Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Profile loading fails in Normal mode, OK in Safe Mode


  • Please log in to reply
10 replies to this topic

#1 Philip134

Philip134

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 PM

Posted 16 April 2014 - 10:47 AM

Booted up at start of day everything looked normal apart from message about AnimalwareSecureExecutable has encountered a problem and needs to close.

 

Quick scan with Malwarebytes produced 399 PUPs in the guest account (never had this many before usually 3 or 4 max). Fixed these and rebooted.  Disabled guest account.

 

Then froze while trying to call Chrome from within Pegasus Mail.  No response to anything.

 

Rebooted selected usual user profile, bit of activity, then froze with mouse still mobile on Blue screen (usual wallpaper).

 

Tried last known configuration that worked but produced the same problem.

 

Booted into Safe Mode with networking - seems stable and working.

 

Advice on what next much appreciated.

 

Philip



BC AdBot (Login to Remove)

 


m

#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:43 PM

Posted 16 April 2014 - 12:30 PM

Hello,
 
I will be helping you with your problems. Please be patient while I assist you.
 
Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us
 

  • Please do NOT run, install or uninstall any programs,  unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
          
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
          
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
          
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.
 
NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
- Do NOT backup any unknown files ending in .exe, .com, .scr, .pif, and .bat since files of these types are more likely to be infected.
 
NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.
 
----------------------------------------------
 
Please do the following in Safe mode with networking:
 
:step1:
 
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.  
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Under Objects to scan, check the boxes next to Verify file digital signatures, Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the full contents of that file in your next reply. - If the log is too long, then split it into multiple posts.   

 
:step2:
 
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

:step3:
 
Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the full contents of the log in your next reply. 

 
:step4:
 
Please download MiniToolBox, save it to your desktop and run it.
 
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points

NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.
 
Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.


Edited by dev00790, 16 April 2014 - 12:31 PM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 Philip134

Philip134
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 PM

Posted 16 April 2014 - 01:40 PM

Here is the TDSSKiller Log

18:54:57.0359 0x0d34 TDSS rootkit removing tool 3.0.0.31 Apr 11 2014 08:55:10
18:55:04.0734 0x0d34 ============================================================
18:55:04.0734 0x0d34 Current date / time: 2014/04/16 18:55:04.0734
18:55:04.0734 0x0d34 SystemInfo:
18:55:04.0734 0x0d34
18:55:04.0734 0x0d34 OS Version: 5.1.2600 ServicePack: 3.0
18:55:04.0734 0x0d34 Product type: Workstation
18:55:04.0734 0x0d34 ComputerName: DELL9200
18:55:04.0734 0x0d34 UserName: Philip
18:55:04.0734 0x0d34 Windows directory: C:\WINDOWS
18:55:04.0734 0x0d34 System windows directory: C:\WINDOWS
18:55:04.0734 0x0d34 Processor architecture: Intel x86
18:55:04.0734 0x0d34 Number of processors: 2
18:55:04.0734 0x0d34 Page size: 0x1000
18:55:04.0734 0x0d34 Boot type: Safe boot with network
18:55:04.0734 0x0d34 ============================================================
18:55:10.0890 0x0d34 KLMD registered as C:\WINDOWS\system32\drivers\72683361.sys
18:55:10.0937 0x0d34 System UUID: {1EDAA88E-8582-51FD-5FC5-A663E207CF06}
18:55:11.0406 0x0d34 Drive \Device\Harddisk0\DR0 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:55:11.0421 0x0d34 Drive \Device\Harddisk1\DR1 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:55:11.0468 0x0d34 ============================================================
18:55:11.0468 0x0d34 \Device\Harddisk0\DR0:
18:55:11.0468 0x0d34 MBR partitions:
18:55:11.0468 0x0d34 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x15D8349E
18:55:11.0468 0x0d34 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x15D834DD, BlocksNum 0x74410A4
18:55:11.0468 0x0d34 \Device\Harddisk1\DR1:
18:55:11.0468 0x0d34 MBR partitions:
18:55:11.0468 0x0d34 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x15D6BC18
18:55:11.0468 0x0d34 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x15D6BC57, BlocksNum 0x743D1E3
18:55:11.0468 0x0d34 ============================================================
18:55:11.0640 0x0d34 C: <-> \Device\Harddisk0\DR0\Partition1
18:55:11.0750 0x0d34 D: <-> \Device\Harddisk0\DR0\Partition2
18:55:11.0750 0x0d34 G: <-> \Device\Harddisk1\DR1\Partition1
18:55:11.0859 0x0d34 H: <-> \Device\Harddisk1\DR1\Partition2
18:55:11.0937 0x0d34 ============================================================
18:55:11.0937 0x0d34 Initialize success
18:55:11.0937 0x0d34 ============================================================
18:55:42.0000 0x0d8c ============================================================
18:55:42.0000 0x0d8c Scan started
18:55:42.0000 0x0d8c Mode: Manual; SigCheck; TDLFS;
18:55:42.0000 0x0d8c ============================================================
18:55:42.0000 0x0d8c KSN ping started
18:55:55.0531 0x0d8c KSN ping finished: true
18:55:56.0250 0x0d8c ================ Scan system memory ========================
18:55:56.0250 0x0d8c System memory - ok
18:55:56.0265 0x0d8c ================ Scan services =============================
18:55:56.0531 0x0d8c [ C07D5197410AAB28D0D93F943F59656D, 482164BA2B57C7026A7DF3213E0AC59B752A898D9B880BC0629F9CADD05D2894 ] 6to4 C:\WINDOWS\System32\6to4svc.dll
18:55:57.0312 0x0d8c 6to4 - ok
18:55:57.0515 0x0d8c Abiosdsk - ok
18:55:57.0546 0x0d8c abp480n5 - ok
18:55:57.0593 0x0d8c [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:55:58.0750 0x0d8c ACPI - ok
18:55:58.0796 0x0d8c [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:55:58.0953 0x0d8c ACPIEC - ok
18:55:59.0140 0x0d8c [ 4C74654A7E7DFFC504C8D548D105B567, 0A39F201BDE8754F3FC30679B2BA72BE60A1EE1DA460706B88CF59C7A7512411 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
18:55:59.0203 0x0d8c AcrSch2Svc - ok
18:55:59.0265 0x0d8c [ 6D182C31ACF16213407F2768F1107FE3, 92B602152AB9F93A7AC510A01AEF714ED8EE30C9306E3D44BECEE10EC3464184 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
18:55:59.0312 0x0d8c Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
18:56:01.0828 0x0d8c Detect skipped due to KSN trusted
18:56:01.0828 0x0d8c Adobe LM Service - ok
18:56:01.0953 0x0d8c [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:56:01.0984 0x0d8c AdobeFlashPlayerUpdateSvc - ok
18:56:02.0000 0x0d8c adpu160m - ok
18:56:02.0031 0x0d8c [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:56:02.0156 0x0d8c aec - ok
18:56:02.0218 0x0d8c [ DF139E5866C19E0B3217EF210198D875, 746BC21FF091C5E666DBFD5BCF93498F52ECA1EAA07FA75990D8B8DBB42043E0 ] afcdp C:\WINDOWS\system32\DRIVERS\afcdp.sys
18:56:02.0265 0x0d8c afcdp - ok
18:56:02.0468 0x0d8c [ 38CB1B3F8C3E5C67FEC1DEA1459D1D7F, 4C9B8714AD732BE420EF58EB8899C6EAA888DB309B1CD020CB0C74A48753EEB0 ] afcdpsrv C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
18:56:02.0671 0x0d8c afcdpsrv - ok
18:56:02.0750 0x0d8c [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:56:02.0843 0x0d8c AFD - ok
18:56:02.0859 0x0d8c Aha154x - ok
18:56:02.0875 0x0d8c aic78u2 - ok
18:56:02.0906 0x0d8c aic78xx - ok
18:56:02.0937 0x0d8c [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:56:03.0062 0x0d8c Alerter - ok
18:56:03.0125 0x0d8c [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe
18:56:03.0203 0x0d8c ALG - ok
18:56:03.0218 0x0d8c AliIde - ok
18:56:03.0234 0x0d8c amsint - ok
18:56:03.0281 0x0d8c [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:56:03.0390 0x0d8c AppMgmt - ok
18:56:03.0421 0x0d8c [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:56:03.0546 0x0d8c Arp1394 - ok
18:56:03.0562 0x0d8c asc - ok
18:56:03.0578 0x0d8c asc3350p - ok
18:56:03.0593 0x0d8c asc3550 - ok
18:56:03.0828 0x0d8c [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:56:03.0906 0x0d8c aspnet_state - ok
18:56:03.0921 0x0d8c aswFsBlk - ok
18:56:03.0937 0x0d8c aswMon2 - ok
18:56:03.0953 0x0d8c aswSP - ok
18:56:03.0984 0x0d8c [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:56:04.0093 0x0d8c AsyncMac - ok
18:56:04.0140 0x0d8c [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:56:04.0281 0x0d8c atapi - ok
18:56:04.0296 0x0d8c Atdisk - ok
18:56:04.0390 0x0d8c [ 8F7865DB9563642AF17075C61EA6A6D4, 0681227BBAE7BA09814297CD8FEFE8DE62234F132B59D0C2F4B68A0A57544997 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
18:56:04.0453 0x0d8c Ati HotKey Poller - ok
18:56:04.0500 0x0d8c [ 0DB73D7AE092600530F1DCD064D57AE3, 6A9437EF4AA81C74AD5EF8BAA7B80B11922EAAC6D29F9CDEDFDD4BD3466A4428 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
18:56:04.0578 0x0d8c ATI Smart - detected UnsignedFile.Multi.Generic ( 1 )
18:56:07.0062 0x0d8c Detect skipped due to KSN trusted
18:56:07.0062 0x0d8c ATI Smart - ok
18:56:07.0187 0x0d8c [ B563E7154DB73C2DAC72FA08120295CF, DAAD2BC51C66811A3A17500F459EA4DA6EA16C5EC8B4A5C24A17BF53CEAB12D0 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:56:07.0359 0x0d8c ati2mtag - ok
18:56:07.0406 0x0d8c [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:56:07.0531 0x0d8c Atmarpc - ok
18:56:07.0578 0x0d8c [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:56:07.0703 0x0d8c AudioSrv - ok
18:56:07.0765 0x0d8c [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:56:07.0875 0x0d8c audstub - ok
18:56:07.0921 0x0d8c [ 5D7BE7B19E827125E016325334E58FF1, 76AE80C91BF53DF4EE18C92D47EDC6541C2013E3669278166079D1A4A24F9FB6 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
18:56:07.0937 0x0d8c BANTExt - detected UnsignedFile.Multi.Generic ( 1 )
18:56:10.0468 0x0d8c Detect skipped due to KSN trusted
18:56:10.0468 0x0d8c BANTExt - ok
18:56:10.0531 0x0d8c [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:56:10.0656 0x0d8c Beep - ok
18:56:10.0718 0x0d8c [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll
18:56:11.0218 0x0d8c BITS - ok
18:56:11.0296 0x0d8c [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:56:11.0328 0x0d8c Bonjour Service - ok
18:56:11.0406 0x0d8c [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll
18:56:11.0484 0x0d8c Browser - ok
18:56:11.0546 0x0d8c [ D6D0F3860F022A12E888965F8237CBD9, 0424F12396B1B40644AEB2B73584B182B3B40CDD6829959C4D8C1E97C6231CA9 ] BsStor C:\WINDOWS\system32\drivers\BsStor.sys
18:56:11.0578 0x0d8c BsStor - detected UnsignedFile.Multi.Generic ( 1 )
18:56:14.0140 0x0d8c Detect skipped due to KSN trusted
18:56:14.0140 0x0d8c BsStor - ok
18:56:14.0171 0x0d8c [ EC7540BDE35E567C32AC68AA70F0946C, 9A767595C9C997A113077AC472FFB17677FB3BB5EC62A68AEE9477EB4AA19BB2 ] CAILI C:\WINDOWS\system32\caili.exe
18:56:14.0203 0x0d8c CAILI - detected UnsignedFile.Multi.Generic ( 1 )
18:56:16.0781 0x0d8c Detect skipped due to KSN trusted
18:56:16.0781 0x0d8c CAILI - ok
18:56:17.0078 0x0d8c catchme - ok
18:56:17.0140 0x0d8c [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:56:17.0234 0x0d8c cbidf2k - ok
18:56:17.0265 0x0d8c [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:56:17.0359 0x0d8c CCDECODE - ok
18:56:17.0375 0x0d8c cd20xrnt - ok
18:56:17.0453 0x0d8c [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:56:17.0562 0x0d8c Cdaudio - ok
18:56:17.0609 0x0d8c [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:56:17.0750 0x0d8c Cdfs - ok
18:56:17.0812 0x0d8c [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:56:17.0921 0x0d8c Cdrom - ok
18:56:17.0984 0x0d8c [ 84853B3FD012251690570E9E7E43343F, 65CACFA643E52A0C0E6B2D901228A8A0AD4993CAFA3C287E65395F4B7C521089 ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
18:56:18.0015 0x0d8c cercsr6 - detected UnsignedFile.Multi.Generic ( 1 )
18:56:20.0531 0x0d8c Detect skipped due to KSN trusted
18:56:20.0531 0x0d8c cercsr6 - ok
18:56:20.0562 0x0d8c Changer - ok
18:56:20.0625 0x0d8c [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] cisvc C:\WINDOWS\system32\cisvc.exe
18:56:20.0718 0x0d8c cisvc - ok
18:56:20.0734 0x0d8c [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:56:20.0828 0x0d8c ClipSrv - ok
18:56:20.0875 0x0d8c [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:56:21.0125 0x0d8c clr_optimization_v2.0.50727_32 - ok
18:56:21.0203 0x0d8c [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:56:21.0218 0x0d8c clr_optimization_v4.0.30319_32 - ok
18:56:21.0281 0x0d8c [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:56:21.0406 0x0d8c CmdIde - ok
18:56:21.0484 0x0d8c [ 091EFAE211EA4D1B9BAF2200300005C6, CEEC4CD06D0260BA4F03F0D70C6B3E148FF0BECA7A7EF477D9E493CD81450903 ] cmuda C:\WINDOWS\system32\drivers\cmuda.sys
18:56:21.0531 0x0d8c cmuda - detected UnsignedFile.Multi.Generic ( 1 )
18:56:24.0093 0x0d8c Detect skipped due to KSN trusted
18:56:24.0093 0x0d8c cmuda - ok
18:56:24.0171 0x0d8c [ 482498A3056B38B63474D69B614AB9E2, F481B018650EB43C4FF4CF1E7163015498EA0DBD9086686D5A1FA6B739F3C277 ] CnxTrLan C:\WINDOWS\system32\DRIVERS\CnxTrLan.sys
18:56:24.0171 0x0d8c CnxTrLan - detected UnsignedFile.Multi.Generic ( 1 )
18:56:26.0687 0x0d8c Detect skipped due to KSN trusted
18:56:26.0687 0x0d8c CnxTrLan - ok
18:56:26.0734 0x0d8c [ 1CC1593F3B910E460D71A51745513B5F, 227BD6B7B7D93EDFDBBE9763CD54D27109B83FF81C8CAF08822A3D7D34AD4785 ] CnxTrUsb C:\WINDOWS\system32\DRIVERS\CnxTrUsb.sys
18:56:26.0750 0x0d8c CnxTrUsb - detected UnsignedFile.Multi.Generic ( 1 )
18:56:29.0281 0x0d8c Detect skipped due to KSN trusted
18:56:29.0281 0x0d8c CnxTrUsb - ok
18:56:29.0296 0x0d8c COMSysApp - ok
18:56:29.0328 0x0d8c Cpqarray - ok
18:56:29.0375 0x0d8c [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:56:29.0484 0x0d8c CryptSvc - ok
18:56:29.0531 0x0d8c dac2w2k - ok
18:56:29.0546 0x0d8c dac960nt - ok
18:56:29.0609 0x0d8c [ B18E4E0EB0646A8BE6CC4EEF5ED1DE90, 57BD7F870B55306F01DD89C27692AA21D87D4D9D2E817C0C51EFE6863FFBDDC2 ] DCamUSB20 C:\WINDOWS\system32\Drivers\CsMini20.sys
18:56:29.0609 0x0d8c DCamUSB20 - detected UnsignedFile.Multi.Generic ( 1 )
18:56:32.0203 0x0d8c DCamUSB20 ( UnsignedFile.Multi.Generic ) - warning
18:56:34.0671 0x0d8c [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:56:34.0781 0x0d8c DcomLaunch - ok
18:56:34.0828 0x0d8c [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:56:34.0937 0x0d8c Dhcp - ok
18:56:35.0000 0x0d8c [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:56:35.0125 0x0d8c Disk - ok
18:56:35.0140 0x0d8c dmadmin - ok
18:56:35.0218 0x0d8c [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:56:35.0375 0x0d8c dmboot - ok
18:56:35.0390 0x0d8c [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
18:56:35.0500 0x0d8c dmio - ok
18:56:35.0546 0x0d8c [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:56:35.0671 0x0d8c dmload - ok
18:56:35.0703 0x0d8c [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll
18:56:35.0843 0x0d8c dmserver - ok
18:56:35.0890 0x0d8c [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:56:36.0000 0x0d8c DMusic - ok
18:56:36.0078 0x0d8c [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:56:36.0171 0x0d8c Dnscache - ok
18:56:36.0250 0x0d8c [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:56:36.0343 0x0d8c Dot3svc - ok
18:56:36.0406 0x0d8c [ 3E4B043F8BC6BE1D4820CC6C9C500306, 41F5AB9F3D65FEF3AB50562A3B91A3268B887CCF7FE5FC9D49478147700C72F4 ] Dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
18:56:36.0500 0x0d8c Dot4 - ok
18:56:36.0578 0x0d8c [ 77CE63A8A34AE23D9FE4C7896D1DEBE7, FC17B00AEDC57AC436EACD2D576642098479E5CE10A42775D339B66A53460DC7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
18:56:36.0703 0x0d8c Dot4Print - ok
18:56:36.0750 0x0d8c [ BD05306428DA63369692477DDC0F6F5F, DE2FC729A64695AF604D2DC64DF2A0C89598EB81E6D9953732B23E509116C398 ] Dot4Scan C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
18:56:36.0875 0x0d8c Dot4Scan - ok
18:56:36.0890 0x0d8c dpti2o - ok
18:56:36.0921 0x0d8c [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:56:37.0062 0x0d8c drmkaud - ok
18:56:37.0125 0x0d8c [ 1FC1EED3EA0C3A0ECF8A95B97E1B4831, 162CA60AFEEB45C45BA986D21660F23CF2432645993D4FAB8C8AE27CE40DA9AF ] dvd43llh C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
18:56:37.0171 0x0d8c dvd43llh - detected UnsignedFile.Multi.Generic ( 1 )
18:56:39.0750 0x0d8c Detect skipped due to KSN trusted
18:56:39.0750 0x0d8c dvd43llh - ok
18:56:39.0812 0x0d8c [ 8942419786970ADB32B05BB7950AEE72, 0AF023A9AABD75E2AA54A26E54A62314DDEC7320C15C33950F1B9CBC48E2D40D ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
18:56:39.0828 0x0d8c e1express - ok
18:56:39.0906 0x0d8c [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:56:40.0031 0x0d8c EapHost - ok
18:56:40.0093 0x0d8c [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:56:40.0187 0x0d8c ERSvc - ok
18:56:40.0250 0x0d8c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe
18:56:40.0343 0x0d8c Eventlog - ok
18:56:40.0406 0x0d8c [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll
18:56:40.0468 0x0d8c EventSystem - ok
18:56:40.0531 0x0d8c [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:56:40.0656 0x0d8c Fastfat - ok
18:56:40.0703 0x0d8c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:56:40.0765 0x0d8c FastUserSwitchingCompatibility - ok
18:56:40.0796 0x0d8c [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
18:56:40.0906 0x0d8c Fdc - ok
18:56:40.0984 0x0d8c [ D59274041BBDBFBECD05B92C0C28B51F, 7C77CFBCE051567244C6E662D51091CD412139D2B7F730D70EE78F4FE35F0FB1 ] FilterService C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
18:56:41.0000 0x0d8c FilterService - ok
18:56:41.0015 0x0d8c [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:56:41.0125 0x0d8c Fips - ok
18:56:41.0187 0x0d8c [ C2A2D3571FF37449E40B3C4B7D6D4D2B, E92B1F2E951A03700CD240147F35EE49D23DB86745042AE7DCCDDFC47178E48F ] flash C:\WINDOWS\system32\drivers\flash.sys
18:56:41.0203 0x0d8c flash - detected UnsignedFile.Multi.Generic ( 1 )
18:56:43.0734 0x0d8c Detect skipped due to KSN trusted
18:56:43.0734 0x0d8c flash - ok
18:56:43.0812 0x0d8c [ 0B9167ADFE8E42B6B4C5E929BFBC7080, 75C65DE491822BA2892BD93FDA6CF4BDCC35900D1650238C5C1EC3CB5089CD3B ] FlipShare Service C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
18:56:43.0843 0x0d8c FlipShare Service - ok
18:56:43.0890 0x0d8c [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:56:43.0984 0x0d8c Flpydisk - ok
18:56:44.0031 0x0d8c [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:56:44.0156 0x0d8c FltMgr - ok
18:56:44.0203 0x0d8c [ 25A6A4FE918BE28B75C5CD3F32A46B3C, B9DAC7FD860CA67F5E10709EF6607D0F3CC5D6D05F8065A37E9D996FF7C83B93 ] fltsrv C:\WINDOWS\system32\DRIVERS\fltsrv.sys
18:56:44.0218 0x0d8c fltsrv - ok
18:56:44.0312 0x0d8c [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:56:44.0328 0x0d8c FontCache3.0.0.0 - ok
18:56:44.0390 0x0d8c [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:56:44.0515 0x0d8c Fs_Rec - ok
18:56:44.0515 0x0d8c [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:56:44.0625 0x0d8c Ftdisk - ok
18:56:44.0656 0x0d8c [ 065639773D8B03F33577F6CDAEA21063, F20D0F3256F5F894CCA48755B23679619B5D02A0F64A142FC6CB619FC0952067 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
18:56:44.0781 0x0d8c gameenum - ok
18:56:44.0843 0x0d8c [ 77EBF3E9386DAA51551AF429052D88D0, 94C3294BB9E14B07448734AE65B37801D3FF15BEC987D182A929A017FEF7B276 ] giveio C:\WINDOWS\system32\giveio.sys
18:56:44.0859 0x0d8c giveio - detected UnsignedFile.Multi.Generic ( 1 )
18:56:47.0296 0x0d8c Detect skipped due to KSN trusted
18:56:47.0296 0x0d8c giveio - ok
18:56:47.0343 0x0d8c [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:56:47.0437 0x0d8c Gpc - ok
18:56:47.0515 0x0d8c [ CEC45180029F1012054A41CEEEA9CEAB, FCE330FB9E4A9BA0BD1C31D94A5A73034175DB5FF4115009B3B3FFE327E31995 ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
18:56:47.0515 0x0d8c grmnusb - ok
18:56:47.0640 0x0d8c [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:56:47.0656 0x0d8c gupdate - ok
18:56:47.0671 0x0d8c [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:56:47.0687 0x0d8c gupdatem - ok
18:56:47.0750 0x0d8c [ D13AFC144B6DA99B7B487AAFE7178DB6, 35D4C81427A201AD2958B1259887C1810A00F6A52A5814F9CDD1D786F8FE5073 ] HCW88BDA C:\WINDOWS\system32\drivers\hcw88bda.sys
18:56:47.0843 0x0d8c HCW88BDA - ok
18:56:47.0859 0x0d8c [ 026EBFDEF35D39858CE0D95FE5F4EF36, 0C9C9085FD805843D37367DD52F7F006243D42C8F8DC7061D3045EAF1B27CF26 ] hcw88rc5 C:\WINDOWS\system32\Drivers\hcw88rc5.sys
18:56:47.0906 0x0d8c hcw88rc5 - ok
18:56:47.0953 0x0d8c [ 89A64422C026265B59107607137044E6, 01C0C797FF452754E69039596D7A0CE7A3A5640C40C02DE81AC517900248C4CB ] HCW88TSE C:\WINDOWS\system32\drivers\hcw88tse.sys
18:56:48.0031 0x0d8c HCW88TSE - ok
18:56:48.0062 0x0d8c [ 927D846B8FFE449A98EC0F3C61C9A952, 9F172409679326048B43EA357A231AB7E1651E5C630AB046CAF3219132C0832A ] hcw88vid C:\WINDOWS\system32\drivers\hcw88vid.sys
18:56:48.0093 0x0d8c hcw88vid - ok
18:56:48.0187 0x0d8c [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:56:48.0281 0x0d8c HDAudBus - ok
18:56:48.0406 0x0d8c [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:56:48.0500 0x0d8c helpsvc - ok
18:56:48.0531 0x0d8c HidServ - ok
18:56:48.0578 0x0d8c [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:56:48.0703 0x0d8c hidusb - ok
18:56:48.0734 0x0d8c [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:56:48.0828 0x0d8c hkmsvc - ok
18:56:48.0921 0x0d8c [ E4E0B356A8756066CF89080D9DA69F22, FE4205E2CE29653F1DCD601B91006852A11326018C9087685FC649E7491EC364 ] HPFXBULK C:\WINDOWS\system32\drivers\hpfxbulk.sys
18:56:49.0000 0x0d8c HPFXBULK - ok
18:56:49.0015 0x0d8c hpn - ok
18:56:49.0031 0x0d8c hpt3xx - ok
18:56:49.0062 0x0d8c [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:56:49.0125 0x0d8c HPZid412 - ok
18:56:49.0140 0x0d8c [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:56:49.0171 0x0d8c HPZipr12 - ok
18:56:49.0218 0x0d8c [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:56:49.0250 0x0d8c HPZius12 - ok
18:56:49.0328 0x0d8c [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:56:49.0343 0x0d8c HTTP - ok
18:56:49.0406 0x0d8c [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:56:49.0562 0x0d8c HTTPFilter - ok
18:56:49.0578 0x0d8c i2omgmt - ok
18:56:49.0578 0x0d8c i2omp - ok
18:56:49.0640 0x0d8c [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:56:49.0750 0x0d8c i8042prt - ok
18:56:49.0828 0x0d8c [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:56:49.0828 0x0d8c IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
18:56:52.0265 0x0d8c Detect skipped due to KSN trusted
18:56:52.0265 0x0d8c IDriverT - ok
18:56:52.0359 0x0d8c [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:56:52.0421 0x0d8c idsvc - ok
18:56:52.0453 0x0d8c [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:56:52.0562 0x0d8c Imapi - ok
18:56:52.0625 0x0d8c [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe
18:56:52.0750 0x0d8c ImapiService - ok
18:56:52.0765 0x0d8c InCDFs - ok
18:56:52.0781 0x0d8c InCDPass - ok
18:56:52.0812 0x0d8c InCDRm - ok
18:56:52.0828 0x0d8c ini910u - ok
18:56:52.0859 0x0d8c IntelIde - ok
18:56:52.0921 0x0d8c [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:56:53.0015 0x0d8c intelppm - ok
18:56:53.0046 0x0d8c [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:56:53.0156 0x0d8c ip6fw - ok
18:56:53.0203 0x0d8c [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:56:53.0296 0x0d8c IpFilterDriver - ok
18:56:53.0328 0x0d8c [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:56:53.0421 0x0d8c IpInIp - ok
18:56:53.0484 0x0d8c [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:56:53.0593 0x0d8c IpNat - ok
18:56:53.0640 0x0d8c [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:56:53.0750 0x0d8c IPSec - ok
18:56:53.0796 0x0d8c [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:56:53.0843 0x0d8c IRENUM - ok
18:56:53.0890 0x0d8c [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:56:54.0000 0x0d8c isapnp - ok
18:56:54.0015 0x0d8c jtft - ok
18:56:54.0078 0x0d8c [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:56:54.0156 0x0d8c Kbdclass - ok
18:56:54.0187 0x0d8c [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:56:54.0265 0x0d8c kbdhid - ok
18:56:54.0296 0x0d8c [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:56:54.0406 0x0d8c kmixer - ok
18:56:54.0437 0x0d8c [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:56:54.0515 0x0d8c KSecDD - ok
18:56:54.0578 0x0d8c [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:56:54.0640 0x0d8c lanmanserver - ok
18:56:54.0703 0x0d8c [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:56:54.0796 0x0d8c lanmanworkstation - ok
18:56:54.0812 0x0d8c lbrtfdc - ok
18:56:54.0890 0x0d8c [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:56:54.0984 0x0d8c LmHosts - ok
18:56:55.0062 0x0d8c [ 32933B07FC16D9F778BEE12545FA1B1A, 73CCDD4EBA90138820624FFEFC629EFA3B15FF395D9F31CC4C4678713ECB1F23 ] LPDSVC C:\WINDOWS\System32\tcpsvcs.exe
18:56:55.0171 0x0d8c LPDSVC - ok
18:56:55.0250 0x0d8c [ 6917B407DBEC11B3A078ABFC2EC2AC7C, F8E443AAD7AAE52EFF8BAAAAD3A484544562BF68B3BCA0EA03D15458A43C0BE2 ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
18:56:55.0265 0x0d8c LVRS - ok
18:56:55.0625 0x0d8c [ 44876E70E07E9A653BBE423DBFA35A1A, 8BB4C5924A692AE1130F73668761D58F8E8EFF75E3DD174D3E0E52005F200816 ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
18:56:56.0078 0x0d8c LVUVC - ok
18:56:56.0250 0x0d8c [ 7B13EC429A7550D2C3671F3016D6C919, 07063C03CE48C9AF00F91EEB2679DA9E53F2681B7297CFA531832E72B21FD80E ] MAGIX StartUp Analyze Service C:\Program Files\MAGIX\PC_Check_Tuning_2012_Download_Version\MXSAS.exe
18:56:56.0281 0x0d8c MAGIX StartUp Analyze Service - detected UnsignedFile.Multi.Generic ( 1 )
18:57:06.0281 0x0d8c MAGIX StartUp Analyze Service ( UnsignedFile.Multi.Generic ) - warning
18:57:09.0765 0x0d8c [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:57:09.0875 0x0d8c Messenger - ok
18:57:09.0906 0x0d8c [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:57:10.0031 0x0d8c mnmdd - ok
18:57:10.0093 0x0d8c [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
18:57:10.0187 0x0d8c mnmsrvc - ok
18:57:10.0203 0x0d8c [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:57:10.0328 0x0d8c Modem - ok
18:57:10.0359 0x0d8c [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:57:10.0468 0x0d8c Mouclass - ok
18:57:10.0531 0x0d8c [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:57:10.0625 0x0d8c mouhid - ok
18:57:10.0640 0x0d8c [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:57:10.0750 0x0d8c MountMgr - ok
18:57:10.0812 0x0d8c [ C0F8E0C2C3C0437CF37C6781896DC3EC, 12196EF5A94BD011B5D578E755B51424E3238437A028CC1EDFB53138C00D3339 ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
18:57:10.0890 0x0d8c MPE - ok
18:57:10.0953 0x0d8c [ 8072A7BB35D92CC621AC2605EEF79BC4, 68F61BE84A5032CEC24F04C90DACA1AE78F3744016389BE2345256B26E44E09A ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
18:57:10.0984 0x0d8c MpFilter - ok
18:57:11.0000 0x0d8c mraid35x - ok
18:57:11.0031 0x0d8c [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:57:11.0140 0x0d8c MRxDAV - ok
18:57:11.0234 0x0d8c [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:57:11.0312 0x0d8c MRxSmb - ok
18:57:11.0359 0x0d8c [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\System32\msdtc.exe
18:57:11.0453 0x0d8c MSDTC - ok
18:57:11.0515 0x0d8c [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:57:11.0625 0x0d8c Msfs - ok
18:57:11.0640 0x0d8c MSIServer - ok
18:57:11.0687 0x0d8c [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:57:11.0796 0x0d8c MSKSSRV - ok
18:57:11.0906 0x0d8c [ 1EE3643D1AA747222427F63353611AD7, 18465E375485DF4E980121449077D5BA87C25C5FA8D86F40DA3B7BE153306766 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:57:11.0937 0x0d8c MsMpSvc - ok
18:57:11.0953 0x0d8c [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:57:12.0062 0x0d8c MSPCLOCK - ok
18:57:12.0093 0x0d8c [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:57:12.0171 0x0d8c MSPQM - ok
18:57:12.0218 0x0d8c [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:57:12.0312 0x0d8c mssmbios - ok
18:57:12.0343 0x0d8c [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
18:57:12.0437 0x0d8c MSTEE - ok
18:57:12.0500 0x0d8c [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:57:12.0546 0x0d8c Mup - ok
18:57:12.0578 0x0d8c [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:57:12.0687 0x0d8c NABTSFEC - ok
18:57:12.0750 0x0d8c [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:57:12.0859 0x0d8c napagent - ok
18:57:13.0031 0x0d8c [ 1BBBF640BC0E0B750537BAECE8D66C18, 621C1130B0C48AA900D78097E1685507A614AA9953644972C572DE267B2A6348 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
18:57:13.0078 0x0d8c NAUpdate - ok
18:57:13.0140 0x0d8c [ E240F3204E86B7B6CCF266B2A2AD32B4, 38DEDD8E25E582455435C0BA3A554D7F05FFB02FD25D933EB8D3B40CFC942FDC ] NBVol C:\WINDOWS\system32\DRIVERS\NBVol.sys
18:57:13.0156 0x0d8c NBVol - ok
18:57:13.0187 0x0d8c [ C0CF3CCCCE3C75F7280C89029AB47866, 5AC7D6332AD30B489D4AE1E2945B968D445F1AA44A985B5D9395652E7D993857 ] NBVolUp C:\WINDOWS\system32\DRIVERS\NBVolUp.sys
18:57:13.0203 0x0d8c NBVolUp - ok
18:57:13.0234 0x0d8c [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:57:13.0343 0x0d8c NDIS - ok
18:57:13.0375 0x0d8c [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:57:13.0484 0x0d8c NdisIP - ok
18:57:13.0546 0x0d8c [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:57:13.0609 0x0d8c NdisTapi - ok
18:57:13.0640 0x0d8c [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:57:13.0750 0x0d8c Ndisuio - ok
18:57:13.0765 0x0d8c [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:57:13.0875 0x0d8c NdisWan - ok
18:57:13.0921 0x0d8c [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:57:14.0046 0x0d8c NDProxy - ok
18:57:14.0062 0x0d8c [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:57:14.0187 0x0d8c NetBIOS - ok
18:57:14.0234 0x0d8c [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:57:14.0343 0x0d8c NetBT - ok
18:57:14.0390 0x0d8c [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe
18:57:14.0500 0x0d8c NetDDE - ok
18:57:14.0515 0x0d8c [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:57:14.0609 0x0d8c NetDDEdsdm - ok
18:57:14.0656 0x0d8c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:57:14.0750 0x0d8c Netlogon - ok
18:57:14.0796 0x0d8c [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll
18:57:14.0906 0x0d8c Netman - ok
18:57:14.0937 0x0d8c [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:57:14.0953 0x0d8c NetTcpPortSharing - ok
18:57:15.0000 0x0d8c [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:57:15.0125 0x0d8c NIC1394 - ok
18:57:15.0156 0x0d8c [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll
18:57:15.0187 0x0d8c Nla - ok
18:57:15.0218 0x0d8c [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:57:15.0312 0x0d8c Npfs - ok
18:57:15.0359 0x0d8c [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:57:15.0500 0x0d8c Ntfs - ok
18:57:15.0515 0x0d8c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:57:15.0609 0x0d8c NtLmSsp - ok
18:57:15.0656 0x0d8c [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:57:15.0765 0x0d8c NtmsSvc - ok
18:57:15.0812 0x0d8c [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
18:57:15.0906 0x0d8c Null - ok
18:57:15.0968 0x0d8c [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:57:16.0078 0x0d8c NwlnkFlt - ok
18:57:16.0109 0x0d8c [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:57:16.0203 0x0d8c NwlnkFwd - ok
18:57:16.0218 0x0d8c [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:57:16.0328 0x0d8c ohci1394 - ok
18:57:16.0468 0x0d8c [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:57:16.0484 0x0d8c ose - ok
18:57:16.0500 0x0d8c [ C90018BAFDC7098619A4A95B046B30F3, 1826E46F237AD65BA189B83803A46A6C2B29089C1BA146106ADD9F2B04D4A89D ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
18:57:16.0593 0x0d8c P3 - ok
18:57:16.0625 0x0d8c [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
18:57:16.0718 0x0d8c Parport - ok
18:57:16.0734 0x0d8c [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:57:16.0875 0x0d8c PartMgr - ok
18:57:16.0921 0x0d8c [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:57:17.0015 0x0d8c ParVdm - ok
18:57:17.0078 0x0d8c [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:57:17.0171 0x0d8c PCI - ok
18:57:17.0187 0x0d8c PCIDump - ok
18:57:17.0250 0x0d8c [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:57:17.0343 0x0d8c PCIIde - ok
18:57:17.0375 0x0d8c [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:57:17.0468 0x0d8c Pcmcia - ok
18:57:17.0484 0x0d8c PDCOMP - ok
18:57:17.0500 0x0d8c PDFRAME - ok
18:57:17.0531 0x0d8c PDRELI - ok
18:57:17.0531 0x0d8c PDRFRAME - ok
18:57:17.0562 0x0d8c perc2 - ok
18:57:17.0593 0x0d8c perc2hib - ok
18:57:17.0656 0x0d8c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe
18:57:17.0671 0x0d8c PlugPlay - ok
18:57:17.0718 0x0d8c [ 1AFE811B89E3AFB6505E75070332D5AC, C32FACA4C9172580B974EF0D45F644A808D37FFE1C1C28BBC7D671DA65BD1244 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
18:57:17.0828 0x0d8c Pml Driver HPZ12 - ok
18:57:17.0875 0x0d8c [ C9E532AE03AE66C65F25CA527029E917, 95C245749853B5A3935CAD7ECC270BA303EAE5532100D6441276636E93EF9ADA ] pmxmouse C:\WINDOWS\system32\DRIVERS\pmxmouse.sys
18:57:17.0968 0x0d8c pmxmouse - ok
18:57:18.0000 0x0d8c [ 970F5F7D1A8B0E7B05743C3704133ABE, E96156EF9E745A01096E04A8A8DF01F4AB7106BC658A8612E3767A8139C856E5 ] pmxps2m C:\WINDOWS\system32\DRIVERS\pmxps2m.sys
18:57:18.0015 0x0d8c pmxps2m - ok
18:57:18.0078 0x0d8c [ 1971E853B598BF9BAABFF2B652E5CD4D, 26871676ED1461F80189575E07E3E1F88B277E00BC890C862EA6B23F291D6A25 ] pmxusblf C:\WINDOWS\system32\DRIVERS\pmxusblf.sys
18:57:18.0125 0x0d8c pmxusblf - ok
18:57:18.0171 0x0d8c [ 713E294439D982BB161317DE0136FAA0, 439DE38F993B3EBFAE7053A90AE5EA47BEEF02E28E261F23CA6A6037FC3676C4 ] pneteth C:\WINDOWS\system32\DRIVERS\pneteth.sys
18:57:18.0203 0x0d8c pneteth - detected UnsignedFile.Multi.Generic ( 1 )
18:57:20.0703 0x0d8c Detect skipped due to KSN trusted
18:57:20.0703 0x0d8c pneteth - ok
18:57:20.0765 0x0d8c [ C10F672B794DC67C96AE1392BFEC8585, F07DCFACF2AAA17EF19248D7EC73B4D0D6CAAE9F98B8C8E2CC987CCA44F1E263 ] Pnp680r C:\WINDOWS\system32\DRIVERS\pnp680r.sys
18:57:20.0781 0x0d8c Pnp680r - ok
18:57:20.0812 0x0d8c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:57:20.0890 0x0d8c PolicyAgent - ok
18:57:20.0953 0x0d8c [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:57:21.0078 0x0d8c PptpMiniport - ok
18:57:21.0109 0x0d8c [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
18:57:21.0218 0x0d8c Processor - ok
18:57:21.0234 0x0d8c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:57:21.0328 0x0d8c ProtectedStorage - ok
18:57:21.0359 0x0d8c [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:57:21.0453 0x0d8c PSched - ok
18:57:21.0468 0x0d8c [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:57:21.0578 0x0d8c Ptilink - ok
18:57:21.0640 0x0d8c [ 86724469CD077901706854974CD13C3E, 23C6B45928E43AC2893033DFC4265C2C87B3D185CB20553B9EAB818A46FB8C18 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:57:21.0640 0x0d8c PxHelp20 - detected UnsignedFile.Multi.Generic ( 1 )
18:57:24.0171 0x0d8c Detect skipped due to KSN trusted
18:57:24.0171 0x0d8c PxHelp20 - ok
18:57:24.0187 0x0d8c ql1080 - ok
18:57:24.0203 0x0d8c Ql10wnt - ok
18:57:24.0218 0x0d8c ql12160 - ok
18:57:24.0250 0x0d8c ql1240 - ok
18:57:24.0265 0x0d8c ql1280 - ok
18:57:24.0296 0x0d8c [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:57:24.0375 0x0d8c RasAcd - ok
18:57:24.0437 0x0d8c [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:57:24.0546 0x0d8c RasAuto - ok
18:57:24.0578 0x0d8c [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:57:24.0671 0x0d8c Rasl2tp - ok
18:57:24.0734 0x0d8c [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:57:24.0828 0x0d8c RasMan - ok
18:57:24.0859 0x0d8c [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:57:24.0968 0x0d8c RasPppoe - ok
18:57:24.0984 0x0d8c [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:57:25.0078 0x0d8c Raspti - ok
18:57:25.0109 0x0d8c [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:57:25.0218 0x0d8c Rdbss - ok
18:57:25.0234 0x0d8c [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:57:25.0343 0x0d8c RDPCDD - ok
18:57:25.0390 0x0d8c [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:57:25.0500 0x0d8c rdpdr - ok
18:57:25.0578 0x0d8c [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:57:25.0656 0x0d8c RDPWD - ok
18:57:25.0703 0x0d8c [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:57:25.0796 0x0d8c RDSessMgr - ok
18:57:25.0859 0x0d8c [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:57:25.0968 0x0d8c redbook - ok
18:57:26.0031 0x0d8c [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:57:26.0125 0x0d8c RemoteAccess - ok
18:57:26.0171 0x0d8c [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:57:26.0281 0x0d8c RemoteRegistry - ok
18:57:26.0343 0x0d8c [ 8B5B8A11306190C6963D3473F052D3C8, BEBCCA8109C742447C862907B7A3924548303AC720E3FB16563F24DF3238F82B ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys
18:57:26.0359 0x0d8c Revoflt - ok
18:57:26.0375 0x0d8c [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe
18:57:26.0484 0x0d8c RpcLocator - ok
18:57:26.0531 0x0d8c [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\System32\rpcss.dll
18:57:26.0562 0x0d8c RpcSs - ok
18:57:26.0609 0x0d8c [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:57:26.0718 0x0d8c RSVP - ok
18:57:26.0750 0x0d8c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe
18:57:26.0828 0x0d8c SamSs - ok
18:57:26.0906 0x0d8c [ 412BD8371D7D355AF392D38913755CE8, 6BF3A4665C26014CDE25CCDFBDC5706DF0899E43446FF512A24FD4699288143B ] SandraDataSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
18:57:26.0953 0x0d8c SandraDataSrv - detected UnsignedFile.Multi.Generic ( 1 )
18:57:29.0531 0x0d8c Detect skipped due to KSN trusted
18:57:29.0531 0x0d8c SandraDataSrv - ok
18:57:29.0625 0x0d8c [ EECAFAB1EB81EB3EAC22276A9E13179D, 6768EC1773E798AF1970671B68AC44963983F972A0E991AEB9C70E5D140EE392 ] SandraTheSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
18:57:29.0687 0x0d8c SandraTheSrv - detected UnsignedFile.Multi.Generic ( 1 )
18:57:32.0125 0x0d8c Detect skipped due to KSN trusted
18:57:32.0125 0x0d8c SandraTheSrv - ok
18:57:32.0156 0x0d8c [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:57:32.0250 0x0d8c SCardSvr - ok
18:57:32.0296 0x0d8c [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:57:32.0421 0x0d8c Schedule - ok
18:57:32.0500 0x0d8c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:57:32.0546 0x0d8c Secdrv - ok
18:57:32.0593 0x0d8c [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:57:32.0687 0x0d8c seclogon - ok
18:57:32.0734 0x0d8c [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll
18:57:32.0843 0x0d8c SENS - ok
18:57:32.0906 0x0d8c [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
18:57:33.0015 0x0d8c serenum - ok
18:57:33.0046 0x0d8c [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
18:57:33.0171 0x0d8c Serial - ok
18:57:33.0281 0x0d8c [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
18:57:33.0390 0x0d8c Sfloppy - ok
18:57:33.0453 0x0d8c [ 5FE18FFF6FBCF218290042009EAB023D, 5F60E893ABD83D5BF01F1DA23C7E2ED2AA727F3115909DEA1EC7A0A11C8FB8D9 ] sfng32 C:\WINDOWS\system32\drivers\sfng32.sys
18:57:33.0468 0x0d8c sfng32 - detected UnsignedFile.Multi.Generic ( 1 )
18:57:36.0015 0x0d8c Detect skipped due to KSN trusted
18:57:36.0015 0x0d8c sfng32 - ok
18:57:36.0078 0x0d8c [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:57:36.0203 0x0d8c SharedAccess - ok
18:57:36.0250 0x0d8c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:57:36.0265 0x0d8c ShellHWDetection - ok
18:57:36.0281 0x0d8c Simbad - ok
18:57:36.0359 0x0d8c [ C1E381B6E480DD936D92E1AED5BE29C4, 1727E3289C31D296BCE749948F95753A3414A7F3EA1F6CD2A9AD33FFB85D97F0 ] SiS300i C:\WINDOWS\system32\DRIVERS\sis300ip.sys
18:57:36.0468 0x0d8c SiS300i - ok
18:57:36.0500 0x0d8c [ 5FCC7A133975F616797B090BB780F7CB, E9F5AA4A3CA0FBEF386E477F03D3B4733E4D8E685051E8A2DFBF7EFF6BE74334 ] SiS630 C:\WINDOWS\system32\DRIVERS\sis630p.sys
18:57:36.0546 0x0d8c SiS630 - ok
18:57:36.0625 0x0d8c [ 42ED0CB0D7BE759A6F69A572B6F44AD2, 7C16A8367BD47E53459FC8896933DDF40D38B4611B17DEFB45A4FAB642F04968 ] SiS7018 C:\WINDOWS\system32\drivers\sis7018.sys
18:57:36.0671 0x0d8c SiS7018 - ok
18:57:36.0734 0x0d8c [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:57:36.0828 0x0d8c sisagp - ok
18:57:36.0875 0x0d8c [ B4485881BD8AED9B157A2E6CF43C2D51, 9B6C3E896D4F5763B8364EE54E86737C60A9638453BF64E3A1AB9BC2990CB7FD ] SiSide C:\WINDOWS\system32\DRIVERS\siside.sys
18:57:36.0921 0x0d8c SiSide - ok
18:57:36.0953 0x0d8c [ 6225224B8E846AC230F8D9B343635910, F8B7439062DCAA16845377C4496EED3B542EB81CE0F8D4CF603EB4B0D63E307C ] sisidex C:\WINDOWS\system32\drivers\sisidex.sys
18:57:36.0953 0x0d8c sisidex - detected UnsignedFile.Multi.Generic ( 1 )
18:57:39.0484 0x0d8c Detect skipped due to KSN trusted
18:57:39.0484 0x0d8c sisidex - ok
18:57:39.0515 0x0d8c [ 3FBB6EF8B5A71A2FA11F5F461BB73219, E71F7BB8F690351ACB0C02B2BC01F8837F55645B9BF7682C0F9329BA00637F0A ] SISNIC C:\WINDOWS\system32\DRIVERS\sisnic.sys
18:57:39.0625 0x0d8c SISNIC - ok
18:57:39.0656 0x0d8c [ A1348A901A44760CCD76043525E851D0, 170ECAD37A62CF102FBA14B12FF96D0045B9B2D247E881C41FC29141224E8F4F ] SISNICXP C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
18:57:39.0703 0x0d8c SISNICXP - ok
18:57:39.0718 0x0d8c [ 596D4A7052002D2BD344D8937DA6F66D, 078330A9DD88603D839B470A40C3A34EB117F8CE9A98EFB2258514CE70D4FB33 ] sisperf C:\WINDOWS\system32\drivers\sisperf.sys
18:57:39.0750 0x0d8c sisperf - detected UnsignedFile.Multi.Generic ( 1 )
18:57:42.0281 0x0d8c Detect skipped due to KSN trusted
18:57:42.0281 0x0d8c sisperf - ok
18:57:42.0390 0x0d8c [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:57:42.0406 0x0d8c SkypeUpdate - ok
18:57:42.0453 0x0d8c [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:57:42.0562 0x0d8c SLIP - ok
18:57:42.0609 0x0d8c [ AF0C80CBC0A2C29462F84FBF74BE59BD, 22741C103F8E85F1A4D3F17008048D22413E71941EFC78174DEC8445CA0A5F63 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
18:57:42.0640 0x0d8c snapman - ok
18:57:42.0656 0x0d8c snpstd2 - ok
18:57:42.0671 0x0d8c Sparrow - ok
18:57:42.0703 0x0d8c [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:57:42.0796 0x0d8c splitter - ok
18:57:42.0859 0x0d8c [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:57:42.0890 0x0d8c Spooler - ok
18:57:42.0937 0x0d8c [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:57:43.0015 0x0d8c sr - ok
18:57:43.0078 0x0d8c [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll
18:57:43.0156 0x0d8c srservice - ok
18:57:43.0203 0x0d8c [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:57:43.0328 0x0d8c Srv - ok
18:57:43.0375 0x0d8c [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:57:43.0437 0x0d8c SSDPSRV - ok
18:57:43.0515 0x0d8c [ 797FCC1D859B203958E915BB82528DA9, CF2BB15ED03322323CEFAD2D9600959ADB41B22E22D78D81E79969C784F09A66 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
18:57:43.0671 0x0d8c STHDA - ok
18:57:43.0718 0x0d8c [ A9573045BAA16EAB9B1085205B82F1ED, 6A4D68BCD4968C17451EB1C4AB420FFA844D089845520D222BC4A2BD14583C56 ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
18:57:43.0812 0x0d8c StillCam - ok
18:57:43.0890 0x0d8c [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:57:44.0031 0x0d8c stisvc - ok
18:57:44.0078 0x0d8c [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:57:44.0187 0x0d8c streamip - ok
18:57:44.0218 0x0d8c [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:57:44.0328 0x0d8c swenum - ok
18:57:44.0359 0x0d8c [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:57:44.0468 0x0d8c swmidi - ok
18:57:44.0484 0x0d8c SwPrv - ok
18:57:44.0515 0x0d8c symc810 - ok
18:57:44.0531 0x0d8c symc8xx - ok
18:57:44.0562 0x0d8c sym_hi - ok
18:57:44.0578 0x0d8c sym_u3 - ok
18:57:45.0031 0x0d8c [ 90AF612759E5351C3A64A4E7B9375ED4, B1A4456AC89CDEC5D98F71D4D43B6F009ED1463E4FE4097F18950D0DBF256B1E ] syncagentsrv C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
18:57:45.0531 0x0d8c syncagentsrv - ok
18:57:45.0593 0x0d8c [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:57:45.0687 0x0d8c sysaudio - ok
18:57:45.0734 0x0d8c [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:57:45.0843 0x0d8c SysmonLog - ok
18:57:45.0921 0x0d8c [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:57:46.0031 0x0d8c TapiSrv - ok
18:57:46.0109 0x0d8c [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:57:46.0171 0x0d8c Tcpip - ok
18:57:46.0234 0x0d8c [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7, D084EFE07AC200672A1CE7BB8AE736612B3E353271188D26E29EC973E26E1F5F ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
18:57:46.0250 0x0d8c Tcpip6 - ok
18:57:46.0296 0x0d8c [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:57:46.0390 0x0d8c TDPIPE - ok
18:57:46.0500 0x0d8c [ D6755D59F40B082AD04109F34C909E04, 4D0236133C3227D79161549082EE3C5DB763285A4E8B47F1EFB2A9A94547DE6E ] tdrpman C:\WINDOWS\system32\DRIVERS\tdrpman.sys
18:57:46.0546 0x0d8c tdrpman - ok
18:57:46.0562 0x0d8c [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:57:46.0656 0x0d8c TDTCP - ok
18:57:46.0703 0x0d8c [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:57:46.0828 0x0d8c TermDD - ok
18:57:46.0890 0x0d8c [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll
18:57:47.0000 0x0d8c TermService - ok
18:57:47.0031 0x0d8c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll
18:57:47.0046 0x0d8c Themes - ok
18:57:47.0125 0x0d8c [ D8101E21C746F8234B3DB6AACC3A55BB, 24D1EAF7B7625A41FE4B0CF667D2A1CD3DA84A4E8EE1CAC36276D48703416E9D ] tib C:\WINDOWS\system32\DRIVERS\tib.sys
18:57:47.0171 0x0d8c tib - ok
18:57:47.0203 0x0d8c [ 02CF2A181BC2DEF83166CFF678575185, 3FEFF0C32E9890E0B69EBDA4CEECC64D7C7D4AF05EE9CBD18837E6C37955299C ] tib_mounter C:\WINDOWS\system32\DRIVERS\tib_mounter.sys
18:57:47.0234 0x0d8c tib_mounter - ok
18:57:47.0265 0x0d8c [ B0B3122BFF3910E0BA97014045467778, C4D8A2A9C18C24B609B084DD63F059E177B42D018C1975458857463239624156 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
18:57:47.0281 0x0d8c tifsfilter - ok
18:57:47.0312 0x0d8c [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
18:57:47.0390 0x0d8c TlntSvr - ok
18:57:47.0406 0x0d8c TosIde - ok
18:57:47.0453 0x0d8c [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:57:47.0546 0x0d8c TrkWks - ok
18:57:47.0578 0x0d8c [ 8F861EDA21C05857EB8197300A92501C, 374FF9464F273610A051B9220C8D20F01FD4DD029095A7BE37244E20C5C8B5BB ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
18:57:47.0671 0x0d8c tunmp - ok
18:57:47.0750 0x0d8c [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:57:47.0859 0x0d8c Udfs - ok
18:57:47.0875 0x0d8c ultra - ok
18:57:47.0937 0x0d8c [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:57:48.0062 0x0d8c Update - ok
18:57:48.0109 0x0d8c [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll
18:57:48.0187 0x0d8c upnphost - ok
18:57:48.0203 0x0d8c [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe
18:57:48.0296 0x0d8c UPS - ok
18:57:48.0359 0x0d8c [ 1823B0ED702146E171A9033ED2C09D74, C0C83B0E6057014192665711FC3A9828B74C65B566F32EA410AD366E9132D57B ] Usb20Scan C:\WINDOWS\system32\Drivers\cresscan.sys
18:57:48.0406 0x0d8c Usb20Scan - ok
18:57:48.0468 0x0d8c [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
18:57:48.0531 0x0d8c usbaudio - ok
18:57:48.0578 0x0d8c [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:57:48.0609 0x0d8c usbccgp - ok
18:57:48.0656 0x0d8c [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:57:48.0671 0x0d8c usbehci - ok
18:57:48.0718 0x0d8c [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:57:48.0812 0x0d8c usbhub - ok
18:57:48.0875 0x0d8c [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:57:48.0984 0x0d8c usbohci - ok
18:57:49.0031 0x0d8c [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:57:49.0140 0x0d8c usbprint - ok
18:57:49.0203 0x0d8c [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:57:49.0265 0x0d8c usbscan - ok
18:57:49.0640 0x0d8c [ 264C4E4AC6ECEFDFD5D30B9FC4876CB7, BCCBAA3EF384390C851A4CDDFA89D0CFB8F3C99DACF7E54E466779D3DC3F2AB7 ] usbsnoop C:\WINDOWS\system32\DRIVERS\USBSNOOP.SYS
18:57:50.0156 0x0d8c usbsnoop - detected UnsignedFile.Multi.Generic ( 1 )
18:57:52.0828 0x0d8c usbsnoop ( UnsignedFile.Multi.Generic ) - warning
18:57:55.0296 0x0d8c [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:57:55.0406 0x0d8c usbstor - ok
18:57:55.0437 0x0d8c [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:57:55.0515 0x0d8c usbuhci - ok
18:57:55.0578 0x0d8c [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
18:57:55.0609 0x0d8c usbvideo - ok
18:57:55.0640 0x0d8c [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:57:55.0750 0x0d8c VgaSave - ok
18:57:55.0781 0x0d8c ViaIde - ok
18:57:55.0859 0x0d8c [ 32CE9263994A4C714FBA8AA5408741CD, BD99A51116A4A356EC8D1B95617E21DAD7EB1E0F76E639B0336EA61A215DCA88 ] vididr C:\WINDOWS\system32\DRIVERS\vididr.sys
18:57:55.0875 0x0d8c vididr - ok
18:57:55.0906 0x0d8c [ 1DD53BB11BDAB317E065FFE429831751, F384B7BEDA1EC4E4C801A41A1C9279F352F1BFEE2EA1AD1C3EE42F213B5970B3 ] vidsflt C:\WINDOWS\system32\DRIVERS\vidsflt.sys
18:57:55.0921 0x0d8c vidsflt - ok
18:57:55.0937 0x0d8c [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:57:56.0046 0x0d8c VolSnap - ok
18:57:56.0109 0x0d8c [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe
18:57:56.0171 0x0d8c VSS - ok
18:57:56.0203 0x0d8c [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\system32\w32time.dll
18:57:56.0328 0x0d8c W32Time - ok
18:57:56.0390 0x0d8c [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:57:56.0500 0x0d8c Wanarp - ok
18:57:56.0578 0x0d8c [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
18:57:56.0609 0x0d8c Wdf01000 - ok
18:57:56.0625 0x0d8c WDICA - ok
18:57:56.0671 0x0d8c [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:57:56.0781 0x0d8c wdmaud - ok
18:57:56.0828 0x0d8c [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll
18:57:56.0921 0x0d8c WebClient - ok
18:57:57.0062 0x0d8c [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:57:57.0171 0x0d8c winmgmt - ok
18:57:57.0265 0x0d8c [ 30FC6E5448D0CBAAA95280EEEF7FEDAE, 04374450882504D9031951F4E9317E5A128EBA5A22A3555ACD28BC742861AF9C ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
18:57:57.0296 0x0d8c WinUSB - ok
18:57:57.0343 0x0d8c [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
18:57:57.0437 0x0d8c WmdmPmSN - ok
18:57:57.0484 0x0d8c [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:57:57.0578 0x0d8c Wmi - ok
18:57:57.0640 0x0d8c [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:57:57.0750 0x0d8c WmiApSrv - ok
18:57:57.0890 0x0d8c [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
18:57:57.0968 0x0d8c WMPNetworkSvc - ok
18:57:58.0000 0x0d8c [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:57:58.0015 0x0d8c WpdUsb - ok
18:57:58.0218 0x0d8c [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:57:58.0265 0x0d8c WPFFontCache_v0400 - ok
18:57:58.0328 0x0d8c [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:57:58.0453 0x0d8c WS2IFSL - ok
18:57:58.0531 0x0d8c [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:57:58.0671 0x0d8c wscsvc - ok
18:57:58.0718 0x0d8c [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:57:58.0812 0x0d8c WSTCODEC - ok
18:57:58.0859 0x0d8c [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:57:58.0953 0x0d8c wuauserv - ok
18:57:59.0031 0x0d8c [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:57:59.0093 0x0d8c WudfPf - ok
18:57:59.0125 0x0d8c [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:57:59.0156 0x0d8c WudfRd - ok
18:57:59.0187 0x0d8c [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
18:57:59.0203 0x0d8c WudfSvc - ok
18:57:59.0265 0x0d8c [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:57:59.0406 0x0d8c WZCSVC - ok
18:57:59.0468 0x0d8c [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:57:59.0562 0x0d8c xmlprov - ok
18:57:59.0578 0x0d8c yeddef - ok
18:57:59.0640 0x0d8c ================ Scan global ===============================
18:57:59.0687 0x0d8c [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
18:57:59.0750 0x0d8c [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
18:57:59.0781 0x0d8c [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
18:57:59.0812 0x0d8c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
18:57:59.0812 0x0d8c [ Global ] - ok
18:57:59.0812 0x0d8c ================ Scan MBR ==================================
18:57:59.0843 0x0d8c [ F2634EFAB9E22A7870007C2453CEFE38 ] \Device\Harddisk0\DR0
18:58:00.0125 0x0d8c \Device\Harddisk0\DR0 - ok
18:58:00.0140 0x0d8c [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
18:58:00.0343 0x0d8c \Device\Harddisk1\DR1 - ok
18:58:00.0359 0x0d8c ================ Scan VBR ==================================
18:58:00.0359 0x0d8c [ 57CB39F7B43B6776E7D667162B26C8D5 ] \Device\Harddisk0\DR0\Partition1
18:58:00.0421 0x0d8c \Device\Harddisk0\DR0\Partition1 - ok
18:58:00.0453 0x0d8c [ 40AAD5FFF68469A87E40CA8917A3E6D3 ] \Device\Harddisk0\DR0\Partition2
18:58:00.0453 0x0d8c \Device\Harddisk0\DR0\Partition2 - ok
18:58:00.0453 0x0d8c [ 8823D46F618652B08CC9F037E02D1AA6 ] \Device\Harddisk1\DR1\Partition1
18:58:00.0484 0x0d8c \Device\Harddisk1\DR1\Partition1 - ok
18:58:00.0500 0x0d8c [ 30766089F4B5FCACFAC944E04D199050 ] \Device\Harddisk1\DR1\Partition2
18:58:00.0500 0x0d8c \Device\Harddisk1\DR1\Partition2 - ok
18:58:00.0500 0x0d8c Waiting for KSN requests completion. In queue: 30
18:58:01.0500 0x0d8c Waiting for KSN requests completion. In queue: 30
18:58:02.0500 0x0d8c Waiting for KSN requests completion. In queue: 30
18:58:03.0562 0x0d8c AV detected via SS1: Microsoft Security Essentials, 4.5.0216.0, enabled, updated
18:58:03.0562 0x0d8c Win FW state via NFM: enabled
18:58:06.0000 0x0d8c ============================================================
18:58:06.0000 0x0d8c Scan finished
18:58:06.0000 0x0d8c ============================================================
18:58:06.0015 0x0d84 Detected object count: 3
18:58:06.0015 0x0d84 Actual detected object count: 3
18:59:06.0031 0x0d84 DCamUSB20 ( UnsignedFile.Multi.Generic ) - skipped by user
18:59:06.0031 0x0d84 DCamUSB20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:59:06.0031 0x0d84 MAGIX StartUp Analyze Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:59:06.0031 0x0d84 MAGIX StartUp Analyze Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:59:06.0046 0x0d84 usbsnoop ( UnsignedFile.Multi.Generic ) - skipped by user
18:59:06.0046 0x0d84 usbsnoop ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:59:17.0984 0x0d30 Deinitialize success


Here is the ADWCleaner Log

# AdwCleaner v3.023 - Report created 16/04/2014 at 19:04:51
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Philip - DELL9200
# Running from : C:\Documents and Settings\Philip\Desktop\AdwCleaner (1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.21376


-\\ Mozilla Firefox v

[ File : C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\prefs.js ]


[ File : C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\Jill\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\Rachel\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4491 octets] - [12/12/2013 16:06:16]
AdwCleaner[R1].txt - [1562 octets] - [12/12/2013 20:37:21]
AdwCleaner[R2].txt - [1422 octets] - [16/04/2014 19:04:51]
AdwCleaner[S0].txt - [4560 octets] - [12/12/2013 16:10:31]
AdwCleaner[S1].txt - [1623 octets] - [12/12/2013 20:42:38]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1602 octets] ##########

At this point the links from Pegasus to Chrome failed to work. A direct call to XChrome would not work either.

Downladed Farbar Service scanner via IE.

Here is the log

Farbar Service Scanner Version: 25-02-2014
Ran by Philip (administrator) on 16-04-2014 at 19:19:09
Running from "C:\Documents and Settings\Philip\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) Tcpip6(8)
0x080000000500000001000000020000000300000004000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

Again call to Chrome from within Pegasus would not work. MiniToolBox downloaded directly via IE. Here is the log

MiniToolBox by Farbar Version: 23-01-2014
Ran by Philip (administrator) on 16-04-2014 at 19:24:28
Running from "C:\Documents and Settings\Philip\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 activation.acronis.com

========================= IP Configuration: ================================

Intel® 82566DC Gigabit Network Connection = Local Area Connection 6 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 6"

set address name="Local Area Connection 6" source=dhcp
set dns name="Local Area Connection 6" source=dhcp register=PRIMARY
set wins name="Local Area Connection 6" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : dell9200

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 6:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® 82566DC Gigabit Network Connection

Physical Address. . . . . . . . . : 00-19-D1-6D-BC-58

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.13

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::219:d1ff:fe6d:bc58%4

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

Lease Obtained. . . . . . . . . . : 16 April 2014 11:50:44

Lease Expires . . . . . . . . . . : 19 April 2014 11:50:44



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: my.router
Address: 192.168.1.1

Name: google.com
Addresses: 173.194.34.72, 173.194.34.69, 173.194.34.66, 173.194.34.67
173.194.34.78, 173.194.34.73, 173.194.34.70, 173.194.34.68, 173.194.34.64
173.194.34.71, 173.194.34.65



Pinging google.com [173.194.34.64] with 32 bytes of data:



Reply from 173.194.34.64: bytes=32 time=28ms TTL=56

Reply from 173.194.34.64: bytes=32 time=29ms TTL=56



Ping statistics for 173.194.34.64:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 28ms, Maximum = 29ms, Average = 28ms

Server: my.router
Address: 192.168.1.1

Name: yahoo.com
Address: 206.190.36.45



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=276ms TTL=41

Reply from 206.190.36.45: bytes=32 time=176ms TTL=41



Ping statistics for 206.190.36.45:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 176ms, Maximum = 276ms, Average = 226ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 d1 6d bc 58 ...... Intel® 82566DC Gigabit Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.13 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.13 192.168.1.13 20
192.168.1.13 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.13 192.168.1.13 20
224.0.0.0 240.0.0.0 192.168.1.13 192.168.1.13 20
255.255.255.255 255.255.255.255 192.168.1.13 192.168.1.13 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
169.254.0.0 255.255.0.0 192.168.2.89 1
169.254.0.0 255.255.0.0 192.168.2.5 1
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 32 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 33 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 34 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 35 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 36 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 37 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 38 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 39 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 40 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/16/2014 11:13:58 AM) (Source: Application Error) (User: )
Description: Fault bucket 24097034.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (04/16/2014 11:12:19 AM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (04/16/2014 09:34:02 AM) (Source: Application Error) (User: )
Description: Faulting application MsMpEng.exe, version 4.5.216.0, faulting module mpengine.dll, version 1.1.10501.0, fault address 0x003d684d.
Processing media-specific event for [MsMpEng.exe!ws!]

Error: (04/16/2014 08:04:21 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.5.216.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (04/16/2014 08:04:21 AM) (Source: Application Error) (User: )
Description: Faulting application MsMpEng.exe, version 4.5.216.0, faulting module mpengine.dll, version 1.1.10501.0, fault address 0x003d684d.
Processing media-specific event for [MsMpEng.exe!ws!]

Error: (03/16/2014 11:45:42 AM) (Source: Application Error) (User: )
Description: Faulting application winpm-32.exe, version 4.6.3.0, faulting module winpm-32.exe, version 4.6.3.0, fault address 0x0026ce07.
Processing media-specific event for [winpm-32.exe!ws!]

Error: (02/06/2014 00:51:07 PM) (Source: Application Hang) (User: )
Description: Hanging application ocad.exe, version 8.0.0.128, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/30/2014 05:09:42 PM) (Source: MsiInstaller) (User: DELL9200)
Description: Product: Bonjour -- Error 1704. An installation for ThinPrint Cloud Printer 1.0 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?

Error: (01/30/2014 04:50:36 PM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 32.0.1700.102, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/30/2014 04:50:08 PM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 32.0.1700.102, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (04/16/2014 07:13:31 PM) (Source: DCOM) (User: DELL9200)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (04/16/2014 07:00:21 PM) (Source: DCOM) (User: DELL9200)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (04/16/2014 07:00:08 PM) (Source: DCOM) (User: DELL9200)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (04/16/2014 06:59:19 PM) (Source: DCOM) (User: DELL9200)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (04/16/2014 06:51:21 PM) (Source: DCOM) (User: DELL9200)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (04/16/2014 06:43:06 PM) (Source: DCOM) (User: DELL9200)
Description: DCOM got error "%%1084" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (04/16/2014 06:42:19 PM) (Source: DCOM) (User: DELL9200)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (04/16/2014 06:42:16 PM) (Source: DCOM) (User: DELL9200)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (04/16/2014 04:24:01 PM) (Source: DCOM) (User: DELL9200)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (04/16/2014 04:23:57 PM) (Source: DCOM) (User: DELL9200)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}


Microsoft Office Sessions:
=========================
Error: (04/16/2014 11:13:58 AM) (Source: Application Error)(User: )
Description: 24097034

Error: (04/16/2014 11:12:19 AM) (Source: Application Error)(User: )
Description: 0.0.0.0unknown0.0.0.000000000

Error: (04/16/2014 09:34:02 AM) (Source: Application Error)(User: )
Description: MsMpEng.exe4.5.216.0mpengine.dll1.1.10501.0003d684d

Error: (04/16/2014 08:04:21 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry2152759308unspecifiedscanfile4.5.216.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (04/16/2014 08:04:21 AM) (Source: Application Error)(User: )
Description: MsMpEng.exe4.5.216.0mpengine.dll1.1.10501.0003d684d

Error: (03/16/2014 11:45:42 AM) (Source: Application Error)(User: )
Description: winpm-32.exe4.6.3.0winpm-32.exe4.6.3.00026ce07

Error: (02/06/2014 00:51:07 PM) (Source: Application Hang)(User: )
Description: ocad.exe8.0.0.128hungapp0.0.0.000000000

Error: (01/30/2014 05:09:42 PM) (Source: MsiInstaller)(User: DELL9200)
Description: Product: Bonjour -- Error 1704. An installation for ThinPrint Cloud Printer 1.0 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)

Error: (01/30/2014 04:50:36 PM) (Source: Application Hang)(User: )
Description: chrome.exe32.0.1700.102hungapp0.0.0.000000000

Error: (01/30/2014 04:50:08 PM) (Source: Application Hang)(User: )
Description: chrome.exe32.0.1700.102hungapp0.0.0.000000000


=========================== Installed Programs ============================

µTorrent (Version: 3.2.3.28705)
µTorrent (Version: 3.3.2.30303)
32 bit Windows Card Reader Driver (Version: 1.1.0.0)
3ivx MPEG-4 5.0.3 (remove only) (Version: 5.0.3)
Acronis True Image 2014 (Version: 17.0.6673)
Adobe Acrobat 7.0 Professional (Version: 7.1.0)
Adobe Acrobat 7.1.0 Professional (Version: 7.1.0)
Adobe AIR (Version: 2.5.1.17730)
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 12 ActiveX (Version: 12.0.0.77)
Adobe Flash Player 12 Plugin (Version: 12.0.0.77)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Adobe SVG Viewer 3.0 (Version: 3.0)
ADSL Modem Utility (Annex A)
ATI - Software Uninstall Utility (Version: 6.14.10.1016)
ATI Catalyst Control Center (Version: 1.2.2637.37192)
ATI Display Driver (Version: 8.383-070613a-049446C-Dell)
Avery Wizard 2.5 (Version: 2.51.0000)
Belarc Advisor 7.2
Belkin Media Reader Driver and Icon (Version: 1.0)
Belkin Range Extender
Bonjour (Version: 3.0.0.10)
CameraHelperMsi (Version: 13.00.1774.0)
Canon Easy-PhotoPrint EX
Canon iP4800 series Printer Driver
Canon iP4800 series User Registration
Canon My Printer
Canon Solution Menu EX
CD-LabelPrint
CleanUp!
C-Media WDM Audio Driver
CMI Tables Program (Version: 3.2.0.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Condes 8 (Version: 8.3.2)
Condes 9 (Version: 9.0.04)
CPUID CPU-Z 1.51
CVRA (Version: 01.06)
Dell Driver Download Manager (Version: 2.0.0.0)
DesignPro 5.4 Limited Edition (Version: 5.2.1201)
DirectVobSub 2.41.4650 (Version: 2.41.4650)
DVD43 v4.3.1
EPSON Printer Software
erLT (Version: 1.20.138.34)
ExtendNet Connect for TCP/IP (Windows NT/2000/XP)
FlipShare (Version: 5.0.5.52727)
FX Draw 2
Garmin Communicator Plugin (Version: 4.1.0)
Garmin Training Center (Version: 3.5.3)
Garmin Training Center (Version: 3.6.5)
Garmin USB Drivers (Version: 2.3.1.0)
Garmin WebUpdater (Version: 2.5.6)
GLM FLV Player 0.6.0.3690 (Version: 0.6.0.3690)
Google Chrome (Version: 34.0.1847.116)
Google Earth (Version: 7.1.2.2041)
Google Update Helper (Version: 1.3.23.9)
High-Definition Video Playback (Version: 11.1.10400.2.65)
HijackThis 1.99.1 (Version: 1.99.1)
HP Download Manager
HP Extended Capabilities 4.7 (Version: 4.7)
HP Install Network Printer Wizard (Version: 7.1.04)
HP LaserJet 3050/3052/3055/3390/3392 2.0 (Version: 2.0)
hppFaxDrv3390 (Version: 000.105.00077)
hppFaxUtility (Version: 000.105.00094)
hppFonts (Version: 002.000.00004)
hppIOFiles (Version: 000.001.00010)
hppLJ3390 (Version: 000.105.00073)
hppManuals3390 (Version: 000.105.00096)
hppscan3390 (Version: 000.105.00067)
hppScanTo (Version: 000.105.00089)
hppSendFax (Version: 000.105.00081)
hppTooCool (Version: 000.105.00058)
hppToolBoxFX (Version: 001.002.00083)
hpzTLBXFX (Version: 001.002.00139)
ImgBurn (Version: 2.5.2.0)
Intel® Network Connections 13.5.32.0 (Version: 13.5.32.0)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
LastPass (uninstall only)
Logitech Webcam Software (Version: 2.0)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
LWS Facebook (Version: 13.01.1018.0)
LWS Gallery (Version: 13.01.1018.0)
LWS Help_main (Version: 13.01.1025.0)
LWS Launcher (Version: 13.01.1024.0)
LWS Motion Detection (Version: 13.01.1018.0)
LWS Pictures And Video (Version: 13.01.1018.0)
LWS Video Mask Maker (Version: 13.00.1774.0)
LWS Webcam Software (Version: 13.00.1774.0)
LWS WLM Plugin (Version: 1.00.1774.0)
LWS YouTube Plugin (Version: 13.01.1022.0)
MAGIX PC Check & Tuning 2012 Download Version (Version: 7.0.401.3)
MAGIX PC Live (Version: 1.0.4.9)
MAGIX Screenshare (Version: 4.3.6.1987)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 45.4.158.000)
MathType 5 (Version: 5.2)
Memory-Map OS Edition 2004 (Version: 4.4.0)
Memory-Map OS Edition 2004 (Version: 4.4.3)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.5.0216.0)
Microsoft Security Essentials (Version: 4.5.216.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Windows Media Video 9 VCM
Microsoft WinUsb 2.0
Microsoft Works 6-9 Converter (Version: 14.0.6120.5002)
Monitor Calibration Wizard 1.0
Mouse Suite for Desktop Computers (Version: 1.00.0000)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nero 11 (Version: 11.0.11000)
Nero 11 Disc Menus Basic (Version: 11.0.11200.12.0)
Nero 11 Effects Basic (Version: 11.0.11200.12.0)
Nero 11 Image Samples (Version: 11.0.11200.12.0)
Nero 11 Kwik Themes Basic (Version: 11.0.11200.12.0)
Nero 11 PiP Effects Basic (Version: 11.0.11300.12.0)
Nero Audio Pack 1 (Version: 11.0.11500.110.0)
Nero BackItUp 11 (Version: 6.0.16000.13.100)
Nero BackItUp 11 Help (CHM) (Version: 11.0.10200)
Nero Backup Drivers (Version: 1.0.10000.1.0)
Nero Burning ROM 11 (Version: 11.0.12200.23.100)
Nero Burning ROM 11 Help (CHM) (Version: 11.0.10300)
Nero ControlCenter 11 (Version: 11.0.12300.0.23)
Nero ControlCenter 11 Help (CHM) (Version: 11.0.10300)
Nero Core Components 11 (Version: 11.0.15000.1.12)
Nero CoverDesigner 11 (Version: 6.0.10800.11.100)
Nero CoverDesigner 11 Help (CHM) (Version: 11.0.10300)
Nero Express 11 (Version: 11.0.11700.23.100)
Nero Express 11 Help (CHM) (Version: 11.0.10300)
Nero Kwik Media (Version: 1.10.19300.93.100)
Nero Kwik Media Help (CHM) (Version: 11.0.10200)
Nero Recode 11 (Version: 5.0.13300.32.100)
Nero Recode 11 Help (CHM) (Version: 11.0.10300)
Nero RescueAgent 11 (Version: 4.0.10600.10.100)
Nero RescueAgent 11 Help (CHM) (Version: 11.0.10400)
Nero SoundTrax 11 (Version: 5.0.10400.4.100)
Nero SoundTrax 11 Help (CHM) (Version: 11.0.10400)
Nero Update (Version: 11.0.10623.22.0)
Nero Video 11 (Version: 8.0.14000.21.100)
Nero Video 11 Help (CHM) (Version: 11.0.10300)
Nero WaveEditor 11 (Version: 6.0.10800.5.100)
Nero WaveEditor 11 Help (CHM) (Version: 11.0.10400)
nero.prerequisites.msi (Version: 11.0.20008)
NirSoft OpenedFilesView
NokiaFREE Unlock Codes Calculator
Nuria 3.2
Olympus Digital Wave Player
OPrint version 2.0.0.105 (Version: 2.0.0.105)
Paint Shop Pro 6.02 CD
Paint Shop Pro 7 (Version: 7.0.0.0000)
Pegasus Mail
Pegasus Mail HTML Renderer 2.4.7.2
PictureMover (Version: 3.6.0.6)
PowerDVD
QFolder (Version: 1.00.0000)
QuickRoute (Version: 2.3)
QuickTime
Remove Hidden Data Tool (Version: 11.0.6361.0)
Revo Uninstaller Pro 3.0.8 (Version: 3.0.8)
Scan (Version: 4.9.0.0)
SigmaTel Audio (Version: 5.10.4803.0)
SiS 900 PCI Fast Ethernet Adapter Driver
SiS630_730 V2.09
SiSoftware Sandra Lite 2005.SR3 (Win64/32/CE) (Version: 10.69.2005.10)
Skype™ 6.11 (Version: 6.11.102)
SportTracks 2.1 (Version: 2.1.3478)
Startup Delayer v2.5 (build 138)
TextBridge Pro Millennium (Version: 9.5.000)
TROY ExtendView (Version: 2.5)
UBCD4Win 3.60
UISDMC64W Device Driver
Uninstall 1.0.0.1
Universal Adb Driver (Version: 1.0.0)
Unlock Codes Calculator (remove only)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB2934207) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
USB 2.0 Image
USB Storage Driver
V2200USB Router Tools V2.58
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 2.0.1 (Version: 2.0.1)
VobSub v2.23 (Remove Only)
WebEx Support Manager for Internet Explorer (Version: 6.5.4917)
WebFldrs XP (Version: 9.50.5318)
welcome (Version: 11.0.21500.0.4)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinImage
WinRAR archiver
WinZip 15.0 (Version: 15.0.9302)
Xvid Video Codec (Version: 1.3.2)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 16%
Total physical RAM: 3069.87 MB
Available physical RAM: 2575.83 MB
Total Pagefile: 5982.4 MB
Available Pagefile: 5673.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1979.92 MB

========================= Partitions: =====================================

1 Drive c: (DISK2_VOL1) (Fixed) (Total:174.76 GB) (Free:22.09 GB) NTFS
2 Drive d: (New Volume) (Fixed) (Total:58.13 GB) (Free:4.36 GB) NTFS
5 Drive g: (DISK2_VOL1) (Fixed) (Total:174.71 GB) (Free:54.14 GB) NTFS
6 Drive h: (New Volume) (Fixed) (Total:58.12 GB) (Free:29.46 GB) NTFS

========================= Users: ========================================

User accounts for \\DELL9200

Administrator ASPNET Guest
HelpAssistant Jill Philip
Rachel SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

17-01-2014 07:38:19 Software Distribution Service 3.0
18-01-2014 16:09:53 Restore Operation
18-01-2014 16:21:52 Removed Adobe Reader XI (11.0.06).
18-01-2014 16:23:14 Software Distribution Service 3.0
18-01-2014 16:39:31 Software Distribution Service 3.0
19-01-2014 01:56:43 Software Distribution Service 3.0
20-01-2014 07:00:16 Software Distribution Service 3.0
21-01-2014 07:21:57 System Checkpoint
22-01-2014 07:58:09 Software Distribution Service 3.0
24-01-2014 08:05:00 Software Distribution Service 3.0
25-01-2014 09:56:03 System Checkpoint
25-01-2014 14:08:58 Software Distribution Service 3.0
26-01-2014 02:01:51 Software Distribution Service 3.0
26-01-2014 14:08:20 Software Distribution Service 3.0
27-01-2014 06:25:13 Installed Java 7 Update 51
28-01-2014 08:37:09 Software Distribution Service 3.0
29-01-2014 10:56:56 Removed Java 7 Update 51
29-01-2014 10:57:44 Installed Java 7 Update 51
29-01-2014 12:53:09 Restore Operation
29-01-2014 13:05:54 Software Distribution Service 3.0
30-01-2014 11:12:39 Revo Uninstaller Pro's restore point - JavaFX 2.1.1
30-01-2014 11:13:33 Removed JavaFX 2.1.1
30-01-2014 11:19:59 Revo Uninstaller Pro's restore point - Java™ 6 Update 31
30-01-2014 11:20:13 Removed Java™ 6 Update 31
30-01-2014 11:21:24 Revo Uninstaller Pro's restore point - Java 7 Update 51
30-01-2014 11:21:33 Removed Java 7 Update 51
30-01-2014 11:23:29 Revo Uninstaller Pro's restore point - Java™ 6 Update 31
30-01-2014 11:23:40 Removed Java™ 6 Update 31
30-01-2014 11:33:52 Installed Java 7 Update 51
30-01-2014 13:18:49 Installed ThinPrint Cloud Printer 1.0.
30-01-2014 13:27:31 Installed ThinPrint Cloud Printer Connector 1.0.
30-01-2014 13:29:44 Revo Uninstaller Pro's restore point - Printer Pro Desktop
30-01-2014 15:30:26 Revo Uninstaller Pro's restore point - ThinPrint Cloud Printer Connector 1.0
30-01-2014 15:30:40 Removed ThinPrint Cloud Printer Connector 1.0.
30-01-2014 15:31:19 Revo Uninstaller Pro's restore point - ThinPrint Cloud Printer 1.0
30-01-2014 16:09:44 Removed ThinPrint Cloud Printer 1.0.
30-01-2014 15:58:07 Restore Operation
30-01-2014 16:25:37 Software Distribution Service 3.0
30-01-2014 17:10:56 Revo Uninstaller Pro's restore point - ThinPrint Cloud Printer 1.0
30-01-2014 17:11:23 Removed ThinPrint Cloud Printer 1.0.
30-01-2014 17:13:49 Revo Uninstaller Pro's restore point - Bonjour
31-01-2014 16:24:26 Software Distribution Service 3.0
02-02-2014 06:30:08 Software Distribution Service 3.0
03-02-2014 06:38:52 Software Distribution Service 3.0
04-02-2014 08:05:18 Software Distribution Service 3.0
06-02-2014 06:36:27 Software Distribution Service 3.0
07-02-2014 07:40:50 Software Distribution Service 3.0
08-02-2014 08:10:21 System Checkpoint
09-02-2014 07:56:29 Software Distribution Service 3.0
10-02-2014 17:33:46 System Checkpoint
11-02-2014 07:25:55 Software Distribution Service 3.0
12-02-2014 07:53:50 System Checkpoint
12-02-2014 22:52:01 Software Distribution Service 3.0
13-02-2014 07:32:37 Software Distribution Service 3.0
14-02-2014 09:24:45 Software Distribution Service 3.0
15-02-2014 19:14:12 System Checkpoint
16-02-2014 07:22:40 Software Distribution Service 3.0
17-02-2014 08:13:01 System Checkpoint
18-02-2014 07:49:10 Software Distribution Service 3.0
20-02-2014 06:58:47 Software Distribution Service 3.0
21-02-2014 07:24:58 Software Distribution Service 3.0
23-02-2014 07:25:24 Software Distribution Service 3.0
25-02-2014 06:57:33 Software Distribution Service 3.0
26-02-2014 07:07:07 System Checkpoint
27-02-2014 06:32:11 Software Distribution Service 3.0
28-02-2014 06:36:50 Software Distribution Service 3.0
01-03-2014 07:50:35 Software Distribution Service 3.0
02-03-2014 07:52:30 Software Distribution Service 3.0
04-03-2014 06:49:13 Software Distribution Service 3.0
05-03-2014 00:08:06 Software Distribution Service 3.0
06-03-2014 06:50:31 Software Distribution Service 3.0
07-03-2014 07:42:07 System Checkpoint
08-03-2014 06:41:18 Software Distribution Service 3.0
09-03-2014 09:29:32 Software Distribution Service 3.0
10-03-2014 10:22:51 System Checkpoint
11-03-2014 06:57:37 Software Distribution Service 3.0
12-03-2014 07:12:05 Software Distribution Service 3.0
12-03-2014 22:50:01 Software Distribution Service 3.0
14-03-2014 07:07:12 Software Distribution Service 3.0
15-03-2014 17:13:48 Software Distribution Service 3.0
16-03-2014 17:54:51 System Checkpoint
17-03-2014 07:46:29 Software Distribution Service 3.0
18-03-2014 07:53:06 System Checkpoint
18-03-2014 08:16:22 Software Distribution Service 3.0
19-03-2014 06:29:06 Software Distribution Service 3.0
20-03-2014 06:50:45 Software Distribution Service 3.0
21-03-2014 07:19:04 Software Distribution Service 3.0
22-03-2014 07:43:59 System Checkpoint
23-03-2014 06:45:27 Software Distribution Service 3.0
25-03-2014 06:13:50 Software Distribution Service 3.0
27-03-2014 06:45:08 Software Distribution Service 3.0
27-03-2014 23:01:18 Software Distribution Service 3.0
29-03-2014 06:41:38 Software Distribution Service 3.0
30-03-2014 06:45:00 Software Distribution Service 3.0
31-03-2014 06:48:45 System Checkpoint
01-04-2014 07:22:11 Software Distribution Service 3.0
03-04-2014 06:17:42 Software Distribution Service 3.0
03-04-2014 23:27:19 Software Distribution Service 3.0
05-04-2014 05:25:41 Software Distribution Service 3.0
06-04-2014 05:48:25 System Checkpoint
07-04-2014 05:57:31 Software Distribution Service 3.0
08-04-2014 07:08:07 Software Distribution Service 3.0
09-04-2014 22:44:46 Software Distribution Service 3.0
10-04-2014 05:35:46 Software Distribution Service 3.0
11-04-2014 06:29:57 Software Distribution Service 3.0
12-04-2014 06:54:28 System Checkpoint
13-04-2014 06:44:42 Software Distribution Service 3.0
15-04-2014 06:30:50 Software Distribution Service 3.0
16-04-2014 06:44:40 Software Distribution Service 3.0

**** End of log ****

Apart from the Chrome problem Safe Mode with Networking still seems to be stable and working OK.

Many thanks for your help.

Philip

#4 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:43 PM

Posted 18 April 2014 - 08:03 PM

Hi

I plan to get back to you with next steps in 24 hours.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#5 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:43 PM

Posted 19 April 2014 - 07:50 PM

Hi

Please do the following next:

:step1:

"call to Chrome from within Pegasus would not work."
- Please provide more info on this - what do you mean call to Chrome from within Pegasus?
- Are you trying to open Chrome from Pegasus mail?


:step2:

I suggest you uninstall utorrent.

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case utorrent]). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Libre Office or GIMP."

Also, please take a look here:

How cyber criminals infect victims via P2P with pirated software


:step3:
 
Please update Malwarebytes Anti-Malware (MBAM) and run a Full Scan.
  • Start MBAM
  • Check for Updates Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- Very Important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


:step4:

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here
:step5:

How is the computer running now? Do you still have the issue when computer is started normally?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#6 Philip134

Philip134
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 PM

Posted 20 April 2014 - 12:46 PM

When there is a hyperlink to a web page in a text message, for example the link to this topic in the notification email, clicking on it produces no result. Web Page does not open. Nothing happens.

Same rsult when I click on any shortcut on the desktop that should open a web page in Chrome.

Clicking on IE shortcut works fine. I can reach any of the Chrome linked pages through IE.



I have uninstalled mutorrent via the Control Panel. Seemed to work OK.


Ran my curent version of Malewarebytes 1.75 with updated database. Ran for about 90 minutes and then ended with 'MBAM has encountered a problem and needs to close'.

Downloaded Version 2.0.1 via IE and updated data base. Ran much more quickly than the old version in Threat Mode (seems to correspond to the old Full Scan). Identified 129 mainly PUPs, mainly in the heuristic part of the scan. Ran successfully to the end. Text file below.

Downloded ESET via IE and ran it successfully 5.5+ hours. It seems to have scanned all the Hard Drives - only C: is bootable, others are stores of data and Acronis backups. Text file below.

Dare I now risk going out of Safe Mode with Networking which works! and risk Normal Mode - hoping the Safe Mode will work again.

If you can see nothing sinister in the previous output I'll give it a try.

Many thanks for your help.

Philip

MalewareBytes Output

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20/04/2014
Scan Time: 11:59:26
Logfile: Maleware2.0.1 20 April.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.20.03
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Philip

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 413541
Time Elapsed: 33 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 27
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\chrome, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\chrome\content, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\chrome\content\lib, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\defaults, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\defaults\preferences, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\locale, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\locale\en-US, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\skin, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\chrome, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\chrome\content, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\chrome\content\lib, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\defaults, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\defaults\preferences, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\locale, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\locale\en-US, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\skin, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\chrome, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\chrome\content, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\chrome\content\lib, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\defaults, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\defaults\preferences, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\locale, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\locale\en-US, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\skin, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],

Files: 103
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\chrome.manifest, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\install.rdf, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\chrome\content\background.html, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\chrome\content\browser.xul, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\chrome\content\crossrider.js, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\chrome\content\crossriderapi.js, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\chrome\content\dialog.js, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\chrome\content\manage-apps-style.css, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\chrome\content\manage-apps.html, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\chrome\content\messaging.js, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\chrome\content\options.js, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\chrome\content\options.xul, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\chrome\content\push.html, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\chrome\content\search_dialog.xul, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\chrome\content\update.html, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\chrome\content\lib\faye-browser-min.js, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\defaults\preferences\prefs.js, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\locale\en-US\translations.dtd, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\skin\button1.png, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\skin\button2.png, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\skin\button3.png, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\skin\button4.png, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\skin\button5.png, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\skin\crossrider_statusbar.png, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\skin\icon128.png, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\skin\icon16.png, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\skin\icon24.png, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\skin\icon48.png, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\skin\panelarrow-up.png, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\skin\popup.css, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\skin\popup.html, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\skin\popup_binding.xml, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\skin\skin.css, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\extensions\crossriderapp3491@crossrider.com\skin\update.css, Quarantined, [0f84fe2e86f565d14c8f68fce41e6d93],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\chrome.manifest, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\install.rdf, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\chrome\content\background.html, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\chrome\content\browser.xul, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\chrome\content\crossrider.js, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\chrome\content\crossriderapi.js, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\chrome\content\dialog.js, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\chrome\content\manage-apps-style.css, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\chrome\content\manage-apps.html, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\chrome\content\messaging.js, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\chrome\content\options.js, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\chrome\content\options.xul, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\chrome\content\push.html, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\chrome\content\search_dialog.xul, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\chrome\content\update.html, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\chrome\content\lib\faye-browser-min.js, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\defaults\preferences\prefs.js, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\locale\en-US\translations.dtd, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\skin\button1.png, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\skin\button2.png, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\skin\button3.png, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\skin\button4.png, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\skin\button5.png, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\skin\crossrider_statusbar.png, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\skin\icon128.png, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\skin\icon16.png, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\skin\icon24.png, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\skin\icon48.png, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\skin\panelarrow-up.png, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\skin\popup.css, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\skin\popup.html, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\skin\popup_binding.xml, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\skin\skin.css, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Jill\Application Data\Mozilla\Firefox\Profiles\3h64uyaq.default\extensions\crossriderapp3491@crossrider.com\skin\update.css, Quarantined, [583bdf4d720965d1c516ed77020051af],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\chrome.manifest, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\install.rdf, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\chrome\content\background.html, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\chrome\content\browser.xul, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\chrome\content\crossrider.js, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\chrome\content\crossriderapi.js, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\chrome\content\dialog.js, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\chrome\content\manage-apps-style.css, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\chrome\content\manage-apps.html, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\chrome\content\messaging.js, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\chrome\content\options.js, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\chrome\content\options.xul, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\chrome\content\push.html, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\chrome\content\search_dialog.xul, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\chrome\content\update.html, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\chrome\content\lib\faye-browser-min.js, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\defaults\preferences\prefs.js, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\locale\en-US\translations.dtd, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\skin\button1.png, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\skin\button2.png, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\skin\button3.png, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\skin\button4.png, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\skin\button5.png, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\skin\crossrider_statusbar.png, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\skin\icon128.png, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\skin\icon16.png, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\skin\icon24.png, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\skin\icon48.png, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\skin\panelarrow-up.png, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\skin\popup.css, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\skin\popup.html, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\skin\popup_binding.xml, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\skin\skin.css, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossFire.A, C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\2e0ov2dx.default\extensions\crossriderapp3491@crossrider.com\skin\update.css, Quarantined, [454e1517d2a9da5cbe1d0b59be4457a9],
PUP.Optional.CrossRider.A, C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\vjz18bhk.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossriderapp3491.adsOldValue", -1);), Replaced,[99fadc50334820169caae4709a6a4cb4]

Physical Sectors: 0
(No malicious items detected)


(end)

ESET output

C:\1GB USB Stick 11 2010\Windows Validation\wga-fix.exe Win32/HackHosts.AC potentially unsafe application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jill\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.4_0\pg_background.html.vir Win32/PriceGong.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jill\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.4_0\pg_client.js.vir Win32/PriceGong.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jill\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.4_0\menu_dlg\pg_dlg.html.vir Win32/PriceGong.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Jill\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.4_0\options\pg_options.html.vir Win32/PriceGong.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Philip\Application Data\Search Protection\SearchProtection.exe.vir a variant of Win32/Toolbar.Widgi potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Philip\Application Data\Search Protection\Uninstall.exe.vir a variant of Win32/Toolbar.Widgi potentially unwanted application deleted - quarantined
C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\User Data\Default\File System\001\t\00\00000000 Win32/AdWare.1ClickDownload.AR application cleaned by deleting - quarantined
C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\User Data\Default\File System\001\t\00\00000001 Win32/AdWare.1ClickDownload.AJ application cleaned by deleting - quarantined
C:\Documents and Settings\Philip\My Documents\Downloads\Afreecodec_downloader_For_AVI_Joiner.exe a variant of Win32/BSDownloader potentially unwanted application deleted - quarantined
C:\Documents and Settings\Philip\My Documents\Downloads\cbsidlm-cbsi5_2_0_83-Pazera_Free_MP4_to_AVI_Converter-ORG2-10784027.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Documents and Settings\Philip\My Documents\Downloads\Love_2012_BRRip_AC3_HORiZON_ArtSubs.exe multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\Philip\My Documents\Downloads\War_Horse[2011]BRRip_XviD-ETRG.exe Win32/Adware.1ClickDownload.C application cleaned by deleting - quarantined
C:\Documents and Settings\Philip\My Documents\Downloads\WinZip165.exe a variant of Win32/OpenInstall potentially unwanted application deleted - quarantined
C:\Documents and Settings\Philip\My Documents\Downloads\WinZip180 (1).exe a variant of Win32/OpenInstall potentially unwanted application deleted - quarantined
C:\Documents and Settings\Philip\My Documents\Downloads\WinZip180.exe a variant of Win32/OpenInstall potentially unwanted application deleted - quarantined
C:\Share Transfer\RockXP.exe Win32/PSWTool.RAS.A potentially unsafe application deleted - quarantined
C:\Software Store\cpuz_151_setup.exe a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application deleted - quarantined
C:\Software Store\SetupImgBurn_2.5.2.0.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
C:\Software Store\vlcmediaplayer-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Software Store\Windows Validation\wga-fix.exe Win32/HackHosts.AC potentially unsafe application deleted - quarantined
C:\System Volume Information\_restore{C4DBAAE9-1821-4381-A226-086719932A9E}\RP323\A0053019.exe a variant of Win32/HackTool.Patcher.O potentially unsafe application deleted - quarantined
C:\System Volume Information\_restore{C4DBAAE9-1821-4381-A226-086719932A9E}\RP323\A0053020.dll Win32/HackTool.WpaKill.C potentially unsafe application deleted - quarantined
C:\UBCD4Win\BartPE\PROGRAMS\ExpressBurn\expressburn.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application deleted - quarantined
C:\UBCD4Win\BartPE\PROGRAMS\sdfix\SDFix.exe Win32/PrcView potentially unsafe application deleted - quarantined
C:\UBCD4Win\plugin\CDBurning\ExpressBurn\expressburn.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application deleted - quarantined
C:\UBCD4Win\plugin\Cleanup Tools\SDFix\SDFix.exe Win32/PrcView potentially unsafe application deleted - quarantined
C:\UltimateBootCD4Windows\UBCD4WinV360.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application deleted - quarantined
C:\WGA and OGA Crack\November 2010\Unzipped Antiwpa V3.4.6\AMD64\antiwpa.dll Win32/HackTool.Wpakill.A trojan cleaned by deleting - quarantined
C:\WGA and OGA Crack\November 2010\Unzipped Antiwpa V3.4.6\IA64\antiwpa.dll Win64/HackTool.WpaKill.A potentially unsafe application deleted - quarantined
C:\WGA and OGA Crack\November 2010\Unzipped Antiwpa V3.4.6\X86\antiwpa.dll Win32/HackTool.WpaKill.C potentially unsafe application deleted - quarantined
C:\WGA and OGA Crack\November 2010\Unzipped Generic AntiWPA\WPA_Kill.exe a variant of Win32/HackTool.Patcher.O potentially unsafe application deleted - quarantined
C:\WGA and OGA Crack\Windows Validation\wga-fix.exe Win32/HackHosts.AC potentially unsafe application deleted - quarantined
C:\WGA and OGA Crack\Windows WGA 12 2008\wga-fix.exe Win32/HackHosts.AC potentially unsafe application deleted - quarantined
D:\Documents and Settings\Philip\Desktop\Nero-7.10.1.0_eng_trial.exe Win32/Toolbar.AskSBar potentially unwanted application deleted - quarantined
D:\Share Transfer\RockXP.exe Win32/PSWTool.RAS.A potentially unsafe application deleted - quarantined
D:\Software Store\Windows Validation\wga-fix.exe Win32/HackHosts.AC potentially unsafe application deleted - quarantined
D:\Torrents to June 2013\MAGIX.PC.Check.and.Tuning.2012.v7.0.Cracked-MESMERiZE\PC_Check_Tuning_2012_Download_Version_en-II_111026_11-10_7_0_401_3.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
G:\1GB USB Stick 11 2010\Windows Validation\wga-fix.exe Win32/HackHosts.AC potentially unsafe application deleted - quarantined
G:\Adobe Problems\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
G:\Documents and Settings\Philip\Local Settings\Application Data\Conduit\CT3072254\uTorrentControlAutoUpdateHelper.exe Win32/Toolbar.Conduit.Q potentially unwanted application deleted - quarantined
G:\Documents and Settings\Philip\Local Settings\Application Data\uTorrentControl\ldrtbuTor.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
G:\Documents and Settings\Philip\Local Settings\Application Data\uTorrentControl\tbuTor.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
G:\Program Files\Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
G:\Program Files\uTorrentControl\ldrtbuTor.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
G:\Program Files\uTorrentControl\prxtbuTor.dll Win32/Toolbar.Conduit.O potentially unwanted application deleted - quarantined
G:\Program Files\uTorrentControl\tbuTor.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
G:\Program Files\uTorrentControl\uTorrentControlToolbarHelper.exe Win32/Toolbar.Conduit.Q potentially unwanted application deleted - quarantined
G:\Share Transfer\RockXP.exe Win32/PSWTool.RAS.A potentially unsafe application deleted - quarantined
G:\Software Store\cpuz_151_setup.exe a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application deleted - quarantined
G:\Software Store\SetupImgBurn_2.5.2.0.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
G:\Software Store\Windows Validation\wga-fix.exe Win32/HackHosts.AC potentially unsafe application deleted - quarantined
G:\System Volume Information\_restore{C4DBAAE9-1821-4381-A226-086719932A9E}\RP323\A0053019.exe a variant of Win32/HackTool.Patcher.O potentially unsafe application deleted - quarantined
G:\System Volume Information\_restore{C4DBAAE9-1821-4381-A226-086719932A9E}\RP323\A0053020.dll Win32/HackTool.WpaKill.C potentially unsafe application deleted - quarantined
G:\Torrents\Adobe Acrobat 7.0 Professional\MAGIX.PC.Check.and.Tuning.2012.v7.0.Cracked-MESMERiZE\PC_Check_Tuning_2012_Download_Version_en-II_111026_11-10_7_0_401_3.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
G:\UBCD4Win\BartPE\PROGRAMS\ExpressBurn\expressburn.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application deleted - quarantined
G:\UBCD4Win\BartPE\PROGRAMS\sdfix\SDFix.exe Win32/PrcView potentially unsafe application deleted - quarantined
G:\UBCD4Win\plugin\CDBurning\ExpressBurn\expressburn.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application deleted - quarantined
G:\UBCD4Win\plugin\Cleanup Tools\SDFix\SDFix.exe Win32/PrcView potentially unsafe application deleted - quarantined
G:\UltimateBootCD4Windows\UBCD4WinV360.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application deleted - quarantined
G:\WGA and OGA Crack\November 2010\Unzipped Antiwpa V3.4.6\AMD64\antiwpa.dll Win32/HackTool.Wpakill.A trojan cleaned by deleting - quarantined
G:\WGA and OGA Crack\November 2010\Unzipped Antiwpa V3.4.6\IA64\antiwpa.dll Win64/HackTool.WpaKill.A potentially unsafe application deleted - quarantined
G:\WGA and OGA Crack\November 2010\Unzipped Antiwpa V3.4.6\X86\antiwpa.dll Win32/HackTool.WpaKill.C potentially unsafe application deleted - quarantined
G:\WGA and OGA Crack\November 2010\Unzipped Generic AntiWPA\WPA_Kill.exe a variant of Win32/HackTool.Patcher.O potentially unsafe application deleted - quarantined
G:\WGA and OGA Crack\Windows Validation\wga-fix.exe Win32/HackHosts.AC potentially unsafe application deleted - quarantined
G:\WGA and OGA Crack\Windows WGA 12 2008\wga-fix.exe Win32/HackHosts.AC potentially unsafe application deleted - quarantined
H:\Documents and Settings\Philip\Desktop\Nero-7.10.1.0_eng_trial.exe Win32/Toolbar.AskSBar potentially unwanted application deleted - quarantined
H:\Share Transfer\RockXP.exe Win32/PSWTool.RAS.A potentially unsafe application deleted - quarantined
H:\Software Store\Windows Validation\wga-fix.exe Win32/HackHosts.AC potentially unsafe application deleted - quarantined

#7 Philip134

Philip134
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 PM

Posted 20 April 2014 - 01:02 PM

Given the original problem with   AnimalwareSecureExecutable  perhaps this is my solution:

 

http://www.tomshardware.co.uk/answers/id-2108032/windows-system-hangs-login-screen-security-essential.html

 

It does seem to coincide with my sequence of problems XP support ends and the next time MSE tries to update its data base the error occurs.

 

Not sure how this might be related to the Chrome problems.

 

Philip



#8 Philip134

Philip134
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 PM

Posted 21 April 2014 - 01:01 AM

The link above seemed to cure things.

 

Pegasus, Explorer and Chrome were obviously compromised in some way - needed to be closed on shut down.

 

Normal boot was in diagnostic mode - easily changed, active desktop needed fixing.

 

MSE uninstalled and replaced with AVG.

 

Thanks for your help.  At least all my dubious files from the last few years have been cleaned up.

 

Best Wishes

 

Philip



#9 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:43 PM

Posted 23 April 2014 - 06:10 AM

Hi

Since some trojans were found by ESET:
 

G:\WGA and OGA Crack\November 2010\Unzipped Antiwpa V3.4.6\AMD64\antiwpa.dll Win32/HackTool.Wpakill.A trojan cleaned by deleting - quarantined

C:\WGA and OGA Crack\November 2010\Unzipped Antiwpa V3.4.6\AMD64\antiwpa.dll Win32/HackTool.Wpakill.A trojan cleaned by deleting - quarantined

 

Please note the following:

IMPORTANT NOTE: One or more of the identified infections is a backdoor Trojan.  
 
Backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes.  
They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms.  
This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker.  
Read Danger: Remote Access Trojans.
 
You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities.  
You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information.  
Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.  
If using a router, you need to reset it with a strong logon/password before connecting again.
 
Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed.  
In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them.  
Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:


 

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
Reimaging the system
Restoring the entire system using a full system backup from before the backdoor infection
Reformatting and reinstalling the system

Backdoors and What They Mean to You
 
This is what Jesper M. Johansson, Security Program Manager at Microsoft TechNet has to say:  

 

The only way to clean a compromised system is to flatten and rebuild. Thats right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).

Help: I Got Hacked. Now What Do I Do?.
 
We will do our best to clean the computer of any infections seen on the log. However, because of the nature of this Trojan, I cannot offer a total
guarantee that there are no remnants left in the system, or that the computer will be trustworthy.
 
Many security experts believe that once infected with this type of Trojan, the best course of action is to reformat and reinstall the Operating System.
Making this decision is based on what the computer is used for, and what information can be accessed from it.
 
Knowing the above, do you wish to proceed with cleaning the malware from the computer?
 


Edited by dev00790, 23 April 2014 - 06:10 AM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#10 Philip134

Philip134
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 PM

Posted 23 April 2014 - 06:40 AM

Happy to leave things as they are.  the files may have suspect names, but I think I know why they are there.

 

Many thanks for your help.

 

Philip



#11 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:43 PM

Posted 25 April 2014 - 04:18 PM

Ok you're welcome.


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users