x0d20 [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
00:34:08.0209 0x0d20 asc - ok
00:34:08.0256 0x0d20 [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
00:34:08.0334 0x0d20 asc3350p - ok
00:34:08.0350 0x0d20 [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
00:34:08.0491 0x0d20 asc3550 - ok
00:34:08.0553 0x0d20 [ D880831279ED91F9A4190A2DB9539EA9, EAF7D48E026C99EE9C4BC838A3004966517F948051B39DA5B5072F6DE81165AB ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
00:34:08.0553 0x0d20 ASCTRM - detected UnsignedFile.Multi.Generic ( 1 )
00:34:08.0553 0x0d20 Detect skipped due to KSN trusted
00:34:08.0553 0x0d20 ASCTRM - ok
00:34:08.0710 0x0d20 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
00:34:08.0725 0x0d20 aspnet_state - ok
00:34:08.0756 0x0d20 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:34:08.0928 0x0d20 AsyncMac - ok
00:34:08.0960 0x0d20 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
00:34:09.0116 0x0d20 atapi - ok
00:34:09.0116 0x0d20 Atdisk - ok
00:34:09.0147 0x0d20 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:34:09.0272 0x0d20 Atmarpc - ok
00:34:09.0319 0x0d20 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
00:34:09.0475 0x0d20 AudioSrv - ok
00:34:09.0506 0x0d20 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
00:34:09.0647 0x0d20 audstub - ok
00:34:09.0694 0x0d20 [ C768C8A463D32C219CE291645A0621A4, 04878E954E36731445F216017E4FB89686461D6FFD1815803EFBC9DAFAD4CD1E ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
00:34:09.0757 0x0d20 bcm4sbxp - ok
00:34:09.0803 0x0d20 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
00:34:09.0944 0x0d20 Beep - ok
00:34:10.0007 0x0d20 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
00:34:10.0163 0x0d20 BITS - ok
00:34:10.0210 0x0d20 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
00:34:10.0303 0x0d20 Browser - ok
00:34:10.0319 0x0d20 catchme - ok
00:34:10.0335 0x0d20 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
00:34:10.0475 0x0d20 cbidf - ok
00:34:10.0491 0x0d20 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
00:34:10.0600 0x0d20 cbidf2k - ok
00:34:10.0616 0x0d20 [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
00:34:10.0710 0x0d20 cd20xrnt - ok
00:34:10.0725 0x0d20 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
00:34:10.0897 0x0d20 Cdaudio - ok
00:34:10.0960 0x0d20 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
00:34:11.0132 0x0d20 Cdfs - ok
00:34:11.0179 0x0d20 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:34:11.0319 0x0d20 Cdrom - ok
00:34:11.0335 0x0d20 Changer - ok
00:34:11.0366 0x0d20 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe
00:34:11.0522 0x0d20 CiSvc - ok
00:34:11.0538 0x0d20 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
00:34:11.0710 0x0d20 ClipSrv - ok
00:34:11.0757 0x0d20 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:34:11.0772 0x0d20 clr_optimization_v2.0.50727_32 - ok
00:34:11.0819 0x0d20 [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:34:11.0944 0x0d20 CmBatt - ok
00:34:11.0991 0x0d20 [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
00:34:12.0101 0x0d20 CmdIde - ok
00:34:12.0116 0x0d20 [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:34:12.0257 0x0d20 Compbatt - ok
00:34:12.0257 0x0d20 COMSysApp - ok
00:34:12.0272 0x0d20 [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
00:34:12.0397 0x0d20 Cpqarray - ok
00:34:12.0444 0x0d20 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
00:34:12.0569 0x0d20 CryptSvc - ok
00:34:12.0648 0x0d20 [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
00:34:12.0804 0x0d20 dac2w2k - ok
00:34:12.0804 0x0d20 [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
00:34:12.0960 0x0d20 dac960nt - ok
00:34:13.0023 0x0d20 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
00:34:13.0179 0x0d20 DcomLaunch - ok
00:34:13.0210 0x0d20 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
00:34:13.0382 0x0d20 Dhcp - ok
00:34:13.0444 0x0d20 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
00:34:13.0616 0x0d20 Disk - ok
00:34:13.0632 0x0d20 dmadmin - ok
00:34:13.0757 0x0d20 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
00:34:14.0054 0x0d20 dmboot - ok
00:34:14.0085 0x0d20 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys
00:34:14.0241 0x0d20 dmio - ok
00:34:14.0304 0x0d20 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
00:34:14.0413 0x0d20 dmload - ok
00:34:14.0460 0x0d20 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
00:34:14.0601 0x0d20 dmserver - ok
00:34:14.0632 0x0d20 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
00:34:14.0788 0x0d20 DMusic - ok
00:34:14.0820 0x0d20 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
00:34:14.0976 0x0d20 Dnscache - ok
00:34:15.0038 0x0d20 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
00:34:15.0163 0x0d20 Dot3svc - ok
00:34:15.0210 0x0d20 [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
00:34:15.0335 0x0d20 dpti2o - ok
00:34:15.0367 0x0d20 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
00:34:15.0570 0x0d20 drmkaud - ok
00:34:15.0695 0x0d20 [ E814854E6B246CCF498874839AB64D77, D7BD17AD9709DA8305FF58710EE5EAA14BA5857F4B64C1CBDD21751625BFF2A3 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
00:34:15.0710 0x0d20 drvmcdb - detected UnsignedFile.Multi.Generic ( 1 )
00:34:15.0710 0x0d20 Detect skipped due to KSN trusted
00:34:15.0710 0x0d20 drvmcdb - ok
00:34:15.0710 0x0d20 [ EE83A4EBAE70BC93CF14879D062F548B, CCA423C19BC8A6807EE29DA7FA9F545FDF2D0AAA8D4556E13B864ED6F6683827 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
00:34:15.0726 0x0d20 drvnddm - detected UnsignedFile.Multi.Generic ( 1 )
00:34:15.0726 0x0d20 Detect skipped due to KSN trusted
00:34:15.0726 0x0d20 drvnddm - ok
00:34:15.0835 0x0d20 [ FE80901578E7E3DA70299A5AEB2B7FBD, E68E8BAAA37AE26318BE8C084CFDD9040E97714C75EAA64B9720AB41FB1C9EF5 ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
00:34:15.0851 0x0d20 DSBrokerService - ok
00:34:15.0898 0x0d20 [ 413F2D5F9D802688242C23B38F767ECB, 6D5B6B8FC6E8E45555C444D3E881D3E44DE4C6F2602ADBB4D0E8E9F834089827 ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
00:34:15.0914 0x0d20 DSproct - detected UnsignedFile.Multi.Generic ( 1 )
00:34:15.0914 0x0d20 Detect skipped due to KSN trusted
00:34:15.0914 0x0d20 DSproct - ok
00:34:15.0945 0x0d20 [ DFEABB7CFFFADEA4A912AB95BDC3177A, 9A93956CF826F419ACB2B3CA8809917E345ACFD43B102EAB18DB46F49859D1C7 ] dsunidrv C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
00:34:15.0976 0x0d20 dsunidrv - ok
00:34:16.0007 0x0d20 [ 3FCA03CBCA11269F973B70FA483C88EF, 0995989B9EBE5CE1C5489139849FB2AD69DE9749650BBC262AD754E5CE457C59 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
00:34:16.0179 0x0d20 E100B - ok
00:34:16.0242 0x0d20 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
00:34:16.0492 0x0d20 EapHost - ok
00:34:16.0632 0x0d20 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9, F3CA10753B7D76C87A71A0FEDB5EACE77E2E10E8DD44BEE7C66BCE17BD3EFD71 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
00:34:16.0882 0x0d20 ehRecvr - ok
00:34:16.0945 0x0d20 [ A53243709439AC2A4C216B817F8D7411, AF4624EEA9B165DE873B7D104D1EA3BE9A14BBC5B4CABE26544F90B78689EEF9 ] ehSched C:\WINDOWS\eHome\ehSched.exe
00:34:17.0054 0x0d20 ehSched - ok
00:34:17.0101 0x0d20 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
00:34:17.0273 0x0d20 ERSvc - ok
00:34:17.0320 0x0d20 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
00:34:17.0351 0x0d20 Eventlog - ok
00:34:17.0414 0x0d20 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll
00:34:17.0492 0x0d20 EventSystem - ok
00:34:17.0570 0x0d20 [ ED9C755312F29D55B8C815EEC7115635, FF4DDB10EC7878856641EDFAFA82259FF18F641A10F46E324EEA9361B6D71B4C ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
00:34:17.0586 0x0d20 EvtEng - detected UnsignedFile.Multi.Generic ( 1 )
00:34:17.0586 0x0d20 Detect skipped due to KSN trusted
00:34:17.0586 0x0d20 EvtEng - ok
00:34:17.0695 0x0d20 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
00:34:17.0836 0x0d20 Fastfat - ok
00:34:17.0898 0x0d20 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
00:34:18.0008 0x0d20 FastUserSwitchingCompatibility - ok
00:34:18.0117 0x0d20 [ E97D6A8684466DF94FF3BC24FB787A07, 89E5A6889E3C5AB9AD3E80FFC16DD608278F3ADC282048B40B60196336A5CBEB ] Fax C:\WINDOWS\system32\fxssvc.exe
00:34:18.0351 0x0d20 Fax - ok
00:34:18.0367 0x0d20 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
00:34:18.0523 0x0d20 Fdc - ok
00:34:18.0539 0x0d20 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
00:34:18.0679 0x0d20 Fips - ok
00:34:18.0711 0x0d20 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:34:18.0836 0x0d20 Flpydisk - ok
00:34:18.0898 0x0d20 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
00:34:19.0070 0x0d20 FltMgr - ok
00:34:19.0180 0x0d20 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:34:19.0195 0x0d20 FontCache3.0.0.0 - ok
00:34:19.0211 0x0d20 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:34:19.0351 0x0d20 Fs_Rec - ok
00:34:19.0383 0x0d20 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:34:19.0523 0x0d20 Ftdisk - ok
00:34:19.0570 0x0d20 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:34:19.0695 0x0d20 Gpc - ok
00:34:19.0883 0x0d20 [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
00:34:19.0898 0x0d20 gupdate - ok
00:34:19.0914 0x0d20 [ A8FD9222E4D72596BB37DA8BE95C0BA4, 52FC3AA9F704300041E486E57FE863218E4CDF4C8EEE05CA6B99A296EFEE5737 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
00:34:19.0930 0x0d20 gupdatem - ok
00:34:19.0961 0x0d20 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:34:20.0102 0x0d20 HDAudBus - ok
00:34:20.0195 0x0d20 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:34:20.0383 0x0d20 helpsvc - ok
00:34:20.0477 0x0d20 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll
00:34:20.0633 0x0d20 HidServ - ok
00:34:20.0695 0x0d20 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:34:20.0820 0x0d20 HidUsb - ok
00:34:20.0867 0x0d20 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
00:34:21.0024 0x0d20 hkmsvc - ok
00:34:21.0070 0x0d20 [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
00:34:21.0227 0x0d20 hpn - ok
00:34:21.0414 0x0d20 [ ED377B3C83FDEA8D906109A085D219BA, 9D55E19A219D40F4866EDBD33CB0B20CEB03F66423417EE4DBC4EC123E552557 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
00:34:21.0445 0x0d20 hpqcxs08 - detected UnsignedFile.Multi.Generic ( 1 )
00:34:21.0445 0x0d20 Detect skipped due to KSN trusted
00:34:21.0445 0x0d20 hpqcxs08 - ok
00:34:21.0477 0x0d20 [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
00:34:21.0586 0x0d20 HPZid412 - ok
00:34:21.0602 0x0d20 [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
00:34:21.0664 0x0d20 HPZipr12 - ok
00:34:21.0680 0x0d20 [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
00:34:21.0727 0x0d20 HPZius12 - ok
00:34:21.0789 0x0d20 [ 1C8CAA80E91FB71864E9426F9EED048D, 2D5AC07A984235E5E01604A64740D1E96F16F0CB09F2D6331CF4B5871C6FABBA ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
00:34:21.0852 0x0d20 HSFHWAZL - ok
00:34:21.0977 0x0d20 [ 698204D9C2832E53633E53A30A53FC3D, AD16E9BDB4CAD80C00AD163A9EBB9D734A06AA4B45AF3B72EE73EA908D4645C4 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
00:34:22.0102 0x0d20 HSF_DPV - ok
00:34:22.0180 0x0d20 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
00:34:22.0336 0x0d20 HTTP - ok
00:34:22.0367 0x0d20 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
00:34:22.0571 0x0d20 HTTPFilter - ok
00:34:22.0633 0x0d20 [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
00:34:22.0742 0x0d20 i2omgmt - ok
00:34:22.0867 0x0d20 [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
00:34:23.0008 0x0d20 i2omp - ok
00:34:23.0024 0x0d20 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:34:23.0164 0x0d20 i8042prt - ok
00:34:23.0305 0x0d20 [ CC449157474D5E43DAEA7E20F52C635A, 5C65259E32096949F1E7E449E7F6058408AD28B6276564BD477A700E048977DE ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
00:34:23.0493 0x0d20 ialm - ok
00:34:23.0649 0x0d20 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:34:23.0727 0x0d20 idsvc - ok
00:34:23.0883 0x0d20 [ 922EFF369684B31BE2BCF0663ECF8560, 97B484EF0BAB546C0E27CB8A3CBB21B946824EFB4CACA98237DC09110FB5642A ] IHA_MessageCenter C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
00:34:23.0961 0x0d20 IHA_MessageCenter - detected UnsignedFile.Multi.Generic ( 1 )
00:34:23.0961 0x0d20 Detect skipped due to KSN trusted
00:34:23.0961 0x0d20 IHA_MessageCenter - ok
00:34:24.0008 0x0d20 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
00:34:24.0196 0x0d20 Imapi - ok
00:34:24.0290 0x0d20 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
00:34:24.0446 0x0d20 ImapiService - ok
00:34:24.0461 0x0d20 [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
00:34:24.0602 0x0d20 ini910u - ok
00:34:24.0665 0x0d20 [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
00:34:24.0821 0x0d20 IntelIde - ok
00:34:24.0852 0x0d20 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:34:24.0962 0x0d20 intelppm - ok
00:34:24.0993 0x0d20 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
00:34:25.0118 0x0d20 Ip6Fw - ok
00:34:25.0149 0x0d20 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:34:25.0274 0x0d20 IpFilterDriver - ok
00:34:25.0321 0x0d20 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:34:25.0430 0x0d20 IpInIp - ok
00:34:25.0462 0x0d20 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:34:25.0618 0x0d20 IpNat - ok
00:34:25.0665 0x0d20 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:34:25.0821 0x0d20 IPSec - ok
00:34:25.0837 0x0d20 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
00:34:25.0899 0x0d20 IRENUM - ok
00:34:25.0930 0x0d20 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:34:26.0055 0x0d20 isapnp - ok
00:34:26.0087 0x0d20 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:34:26.0227 0x0d20 Kbdclass - ok
00:34:26.0259 0x0d20 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
00:34:26.0430 0x0d20 kmixer - ok
00:34:26.0446 0x0d20 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
00:34:26.0587 0x0d20 KSecDD - ok
00:34:26.0634 0x0d20 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
00:34:26.0774 0x0d20 lanmanserver - ok
00:34:26.0821 0x0d20 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
00:34:26.0899 0x0d20 lanmanworkstation - ok
00:34:26.0915 0x0d20 lbrtfdc - ok
00:34:26.0962 0x0d20 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
00:34:27.0118 0x0d20 LmHosts - ok
00:34:27.0165 0x0d20 [ DF0A511F38F16016BF658FCA0090CB87, 6D2F6360A4E1D369607F2F394B4A8C6EE8EEE9FA46A67394769E9C0044529B6C ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
00:34:27.0196 0x0d20 McrdSvc - ok
00:34:27.0337 0x0d20 [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
00:34:27.0368 0x0d20 MDM - ok
00:34:27.0368 0x0d20 [ 3C318B9CD391371BED62126581EE9961, 1254273DE950EF8D5922F26D67B55C9D9082F45CDE168E3DAB20A2E53208DC3A ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
00:34:27.0399 0x0d20 mdmxsdk - ok
00:34:27.0431 0x0d20 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
00:34:27.0571 0x0d20 Messenger - ok
00:34:27.0602 0x0d20 [ B7521F69C0A9B29D356157229376FB21, A77C89BDC181038DD0F9A8AC0F7164B10EF9C54B0C57D8BAB8BC27932EBF890B ] MHN C:\WINDOWS\System32\mhn.dll
00:34:27.0649 0x0d20 MHN - detected UnsignedFile.Multi.Generic ( 1 )
00:34:27.0649 0x0d20 Detect skipped due to KSN trusted
00:34:27.0649 0x0d20 MHN - ok
00:34:27.0665 0x0d20 [ 7F2F1D2815A6449D346FCCCBC569FBD6, 1C5A321CE95CE4D9AA2CB5A00E9B7E711521A6BBB25D36F7F49A397C361585C6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
00:34:27.0681 0x0d20 MHNDRV - detected UnsignedFile.Multi.Generic ( 1 )
00:34:27.0681 0x0d20 Detect skipped due to KSN trusted
00:34:27.0681 0x0d20 MHNDRV - ok
00:34:27.0727 0x0d20 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
00:34:27.0868 0x0d20 mnmdd - ok
00:34:27.0915 0x0d20 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
00:34:28.0040 0x0d20 mnmsrvc - ok
00:34:28.0087 0x0d20 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
00:34:28.0212 0x0d20 Modem - ok
00:34:28.0228 0x0d20 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:34:28.0368 0x0d20 Mouclass - ok
00:34:28.0415 0x0d20 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:34:28.0524 0x0d20 mouhid - ok
00:34:28.0540 0x0d20 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
00:34:28.0665 0x0d20 MountMgr - ok
00:34:28.0728 0x0d20 [ 0E984C9D23342F33B7B855BE79FBA358, 3943F4D3F1063A555F537D666A81F7D85BB0226D8662CA7DAB4D60BC56061F04 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:34:28.0806 0x0d20 MozillaMaintenance - ok
00:34:28.0837 0x0d20 [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
00:34:28.0978 0x0d20 mraid35x - ok
00:34:29.0040 0x0d20 [ 9BD4DCB5412921864A7AACDEDFBD1923, 46DEE9B9414D26203B62F0D6CAEBF37A3CEFD118556129547B2C5FC7B6FDBA05 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
00:34:29.0056 0x0d20 MREMP50 - detected UnsignedFile.Multi.Generic ( 1 )
00:34:29.0056 0x0d20 Detect skipped due to KSN trusted
00:34:29.0056 0x0d20 MREMP50 - ok
00:34:29.0056 0x0d20 MREMP50a64 - ok
00:34:29.0071 0x0d20 MREMPR5 - ok
00:34:29.0071 0x0d20 MRENDIS5 - ok
00:34:29.0087 0x0d20 [ 07C02C892E8E1A72D6BF35004F0E9C5E, 09ECD59AADF08E2AA0C1BAF5D3D7CBB0948153E531E1F82ECACD43F14F88106B ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
00:34:29.0103 0x0d20 MRESP50 - detected UnsignedFile.Multi.Generic ( 1 )
00:34:29.0103 0x0d20 Detect skipped due to KSN trusted
00:34:29.0103 0x0d20 MRESP50 - ok
00:34:29.0118 0x0d20 MRESP50a64 - ok
00:34:29.0134 0x0d20 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:34:29.0259 0x0d20 MRxDAV - ok
00:34:29.0321 0x0d20 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:34:29.0493 0x0d20 MRxSmb - ok
00:34:29.0525 0x0d20 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe
00:34:29.0650 0x0d20 MSDTC - ok
00:34:29.0665 0x0d20 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
00:34:29.0775 0x0d20 Msfs - ok
00:34:29.0775 0x0d20 MSIServer - ok
00:34:29.0806 0x0d20 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:34:30.0009 0x0d20 MSKSSRV - ok
00:34:30.0025 0x0d20 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:34:30.0134 0x0d20 MSPCLOCK - ok
00:34:30.0228 0x0d20 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
00:34:30.0368 0x0d20 MSPQM - ok
00:34:30.0400 0x0d20 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:34:30.0540 0x0d20 mssmbios - ok
00:34:30.0634 0x0d20 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
00:34:30.0728 0x0d20 Mup - ok
00:34:30.0822 0x0d20 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
00:34:31.0040 0x0d20 napagent - ok
00:34:31.0072 0x0d20 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
00:34:31.0212 0x0d20 NDIS - ok
00:34:31.0259 0x0d20 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:34:31.0337 0x0d20 NdisTapi - ok
00:34:31.0353 0x0d20 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:34:31.0494 0x0d20 Ndisuio - ok
00:34:31.0525 0x0d20 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:34:31.0650 0x0d20 NdisWan - ok
00:34:31.0697 0x0d20 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
00:34:31.0759 0x0d20 NDProxy - ok
00:34:31.0806 0x0d20 [ 949941E4DE88DF1FAF49A4B3CFFB756F, 982136CC33D46FE251955498AA67A17EF33CB3B86E87489B4B787240202839CF ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
00:34:31.0822 0x0d20 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
00:34:31.0822 0x0d20 Detect skipped due to KSN trusted
00:34:31.0822 0x0d20 Net Driver HPZ12 - ok
00:34:31.0869 0x0d20 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
00:34:32.0025 0x0d20 NetBIOS - ok
00:34:32.0056 0x0d20 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
00:34:32.0212 0x0d20 NetBT - ok
00:34:32.0244 0x0d20 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
00:34:32.0416 0x0d20 NetDDE - ok
00:34:32.0431 0x0d20 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
00:34:32.0541 0x0d20 NetDDEdsdm - ok
00:34:32.0619 0x0d20 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
00:34:32.0744 0x0d20 Netlogon - ok
00:34:32.0791 0x0d20 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
00:34:32.0931 0x0d20 Netman - ok
00:34:32.0994 0x0d20 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:34:33.0009 0x0d20 NetTcpPortSharing - ok
00:34:33.0041 0x0d20 [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:34:33.0181 0x0d20 NIC1394 - ok
00:34:33.0306 0x0d20 [ 24D29A87A141B5CCDF34260D4890BE89, 283EE7937931184E6FBECFD9BD00F4145E8D1C090E8854DA57D8A2282D6B6A10 ] NICCONFIGSVC C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
00:34:33.0384 0x0d20 NICCONFIGSVC - detected UnsignedFile.Multi.Generic ( 1 )
00:34:33.0384 0x0d20 Detect skipped due to KSN trusted
00:34:33.0384 0x0d20 NICCONFIGSVC - ok
00:34:33.0431 0x0d20 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
00:34:33.0463 0x0d20 Nla - ok
00:34:33.0603 0x0d20 [ 13350DDD0976CEB5F125396C7BFB05B4, C5B109C8680CBAC60E45EC95C7C257BF3D2E7C2A2CF8B301BB54443C9A8F5DA1 ] nmraapache C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
00:34:33.0619 0x0d20 nmraapache - detected UnsignedFile.Multi.Generic ( 1 )
00:34:33.0619 0x0d20 Detect skipped due to KSN trusted
00:34:33.0619 0x0d20 nmraapache - ok
00:34:33.0728 0x0d20 [ 0413A99F3A728D245DFD1DF443E9CFC1, 4C943D0C9207513A6C46A739A58B1D8AC074DD665BA21AF6F0CE6BE7AF1FEB0F ] nmservice C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
00:34:33.0759 0x0d20 nmservice - ok
00:34:33.0822 0x0d20 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
00:34:34.0009 0x0d20 Npfs - ok
00:34:34.0072 0x0d20 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
00:34:34.0275 0x0d20 Ntfs - ok
00:34:34.0291 0x0d20 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
00:34:34.0416 0x0d20 NtLmSsp - ok
00:34:34.0494 0x0d20 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
00:34:34.0635 0x0d20 NtmsSvc - ok
00:34:34.0697 0x0d20 [ CF7E041663119E09D2E118521ADA9300, 0BDDEDA787CCBE34D515945717AF972143A3684F6D37F87B639D6A5371F381CC ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
00:34:34.0713 0x0d20 NuidFltr - ok
00:34:34.0744 0x0d20 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
00:34:34.0885 0x0d20 Null - ok
00:34:35.0041 0x0d20 [ 2B298519EDBFCF451D43E0F1E8F1006D, 67F3F2001F4C8DABD253D60AB3222793635532DC51AD977954286F8A246F5592 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:34:35.0322 0x0d20 nv - ok
00:34:35.0369 0x0d20 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:34:35.0494 0x0d20 NwlnkFlt - ok
00:34:35.0525 0x0d20 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:34:35.0650 0x0d20 NwlnkFwd - ok
00:34:35.0697 0x0d20 [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:34:35.0838 0x0d20 ohci1394 - ok
00:34:35.0869 0x0d20 [ B17228142CEC9B3C222239FD935A37CA, 862498084CBF4579FCC12807F30BACDAAC16115CC6DB56274B7C49796B62A5CC ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
00:34:35.0869 0x0d20 omci - detected UnsignedFile.Multi.Generic ( 1 )
00:34:35.0869 0x0d20 Detect skipped due to KSN trusted
00:34:35.0869 0x0d20 omci - ok
00:34:35.0916 0x0d20 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:34:35.0932 0x0d20 ose - ok
00:34:35.0963 0x0d20 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
00:34:36.0088 0x0d20 Parport - ok
00:34:36.0103 0x0d20 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
00:34:36.0213 0x0d20 PartMgr - ok
00:34:36.0244 0x0d20 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
00:34:36.0400 0x0d20 ParVdm - ok
00:34:36.0416 0x0d20 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
00:34:36.0557 0x0d20 PCI - ok
00:34:36.0557 0x0d20 PCIDump - ok
00:34:36.0572 0x0d20 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
00:34:36.0682 0x0d20 PCIIde - ok
00:34:36.0713 0x0d20 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
00:34:36.0854 0x0d20 Pcmcia - ok
00:34:36.0869 0x0d20 PDCOMP - ok
00:34:36.0869 0x0d20 PDFRAME - ok
00:34:36.0885 0x0d20 PDRELI - ok
00:34:36.0885 0x0d20 PDRFRAME - ok
00:34:36.0916 0x0d20 [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
00:34:37.0041 0x0d20 perc2 - ok
00:34:37.0072 0x0d20 [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
00:34:37.0213 0x0d20 perc2hib - ok
00:34:37.0244 0x0d20 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
00:34:37.0275 0x0d20 PlugPlay - ok
00:34:37.0322 0x0d20 [ 2F4CA141A609CAF5C98F6E4760EF1B9B, 42002F65B7EAAAC695D0C45B6132962A61A13FB50F334883C4C7C1A3E348EAD4 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
00:34:37.0338 0x0d20 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
00:34:37.0354 0x0d20 Detect skipped due to KSN trusted
00:34:37.0354 0x0d20 Pml Driver HPZ12 - ok
00:34:37.0369 0x0d20 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
00:34:37.0479 0x0d20 PolicyAgent - ok
00:34:37.0541 0x0d20 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:34:37.0666 0x0d20 PptpMiniport - ok
00:34:37.0682 0x0d20 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
00:34:37.0791 0x0d20 ProtectedStorage - ok
00:34:37.0822 0x0d20 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
00:34:37.0947 0x0d20 PSched - ok
00:34:37.0994 0x0d20 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:34:38.0135 0x0d20 Ptilink - ok
00:34:38.0244 0x0d20 [ 86724469CD077901706854974CD13C3E, 23C6B45928E43AC2893033DFC4265C2C87B3D185CB20553B9EAB818A46FB8C18 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:34:38.0291 0x0d20 PxHelp20 - detected UnsignedFile.Multi.Generic ( 1 )
00:34:38.0291 0x0d20 Detect skipped due to KSN trusted
00:34:38.0291 0x0d20 PxHelp20 - ok
00:34:38.0323 0x0d20 [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
00:34:38.0448 0x0d20 ql1080 - ok
00:34:38.0448 0x0d20 [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
00:34:38.0588 0x0d20 Ql10wnt - ok
00:34:38.0619 0x0d20 [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
00:34:38.0760 0x0d20 ql12160 - ok
00:34:38.0807 0x0d20 [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
00:34:38.0932 0x0d20 ql1240 - ok
00:34:38.0963 0x0d20 [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
00:34:39.0088 0x0d20 ql1280 - ok
00:34:39.0119 0x0d20 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:34:39.0244 0x0d20 RasAcd - ok
00:34:39.0291 0x0d20 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
00:34:39.0432 0x0d20 RasAuto - ok
00:34:39.0463 0x0d20 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:34:39.0588 0x0d20 Rasl2tp - ok
00:34:39.0635 0x0d20 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
00:34:39.0791 0x0d20 RasMan - ok
00:34:39.0807 0x0d20 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:34:39.0932 0x0d20 RasPppoe - ok
00:34:39.0963 0x0d20 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
00:34:40.0088 0x0d20 Raspti - ok
00:34:40.0135 0x0d20 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:34:40.0276 0x0d20 Rdbss - ok
00:34:40.0307 0x0d20 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:34:40.0448 0x0d20 RDPCDD - ok
00:34:40.0495 0x0d20 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:34:40.0651 0x0d20 rdpdr - ok
00:34:40.0713 0x0d20 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
00:34:40.0776 0x0d20 RDPWD - ok
00:34:40.0823 0x0d20 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
00:34:40.0963 0x0d20 RDSessMgr - ok
00:34:40.0979 0x0d20 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
00:34:41.0120 0x0d20 redbook - ok
00:34:41.0229 0x0d20 [ 6F81C8A63FB824EB8A2401AB45795553, 15A583037E609A62CCC8B9C5CCC0D8F6F0B114EECD9C5FD953A1822F32A1C7B6 ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
00:34:41.0245 0x0d20 RegSrvc - detected UnsignedFile.Multi.Generic ( 1 )
00:34:41.0245 0x0d20 Detect skipped due to KSN trusted
00:34:41.0245 0x0d20 RegSrvc - ok
00:34:41.0323 0x0d20 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
00:34:41.0464 0x0d20 RemoteAccess - ok
00:34:41.0495 0x0d20 [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
00:34:41.0620 0x0d20 RemoteRegistry - ok
00:34:41.0698 0x0d20 [ 24ED7AF20651F9FA1F249482E7C1F165, 6F7BD68CBA0CACDCB6B43A401887A190FD825B4EE1974D07271224CB225A8DC2 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
00:34:41.0745 0x0d20 rimmptsk - ok
00:34:41.0792 0x0d20 [ 1BDBA2D2D402415A78A4BA766DFE0F7B, 894EB6956B8F28DE96B846AC87E4FDD9614240871D6A326CEFB7F99184BC3E79 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
00:34:41.0839 0x0d20 rimsptsk - ok
00:34:41.0885 0x0d20 [ F774ECD11A064F0DEBB2D4395418153C, 053CBC85E40C6D8D1FC2968A2B7FD43445E6B0FDEED5905A905F953A236052C9 ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
00:34:41.0932 0x0d20 rismxdp - ok
00:34:41.0964 0x0d20 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
00:34:42.0120 0x0d20 RpcLocator - ok
00:34:42.0182 0x0d20 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\System32\rpcss.dll
00:34:42.0245 0x0d20 RpcSs - ok
00:34:42.0307 0x0d20 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
00:34:42.0448 0x0d20 RSVP - ok
00:34:42.0526 0x0d20 [ B792F2C647B1FC3E4987DE582EE00FE3, 761D7F5C591A103B844183A2EDA32925742441C3F27EF4ABDA9AD85ED4A5FDD2 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
00:34:42.0620 0x0d20 S24EventMonitor - detected UnsignedFile.Multi.Generic ( 1 )
00:34:42.0620 0x0d20 Detect skipped due to KSN trusted
00:34:42.0620 0x0d20 S24EventMonitor - ok
00:34:42.0651 0x0d20 [ 2E4E912CE95F5EF4D4A5079F6CE367FC, 7B8E0BC81737A4B9A6DC5ECB1B66D78652DD346B0F09719F4225B4FE56568D69 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
00:34:42.0745 0x0d20 s24trans - detected UnsignedFile.Multi.Generic ( 1 )
00:34:42.0745 0x0d20 Detect skipped due to KSN trusted
00:34:42.0745 0x0d20 s24trans - ok
00:34:42.0761 0x0d20 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
00:34:42.0870 0x0d20 SamSs - ok
00:34:42.0901 0x0d20 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
00:34:43.0042 0x0d20 SCardSvr - ok
00:34:43.0120 0x0d20 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
00:34:43.0261 0x0d20 Schedule - ok
00:34:43.0323 0x0d20 [ 8D04819A3CE51B9EB47E5689B44D43C4, B0588AF967A7611F05BC8A8AD0C945DBB7BF995D7DA5C28FD0D007E33BF1F502 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
00:34:43.0464 0x0d20 sdbus - ok
00:34:43.0495 0x0d20 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:34:43.0573 0x0d20 Secdrv - ok
00:34:43.0589 0x0d20 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
00:34:43.0714 0x0d20 seclogon - ok
00:34:43.0745 0x0d20 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
00:34:43.0901 0x0d20 SENS - ok
00:34:43.0948 0x0d20 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
00:34:44.0104 0x0d20 serenum - ok
00:34:44.0136 0x0d20 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
00:34:44.0292 0x0d20 Serial - ok
00:34:44.0339 0x0d20 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
00:34:44.0464 0x0d20 Sfloppy - ok
00:34:44.0526 0x0d20 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
00:34:44.0698 0x0d20 SharedAccess - ok
00:34:44.0745 0x0d20 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
00:34:44.0808 0x0d20 ShellHWDetection - ok
00:34:44.0808 0x0d20 Simbad - ok
00:34:44.0855 0x0d20 [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
00:34:44.0964 0x0d20 sisagp - ok
00:34:44.0995 0x0d20 [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
00:34:45.0089 0x0d20 Sparrow - ok
00:34:45.0120 0x0d20 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
00:34:45.0308 0x0d20 splitter - ok
00:34:45.0355 0x0d20 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
00:34:45.0464 0x0d20 Spooler - ok
00:34:45.0573 0x0d20 [ C3716EC0D36AD924B6888D794563E647, 15D9796FA6AB380C8BF01CCAB5136CEE7E698BD9573B64FB82641A8C2375FEAE ] sprtsvc_ddoctorv2 C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
00:34:45.0589 0x0d20 sprtsvc_ddoctorv2 - ok
00:34:45.0683 0x0d20 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
00:34:45.0761 0x0d20 sr - ok
00:34:45.0823 0x0d20 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
00:34:45.0933 0x0d20 srservice - ok
00:34:46.0011 0x0d20 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
00:34:46.0136 0x0d20 Srv - ok
00:34:46.0167 0x0d20 [ D7968049BE0ADBB6A57CEE3960320911, 6FB6D7BE384324211DAEDCCD80BA983E32183D08DF6C5B5B5453773DCC0F4D5B ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
00:34:46.0183 0x0d20 sscdbhk5 - detected UnsignedFile.Multi.Generic ( 1 )
00:34:46.0183 0x0d20 Detect skipped due to KSN trusted
00:34:46.0183 0x0d20 sscdbhk5 - ok
00:34:46.0198 0x0d20 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
00:34:46.0308 0x0d20 SSDPSRV - ok
00:34:46.0323 0x0d20 SSHRMD - ok
00:34:46.0323 0x0d20 SSIDRV - ok
00:34:46.0339 0x0d20 [ C3FFD65ABFB6441E7606CF74F1155273, EFA481D5075A9C0490CEBA5F8223BE322EB3811465F41A1FB3386E30E8C81714 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
00:34:46.0355 0x0d20 ssrtln - detected UnsignedFile.Multi.Generic ( 1 )
00:34:46.0355 0x0d20 Detect skipped due to KSN trusted
00:34:46.0355 0x0d20 ssrtln - ok
00:34:46.0480 0x0d20 [ 2A2DC39623ADEF8AB3703AB9FAC4B440, A7D66F8364363085EA8BC54AB41E0C1E509A7A88753D6E6707FACF0265DF2A75 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
00:34:46.0636 0x0d20 STHDA - ok
00:34:46.0761 0x0d20 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
00:34:46.0964 0x0d20 stisvc - ok
00:34:47.0011 0x0d20 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
00:34:47.0183 0x0d20 swenum - ok
00:34:47.0245 0x0d20 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
00:34:47.0355 0x0d20 swmidi - ok
00:34:47.0370 0x0d20 SwPrv - ok
00:34:47.0402 0x0d20 [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
00:34:47.0511 0x0d20 symc810 - ok
00:34:47.0527 0x0d20 [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
00:34:47.0683 0x0d20 symc8xx - ok
00:34:47.0714 0x0d20 [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
00:34:47.0839 0x0d20 sym_hi - ok
00:34:47.0855 0x0d20 [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
00:34:47.0980 0x0d20 sym_u3 - ok
00:34:48.0042 0x0d20 [ 35D5B3632E0BCEBE27B391157DE05996, 9B0C4E1F0201FCB27A1CF600C6B7B8A288596ECDA10A980F24FB58B775746222 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
00:34:48.0089 0x0d20 SynTP - ok
00:34:48.0136 0x0d20 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
00:34:48.0277 0x0d20 sysaudio - ok
00:34:48.0308 0x0d20 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
00:34:48.0449 0x0d20 SysmonLog - ok
00:34:48.0511 0x0d20 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
00:34:48.0652 0x0d20 TapiSrv - ok
00:34:48.0714 0x0d20 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:34:48.0793 0x0d20 Tcpip - ok
00:34:48.0824 0x0d20 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
00:34:48.0964 0x0d20 TDPIPE - ok
00:34:48.0980 0x0d20 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
00:34:49.0121 0x0d20 TDTCP - ok
00:34:49.0136 0x0d20 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
00:34:49.0261 0x0d20 TermDD - ok
00:34:49.0324 0x0d20 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
00:34:49.0464 0x0d20 TermService - ok
00:34:49.0511 0x0d20 [ 30698355067D07DA5F9EB81132C9FDD6, 80457F8DBB089FFF23ED220924F5C872D896707F4B31E9C77DAB78421B9B2F6D ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
00:34:49.0527 0x0d20 tfsnboio - detected UnsignedFile.Multi.Generic ( 1 )
00:34:49.0527 0x0d20 Detect skipped due to KSN trusted
00:34:49.0527 0x0d20 tfsnboio - ok
00:34:49.0543 0x0d20 [ FB9D825BB4A2ABDF24600F7505050E2B, A7A11366525C4DEAD588822F4C57C7ED5D6F3578F2DB2124BF0441133B3169B9 ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
00:34:49.0543 0x0d20 tfsncofs - detected UnsignedFile.Multi.Generic ( 1 )
00:34:49.0543 0x0d20 Detect skipped due to KSN trusted
00:34:49.0543 0x0d20 tfsncofs - ok
00:34:49.0558 0x0d20 [ CAFD8CCA11AA1E8B6D2EA1BA8F70EC33, AA5BDE527B67A14654D930252894FEDB8976EAE1F33C2BC0E7747D2B4EB93C4E ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
00:34:49.0574 0x0d20 tfsndrct - detected UnsignedFile.Multi.Generic ( 1 )
00:34:49.0574 0x0d20 Detect skipped due to KSN trusted
00:34:49.0574 0x0d20 tfsndrct - ok
00:34:49.0589 0x0d20 [ 8DB1E78FBF7C426D8EC3D8F1A33D6485, FF437EFD667EFE00729188B18C7E17E8C15D06A2C1F58A0F79E22DFADCECF969 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
00:34:49.0605 0x0d20 tfsndres - detected UnsignedFile.Multi.Generic ( 1 )
00:34:49.0605 0x0d20 Detect skipped due to KSN trusted
00:34:49.0605 0x0d20 tfsndres - ok
00:34:49.0621 0x0d20 [ B92F67A71CC8176F331B8AA8D9F555AD, F59E8464E44E08C18C3C7D32408D7661923F30FDD35390082DC7F2C02DCC40A3 ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
00:34:49.0668 0x0d20 tfsnifs - detected UnsignedFile.Multi.Generic ( 1 )
00:34:49.0668 0x0d20 Detect skipped due to KSN trusted
00:34:49.0668 0x0d20 tfsnifs - ok
00:34:49.0715 0x0d20 [ 85985FAA9A71E2358FCC2EDEFC2A3C5C, 9ADD1077C3B34E0EFA85EC4762822330D85F43EB4557C9ED015D8D1575E52885 ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
00:34:49.0715 0x0d20 tfsnopio - detected UnsignedFile.Multi.Generic ( 1 )
00:34:49.0715 0x0d20 Detect skipped due to KSN trusted
00:34:49.0715 0x0d20 tfsnopio - ok
00:34:49.0730 0x0d20 [ BBA22094F0F7C210567EFDAF11F64495, C55D3F3628C73FFA776C9B61BA735CB24DEE9F80F6E74A2F9BD70CFFB863BA57 ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
00:34:49.0761 0x0d20 tfsnpool - detected UnsignedFile.Multi.Generic ( 1 )
00:34:49.0761 0x0d20 Detect skipped due to KSN trusted
00:34:49.0761 0x0d20 tfsnpool - ok
00:34:49.0777 0x0d20 [ 81340BEF80B9811E98CE64611E67E3FF, CD6679A4D1A7932CD64F1F6AACF09CEC2D8E7DD001F812CC49756D8F582D907A ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
00:34:49.0777 0x0d20 tfsnudf - detected UnsignedFile.Multi.Generic ( 1 )
00:34:49.0777 0x0d20 Detect skipped due to KSN trusted
00:34:49.0777 0x0d20 tfsnudf - ok
00:34:49.0824 0x0d20 [ C035FD116224CCC8325F384776B6A8BB, CB97AD56288F916DE2AF5B1EC9D04AF3A1C2A2FA0A738282DA3763036DD18F12 ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
00:34:49.0824 0x0d20 tfsnudfa - detected UnsignedFile.Multi.Generic ( 1 )
00:34:49.0824 0x0d20 Detect skipped due to KSN trusted
00:34:49.0824 0x0d20 tfsnudfa - ok
00:34:49.0918 0x0d20 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
00:34:49.0933 0x0d20 Themes - ok
00:34:49.0980 0x0d20 [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
00:34:50.0043 0x0d20 TlntSvr - ok
00:34:50.0074 0x0d20 [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
00:34:50.0246 0x0d20 TosIde - ok
00:34:50.0308 0x0d20 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
00:34:50.0433 0x0d20 TrkWks - ok
00:34:50.0480 0x0d20 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
00:34:50.0590 0x0d20 Udfs - ok
00:34:50.0636 0x0d20 [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
00:34:50.0746 0x0d20 ultra - ok
00:34:50.0840 0x0d20 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
00:34:50.0996 0x0d20 Update - ok
00:34:51.0043 0x0d20 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
00:34:51.0121 0x0d20 upnphost - ok
00:34:51.0152 0x0d20 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
00:34:51.0293 0x0d20 UPS - ok
00:34:51.0340 0x0d20 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:34:51.0418 0x0d20 usbccgp - ok
00:34:51.0449 0x0d20 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:34:51.0465 0x0d20 usbehci - ok
00:34:51.0527 0x0d20 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:34:51.0637 0x0d20 usbhub - ok
00:34:51.0715 0x0d20 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:34:51.0840 0x0d20 usbprint - ok
00:34:51.0887 0x0d20 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:34:51.0934 0x0d20 usbscan - ok
00:34:51.0965 0x0d20 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:34:52.0105 0x0d20 USBSTOR - ok
00:34:52.0137 0x0d20 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:34:52.0277 0x0d20 usbuhci - ok
00:34:52.0293 0x0d20 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
00:34:52.0434 0x0d20 VgaSave - ok
00:34:52.0480 0x0d20 [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
00:34:52.0605 0x0d20 viaagp - ok
00:34:52.0637 0x0d20 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
00:34:52.0809 0x0d20 ViaIde - ok
00:34:52.0840 0x0d20 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
00:34:52.0965 0x0d20 VolSnap - ok
00:34:53.0012 0x0d20 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
00:34:53.0090 0x0d20 VSS - ok
00:34:53.0121 0x0d20 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] w32time C:\WINDOWS\system32\w32time.dll
00:34:53.0246 0x0d20 w32time - ok
00:34:53.0371 0x0d20 [ B1F126E7E28877106D60E6FF3998D033, 1F59798DF18994AA720522CC5FBA5B79F9BD167DBBC2B9D670F796E1DFD10C0C ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
00:34:53.0543 0x0d20 w39n51 - ok
00:34:53.0590 0x0d20 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:34:53.0731 0x0d20 Wanarp - ok
00:34:53.0746 0x0d20 wanatw - ok
00:34:53.0824 0x0d20 [ FD47474BD21794508AF449D9D91AF6E6, 2AD586390824F673B5DC5D86FC2423ED9252413D221E1C7EC3A760782DB6436A ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
00:34:53.0871 0x0d20 Wdf01000 - ok
00:34:53.0871 0x0d20 WDICA - ok
00:34:53.0918 0x0d20 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
00:34:54.0121 0x0d20 wdmaud - ok
00:34:54.0168 0x0d20 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
00:34:54.0293 0x0d20 WebClient - ok
00:34:54.0403 0x0d20 [ 74CF3F2E4E40C4A2E18D39D6300A5C24, D688190C5C5F3B31AA0CB7843C480EECFE98FB3AD4FB897B5993B14CECE8BBB2 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
00:34:54.0512 0x0d20 winachsf - ok
00:34:54.0590 0x0d20 [ F45DD1E1365D857DD08BC23563370D0E, D95AEBB2095579D716C62152C8B805E119812FD2E40F14F9A5BA2EFDE133303B ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
00:34:54.0621 0x0d20 WinDefend - ok
00:34:54.0778 0x0d20 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
00:34:54.0934 0x0d20 winmgmt - ok
00:34:55.0012 0x0d20 [ AFB5A2A79BB01699A269C316D8B9BEF1, 20FCEE3EC71472A4180BEA6D148EAE37FD5C6FAB853AA417F961348837478667 ] WLANKEEPER C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
00:34:55.0028 0x0d20 WLANKEEPER - detected UnsignedFile.Multi.Generic ( 1 )
00:34:55.0028 0x0d20 Detect skipped due to KSN trusted
00:34:55.0028 0x0d20 WLANKEEPER - ok
00:34:55.0075 0x0d20 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
00:34:55.0137 0x0d20 WmdmPmSN - ok
00:34:55.0231 0x0d20 [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi C:\WINDOWS\System32\advapi32.dll
00:34:55.0340 0x0d20 Wmi - ok
00:34:55.0387 0x0d20 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:34:55.0590 0x0d20 WmiApSrv - ok
00:34:55.0731 0x0d20 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
00:34:55.0840 0x0d20 WMPNetworkSvc - ok
00:34:55.0872 0x0d20 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:34:55.0997 0x0d20 WS2IFSL - ok
00:34:56.0059 0x0d20 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
00:34:56.0184 0x0d20 wscsvc - ok
00:34:56.0215 0x0d20 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
00:34:56.0372 0x0d20 wuauserv - ok
00:34:56.0418 0x0d20 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:34:56.0497 0x0d20 WudfPf - ok
00:34:56.0559 0x0d20 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:34:56.0590 0x0d20 WudfRd - ok
00:34:56.0637 0x0d20 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
00:34:56.0700 0x0d20 WudfSvc - ok
00:34:56.0809 0x0d20 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
00:34:57.0137 0x0d20 WZCSVC - ok
00:34:57.0215 0x0d20 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
00:34:57.0356 0x0d20 xmlprov - ok
00:34:57.0356 0x0d20 ================ Scan global ===============================
00:34:57.0419 0x0d20 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
00:34:57.0544 0x0d20 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
00:34:57.0590 0x0d20 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
00:34:57.0637 0x0d20 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
00:34:57.0653 0x0d20 [ Global ] - ok
00:34:57.0653 0x0d20 ================ Scan MBR ==================================
00:34:57.0684 0x0d20 [ DEA9E81F0228B68C9ADAF84C9B0CF931 ] \Device\Harddisk0\DR0
00:34:59.0184 0x0d20 \Device\Harddisk0\DR0 - ok
00:34:59.0184 0x0d20 ================ Scan VBR ==================================
00:34:59.0200 0x0d20 [ C17840DB80D692FDC7A66F9C24437E14 ] \Device\Harddisk0\DR0\Partition1
00:34:59.0200 0x0d20 \Device\Harddisk0\DR0\Partition1 - ok
00:34:59.0200 0x0d20 ================ Scan generic autorun ======================
00:34:59.0356 0x0d20 [ 9E109B03018763FDCB075CE74547BE22, 7321873E646F24B63B7C88B6BC9F4BE5D4DAB60284A9C2E9F0EB895A9E90231B ] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
00:34:59.0372 0x0d20 ISUSPM Startup - detected UnsignedFile.Multi.Generic ( 1 )
00:34:59.0372 0x0d20 Detect skipped due to KSN trusted
00:34:59.0372 0x0d20 ISUSPM Startup - ok
00:34:59.0419 0x0d20 [ 583B7D111304BE63D7D9CB65482D2187, BD9618C9EFED73BC0EB1029502FE0AE0AECD8B0ABA506797C78327E71FF0FC0F ] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
00:34:59.0450 0x0d20 ISUSScheduler - detected UnsignedFile.Multi.Generic ( 1 )
00:34:59.0450 0x0d20 Detect skipped due to KSN trusted
00:34:59.0450 0x0d20 ISUSScheduler - ok
00:34:59.0481 0x0d20 [ 062F3DB9AFA9C3CE0DA52F28595C0C6D, E1709230623C645418AC949D782F2A2B932315DA73AF29D15FA69F47F62F3749 ] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
00:34:59.0513 0x0d20 HP Software Update - detected UnsignedFile.Multi.Generic ( 1 )
00:34:59.0513 0x0d20 Detect skipped due to KSN trusted
00:34:59.0513 0x0d20 HP Software Update - ok
00:34:59.0528 0x0d20 [ 0D9F0763B213DF519012DF96F02E9633, 80EF4B16FFEC8DBE01E0C9BC7F3649DAF39B2A80CBD58C2D5B285E1313D6F764 ] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
00:34:59.0559 0x0d20 hpqSRMon - detected UnsignedFile.Multi.Generic ( 1 )
00:34:59.0559 0x0d20 Detect skipped due to KSN trusted
00:34:59.0559 0x0d20 hpqSRMon - ok
00:34:59.0606 0x0d20 [ C341CCFBE98BC7DF6E0B856BB9FC265A, 7EA0A5407591EC8D97A9658DBEB7CB57550E143C526C3502E73F12FEF46F778C ] C:\Program Files\QuickTime\qttask.exe
00:34:59.0622 0x0d20 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
00:34:59.0622 0x0d20 Detect skipped due to KSN trusted
00:34:59.0622 0x0d20 QuickTime Task - ok
00:34:59.0638 0x0d20 WIAWizardMenu - ok
00:34:59.0716 0x0d20 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
00:34:59.0872 0x0d20 ctfmon.exe - ok
00:35:00.0013 0x0d20 [ D9009C0433DD64FEBA944189174E6212, DE90C5457A9A3F2A157B6D48171F85F67DC0E82C90FA2FA347AA2014155CFF8A ] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_15_0_0_189_ActiveX.exe
00:35:00.0075 0x0d20 FlashPlayerUpdate - ok
00:35:00.0138 0x0d20 [ 676B1D0BFA5EF8005395AB43F33DE1F1, 86A26EEB50051DC9D90017212B4200BE2301546404F652D4C0B0578B7CE75759 ] C:\Program Files\NetWaiting\netWaiting.exe
00:35:00.0138 0x0d20 ModemOnHold - detected UnsignedFile.Multi.Generic ( 1 )
00:35:00.0138 0x0d20 Detect skipped due to KSN trusted
00:35:00.0138 0x0d20 ModemOnHold - ok
00:35:00.0263 0x0d20 [ B75FDBF14073D72C50624CC8338DD534, 953C7E16B56597ABCCD805A379769B0FD76298669DDE6E1172C728F410371CE8 ] C:\Program Files\DellSupport\DSAgnt.exe
00:35:00.0294 0x0d20 DellSupport - ok
00:35:00.0310 0x0d20 FW detected via SS1: Norton Internet Worm Protection, 2006, disabled
00:35:00.0310 0x0d20 Win FW state via NFM: enabled
00:35:00.0528 0x0d20 ============================================================
00:35:00.0528 0x0d20 Scan finished
00:35:00.0528 0x0d20 ============================================================
00:35:00.0528 0x0ac0 Detected object count: 0
00:35:00.0528 0x0ac0 Actual detected object count: 0
 
#39
Ok - good - here is the first VEW log - quite short

Vino's Event Viewer v01c run on Windows XP in English
Report run at 27/07/2017 12:23:43 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
#40
Hi - ok, here is the second VEW log - many thanks

Vino's Event Viewer v01c run on Windows XP in English
Report run at 27/07/2017 12:31:50 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/07/2017 11:57:21 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user PMURPHY\Patricia Murphy registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
 
Status
Not open for further replies.
Top Bottom
Back
Forums
Resources
Menu