Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Suspected Rootkit + Other Issues [Closed]


  • This topic is locked This topic is locked

#1
clutsta

clutsta

    Member

  • Member
  • PipPip
  • 28 posts

Hi there, first of all let me express my appreciation to the Admin, Mods and Contributors on this forum. You are all champions and awesome human beings!

 

I have been experiencing serious issues on several devices across my home network, including a desktop running XP SP3, Samsung Laptop running XP SP3, a Macbook Pro and also my Galaxy S3 mobile phone. Approximately a year ago I had issues which were raised in another thread on this forum. I had honestly believe that my devices and network has been compromised from prior to then, and up until now with a hidden system on each machine running XP. Avast and Malwarebytes would scan but would not show any sort of anything, ever. Even when I knew the system was infected. Settings are constantly reverting back to ones that I don't choose. MWB had important settings greyed out. Firefox had occasional page script issues, random flashing and strange stuff happening when downloading. 

 

Approximately 2 weeks ago I had a virus which compromised both my machines running XP. It was strange because the virus actually installed programs that were present before I started having issues, such as Skype, Dropbox, Bitlord etc. I then re-installed XP SP3  on both machines (different software licences) and am still unable to get any sort of any network connection to the internet. It is a strange co-incidence, but at the same time both devices were infected, my phone line has also experienced a fault, and is no longer working. According to my phone line provider, the fault is due to be fixed within the next 24 hours. 

 

I will start off with a log from the Samsung laptop. This is the device I really need the temporary wireless connection to work on

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-08-2016 01

Ran by Administrator (administrator) on KEVGIL (23-08-2016 18:49:06)
Running from E:\
Loaded Profiles: Administrator (Available Profiles: Kevin Gilhooly & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(McAfee, Inc.) C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre1.5.0\bin\jusched.exe [36972 2008-11-12] (Sun Microsystems, Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16851456 2008-08-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2008-06-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [EDS] => C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe [659456 2007-12-21] (Samsung Electronics,.LTD)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1044480 2008-08-28] (Synaptics, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [DMHotKey] => C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe [466944 2006-12-28] (SAMSUNG Electronics)
HKLM\...\Run: [BatteryManager] => C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe [2768896 2008-10-20] ()
HKLM\...\Run: [MagicKeyboard] => C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe [151552 2006-05-15] ()
HKLM\...\Run: [mcagent_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [582992 2007-08-04] (McAfee, Inc.)
HKLM\...\Run: [Dodo_Australia Flame ModemListener] => C:\Program Files\Dodo Mobile\BackgroundService\ModemListener.exe [169768 2015-01-04] ()
HKU\S-1-5-21-2277594783-1135049707-4067570145-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\IMAGIN~1.SCR [1744896 2007-02-27] (TopThinks, INC.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk [2009-02-22]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
 
Internet Explorer:
==================
HKU\S-1-5-21-2277594783-1135049707-4067570145-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2277594783-1135049707-4067570145-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> c:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-07-24] (McAfee, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
S2 Dodo_Australia Flame Modem Device Helper; C:\Program Files\Dodo Mobile\BackgroundService\ServiceManager.exe [76584 2014-12-11] () [File not signed]
R2 mcmscsvc; C:\Program Files\McAfee\MSC\mcmscsvc.exe [749904 2007-08-04] (McAfee, Inc.)
S2 McNASvc; c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [2376992 2007-07-23] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [378184 2007-07-25] (McAfee, Inc.)
S2 McProxy; c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe [359248 2007-07-16] (McAfee, Inc.)
S2 McShield; C:\Program Files\McAfee\VirusScan\Mcshield.exe [144704 2007-07-24] (McAfee, Inc.)
S4 McSysmon; C:\Program Files\McAfee\VirusScan\mcsysmon.exe [695624 2007-07-25] (McAfee, Inc.)
S2 MpfService; C:\Program Files\McAfee\MPF\MPFSrv.exe [856864 2007-07-19] (McAfee, Inc.)
S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [77480 2008-05-13] () [File not signed]
S2 SNM WLAN Service; C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe [36864 2006-10-30] () [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AlcatelOTDCWwan; C:\WINDOWS\System32\DRIVERS\AlcatelOTDCWwan.sys [134144 2013-06-18] (TCT International Mobile Ltd.)
S3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1334432 2008-10-08] (Atheros Communications, Inc.)
S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [539072 2007-03-23] (Broadcom Corporation.)
S3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37424 2007-03-23] (Broadcom Corporation.)
S3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [876384 2007-03-31] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [149123 2007-03-23] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [67960 2007-03-23] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 DNSeFilter; C:\WINDOWS\System32\drivers\SamsungEDS.sys [30208 2008-01-15] (Samsung Electronics,.LTD) [File not signed]
S2 DOSMEMIO; C:\WINDOWS\system32\MEMIO.SYS [4300 2005-10-27] () [File not signed]
S3 jrdusbser; C:\WINDOWS\System32\DRIVERS\jrdusbser.sys [107904 2013-06-18] (TCT International Mobile Ltd.)
S3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [79304 2007-07-24] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [35240 2007-07-21] (McAfee, Inc.)
S1 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [201288 2007-07-21] (McAfee, Inc.)
S3 mferkdk; C:\WINDOWS\System32\drivers\mferkdk.sys [33800 2007-07-24] (McAfee, Inc.)
S3 mfesmfk; C:\WINDOWS\System32\drivers\mfesmfk.sys [40488 2007-07-21] (McAfee, Inc.)
S1 MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [113952 2007-07-13] (McAfee, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 SUEPD; C:\WINDOWS\System32\DRIVERS\SUE_PD.sys [19840 2006-10-30] (Samsung) [File not signed]
S1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 VMC326; C:\WINDOWS\System32\Drivers\VMC326.sys [238464 2008-09-23] (Vimicro Corporation)
S3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [289024 2008-06-27] (Marvell)
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-23 16:00 - 2016-08-23 16:00 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2016-08-23 15:49 - 2016-08-23 15:38 - 01746432 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2016-08-23 15:47 - 2016-08-23 15:47 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2016-08-23 15:46 - 2016-08-23 18:49 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-08-23 15:46 - 2016-08-23 15:47 - 00000000 ____D C:\Documents and Settings\Administrator
2016-08-23 15:46 - 2008-12-22 20:33 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-08-23 15:46 - 2008-12-22 19:28 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Play Camera Media
2016-08-23 15:46 - 2008-11-12 00:41 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2016-08-23 15:46 - 2008-11-12 00:36 - 00000767 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2016-08-23 15:46 - 2008-11-12 00:36 - 00000738 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
2016-08-23 15:46 - 2008-11-12 00:36 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Pictures
2016-08-23 15:46 - 2008-11-12 00:36 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Music
2016-08-23 15:46 - 2008-11-12 00:36 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents
2016-08-23 15:46 - 2008-11-12 00:35 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}
2016-08-23 15:46 - 2008-11-12 00:32 - 00001599 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2016-08-23 15:45 - 2016-08-23 15:45 - 00113980 _____ C:\WINDOWS\ntbtlog.txt
2016-08-23 15:43 - 2016-08-23 15:38 - 01746432 _____ (Farbar) C:\Documents and Settings\Kevin Gilhooly\Desktop\FRST.exe
2016-08-23 15:40 - 2016-08-23 15:41 - 00000000 ____D C:\FRST
2016-08-19 15:42 - 2008-04-14 00:17 - 00025856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbprint.sys
2016-08-19 15:42 - 2008-04-14 00:17 - 00025856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2016-08-15 10:42 - 2016-08-15 10:42 - 144884648 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-15 10:42 - 2016-08-15 10:42 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-15 07:59 - 2016-08-15 07:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB974571$
2016-08-15 07:59 - 2016-08-15 07:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2016-08-15 07:59 - 2016-08-15 07:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2592799$
2016-08-15 07:58 - 2016-08-15 07:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB977816$
2016-08-15 07:58 - 2016-08-15 07:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB975560$
2016-08-15 07:58 - 2016-08-15 07:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB973507$
2016-08-15 07:58 - 2016-08-15 07:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2016-08-15 07:58 - 2016-08-15 07:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$
2016-08-15 07:58 - 2016-08-15 07:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2535512$
2016-08-15 07:57 - 2016-08-15 07:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB952287$
2016-08-15 07:57 - 2016-08-15 07:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB950762$
2016-08-15 07:57 - 2016-08-15 07:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2016-08-15 07:57 - 2016-08-15 07:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2016-08-15 07:57 - 2016-08-15 07:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$
2016-08-15 07:57 - 2016-08-15 07:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2570947$
2016-08-15 07:56 - 2016-08-15 07:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB978695_WM9$
2016-08-15 07:56 - 2016-08-15 07:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB973904$
2016-08-15 07:56 - 2016-08-15 07:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2016-08-15 07:56 - 2016-08-15 07:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$
2016-08-15 07:56 - 2016-08-15 07:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2603381$
2016-08-15 07:55 - 2016-08-15 07:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB973540_WM9$
2016-08-15 07:55 - 2016-08-15 07:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2016-08-15 07:55 - 2016-08-15 07:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2757638$
2016-08-15 07:55 - 2016-08-15 07:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2653956$
2016-08-15 07:55 - 2016-08-15 07:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2508429$
2016-08-15 07:55 - 2016-08-15 07:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2419632$
2016-08-15 07:54 - 2016-08-15 07:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB974392$
2016-08-15 07:54 - 2016-08-15 07:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB971029$
2016-08-15 07:54 - 2016-08-15 07:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2879017$
2016-08-15 07:54 - 2016-08-15 07:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2749655$
2016-08-15 07:54 - 2016-08-15 07:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2506212$
2016-08-15 07:53 - 2016-08-15 07:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB977914$
2016-08-15 07:53 - 2016-08-15 07:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB952069_WM9$
2016-08-15 07:53 - 2016-08-15 07:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2016-08-15 07:53 - 2016-08-15 07:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2803821-v2_WM9$
2016-08-15 07:53 - 2016-08-15 07:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2698365$
2016-08-15 07:53 - 2016-08-15 07:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2619339$
2016-08-15 07:52 - 2016-08-15 07:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979482$
2016-08-15 07:52 - 2016-08-15 07:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979309$
2016-08-15 07:52 - 2016-08-15 07:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB978542$
2016-08-15 07:52 - 2016-08-15 07:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2727528$
2016-08-15 07:52 - 2016-08-15 07:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2705219-v2$
2016-08-15 07:51 - 2016-08-15 07:51 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2016-08-15 07:51 - 2016-08-15 07:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB981997$
2016-08-15 07:51 - 2016-08-15 07:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB973815$
2016-08-15 07:51 - 2016-08-15 07:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB960803$
2016-08-15 07:51 - 2016-08-15 07:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2934207$
2016-08-15 07:51 - 2016-08-15 07:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2016-08-15 07:51 - 2016-08-15 07:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2723135-v2$
2016-08-15 07:50 - 2016-08-15 07:50 - 00000000 __SHD C:\Documents and Settings\Kevin Gilhooly\IETldCache
2016-08-15 07:50 - 2016-08-15 07:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$
2016-08-15 07:50 - 2016-08-15 07:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2676562$
2016-08-15 07:50 - 2016-08-15 07:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2509553$
2016-08-15 07:50 - 2016-08-15 07:50 - 00000000 ___RD C:\Documents and Settings\Kevin Gilhooly\My Documents\My Pictures
2016-08-15 07:49 - 2016-08-15 07:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB982665$
2016-08-15 07:49 - 2016-08-15 07:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2620712$
2016-08-15 07:49 - 2016-08-15 07:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2478960$
2016-08-15 07:49 - 2016-08-15 07:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2393802$
2016-08-15 07:48 - 2016-08-15 07:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB975467$
2016-08-15 07:48 - 2016-08-15 07:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB968389$
2016-08-15 07:48 - 2016-08-15 07:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2016-08-15 07:48 - 2016-08-15 07:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2661637$
2016-08-15 07:48 - 2016-08-15 07:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2584146$
2016-08-15 07:48 - 2016-08-15 07:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2566454$
2016-08-15 07:48 - 2016-08-15 07:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2423089$
2016-08-15 07:17 - 2016-08-23 15:38 - 00000240 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-08-15 07:17 - 2016-08-15 10:41 - 00000234 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-08-15 07:16 - 2016-08-19 16:04 - 00000408 ____H C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_KEVGIL_Kevin Gilhooly.job
2016-08-15 07:13 - 2016-08-15 07:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB952954$
2016-08-15 07:13 - 2016-08-15 07:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB951376-v2$
2016-08-15 07:13 - 2016-08-15 07:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2922229$
2016-08-15 07:13 - 2016-08-15 07:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2016-08-15 07:12 - 2016-08-15 07:49 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2016-08-15 07:12 - 2016-08-15 07:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB959426$
2016-08-15 07:11 - 2016-08-23 15:39 - 00000431 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2016-08-15 07:10 - 2016-08-15 07:12 - 00000000 __HDC C:\WINDOWS\ie8
2016-08-15 07:09 - 2016-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB960859$
2016-08-15 07:09 - 2016-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB946648$
2016-08-15 07:09 - 2016-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2712808$
2016-08-15 07:09 - 2016-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2479943$
2016-08-15 07:09 - 2016-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2387149$
2016-08-15 07:08 - 2016-08-15 07:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2916036$
2016-08-15 07:08 - 2016-08-15 07:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2016-08-15 07:08 - 2016-08-15 07:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2659262$
2016-08-15 07:08 - 2016-08-15 07:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2564958$
2016-08-15 07:08 - 2016-08-15 07:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2544893-v2$
2016-08-15 07:08 - 2016-08-15 07:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2478971$
2016-08-15 07:07 - 2016-08-15 07:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2016-08-15 07:07 - 2016-08-15 07:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2691442$
2016-08-15 07:07 - 2016-08-15 07:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2631813$
2016-08-15 07:07 - 2016-08-15 07:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2585542$
2016-08-15 07:07 - 2016-08-15 07:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2536276-v2$
2016-08-15 07:07 - 2016-08-15 07:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2296011$
2016-08-15 07:06 - 2016-08-15 07:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB975558_WM8$
2016-08-15 07:06 - 2016-08-15 07:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB974318$
2016-08-15 07:06 - 2016-08-15 07:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB955759$
2016-08-15 07:06 - 2016-08-15 07:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2016-08-15 07:06 - 2016-08-15 07:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2378111_WM9$
2016-08-15 07:06 - 2016-08-15 07:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2115168$
2016-08-15 07:05 - 2016-08-15 07:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB969059$
2016-08-15 07:05 - 2016-08-15 07:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB951978$
2016-08-15 07:05 - 2016-08-15 07:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2802968$
2016-08-15 07:05 - 2016-08-15 07:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2655992$
2016-08-15 07:05 - 2016-08-15 07:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2443105$
2016-08-15 07:04 - 2016-08-15 07:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB975713$
2016-08-15 07:04 - 2016-08-15 07:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB950974$
2016-08-15 07:04 - 2016-08-15 07:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2016-08-15 07:04 - 2016-08-15 07:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2598479$
2016-08-15 07:04 - 2016-08-15 07:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2481109$
2016-08-15 07:04 - 2016-08-15 07:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2229593$
2016-08-15 07:03 - 2016-08-15 07:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB982132$
2016-08-15 07:03 - 2016-08-15 07:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB978338$
2016-08-15 07:03 - 2016-08-15 07:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB971657$
2016-08-15 07:03 - 2016-08-15 07:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2929961$
2016-08-15 07:03 - 2016-08-15 07:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2016-08-15 07:03 - 2016-08-15 07:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2686509$
2016-08-15 07:02 - 2016-08-15 07:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB972270$
2016-08-15 07:02 - 2016-08-15 07:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB954155_WM9$
2016-08-15 07:02 - 2016-08-15 07:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2909212$
2016-08-15 07:02 - 2016-08-15 07:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$
2016-08-15 07:02 - 2016-08-15 07:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2510581$
2016-08-15 07:02 - 2016-08-15 07:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2507938$
2016-08-15 07:01 - 2016-08-15 07:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB974112$
2016-08-15 07:01 - 2016-08-15 07:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB956572$
2016-08-15 07:01 - 2016-08-15 07:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2016-08-15 07:01 - 2016-08-15 07:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2016-08-15 07:01 - 2016-08-15 07:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2347290$
2016-08-15 07:00 - 2016-08-15 07:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979687$
2016-08-15 07:00 - 2016-08-15 07:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB975025$
2016-08-15 07:00 - 2016-08-15 07:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB973869$
2016-08-15 07:00 - 2016-08-15 07:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB956844$
2016-08-15 07:00 - 2016-08-15 07:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2930275$
2016-08-15 07:00 - 2016-08-15 07:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2016-08-15 07:00 - 2016-08-15 07:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2483185$
2016-08-15 06:59 - 2016-08-15 06:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB952004$
2016-08-15 06:59 - 2016-08-15 06:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2719985$
2016-08-14 21:50 - 2008-06-13 12:05 - 00272128 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-08-14 21:50 - 2008-06-13 12:05 - 00272128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bthport.sys
2016-08-14 21:47 - 2011-07-15 14:29 - 00456320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mrxsmb.sys
2016-08-14 21:40 - 2013-07-03 03:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2016-08-14 21:40 - 2013-07-03 02:59 - 00014976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys
2016-08-14 21:36 - 2013-07-17 01:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2016-08-14 21:36 - 2013-07-17 01:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2016-08-14 21:36 - 2013-02-12 01:32 - 00012928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023x.sys
2016-08-14 21:32 - 2014-02-26 02:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2016-08-14 21:32 - 2014-02-26 02:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2016-08-14 21:29 - 2013-08-09 01:55 - 00032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2016-08-14 21:29 - 2013-08-09 01:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2016-08-14 21:27 - 2013-07-04 04:03 - 02149888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2016-08-14 21:27 - 2013-07-04 03:59 - 02193536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2016-08-14 21:27 - 2013-07-04 03:08 - 02070144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2016-08-14 21:27 - 2013-07-04 03:08 - 02028544 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2016-08-14 21:25 - 2012-01-11 20:06 - 00003072 ____N C:\WINDOWS\system32\iacenc.dll
2016-08-14 21:25 - 2012-01-11 20:06 - 00003072 ____C C:\WINDOWS\system32\dllcache\iacenc.dll
2016-08-14 21:20 - 2016-08-15 07:13 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2016-08-14 21:20 - 2016-08-14 21:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB898461$
2016-08-14 21:20 - 2016-08-14 21:20 - 00000000 ____D C:\WINDOWS\system32\PreInstall
2016-08-14 21:20 - 2009-01-07 18:21 - 00026144 _____ (Microsoft Corporation) C:\WINDOWS\system32\spupdsvc.exe
2016-08-14 21:20 - 2009-01-07 18:20 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2016-08-13 20:35 - 2016-08-13 20:35 - 00012328 _____ C:\Documents and Settings\Kevin Gilhooly\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2016-08-13 20:34 - 2016-08-13 20:34 - 00001607 _____ C:\Documents and Settings\All Users\Desktop\Dodo Mobile.lnk
2016-08-13 20:34 - 2016-08-13 20:34 - 00000000 ____D C:\Program Files\Dodo Mobile
2016-08-13 20:34 - 2016-08-13 20:34 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Dodo Mobile
2016-08-13 20:34 - 2013-06-18 11:31 - 00134144 _____ (TCT International Mobile Ltd.) C:\WINDOWS\system32\Drivers\AlcatelOTDCWwan.sys
2016-08-13 20:34 - 2013-06-18 11:31 - 00107904 _____ (TCT International Mobile Ltd.) C:\WINDOWS\system32\Drivers\jrdusbser.sys
2016-08-13 20:34 - 2008-04-14 00:10 - 00057600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\redbook.sys
2016-08-13 20:34 - 2008-04-14 00:10 - 00057600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\redbook.sys
2016-08-13 18:05 - 2016-08-13 18:05 - 00000000 ____D C:\Documents and Settings\Kevin Gilhooly\Application Data\Adobe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-23 15:46 - 2008-11-11 16:23 - 00000000 ____D C:\Documents and Settings
2016-08-23 15:44 - 2009-02-22 05:21 - 00000178 ___SH C:\Documents and Settings\Kevin Gilhooly\ntuser.ini
2016-08-23 15:44 - 2008-11-12 00:47 - 00001709 _____ C:\WINDOWS\system32\Config.MPF
2016-08-23 15:44 - 2008-11-12 00:35 - 00009512 _____ C:\WINDOWS\SchedLgU.Txt
2016-08-23 15:44 - 2008-11-12 00:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-23 15:43 - 2009-02-22 05:21 - 00000000 ____D C:\Documents and Settings\Kevin Gilhooly\Local Settings\Temp
2016-08-23 15:38 - 2008-11-11 23:11 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2016-08-19 15:42 - 2008-11-11 16:18 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2016-08-15 10:57 - 2008-11-12 00:43 - 00002431 _____ C:\Documents and Settings\All Users\Desktop\Samsung Network Manager.lnk
2016-08-15 10:57 - 2008-11-11 16:18 - 00000000 ___HD C:\WINDOWS\inf
2016-08-15 07:52 - 2008-11-12 00:30 - 00000000 ____D C:\Program Files\Outlook Express
2016-08-15 07:52 - 2008-11-12 00:30 - 00000000 ____D C:\Program Files\Movie Maker
2016-08-15 07:51 - 2009-02-22 05:21 - 00000803 _____ C:\Documents and Settings\Kevin Gilhooly\Start Menu\Programs\Internet Explorer.lnk
2016-08-15 07:51 - 2008-11-12 00:35 - 00000000 __SHD C:\Documents and Settings\LocalService
2016-08-15 07:50 - 2009-02-22 05:21 - 00000000 ___RD C:\Documents and Settings\Kevin Gilhooly\My Documents\My Music
2016-08-15 07:50 - 2009-02-22 05:21 - 00000000 ___RD C:\Documents and Settings\Kevin Gilhooly\My Documents
2016-08-15 07:50 - 2009-02-22 05:21 - 00000000 ____D C:\Documents and Settings\Kevin Gilhooly
2016-08-15 07:50 - 2008-11-11 16:23 - 00090296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-15 07:50 - 2008-11-11 16:18 - 00000000 ____D C:\WINDOWS\Help
2016-08-15 07:18 - 2008-11-11 16:24 - 00355944 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-15 07:17 - 2008-11-11 16:18 - 00000000 ____D C:\WINDOWS\security
2016-08-15 07:13 - 2008-11-11 16:24 - 00001374 _____ C:\WINDOWS\imsins.BAK
2016-08-15 07:12 - 2008-11-11 16:18 - 00000000 ____D C:\WINDOWS\Media
2016-08-15 07:09 - 2008-11-12 00:28 - 00000000 ____D C:\Program Files\Messenger
2016-08-13 22:08 - 2008-11-12 00:43 - 00000000 ____D C:\WINDOWS\WinClon
2016-08-13 20:58 - 2008-11-12 00:29 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Games
2016-08-13 20:58 - 2008-11-12 00:28 - 00000000 ____D C:\Program Files\Windows NT
2016-08-13 17:44 - 2008-11-12 00:44 - 00000000 ____D C:\Program Files\McAfee
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-08-2016 01
Ran by Administrator (23-08-2016 18:51:07)
Running from E:\
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2009-02-22 04:21:11)
Boot Mode: Safe Mode (minimal)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2277594783-1135049707-4067570145-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-2277594783-1135049707-4067570145-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-2277594783-1135049707-4067570145-1004 - Limited - Disabled)
Kevin Gilhooly (S-1-5-21-2277594783-1135049707-4067570145-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Kevin Gilhooly
SUPPORT_388945a0 (S-1-5-21-2277594783-1135049707-4067570145-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee VirusScan (Disabled - Out of date) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall (Disabled) {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Atheros WLAN Client (HKLM\...\{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}) (Version: 18.00.0000 - WLAN)
Dodo Mobile (HKLM\...\Dodo_Australia Flame Dodo Mobile_is1) (Version:  - Dodo_Australia)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung)
imagine digital freedom - Samsung (HKLM\...\{8E106A57-A17E-431D-B48F-175E42EB9F74}) (Version: 1.0.2.2 - Samsung Electronics Co. Ltd.,)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
J2SE Runtime Environment 5.0 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150000}) (Version: 1.5.0 - Sun Microsystems, Inc.)
Magic Keyboard (HKLM\...\{BD723E53-A42C-4702-AA04-1D74A0311590}) (Version: 7.0.2.0 - )
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 10.62.1.3 - Marvell)
McAfee SecurityCenter (HKLM\...\MSC) (Version:  - McAfee, Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Namuga 1.3M Webcam (HKLM\...\{71A51B59-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
Play Camera (HKLM\...\InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}) (Version: 2.0.0.13 - Samsung Electronics)
Play Camera (Version: 2.0.0.13 - Samsung Electronics) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5693 - Realtek Semiconductor Corp.)
Samsung Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 1.00 - )
Samsung EDS (HKLM\...\{ABB14904-A11B-4F42-996C-80FD608A0F17}) (Version: 1.00.0000 - Samsung Electronics)
Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 4.00 - )
Samsung Network Manager 2.0 (HKLM\...\InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}) (Version: 2.0.5.0 - Samsung)
Samsung Network Manager 2.0 (Version: 2.0.5.0 - Samsung) Hidden
Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.6 - Samsung)
Samsung Update Plus (HKLM\...\InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}) (Version: 1.2.0.13 - Samsung Electronics Co., LTD)
Samsung Update Plus (Version: 1.2.0.13 - Samsung Electronics Co., LTD) Hidden
Samsung Wallpaper (HKLM\...\{5CBB720F-08E6-4043-B83F-76C277AF6DE7}) (Version: 2.0.0.0 - Samsung Electronics)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.2 - Synaptics)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.1.0.3300 -  )
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\McDefragTask.job => c:\PROGRA~1\mcafee\mqc\QcConsol.exe C:\WINDOWS\system32\defrag.exe
Task: C:\WINDOWS\Tasks\McQcTask.job => c:\PROGRA~1\mcafee\mqc\QcConsol.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_KEVGIL_Kevin Gilhooly.job => C:\WINDOWS\system32\mobsync.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
 
==================== Alternate Data Streams (Whitelisted) =========
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2008-11-11 23:11 - 2008-04-14 13:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2277594783-1135049707-4067570145-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\SamsungWallpaper.bmp
DNS Servers: Media is not connected to internet.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
StandardProfile\AuthorizedApplications: [C:\Program Files\Internet Explorer\IEXPLORE.EXE] => Enabled:Internet Explorer
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe] => Enabled:McAfee Network Agent
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
==================== Restore Points =========================
 
13-08-2016 18:24:49 System Checkpoint
14-08-2016 21:20:48 Software Distribution Service 3.0
15-08-2016 07:47:52 Software Distribution Service 3.0
15-08-2016 10:42:18 Software Distribution Service 3.0
19-08-2016 16:06:46 System Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/23/2016 03:42:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 21.8.2016.1, faulting module frst.exe, version 21.8.2016.1, fault address 0x0002108d.
Processing media-specific event for [frst.exe!ws!]
        
 
System errors:
=============
Error: (08/23/2016 06:47:16 PM) (Source: DCOM) (EventID: 10005) (User: KEVGIL)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (08/23/2016 03:48:48 PM) (Source: DCOM) (EventID: 10005) (User: KEVGIL)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (08/23/2016 03:47:58 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service McNASvc with arguments ""
in order to run the server:
{24F616A1-B755-4053-8018-C3425DC8B68A}
 
Error: (08/23/2016 03:47:57 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service McNASvc with arguments ""
in order to run the server:
{24F616A1-B755-4053-8018-C3425DC8B68A}
 
Error: (08/23/2016 03:47:21 PM) (Source: DCOM) (EventID: 10005) (User: KEVGIL)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
 
Error: (08/23/2016 03:47:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AFD
Fips
intelppm
IPSec
mfehidk
MPFP
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
Tcpip6
 
Error: (08/23/2016 03:47:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: 
%%31 = A device attached to the system is not functioning.
 
Error: (08/23/2016 03:47:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol Driver service which failed to start because of the following error: 
%%31 = A device attached to the system is not functioning.
 
Error: (08/23/2016 03:47:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: 
%%31 = A device attached to the system is not functioning.
 
Error: (08/23/2016 03:47:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
%%31 = A device attached to the system is not functioning.
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Atom™ CPU N270 @ 1.60GHz
Percentage of memory in use: 18%
Total physical RAM: 1014.36 MB
Available physical RAM: 822.74 MB
Total Virtual: 2445.19 MB
Available Virtual: 2352.47 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:71.04 GB) (Free:65.38 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:72 GB) (Free:35.51 GB) NTFS
Drive e: (TRANSCEND) (Removable) (Total:7.53 GB) (Free:7.53 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: AA0213BA)
Partition 1: (Not Active) - (Size=6 GB) - (Type=12)
Partition 2: (Active) - (Size=71 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=72 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)
 
==================== End of Addition.txt ============================
 
 
 
 
 

 

 

 


  • 0

Advertisements


#2
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts
Hi clusta,

Welcome to :welcome:. My name is Jr0x and I'll be helping you with your problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

Before we get started, there are a few things I need you to take note of.
  • Please read through the instructions before attempting to follow those procedures. I would recommend printing them out as some of the instructions would requires you to be in safe mode / offline.
  • If there is anything you are unclear of, please ask before you start the fix.
  • Do not run any scripts / tools on your own, unsupervised usage may cause more harm than good.
  • Please stay with me on this thread, do not start another thread in here (Geeks To Go) or any other forum until I've declared you clean and good to go.
  • There may be delayed response to you as we may live in different timezone.
  • Inform me of anything that happens unexpectedly during the fix at any point of time.
  • As much as we like to make this a easy process for you. Malware removal is a complex multi-step process, and things may happen such as data loss or render your machine unbootable. I would recommend that you backup your personal data before we proceed.
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.
Let's get started.



am still unable to get any sort of any network connection to the internet. It is a strange co-incidence, but at the same time both devices were infected, my phone line has also experienced a fault, and is no longer working. According to my phone line provider, the fault is due to be fixed within the next 24 hours.


As I can see from your log, did you boot into Safe Mode knowingly or you are not able to boot into normal mode?

If you are in Safe Mode without network, then you will not be able to connect to internet be it through LAN or wireless.

As for your phone line, are you referring to your Internet Service Provider (ISP). If you are not sure what ISP is, it's the company that you subscribed to for your internet connection.

Since your log is a couple of day old, I would require you to post a more updated log and in normal mode if that is possible. Do note that you are required to run FRST from your Desktop.

FRST.gif Scan with Farbar's Recovery Scan Tool (FRST)

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Let me know if you are facing any issue following the instruction.
  • 0

#3
clutsta

clutsta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Hi there, yep ISP is my Internet Service Provider. I can boot in normal mode, but there's still absolutely zero access to any network connection.  

 

FRST will not "run as". It comes up with an "Autolt Error - Unable to open the script file".

 

Here's a normal mode/Scan log below:

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-08-2016 01

Ran by Kevin Gilhooly (administrator) on KEVGIL (29-08-2016 11:33:53)
Running from C:\Documents and Settings\Kevin Gilhooly\Desktop
Loaded Profiles: Kevin Gilhooly (Available Profiles: Kevin Gilhooly)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.5.0\bin\jusched.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Samsung Electronics,.LTD) C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
() C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
() C:\Program Files\Dodo Mobile\BackgroundService\ModemListener.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(SAMSUNG Electronics Co., Ltd.) C:\Program Files\Samsung\MagicKBD\MagicKBD.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\MagicKBD\PerformanceManager.exe
() C:\Program Files\Dodo Mobile\BackgroundService\ServiceManager.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
(McAfee, Inc.) C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
(McAfee, Inc.) C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
(McAfee, Inc.) C:\Program Files\McAfee\MPF\MpfSrv.exe
() C:\Program Files\Samsung\Samsung Network Manager\SNMWLANService.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre1.5.0\bin\jusched.exe [36972 2008-11-12] (Sun Microsystems, Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16851456 2008-08-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2008-06-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [EDS] => C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe [659456 2007-12-21] (Samsung Electronics,.LTD)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1044480 2008-08-28] (Synaptics, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [DMHotKey] => C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe [466944 2006-12-28] (SAMSUNG Electronics)
HKLM\...\Run: [BatteryManager] => C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe [2768896 2008-10-20] ()
HKLM\...\Run: [MagicKeyboard] => C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe [151552 2006-05-15] ()
HKLM\...\Run: [mcagent_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [582992 2007-08-04] (McAfee, Inc.)
HKLM\...\Run: [Dodo_Australia Flame ModemListener] => C:\Program Files\Dodo Mobile\BackgroundService\ModemListener.exe [169768 2015-01-04] ()
HKU\S-1-5-21-2277594783-1135049707-4067570145-1005\...\MountPoints2: {2155564d-6175-11e6-9477-001377b34e37} - E:\autorun.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk [2009-02-22]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
 
Internet Explorer:
==================
HKU\S-1-5-21-2277594783-1135049707-4067570145-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.au/
HKU\S-1-5-21-2277594783-1135049707-4067570145-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> c:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-07-24] (McAfee, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
R2 Dodo_Australia Flame Modem Device Helper; C:\Program Files\Dodo Mobile\BackgroundService\ServiceManager.exe [76584 2014-12-11] () [File not signed]
R2 mcmscsvc; C:\Program Files\McAfee\MSC\mcmscsvc.exe [749904 2007-08-04] (McAfee, Inc.)
R2 McNASvc; c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [2376992 2007-07-23] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [378184 2007-07-25] (McAfee, Inc.)
R2 McProxy; c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe [359248 2007-07-16] (McAfee, Inc.)
R2 McShield; C:\Program Files\McAfee\VirusScan\Mcshield.exe [144704 2007-07-24] (McAfee, Inc.)
S4 McSysmon; C:\Program Files\McAfee\VirusScan\mcsysmon.exe [695624 2007-07-25] (McAfee, Inc.)
R2 MpfService; C:\Program Files\McAfee\MPF\MPFSrv.exe [856864 2007-07-19] (McAfee, Inc.)
S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [77480 2008-05-13] () [File not signed]
R2 SNM WLAN Service; C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe [36864 2006-10-30] () [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AlcatelOTDCWwan; C:\WINDOWS\System32\DRIVERS\AlcatelOTDCWwan.sys [134144 2013-06-18] (TCT International Mobile Ltd.)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1334432 2008-10-08] (Atheros Communications, Inc.)
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [539072 2007-03-23] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37424 2007-03-23] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [876384 2007-03-31] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [149123 2007-03-23] (Broadcom Corporation.)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [67960 2007-03-23] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 DNSeFilter; C:\WINDOWS\System32\drivers\SamsungEDS.sys [30208 2008-01-15] (Samsung Electronics,.LTD) [File not signed]
R2 DOSMEMIO; C:\WINDOWS\system32\MEMIO.SYS [4300 2005-10-27] () [File not signed]
S3 jrdusbser; C:\WINDOWS\System32\DRIVERS\jrdusbser.sys [107904 2013-06-18] (TCT International Mobile Ltd.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [79304 2007-07-24] (McAfee, Inc.)
R3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [35240 2007-07-21] (McAfee, Inc.)
R1 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [201288 2007-07-21] (McAfee, Inc.)
S3 mferkdk; C:\WINDOWS\System32\drivers\mferkdk.sys [33800 2007-07-24] (McAfee, Inc.)
S3 mfesmfk; C:\WINDOWS\System32\drivers\mfesmfk.sys [40488 2007-07-21] (McAfee, Inc.)
R1 MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [113952 2007-07-13] (McAfee, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 SUEPD; C:\WINDOWS\System32\DRIVERS\SUE_PD.sys [19840 2006-10-30] (Samsung) [File not signed]
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
R3 VMC326; C:\WINDOWS\System32\Drivers\VMC326.sys [238464 2008-09-23] (Vimicro Corporation)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [289024 2008-06-27] (Marvell)
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-29 11:33 - 2016-08-29 11:34 - 00009326 _____ C:\Documents and Settings\Kevin Gilhooly\Desktop\FRST.txt
2016-08-24 21:16 - 2016-08-24 21:16 - 00000000 __SHD C:\Documents and Settings\Kevin Gilhooly\PrivacIE
2016-08-23 19:07 - 2016-08-23 19:07 - 00000000 ____D C:\WINDOWS\_swf_imagine digital freedom_work
2016-08-23 16:00 - 2016-08-23 16:00 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2016-08-23 15:49 - 2016-08-23 15:38 - 01746432 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2016-08-23 15:47 - 2016-08-23 15:47 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2016-08-23 15:46 - 2016-08-23 18:51 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-08-23 15:46 - 2016-08-23 15:47 - 00000000 ____D C:\Documents and Settings\Administrator
2016-08-23 15:46 - 2008-12-22 20:33 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-08-23 15:46 - 2008-12-22 19:28 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Play Camera Media
2016-08-23 15:46 - 2008-11-12 00:41 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2016-08-23 15:46 - 2008-11-12 00:36 - 00000767 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2016-08-23 15:46 - 2008-11-12 00:36 - 00000738 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
2016-08-23 15:46 - 2008-11-12 00:36 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Pictures
2016-08-23 15:46 - 2008-11-12 00:36 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Music
2016-08-23 15:46 - 2008-11-12 00:36 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents
2016-08-23 15:46 - 2008-11-12 00:35 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}
2016-08-23 15:46 - 2008-11-12 00:32 - 00001599 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2016-08-23 15:45 - 2016-08-23 18:56 - 00114060 _____ C:\WINDOWS\ntbtlog.txt
2016-08-23 15:43 - 2016-08-23 15:38 - 01746432 _____ (Farbar) C:\Documents and Settings\Kevin Gilhooly\Desktop\FRST.exe
2016-08-23 15:40 - 2016-08-29 11:33 - 00000000 ____D C:\FRST
2016-08-19 15:42 - 2008-04-14 00:17 - 00025856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbprint.sys
2016-08-19 15:42 - 2008-04-14 00:17 - 00025856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2016-08-15 10:42 - 2016-08-15 10:42 - 144884648 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-15 10:42 - 2016-08-15 10:42 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-15 07:59 - 2016-08-15 07:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB974571$
2016-08-15 07:59 - 2016-08-15 07:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2016-08-15 07:59 - 2016-08-15 07:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2592799$
2016-08-15 07:58 - 2016-08-15 07:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB977816$
2016-08-15 07:58 - 2016-08-15 07:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB975560$
2016-08-15 07:58 - 2016-08-15 07:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB973507$
2016-08-15 07:58 - 2016-08-15 07:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2016-08-15 07:58 - 2016-08-15 07:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$
2016-08-15 07:58 - 2016-08-15 07:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2535512$
2016-08-15 07:57 - 2016-08-15 07:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB952287$
2016-08-15 07:57 - 2016-08-15 07:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB950762$
2016-08-15 07:57 - 2016-08-15 07:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2016-08-15 07:57 - 2016-08-15 07:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2016-08-15 07:57 - 2016-08-15 07:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$
2016-08-15 07:57 - 2016-08-15 07:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2570947$
2016-08-15 07:56 - 2016-08-15 07:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB978695_WM9$
2016-08-15 07:56 - 2016-08-15 07:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB973904$
2016-08-15 07:56 - 2016-08-15 07:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2016-08-15 07:56 - 2016-08-15 07:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$
2016-08-15 07:56 - 2016-08-15 07:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2603381$
2016-08-15 07:55 - 2016-08-15 07:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB973540_WM9$
2016-08-15 07:55 - 2016-08-15 07:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2016-08-15 07:55 - 2016-08-15 07:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2757638$
2016-08-15 07:55 - 2016-08-15 07:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2653956$
2016-08-15 07:55 - 2016-08-15 07:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2508429$
2016-08-15 07:55 - 2016-08-15 07:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2419632$
2016-08-15 07:54 - 2016-08-15 07:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB974392$
2016-08-15 07:54 - 2016-08-15 07:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB971029$
2016-08-15 07:54 - 2016-08-15 07:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2879017$
2016-08-15 07:54 - 2016-08-15 07:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2749655$
2016-08-15 07:54 - 2016-08-15 07:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2506212$
2016-08-15 07:53 - 2016-08-15 07:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB977914$
2016-08-15 07:53 - 2016-08-15 07:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB952069_WM9$
2016-08-15 07:53 - 2016-08-15 07:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2016-08-15 07:53 - 2016-08-15 07:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2803821-v2_WM9$
2016-08-15 07:53 - 2016-08-15 07:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2698365$
2016-08-15 07:53 - 2016-08-15 07:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2619339$
2016-08-15 07:52 - 2016-08-15 07:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979482$
2016-08-15 07:52 - 2016-08-15 07:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979309$
2016-08-15 07:52 - 2016-08-15 07:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB978542$
2016-08-15 07:52 - 2016-08-15 07:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2727528$
2016-08-15 07:52 - 2016-08-15 07:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2705219-v2$
2016-08-15 07:51 - 2016-08-15 07:51 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2016-08-15 07:51 - 2016-08-15 07:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB981997$
2016-08-15 07:51 - 2016-08-15 07:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB973815$
2016-08-15 07:51 - 2016-08-15 07:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB960803$
2016-08-15 07:51 - 2016-08-15 07:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2934207$
2016-08-15 07:51 - 2016-08-15 07:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2016-08-15 07:51 - 2016-08-15 07:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2723135-v2$
2016-08-15 07:50 - 2016-08-15 07:50 - 00000000 __SHD C:\Documents and Settings\Kevin Gilhooly\IETldCache
2016-08-15 07:50 - 2016-08-15 07:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$
2016-08-15 07:50 - 2016-08-15 07:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2676562$
2016-08-15 07:50 - 2016-08-15 07:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2509553$
2016-08-15 07:50 - 2016-08-15 07:50 - 00000000 ___RD C:\Documents and Settings\Kevin Gilhooly\My Documents\My Pictures
2016-08-15 07:49 - 2016-08-15 07:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB982665$
2016-08-15 07:49 - 2016-08-15 07:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2620712$
2016-08-15 07:49 - 2016-08-15 07:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2478960$
2016-08-15 07:49 - 2016-08-15 07:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2393802$
2016-08-15 07:48 - 2016-08-15 07:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB975467$
2016-08-15 07:48 - 2016-08-15 07:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB968389$
2016-08-15 07:48 - 2016-08-15 07:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2016-08-15 07:48 - 2016-08-15 07:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2661637$
2016-08-15 07:48 - 2016-08-15 07:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2584146$
2016-08-15 07:48 - 2016-08-15 07:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2566454$
2016-08-15 07:48 - 2016-08-15 07:48 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2423089$
2016-08-15 07:17 - 2016-08-24 21:22 - 00000240 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-08-15 07:17 - 2016-08-15 10:41 - 00000234 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-08-15 07:16 - 2016-08-29 11:32 - 00000408 ____H C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_KEVGIL_Kevin Gilhooly.job
2016-08-15 07:13 - 2016-08-15 07:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB952954$
2016-08-15 07:13 - 2016-08-15 07:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB951376-v2$
2016-08-15 07:13 - 2016-08-15 07:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2922229$
2016-08-15 07:13 - 2016-08-15 07:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2016-08-15 07:12 - 2016-08-15 07:49 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2016-08-15 07:12 - 2016-08-15 07:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB959426$
2016-08-15 07:11 - 2016-08-24 21:23 - 00000432 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2016-08-15 07:10 - 2016-08-15 07:12 - 00000000 __HDC C:\WINDOWS\ie8
2016-08-15 07:09 - 2016-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB960859$
2016-08-15 07:09 - 2016-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB946648$
2016-08-15 07:09 - 2016-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2712808$
2016-08-15 07:09 - 2016-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2479943$
2016-08-15 07:09 - 2016-08-15 07:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2387149$
2016-08-15 07:08 - 2016-08-15 07:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2916036$
2016-08-15 07:08 - 2016-08-15 07:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2016-08-15 07:08 - 2016-08-15 07:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2659262$
2016-08-15 07:08 - 2016-08-15 07:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2564958$
2016-08-15 07:08 - 2016-08-15 07:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2544893-v2$
2016-08-15 07:08 - 2016-08-15 07:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2478971$
2016-08-15 07:07 - 2016-08-15 07:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2016-08-15 07:07 - 2016-08-15 07:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2691442$
2016-08-15 07:07 - 2016-08-15 07:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2631813$
2016-08-15 07:07 - 2016-08-15 07:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2585542$
2016-08-15 07:07 - 2016-08-15 07:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2536276-v2$
2016-08-15 07:07 - 2016-08-15 07:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2296011$
2016-08-15 07:06 - 2016-08-15 07:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB975558_WM8$
2016-08-15 07:06 - 2016-08-15 07:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB974318$
2016-08-15 07:06 - 2016-08-15 07:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB955759$
2016-08-15 07:06 - 2016-08-15 07:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2016-08-15 07:06 - 2016-08-15 07:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2378111_WM9$
2016-08-15 07:06 - 2016-08-15 07:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2115168$
2016-08-15 07:05 - 2016-08-15 07:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB969059$
2016-08-15 07:05 - 2016-08-15 07:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB951978$
2016-08-15 07:05 - 2016-08-15 07:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2802968$
2016-08-15 07:05 - 2016-08-15 07:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2655992$
2016-08-15 07:05 - 2016-08-15 07:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2443105$
2016-08-15 07:04 - 2016-08-15 07:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB975713$
2016-08-15 07:04 - 2016-08-15 07:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB950974$
2016-08-15 07:04 - 2016-08-15 07:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2016-08-15 07:04 - 2016-08-15 07:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2598479$
2016-08-15 07:04 - 2016-08-15 07:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2481109$
2016-08-15 07:04 - 2016-08-15 07:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2229593$
2016-08-15 07:03 - 2016-08-15 07:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB982132$
2016-08-15 07:03 - 2016-08-15 07:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB978338$
2016-08-15 07:03 - 2016-08-15 07:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB971657$
2016-08-15 07:03 - 2016-08-15 07:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2929961$
2016-08-15 07:03 - 2016-08-15 07:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2016-08-15 07:03 - 2016-08-15 07:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2686509$
2016-08-15 07:02 - 2016-08-15 07:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB972270$
2016-08-15 07:02 - 2016-08-15 07:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB954155_WM9$
2016-08-15 07:02 - 2016-08-15 07:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2909212$
2016-08-15 07:02 - 2016-08-15 07:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$
2016-08-15 07:02 - 2016-08-15 07:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2510581$
2016-08-15 07:02 - 2016-08-15 07:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2507938$
2016-08-15 07:01 - 2016-08-15 07:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB974112$
2016-08-15 07:01 - 2016-08-15 07:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB956572$
2016-08-15 07:01 - 2016-08-15 07:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2016-08-15 07:01 - 2016-08-15 07:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2016-08-15 07:01 - 2016-08-15 07:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2347290$
2016-08-15 07:00 - 2016-08-15 07:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979687$
2016-08-15 07:00 - 2016-08-15 07:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB975025$
2016-08-15 07:00 - 2016-08-15 07:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB973869$
2016-08-15 07:00 - 2016-08-15 07:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB956844$
2016-08-15 07:00 - 2016-08-15 07:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2930275$
2016-08-15 07:00 - 2016-08-15 07:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2016-08-15 07:00 - 2016-08-15 07:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2483185$
2016-08-15 06:59 - 2016-08-15 06:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB952004$
2016-08-15 06:59 - 2016-08-15 06:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2719985$
2016-08-14 21:50 - 2008-06-13 12:05 - 00272128 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-08-14 21:50 - 2008-06-13 12:05 - 00272128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bthport.sys
2016-08-14 21:47 - 2011-07-15 14:29 - 00456320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mrxsmb.sys
2016-08-14 21:40 - 2013-07-03 03:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2016-08-14 21:40 - 2013-07-03 02:59 - 00014976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys
2016-08-14 21:36 - 2013-07-17 01:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2016-08-14 21:36 - 2013-07-17 01:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2016-08-14 21:36 - 2013-02-12 01:32 - 00012928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023x.sys
2016-08-14 21:32 - 2014-02-26 02:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2016-08-14 21:32 - 2014-02-26 02:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2016-08-14 21:29 - 2013-08-09 01:55 - 00032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2016-08-14 21:29 - 2013-08-09 01:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2016-08-14 21:27 - 2013-07-04 04:03 - 02149888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2016-08-14 21:27 - 2013-07-04 03:59 - 02193536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2016-08-14 21:27 - 2013-07-04 03:08 - 02070144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2016-08-14 21:27 - 2013-07-04 03:08 - 02028544 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2016-08-14 21:25 - 2012-01-11 20:06 - 00003072 ____N C:\WINDOWS\system32\iacenc.dll
2016-08-14 21:25 - 2012-01-11 20:06 - 00003072 ____C C:\WINDOWS\system32\dllcache\iacenc.dll
2016-08-14 21:20 - 2016-08-15 07:13 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2016-08-14 21:20 - 2016-08-14 21:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB898461$
2016-08-14 21:20 - 2016-08-14 21:20 - 00000000 ____D C:\WINDOWS\system32\PreInstall
2016-08-14 21:20 - 2009-01-07 18:21 - 00026144 _____ (Microsoft Corporation) C:\WINDOWS\system32\spupdsvc.exe
2016-08-14 21:20 - 2009-01-07 18:20 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2016-08-13 20:35 - 2016-08-13 20:35 - 00012328 _____ C:\Documents and Settings\Kevin Gilhooly\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2016-08-13 20:34 - 2016-08-13 20:34 - 00001607 _____ C:\Documents and Settings\All Users\Desktop\Dodo Mobile.lnk
2016-08-13 20:34 - 2016-08-13 20:34 - 00000000 ____D C:\Program Files\Dodo Mobile
2016-08-13 20:34 - 2016-08-13 20:34 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Dodo Mobile
2016-08-13 20:34 - 2013-06-18 11:31 - 00134144 _____ (TCT International Mobile Ltd.) C:\WINDOWS\system32\Drivers\AlcatelOTDCWwan.sys
2016-08-13 20:34 - 2013-06-18 11:31 - 00107904 _____ (TCT International Mobile Ltd.) C:\WINDOWS\system32\Drivers\jrdusbser.sys
2016-08-13 20:34 - 2008-04-14 00:10 - 00057600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\redbook.sys
2016-08-13 20:34 - 2008-04-14 00:10 - 00057600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\redbook.sys
2016-08-13 18:05 - 2016-08-13 18:05 - 00000000 ____D C:\Documents and Settings\Kevin Gilhooly\Application Data\Adobe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-29 11:34 - 2009-02-22 05:21 - 00000000 ____D C:\Documents and Settings\Kevin Gilhooly\Local Settings\Temp
2016-08-24 21:22 - 2008-11-12 00:35 - 00015408 _____ C:\WINDOWS\SchedLgU.Txt
2016-08-24 21:22 - 2008-11-12 00:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-24 21:21 - 2009-02-22 05:21 - 00000178 ___SH C:\Documents and Settings\Kevin Gilhooly\ntuser.ini
2016-08-24 21:21 - 2008-11-12 00:47 - 00001709 _____ C:\WINDOWS\system32\Config.MPF
2016-08-24 21:17 - 2008-11-11 16:18 - 00000000 ____D C:\WINDOWS\Network Diagnostic
2016-08-24 21:16 - 2009-02-22 05:21 - 00000000 ____D C:\Documents and Settings\Kevin Gilhooly
2016-08-23 15:46 - 2008-11-11 16:23 - 00000000 ____D C:\Documents and Settings
2016-08-23 15:38 - 2008-11-11 23:11 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2016-08-19 15:42 - 2008-11-11 16:18 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2016-08-15 10:57 - 2008-11-12 00:43 - 00002431 _____ C:\Documents and Settings\All Users\Desktop\Samsung Network Manager.lnk
2016-08-15 10:57 - 2008-11-11 16:18 - 00000000 ___HD C:\WINDOWS\inf
2016-08-15 07:52 - 2008-11-12 00:30 - 00000000 ____D C:\Program Files\Outlook Express
2016-08-15 07:52 - 2008-11-12 00:30 - 00000000 ____D C:\Program Files\Movie Maker
2016-08-15 07:51 - 2009-02-22 05:21 - 00000803 _____ C:\Documents and Settings\Kevin Gilhooly\Start Menu\Programs\Internet Explorer.lnk
2016-08-15 07:51 - 2008-11-12 00:35 - 00000000 __SHD C:\Documents and Settings\LocalService
2016-08-15 07:50 - 2009-02-22 05:21 - 00000000 ___RD C:\Documents and Settings\Kevin Gilhooly\My Documents\My Music
2016-08-15 07:50 - 2009-02-22 05:21 - 00000000 ___RD C:\Documents and Settings\Kevin Gilhooly\My Documents
2016-08-15 07:50 - 2008-11-11 16:23 - 00090296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-15 07:50 - 2008-11-11 16:18 - 00000000 ____D C:\WINDOWS\Help
2016-08-15 07:18 - 2008-11-11 16:24 - 00355944 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-15 07:17 - 2008-11-11 16:18 - 00000000 ____D C:\WINDOWS\security
2016-08-15 07:13 - 2008-11-11 16:24 - 00001374 _____ C:\WINDOWS\imsins.BAK
2016-08-15 07:12 - 2008-11-11 16:18 - 00000000 ____D C:\WINDOWS\Media
2016-08-15 07:09 - 2008-11-12 00:28 - 00000000 ____D C:\Program Files\Messenger
2016-08-13 22:08 - 2008-11-12 00:43 - 00000000 ____D C:\WINDOWS\WinClon
2016-08-13 20:58 - 2008-11-12 00:29 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Games
2016-08-13 20:58 - 2008-11-12 00:28 - 00000000 ____D C:\Program Files\Windows NT
2016-08-13 17:44 - 2008-11-12 00:44 - 00000000 ____D C:\Program Files\McAfee
 
==================== Files in the root of some directories =======
 
2016-08-15 07:49 - 2016-08-15 07:49 - 0000082 _____ () C:\Documents and Settings\Kevin Gilhooly\Local Settings\Application Data\FASTWiz.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-08-2016 01
Ran by Kevin Gilhooly (29-08-2016 11:35:26)
Running from C:\Documents and Settings\Kevin Gilhooly\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2009-02-22 04:21:11)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2277594783-1135049707-4067570145-500 - Administrator - Enabled)
Guest (S-1-5-21-2277594783-1135049707-4067570145-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-2277594783-1135049707-4067570145-1004 - Limited - Disabled)
Kevin Gilhooly (S-1-5-21-2277594783-1135049707-4067570145-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Kevin Gilhooly
SUPPORT_388945a0 (S-1-5-21-2277594783-1135049707-4067570145-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee VirusScan (Enabled - Out of date) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall (Disabled) {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Atheros WLAN Client (HKLM\...\{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}) (Version: 18.00.0000 - WLAN)
Dodo Mobile (HKLM\...\Dodo_Australia Flame Dodo Mobile_is1) (Version:  - Dodo_Australia)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung)
imagine digital freedom - Samsung (HKLM\...\{8E106A57-A17E-431D-B48F-175E42EB9F74}) (Version: 1.0.2.2 - Samsung Electronics Co. Ltd.,)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
J2SE Runtime Environment 5.0 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150000}) (Version: 1.5.0 - Sun Microsystems, Inc.)
Magic Keyboard (HKLM\...\{BD723E53-A42C-4702-AA04-1D74A0311590}) (Version: 7.0.2.0 - )
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 10.62.1.3 - Marvell)
McAfee SecurityCenter (HKLM\...\MSC) (Version:  - McAfee, Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Namuga 1.3M Webcam (HKLM\...\{71A51B59-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
Play Camera (HKLM\...\InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}) (Version: 2.0.0.13 - Samsung Electronics)
Play Camera (Version: 2.0.0.13 - Samsung Electronics) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5693 - Realtek Semiconductor Corp.)
Samsung Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 1.00 - )
Samsung EDS (HKLM\...\{ABB14904-A11B-4F42-996C-80FD608A0F17}) (Version: 1.00.0000 - Samsung Electronics)
Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 4.00 - )
Samsung Network Manager 2.0 (HKLM\...\InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}) (Version: 2.0.5.0 - Samsung)
Samsung Network Manager 2.0 (Version: 2.0.5.0 - Samsung) Hidden
Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.6 - Samsung)
Samsung Update Plus (HKLM\...\InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}) (Version: 1.2.0.13 - Samsung Electronics Co., LTD)
Samsung Update Plus (Version: 1.2.0.13 - Samsung Electronics Co., LTD) Hidden
Samsung Wallpaper (HKLM\...\{5CBB720F-08E6-4043-B83F-76C277AF6DE7}) (Version: 2.0.0.0 - Samsung Electronics)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.3.2 - Synaptics)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.1.0.3300 -  )
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\McDefragTask.job => c:\PROGRA~1\mcafee\mqc\QcConsol.exe C:\WINDOWS\system32\defrag.exe
Task: C:\WINDOWS\Tasks\McQcTask.job => c:\PROGRA~1\mcafee\mqc\QcConsol.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_KEVGIL_Kevin Gilhooly.job => C:\WINDOWS\system32\mobsync.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2008-11-12 00:42 - 2008-10-20 19:32 - 02768896 _____ () C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
2016-08-13 20:34 - 2015-01-04 11:24 - 00169768 _____ () C:\Program Files\Dodo Mobile\BackgroundService\ModemListener.exe
2008-11-12 00:42 - 2006-08-12 21:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2007-04-01 10:00 - 2007-04-01 10:00 - 02842624 _____ () C:\WINDOWS\system32\btwicons.dll
2008-11-12 00:44 - 2005-07-13 01:34 - 00045056 _____ () C:\Program Files\SAMSUNG\MagicKBD\EasyBoxDll.dll
2016-08-13 20:34 - 2014-12-11 11:24 - 00076584 _____ () C:\Program Files\Dodo Mobile\BackgroundService\ServiceManager.exe
2006-10-30 23:29 - 2006-10-30 23:29 - 00036864 _____ () C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2008-11-11 23:11 - 2008-04-14 13:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2277594783-1135049707-4067570145-1005\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\SamsungWallpaper.bmp
DNS Servers: Media is not connected to internet.
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
StandardProfile\AuthorizedApplications: [C:\Program Files\Internet Explorer\IEXPLORE.EXE] => Enabled:Internet Explorer
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe] => Enabled:McAfee Network Agent
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
==================== Restore Points =========================
 
13-08-2016 18:24:49 System Checkpoint
14-08-2016 21:20:48 Software Distribution Service 3.0
15-08-2016 07:47:52 Software Distribution Service 3.0
15-08-2016 10:42:18 Software Distribution Service 3.0
19-08-2016 16:06:46 System Checkpoint
24-08-2016 11:38:18 System Checkpoint
29-08-2016 10:35:16 System Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/23/2016 03:42:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 21.8.2016.1, faulting module frst.exe, version 21.8.2016.1, fault address 0x0002108d.
Processing media-specific event for [frst.exe!ws!]
 
 
System errors:
=============
Error: (08/29/2016 11:32:16 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.
 
Error: (08/29/2016 11:32:16 AM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)
 
Error: (08/29/2016 11:32:11 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.
 
Error: (08/29/2016 11:32:11 AM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)
 
Error: (08/29/2016 11:02:21 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 60 minutes.
NtpClient has no source of accurate time.
 
Error: (08/29/2016 11:02:21 AM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)
 
Error: (08/29/2016 10:32:20 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 30 minutes.
NtpClient has no source of accurate time.
 
Error: (08/29/2016 10:32:20 AM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)
 
Error: (08/29/2016 10:17:20 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.
 
Error: (08/29/2016 10:17:20 AM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Atom™ CPU N270 @ 1.60GHz
Percentage of memory in use: 37%
Total physical RAM: 1014.36 MB
Available physical RAM: 630.7 MB
Total Virtual: 2445.19 MB
Available Virtual: 2118.86 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:71.04 GB) (Free:64.92 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:72 GB) (Free:35.51 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: AA0213BA)
Partition 1: (Not Active) - (Size=6 GB) - (Type=12)
Partition 2: (Active) - (Size=71 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=72 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#4
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts

Hi clutsta,

 

Apologies for the delay. Rest assured that I'm looking into your case. 

 

I will post as soon as my instructor reviewed over my post.


  • 0

#5
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts
Hi clutsta,

Apologies for the delay.
 

It comes up with an "Autolt Error - Unable to open the script file".


That's alright, don't be too worried about that.

I would like to check if you're still using McAfee Antivirus (AV) and McAfee Personal Firewall? As I see from your log, your AV is outdated, and your firewall is disabled. Did you purchase McAfee product previously as your AV and/or firewall? If so, has your subscription expired?

If you did not purchase McAfee, then I would suggest you to enable your AV and firewall. If you wish to use another product, I can recommend you and provide your the instruction to remove your current McAfee product.
 

but there's still absolutely zero access to any network connection.


You mentioned that your machine does not have any access to the internet, so did you post this log using another machine or from another network?

Let's try to identify some of the current issue you have faced.

Farbar Service Scanner

Please download Farbar Service Scanner to your desktop and double click on the file to run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
FRST.gifFix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste.
  • Save it on the desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
 

Start
CreateRestorePoint:
CloseProcesses:

HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2277594783-1135049707-4067570145-1005\...\MountPoints2: {2155564d-6175-11e6-9477-001377b34e37} - E:\autorun.exe
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath

Emptytemp:
Hosts:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Note: Your machine will reboot after the fix.

In your next reply, please include the following:
  • FSS log
  • FRST fixlog

  • 0

#6
clutsta

clutsta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Thanks heaps for helping me out, 

 

 

I have been using the internet from a Mac which is connected to the modem via wifi. Both of my Windows computers cannot connect to this network, which is why i'm asking for your help. They haven't been able to connect since the virus forced me to format both computers. When the format was complete, McAfee was the default AV that was on the computer. I tried scanning with that, but it showed nothing was wrong- when I know for a fact, there is. 

 

I have now enabled Windows Firewall. FYI I am using a USB stick to transfer files to the computer in question. Here's the logs you requested:

 Farbar Service Scanner Version: 27-01-2016

Ran by Kevin Gilhooly (administrator) on 01-09-2016 at 22:05:49
Running from "C:\Documents and Settings\Kevin Gilhooly\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
 
Extra List:
=======
Gpc(6) IPSec(4) MPFP(8) NetBT(5) PSched(7) Tcpip(3) Tcpip6(9) 
0x09000000040000000100000002000000030000000800000005000000060000000700000009000000
IpSec Tag value is correct.
 
**** End of log ****
 
 
 
 
 
 
Fix result of Farbar Recovery Scan Tool (x86) Version: 21-08-2016 01
Ran by Kevin Gilhooly (01-09-2016 22:15:45) Run:1
Running from C:\Documents and Settings\Kevin Gilhooly\Desktop
Loaded Profiles: Kevin Gilhooly (Available Profiles: Kevin Gilhooly)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
 
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2277594783-1135049707-4067570145-1005\...\MountPoints2: {2155564d-6175-11e6-9477-001377b34e37} - E:\autorun.exe
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
 
Emptytemp:
Hosts:
End
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
"HKU\S-1-5-21-2277594783-1135049707-4067570145-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2155564d-6175-11e6-9477-001377b34e37}" => key removed successfully.
HKCR\CLSID\{2155564d-6175-11e6-9477-001377b34e37} => key not found. 
IntelIde => service removed successfully.
WS2IFSL => service removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8878 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 52559 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/dllcache/drivers => 10149734 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default User => 82070 B
All Users => 0 B
systemprofile => 115466 B
LocalService => 840 B
NetworkService => 66228 B
Kevin Gilhooly => 11355713 B
 
RecycleBin => 23707 B
EmptyTemp: => 20.8 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 22:15:54 ====

  • 0

#7
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts
Hi Clutsta,

I am half-suspecting that the issue you're facing is due to driver for your wireless adapter.

Could you give me your laptop Brand and model?

Could you also do the below instruction for me as well?

batfile.gif Open Device Manager
  • Press the WindowsKey.png on your keyboard.
  • In the search box type in devmgmt.msc and wait until it appears as seen in image below.
  • network-wireless-adapter-driver-status.j
  • Expand the network adapter
  • Take a screenshot, or type out all the items that you see
  • Let me know if there is any yellow exclamation mark on any of the list that you saw
Instead of connecting to the internet through wireless means, do you have a spare LAN cable lying around that you can use to connect it directly to the router from your laptop to see if you are able to connect to the internet?
 
---
 
Let's also continue to run some other scan.

adwcleaner_new.png Scan with AdwCleaner

Download AdwCleaner from here or from here. Save the file to the Desktop.

Note: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
    post-235300-0-92853400-1471390762_thumb.
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Do not click the Cleaning button.
  • Click the Logfile button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
In your next reply, please include the following:
  • Answer to my query on the driver and laptop brand/model
  • AdwCleaner scan log

  • 0

#8
clutsta

clutsta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Hi Jr0x, it is a Samsung NP-NC510. 

 

From these initial logs, does it appear that everything is fine? I hope you believe me when I say this- there has been some incredibly strange goings-on with my computer (mostly my desktop pc from previous threads) over the past 12 months. I will try and dig up a system log file created post recent virus attack for you to look at with over 3500 events logged in a matter of hours. Mostly strange logins from users I have never heard of, or seen before. I am almost convinced that there's some sort of hidden system that is immune from system formatting or any kind of software that can detect it. There's a 'System' folder in Local Disk (C:) right next to the 'System32' folder which contains a bunch of .DLL files, device drivers, a .tll file and a setup.txt file containing instructions to install Windows 3.1. Is it me, or is this out of the ordinary?

 

Also, I'm not sure if it's relevant or not, but an ifconfig /all shows a 'Tunnel Adapter Teredo Tunnelling Pseudo-Interface' in addition to the 2 adapters listed in the Device Manager. I am having a hard time creating screen shots as there's no default program to create them, so excuse me for the poor quality pics. FYI I have tried an ethernet cable and still no go. 

 

20160902_151604.jpg

 

 

20160902_151502-1.jpg

 

 

 

 

Here's the scan log you requested. FYI the ability to cut and paste has stopped. I had to drag the .txt file on to the USB

 

 

 

a# AdwCleaner v6.010 - Logfile created 02/09/2016 at 15:31:58

# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-24.2 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : Kevin Gilhooly - KEVGIL
# Running from : C:\Documents and Settings\Kevin Gilhooly\Desktop\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [1021 Bytes] - [02/09/2016 15:31:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1094 Bytes] ##########
 

  • 0

#9
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts
Hi clutsta,
 

Is it me, or is this out of the ordinary?

 
Can you attached the "setup.txt" file or paste what is written inside the text file?
 

but an ifconfig /all shows a 'Tunnel Adapter Teredo Tunnelling Pseudo-Interface' in addition to the 2 adapters listed in the Device Manager

 
That's fine, don't be too worried about it.
 

TDSSKiller_Kaspersky.pngScan with TDSSKiller

Please download TDSSKiller by Kaspersky and save it to your desktop.
Alternate download is here.

Select the executable(.EXE) package as the download.
  • Right-click on TDSSKiller_Kaspersky.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool. If it won't run please right click on tdskiller.exe and rename it to winlogon.exe and see if that allows you to run it.
  • When the main GUI (graphical user interface) window opens, click on Change Parameters.
  • Put a checkmark beside Loaded modules. A reboot will be needed to apply the changes, allow it to do so.
  • TDSSKiller will run automatically after reboot. Click on Change parameters.
  • Make sure that Verify driver digital signatures & Detect TDLFS File System are checked and click OK.
  • Click the Start Scan button and wait patiently.
If anything will be found follow this guidelines:
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    > Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    > If Cure is not available, please choose Skip instead.
  • Do not choose Delete unless instructed!
A report will be created in your root directory, (usually C:\ drive) in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt. Please include the contents of that file in your next post.
 

JHlUMFt.png Malwarebytes Anti-Malware
  • Download Malwarebytes Anti-Malware to your Desktop
  • Double click the file to open it. Install the program.
  • Before you click Finish, make sure that:
    • Enable free trial of Malwarebytes Anti-Malware Premium is unchecked
    • Launch Malwarebytes Anti-Malware is checked
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    vG7pLOy.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
  • Click Export, then click Copy to Clipboard.
  • Paste (CTRL+V) the log into your next reply.
In your next reply, please include the following:
  • TDSSKiller log
  • MalwareBytes log

  • 0

#10
clutsta

clutsta

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Hi clutsta,
 

Is it me, or is this out of the ordinary?

 
Can you attached the "setup.txt" file or paste what is written inside the text file?

 

&&0

 

 

 

Please see below- FYI it was actually named "setup.inf"

[setup]

    help = setup.hlp
 
;   Place any programs here that should be run at the end of setup.
;   These apps will be run in order of their appearance here.
[run]
 
[dialog]
    caption   = "Windows Setup"
    exit      = "Exit Windows Setup"
    title     = "Installing Windows 3.1"
    options   = "In addition to installing Windows 3.1, you can:"
    printwait = "Please wait while Setup configures your printer(s)..."
    copywait = "Welcome to Microsoft Windows 3.1!\n\n   - If you're new to Windows, see 'A Brief Tour of\n     Microsoft Windows' in the Getting Started book.\n\n   - If you've used Windows before, see 'New\n     in This Version' in the Getting Started book."
 
   copywait4="Make sure you register your copy of Microsoft Windows 3.1.\nWhen you register, Microsoft will:\n\n   - Notify you of product updates and new product releases.\n\n   - Send you a FREE Windows newsletter."
 
   copywait5 = "\n\nThis would be a great time to remove the serial number label\n from the inside back cover of the Getting Started with Windows\nbook and place it on your computer for future reference."
 
[data]
; Disk space required
; <type of setup>= <Full install space>, <Min install space>
 
    upd2x386full = 10000000,6144000 ; 10.0 Mb, 6.144 Mb
    upd2x286full = 9000000,6144000  ;  9.0 Mb, 6.144 Mb
    upd3x386full = 5500000,5000000  ;  5.5 Mb, 5.0 Mb
    upd3x286full = 5500000,5000000  ;  5.5 Mb, 5.0 Mb
 
    new386full   = 10000000,6144000 ; 10.0 Mb, 6.144 Mb
    new286full   = 9000000,6144000  ;  9.0 Mb, 6.144 Mb
 
    netadmin     = 16000000         ; 16.0 Mb
    netadminupd  = 16000000         ; 16.0 Mb
    upd2x386net  = 300000           ;   .3 Mb
    upd3x386net  = 300000           ;   .3 Mb
    upd2x286net  = 300000           ;   .3 Mb
    upd3x286net  = 300000           ;   .3 Mb
    new386net    = 300000,300000    ;  .3 Mb,  .3 Mb
    new286net    = 300000,300000    ;  .3 Mb,  .3 Mb
 
 
 
; Defaults used in setting up and names of a few files
    startup   = WIN.COM
    defdir    = C:\WINDOWS
    shortname = Windows
    welcome   = "Windows 3.1"
    deflang   = enu
    defxlat   = 437
    defkeydll = usadll
    register  = "regedit /s /u setup.reg"
    tutor     = "wintutor.exe "
    NetSetup  = FALSE
    MouseDrv  = TRUE
    Version   = "3.1.040"
 
; This is data needed by the MS-DOS half of setup so that it can copy the
; proper kernel and start Windows for the GUI portion of setup.
;
; ** MS-DOS documentation says that first byte of command line for 4a call
; ** should be space. ==> in execcmd RHS leave first space as it is now
[winexec]
    execstd   = "dosx.exe "
    execcmd   = " krnl286.exe /b /q:"
    exechimem = "xmsmmgr.exe"
    himemcmd  = ""
    Krnl386   = 2:krnl386.exe
    Krnl286   = 2:krnl286.exe
    dosx      = 2:dosx.exe
 
; Names of the disks Setup can prompt for.
[disks]
    1 =. ,"Microsoft Windows 3.1 Disk #1",disk1
    2 =. ,"Microsoft Windows 3.1 Disk #2",disk2
    3 =. ,"Microsoft Windows 3.1 Disk #3",disk3
    4 =. ,"Microsoft Windows 3.1 Disk #4",disk4
    5 =. ,"Microsoft Windows 3.1 Disk #5",disk5
    6 =. ,"Microsoft Windows 3.1 Disk #6",disk6
    7 =. ,"Microsoft Windows 3.1 Disk #7",disk7
 
[oemdisks]
    Z =. ,"HP DeskJet Series v2.0 disk (from printer box or contact HP)",diskz
 
[user]
    3:setup.ini, noupdate
 
[windows]
    1:setup.hlp
    1:setup.txt
    1:win.src,    Net
    2:system.src, Net
    1:winhelp.exe
    3:control.hlp
 
[windows.system]
    1:gdi.exe
    3:user.exe
    2:win.cnf
    1:lzexpand.dll
    2:ver.dll
 
[windows.system.386]
    1:cpwin386.cpl
 
[386max]
    2:386max.vxd
    3:windows.lod
 
[bluemax]
    2:bluemax.vxd
    3:windows.lod
 
[shell]
    progman.exe,  "Program Manager"
 
; !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
: !!! The description strings should not be changed.
; !!! Changing description strings can result in old drivers not being
; !!! upgraded since Setup uses the description string to determine what
; !!! driver is installed and whether a new, upgraded driver is provided
; !!! with this version of Windows.
; !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
;
 
[display]
;profile = driver,         Description of driver,                           resolution,    286 grabber,    logo code,       VDD,            386grabber,   ega.sys,   logo data,    optional work section
;
8514     = 1:8514.drv,     "8514/a",                                        "100,120,120", 1:vgacolor.2gr, 2:vgalogo.lgo,   2:vdd8514.386,  2:vgadib.3gr,,           3:vgalogo.rle, 8514
8514s    = 1:8514.drv,     "8514/a (Small fonts)",                          "100,96,96",   1:vgacolor.2gr, 2:vgalogo.lgo,   2:vdd8514.386,  2:vgadib.3gr,,           3:vgalogo.rle, 8514s
plasma   = 2:plasma.drv,   "Compaq Portable Plasma",                        "100,96,96",   2:cga.2gr,      3:cgalogo.lgo,   2:vddcga.386,   2:plasma.3gr,,           3:cgalogo.rle
egahires = 2:ega.drv,      "EGA",                                           "133,96,72",   2:egacolor.2gr, 2:egalogo.lgo,   2:vddega.386,   1:ega.3gr,    2:ega.SYS, 2:egalogo.rle
egahibw  = 2:egahibw.drv,  "EGA black and white (286 only)",                "133,96,72",   2:egacolor.2gr, 3:cgalogo.lgo,,,                               2:ega.SYS, 3:cgalogo.rle
egamono  = 2:egamono.drv,  "EGA Monochrome (286 only)",                     "133,96,72",   2:egamono.2gr,  2:egamono.lgo,,,                               2:ega.SYS, 3:egamono.rle
hercules = 2:hercules.drv, "Hercules Monochrome",                           "133,96,72",   2:hercules.2gr, 2:herclogo.lgo,  2:vddherc.386,  2:herc.3gr,,             2:herclogo.rle
mcga     = 2:vgamono.drv,  "IBM MCGA (286 only)",                           "100,96,96",   1:vgacolor.2gr, 3:cgalogo.lgo,,,,                                         3:cgalogo.rle, vgamono
olibw    = 2:olibw.drv,    "Olivetti/AT&T Monochrome or PVC Display",       "120,96,80",   2:oligrab.2gr,  3:cgalogo.lgo,   2:vddcga.386,   2:plasma.3gr,,           3:cgalogo.rle
ct441    = 3:vga.drv,      "QuadVGA, ATI VIP VGA, 82C441 VGAs",             "100,96,96",   1:vgacolor.2gr, 2:vgalogo.lgo,   1:vddct441.386, 3:vga30.3gr,,            3:vgalogo.rle
tiga1    = 2:tiga.drv,     "TIGA (Small fonts)",                            "100,96,96",   1:vgacolor.2gr, 2:vgalogo.lgo,   1:vddtiga.386,  2:vgadib.3gr,,           3:vgalogo.rle, tiga1
tiga2    = 2:tiga.drv,     "TIGA (Large fonts)",                            "100,120,120", 1:vgacolor.2gr, 2:vgalogo.lgo,   1:vddtiga.386,  2:vgadib.3gr,,           3:vgalogo.rle, tiga2
vga      = 3:vga.drv,      "VGA",                                           "100,96,96",   1:vgacolor.2gr, 2:vgalogo.lgo,   x:*vddvga,      1:vga.3gr,,              3:vgalogo.rle
vga30    = 3:vga.drv,      "VGA (Version 3.0)",                             "100,96,96",   1:vgacolor.2gr, 2:vgalogo.lgo,   1:vddvga30.386, 3:vga30.3gr,,            3:vgalogo.rle
vgamono  = 2:vgamono.drv,  "VGA with Monochrome display",                   "100,96,96",   2:vgamono.2gr,  2:egamono.lgo,   x:*vddvga,      2:vgadib.3gr,,           3:egamono.rle, vgamono
svga     = 2:supervga.drv, "Super VGA (800x600, 16 colors)",                "100,96,96",   1:vgacolor.2gr, 2:vgalogo.lgo,   x:*vddvga,      1:vga.3gr,,              3:vgalogo.rle
v7vga    = 2:v7vga.drv,    "Video 7 512K, 640x480 256 colors",              "100,96,96",   1:vgacolor.2gr, 2:vgalogo.lgo,   2:v7vdd.386,    2:v7vga.3gr,,            3:vgalogo.rle, v7b
v7c      = 2:v7vga.drv,    "Video 7 512K, 720x512 256 colors",              "100,96,96",   1:vgacolor.2gr, 2:vgalogo.lgo,   2:v7vdd.386,    2:v7vga.3gr,,            3:vgalogo.rle, v7c
v7d      = 2:v7vga.drv,    "Video 7 1Mb,  800x600 256 colors",              "100,96,96",   1:vgacolor.2gr, 2:vgalogo.lgo,   2:v7vdd.386,    2:v7vga.3gr,,            3:vgalogo.rle, v7d
v7e      = 2:v7vga.drv,    "Video 7 1Mb, 1024x768 256 colors (Large fonts)","100,120,120", 1:vgacolor.2gr, 2:vgalogo.lgo,   2:v7vdd.386,    2:v7vga.3gr,,            3:vgalogo.rle, v7e
v7f      = 2:v7vga.drv,    "Video 7 1Mb, 1024x768 256 colors (Small fonts)","100,96,96",   1:vgacolor.2gr, 2:vgalogo.lgo,   2:v7vdd.386,    2:v7vga.3gr,,            3:vgalogo.rle, v7f
xga16    = 3:vga.drv,      "XGA (640x480, 16 colors)",                      "100,96,96",   1:vgacolor.2gr, 2:vgalogo.lgo,   1:vddvga30.386, 3:vga30.3gr,,            3:vgalogo.rle
xgasm    = 1:xga.drv,      "XGA (Small fonts)",                             "100,96,96",   1:vgacolor.2gr, 2:vgalogo.lgo,   2:vddxga.386,   2:v7vga.3gr,,            3:vgalogo.rle, xgasm
xgalg    = 1:xga.drv,      "XGA (Large fonts)",                             "100,120,120", 1:vgacolor.2gr, 2:vgalogo.lgo,   2:vddxga.386,   2:v7vga.3gr,,            3:vgalogo.rle, xgalg
xgalo    = 1:xga.drv,      "XGA (640x480, 256 colors)",                     "100,96,96",   1:vgacolor.2gr, 2:vgalogo.lgo,   2:vddxga.386,   2:v7vga.3gr,,            3:vgalogo.rle, xgalo
 
;
; Optional sections listed in field 9 of the display secton are intrpreted as follows:
;
; File, Destination, .ini file, Section, LHS, RHS
;
; Where:    x:File      = Optional; file to be copied, may be left null.
;           Destination = 0: for windows root or 0:system for system subdir
;                          where file is to be copied.
;           .ini file   = Optional; .ini file to be modified or created.
;                          Must be included if following parameters specified.
;           Section     = Section of .ini file to be modified.
;           OldLine     = Optional; old line to be removed from the .ini file.
;                          Only one occurence of the specified string is removed.
;           NewLine     = New text line to be written to the .ini file.
;
;[v7vga]
;x:v7vga.vxd, 0:system, system.ini, 386enh, "v7device=", "display=v7vdd.386"
 
[vgamono]
,,system.ini,386enh,"vgamono=","vgamono=TRUE"
 
[8514]
,,system.ini,8514.DRV,"dpi=","dpi=120"
 
[8514s]
,,system.ini,8514.DRV,"dpi=","dpi=96"
 
[tiga1]
2:tigawin.rlm,0:system,system.ini,"tiga.drv","tigafont=","tigafont=1"
 
[tiga2]
2:tigawin.rlm,0:system,system.ini,"tiga.drv","tigafont=","tigafont=0"
 
[v7b]
,,system.ini,v7vga.drv,"WidthXHeight=","WidthXHeight=640x480"
,,system.ini,v7vga.drv,"FontSize=","FontSize=small"
 
[v7c]
,,system.ini,v7vga.drv,"WidthXHeight=","WidthXHeight=720x512"
,,system.ini,v7vga.drv,"FontSize=","FontSize=small"
 
[v7d]
,,system.ini,v7vga.drv,"WidthXHeight=","WidthXHeight=800x600"
,,system.ini,v7vga.drv,"FontSize=","FontSize=small"
 
[v7e]
,,system.ini,v7vga.drv,"WidthXHeight=","WidthXHeight=1024x768"
,,system.ini,v7vga.drv,"FontSize=","FontSize=large"
 
[v7f]
,,system.ini,v7vga.drv,"WidthXHeight=","WidthXHeight=1024x768"
,,system.ini,v7vga.drv,"FontSize=","FontSize=small"
 
[xgasm]
,,system.ini,XGA_Display,"XGA_Resolution=",
,,system.ini,XGA_Display,"XGA_Resources=","XGA_Resources=1"
 
[xgalg]
,,system.ini,XGA_Display,"XGA_Resolution=",
,,system.ini,XGA_Display,"XGA_Resources=","XGA_Resources=2"
 
[xgalo]
,,system.ini,XGA_Display,"XGA_Resolution=","XGA_Resolution=1"
,,system.ini,XGA_Display,"XGA_Resources=","XGA_Resources=1"
 
; copy these fonts depending on the 386 grabber being used
[VGA.3gr]
2:CGA40WOA.FON,2:CGA40850.FON
2:CGA80WOA.FON,2:CGA80850.FON
2:EGA40WOA.FON,2:EGA40850.FON
2:EGA80WOA.FON,2:EGA80850.FON
 
[VGA30.3gr]
2:CGA40WOA.FON,2:CGA40850.FON
2:CGA80WOA.FON,2:CGA80850.FON
2:EGA40WOA.FON,2:EGA40850.FON
2:EGA80WOA.FON,2:EGA80850.FON
 
[V7VGA.3gr]
2:CGA40WOA.FON,2:CGA40850.FON
2:CGA80WOA.FON,2:CGA80850.FON
2:EGA40WOA.FON,2:EGA40850.FON
2:EGA80WOA.FON,2:EGA80850.FON
 
[EGA.3gr]
2:CGA40WOA.FON,2:CGA40850.FON
2:CGA80WOA.FON,2:CGA80850.FON
2:EGA40WOA.FON,2:EGA40850.FON
2:EGA80WOA.FON,2:EGA80850.FON
 
[vgadib.3gr]
2:CGA40WOA.FON,2:CGA40850.FON
2:CGA80WOA.FON,2:CGA80850.FON
2:EGA40WOA.FON,2:EGA40850.FON
2:EGA80WOA.FON,2:EGA80850.FON
 
[PLASMA.3gr]
2:EGA40WOA.FON,2:EGA40850.FON
2:EGA80WOA.FON,2:EGA80850.FON
 
[HERC.3gr]
2:HERCWOA.FON,2:HERC850.FON
 
[TIGA.3GR]
2:CGA40WOA.FON,2:CGA40850.FON
2:CGA80WOA.FON,2:CGA80850.FON
2:EGA40WOA.FON,2:EGA40850.FON
2:EGA80WOA.FON,2:EGA80850.FON
 
[keyboard.drivers]
kbd   = 2:keyboard.drv
kbdhp = 1:kbdhp.drv
 
[keyboard.types]
t3s0alat  = "All AT type keyboards (84 - 86 keys)"             ,nodll
t1s2at&t  = "AT&T '301' keyboard"                              ,nodll
t1s4at&t  = "AT&T '302' keyboard"                              ,nodll
t4s0enha  = "Enhanced 101 or 102 key US and Non US keyboards"  ,nodll
t3s0hp1   = "Hewlett-Packard Vectra keyboard (DIN)"            ,nodll
t4s40oliv = "Olivetti 101/102 A keyboard"                      ,nodll
t1s0oliv  = "Olivetti 83 key keyboard"                         ,nodll
t3s10oliv = "Olivetti 86 Key keyboard"                         ,nodll
t2s1oliv  = "Olivetti M24 102 key keyboard"                    ,usadll
t1s42oliv = "PC-XT 83 key keyboard"                            ,nodll
t1s0pcxt  = "PC/XT - Type keyboard (84 keys)"                  ,nodll
 
[keyboard.tables]
beldll = 2:kbdbe.dll , "Belgian"
bridll = 2:kbduk.dll , "British"
cafdll = 2:kbdfc.dll , "Canadian Multilingual"
dandll = 2:kbdda.dll , "Danish"
dutdll = 2:kbdne.dll , "Dutch"
findll = 2:kbdfi.dll , "Finnish"
fredll = 2:kbdfr.dll , "French"
candll = 2:kbdca.dll , "French Canadian"
gerdll = 2:kbdgr.dll , "German"
icedll = 2:kbdic.dll , "Icelandic"
itadll = 2:kbdit.dll , "Italian"
latdll = 2:kbdla.dll , "Latin American"
nordll = 2:kbdno.dll , "Norwegian"
pordll = 2:kbdpo.dll , "Portuguese"
spadll = 3:kbdsp.dll , "Spanish"
swedll = 3:kbdsw.dll , "Swedish"
swfdll = 2:kbdsf.dll , "Swiss French"
swgdll = 2:kbdsg.dll , "Swiss German"
nodll  =             , "US"
usadll = 3:kbdus.dll , "US"
usddll = 3:kbddv.dll , "US-Dvorak"
usxdll = 2:kbdusx.dll, "US-International"
 
[codepages]
;       Xlat Table     OEM Font      WOA Font     Description
863 = 1:xlat863.bin, 3:vga863.fon, 1:app850.fon, "Canadian-French (863)"
861 = 2:xlat861.bin, 2:vga861.fon, 1:app850.fon, "Icelandic (861)"
865 = 3:xlat865.bin, 3:vga865.fon, 1:app850.fon, "Nordic (865)"
850 = 1:xlat850.bin, 2:vga850.fon, 1:app850.fon, "Multi-Lingual (850)"
860 = 2:xlat860.bin, 2:vga860.fon, 1:app850.fon, "Portuguese (860)"
437 =              ,             , 3:dosapp.fon, "English (437)"
 
[pointing.device]
;
; Note: the VMD field may contain multiple VXD's in the form "x:*vmd,2:1vmd.386".
;       Please note, however, that if multiple VXD's are specified in the VMD field
;       they must be surrounded by double quotes (").
;
;profile =  mouse driver,   Mouse description,                 VMD,     Optional work section
;
hpmouse  = 2:hpmouse.drv, "HP Mouse (HP-HIL)",                 x:*vmd
lmouse   = 2:lmouse.drv,  "Logitech",                          2:lvmd.386, lmouse
ps2mouse = 2:mouse.drv,   "Microsoft, or IBM PS/2",            x:*vmd
genius1  = 2:mscmouse.drv,"Genius serial mouse on COM1"      , 2:mscvmd.386
genius2  = 3:msc3bc2.drv, "Genius serial mouse on COM2"      , 2:mscvmd.386
msmouse2 = 2:mscmouse.drv,"Mouse Systems serial or bus mouse", 2:mscvmd.386
msmouse1 = 3:msc3bc2.drv, "Mouse Systems serial mouse on COM2",2:mscvmd.386
nomouse  = 2:nomouse.drv, "No mouse or other pointing device", x:*vmd
kbdmouse = 3:kbdmouse.drv,"Olivetti/AT&T Keyboard Mouse",      x:*vmd
 
[lmouse]
2:lmouse.com,0:,,,,
 
[dos.mouse.drivers]
mouse.sys   = 5:mouse.SYS,     "MS Dos Mouse driver .SYS ver 7.XX"
mouse.com   = 4:mouse.com,     "MS Dos Mouse driver .COM ver 7.XX"
mousehp.sys = 5:mousehp.SYS,   "HP Dos Mouse driver .SYS ver 7.XX"
mousehp.com = 4:mousehp.com,   "HP Dos Mouse driver .COM ver 7.XX"
 
[network]
;Prof     = Driver, Description, HelpFile,OptFile,Optional section
nonet     = ,"No Network Installed"                                ,,,nonet_stuff
3open     = ,"3Com 3+Open"
3share    = ,"3Com 3+Share"                                        ,,,msnet_stuff
lantastic = ,"Artisoft LANtastic"
banyan    = ,"Banyan Vines"
dlr       = ,"IBM OS/2 LAN Server"
pclp      = ,"IBM PC LAN Program"
lanman    = ,"Microsoft LAN Manager"
msnet     = ,"Microsoft Network (or 100% compatible)",             ,,,msnet_stuff
novell    = ,"Novell NetWare"
pathworks = ,"DEC PATHWORKS"
10net     = ,"TCS 10Net"
 
[3open.versions]
xx010000="versions 1.X",,3open1
00020000="version 2.0 Basic",,lmbasic
01020000="version 2.0 Enhanced",,lmenh20
 
[lantastic.versions]
xx000000="versions below 3.0",,unsupported_net
xx030000="versions 3.X",,lant3
xx040000="versions 4.X",lantasti.386,lant4def,lant4
 
[banyan.versions]
xx000000="versions below 4.0",,unsupported_net
xx040000="versions 4.0X",,ban4
xx041000="version 4.1",z:\vines.drv,ban41def,ban41
 
[pathworks.versions]
xx000000="versions below 4.0",,unsupported_net
xx040000="version 4.0",,dec4
xx040100="version 4.1 or higher",,dec41
 
[dlr.versions]
xx000000="versions below 1.2",,unsupported_net
00012000="without /API option",,dlr12
01012000="version 1.2 or 1.3",,dlr12
01013000="version 1.3 CSD 5015/5050",,dlr13csd
01020000="version 2.0",,dlr20
 
[pclp.versions]
xx000000="all versions",,pclp
 
[lanman.versions]
xx000000="versions 1.X",,lmbasic
00020000="version 2.0 Basic",,lmbasic
01020000="version 2.0 Enhanced",,lmenh20
00021000="version 2.1 Basic",,lmbasic21
01021000="version 2.1 Enhanced",lanman21.drv,lmenh21nodrv,lmenh21
 
[novell.versions]
00000000="shell versions below 3.01",,unsupported_net
00030100="shell versions below 3.21",,novell301
00032100="shell versions 3.21 and above",,novell321
00032600="shell versions 3.26 and above",,novell326
 
[10net.versions]
xx000000="versions below 4.1",,unsupported_net
00041000="versions 4.1X",,10net41
01041000="versions 4.1X with DCA 1M card",,10net41a
xx042000="versions 4.2 and above",wtnet.drv,10net42def,10net42
xx050000="version 5.0",wtnet.drv,10net42def,10net50
 
[nonet_stuff]
vxd=x:*dosnet,x:*vnetbios
 
[msnet_stuff]
driver=1:msnet.drv
vxd=x:*dosnet,x:*vnetbios
system.ini=386Enh,TimerCriticalSection,10000
system.ini=386Enh,UniqueDOSPSP,TRUE
system.ini=386Enh,PSPIncrement,5
 
[3open1]
driver=1:msnet.drv
vxd=x:*vnetbios,x:*dosnet,2:lanman10.386
warning=2
system.ini=386Enh,TimerCriticalSection,10000
system.ini=386Enh,UniqueDOSPSP,TRUE
system.ini=386Enh,PSPIncrement=5
 
[unsupported_net]
warning=1
 
[lant3]
warning=2
driver=1:msnet.drv
vxd=x:*vnetbios,x:*dosnet
system.ini=386Enh,INDOSPolling,TRUE
system.ini=386Enh,EMMExclude,D800-DFFF
system.ini=386Enh,NetHeapSize,76
win.ini=Ports,LPT1.DOS,
win.ini=Ports,LPT2.DOS,
win.ini=Ports,LPT3.DOS,
system.ini=386Enh,NetAsynchTimeout,50
system.ini=386Enh,NetAsynchFallback,true
 
[lant4]
driver=1:msnet.drv
system.ini=386Enh,network,"lantasti.386, *vnetbios"
system.ini=386Enh,EMMExclude,D800-DFFF
system.ini=386Enh,PerVMFiles,0
system.ini=386Enh,NetHeapSize,64
system.ini=386Enh,NetAsynchTimeout,50
system.ini=386Enh,NetAsynchFallback,true
 
[lant4def]
warning=3
driver=1:msnet.drv
vxd=x:*vnetbios,x:*dosnet
system.ini=386Enh,EMMExclude,D800-DFFF
system.ini=386Enh,PerVMFiles,0
system.ini=386Enh,NetHeapSize,64
system.ini=386Enh,NetAsynchTimeout,50
system.ini=386Enh,NetAsynchFallback,true
 
[ban4]
warning=2
driver=1:msnet.drv
vxd=x:*vnetbios,x:*dosnet,2:baninst.386
system.ini=386Enh,TimerCriticalSection=5000
system.ini=386Enh,UniqueDOSPSP,TRUE
system.ini=386Enh,PSPIncrement,5
 
[ban41]
;; paths other than windows disk only works for sysdir or windir...
sysdir=z:\vines.drv,z:\vvinesd.386
sysdir=z:\vnsapi.dll,z:\rvnsapi.dll,z:\rvines.dll,z:\ddelib.dll
system.ini=boot,network.drv,vines.drv
system.ini=386Enh,network,"*vnetbios,*dosnet,vvinesd.386"
system.ini=386Enh,TimerCriticalSection,5000
system.ini=386Enh,UniqueDOSPSP,TRUE
system.ini=386Enh,PSPIncrement,5
 
[ban41def]
warning=3
driver=1:msnet.drv
vxd=x:*vnetbios,x:*dosnet
system.ini=386Enh,TimerCriticalSection=5000
system.ini=386Enh,UniqueDOSPSP,TRUE
system.ini=386Enh,PSPIncrement,5
 
[dec4]
warning=2
driver=2:pcsa.drv
vxd=x:*dosnet,2:decnet.386,2:decnb.386
system.ini=386Enh,TimerCriticalSection,10000
 
[dec41]
driver=2:pcsa.drv
vxd=x:*dosnet,2:decnet.386,2:decnb.386
system.ini=386Enh,TimerCriticalSection,10000
 
[dlr12]
warning=2
driver=1:msnet.drv
vxd=x:*vnetbios,x:*dosnet
 
[dlr13csd]
warning=3
driver=2:lanman.drv
vxd=x:*vnetbios,x:*dosnet
sysdir=2:netapi20.dll,2:pmspl20.dll
update=3:lanman.hlp,3:winpopup.hlp,2:winpopup.exe
 
[dlr20]
system.ini=boot,network.drv,lansrv.drv
vxd=x:*vnetbios,x:*dosnet
update=3:winpopup.hlp,2:winpopup.exe
 
[pclp]
warning=2
driver=1:msnet.drv
vxd=x:*vnetbios,x:*dosnet
system.ini=386Enh,INDOSPolling,TRUE
 
[lmbasic]
warning=2
driver=1:msnet.drv
vxd=x:*dosnet,x:*vnetbios,2:lanman10.386
 
[lmbasic21]
driver=1:msnet.drv
vxd=x:*dosnet,x:*vnetbios,2:lanman10.386
 
[lmenh20]
warning=2
driver=2:lanman.drv
vxd=x:*vnetbios,x:*dosnet
sysdir=2:netapi20.dll,2:pmspl20.dll
update=3:lanman.hlp,2:winpopup.exe,3:winpopup.hlp
 
[lmenh21nodrv]
warning=3
driver=1:msnet.drv
vxd=x:*dosnet,x:*vnetbios
 
[lmenh21]
warning=2
system.ini=boot,network.drv,lanman21.drv
vxd=x:*vnetbios,x:*dosnet
update=2:winpopup.exe,3:winpopup.hlp
 
[novell301]
warning=2
driver=2:netware.drv
vxd=x:*vnetbios,2:vnetware.386,2:vipx.386
sysdir=3:netware.hlp,3:nwpopup.exe
sysdir=2:ipx.obj,3:netx.com
sysdir=3:ipxodi.com,2:lsl.com
sysdir=3:tbmi2.com
win.ini=windows,load,nwpopup.exe
system.ini=386Enh,OverlappedIO=off
 
[novell321]
warning=2
driver=2:netware.drv
vxd=x:*vnetbios,2:vnetware.386,2:vipx.386
sysdir=3:netware.hlp,3:nwpopup.exe
sysdir=2:ipx.obj,3:netx.com
sysdir=3:ipxodi.com,2:lsl.com
sysdir=3:tbmi2.com
win.ini=windows,load,nwpopup.exe
system.ini=386Enh,OverlappedIO=off
 
[novell326]
driver=2:netware.drv
vxd=x:*vnetbios,2:vnetware.386,2:vipx.386
sysdir=3:netware.hlp,3:nwpopup.exe
sysdir=2:ipx.obj,3:netx.com
sysdir=3:ipxodi.com,2:lsl.com
sysdir=3:tbmi2.com
win.ini=windows,load,nwpopup.exe
system.ini=386Enh,OverlappedIO=off
 
[10net41]
warning=2
driver=1:msnet.drv
vxd=x:*vnetbios,x:*dosnet
system.ini=386Enh,TimerCriticalSection,10000
 
[10net41a]
warning=2
driver=1:msnet.drv
vxd=x:*vnetbios,x:*dosnet
system.ini=386Enh,TimerCriticalSection,10000
system.ini=386Enh,UniqueDOSPSP,TRUE
system.ini=386Enh,PSPIncrement,5
system.ini=386Enh,INDOSPolling,TRUE
 
[10net42]
system.ini=boot,network.drv,wtnet.drv
vxd=x:*vnetbios,x:*dosnet
system.ini=386Enh,TimerCriticalSection,10000
windir=10net.ini
 
[10net42def]
warning=3
driver=1:msnet.drv
vxd=x:*dosnet,x:*vnetbios
system.ini=386Enh,TimerCriticalSection,2000
 
[10net50]
warning=3
system.ini=boot,network.drv,wtnet.drv
vxd=x:*dosnet,x:*vnetbios
system.ini=386Enh,TimerCriticalSection,2000
windir=10net.ini
 
[sysfonts]
2:egasys.fon,"EGA (640x350) resolution System Font", "133,96,72"
2:vgasys.fon,"VGA (640x480) resolution System Font", "100,96,96"
2:8514sys.fon,"8514/a (1024x768) resolution System Font", "100,120,120"
2:egasys.fon,"AT&T (640x400) resolution System Font", "120,96,80"
 
[fixedfonts]
1:egafix.fon,"EGA (640x350) resolution Fixed System Font", "133,96,72"
2:vgafix.fon,"VGA (640x480) resolution Fixed System Font", "100,96,96"
2:8514fix.fon,"8514/a (1024x768) resolution Fixed System Font",  "100,120,120"
1:egafix.fon,"AT&T (640x400) resolution Fixed System Font", "120,96,80"
 
[oemfonts]
2:egaoem.fon,"EGA (640x350) resolution Terminal Font (USA/Europe)", "133,96,72",1
2:vgaoem.fon,"VGA (640x480) resolution Terminal Font (USA/Europe)", "100,96,96",1
2:8514oem.fon,"8514/a (1024x768) resolution Terminal Font (USA/Europe)", "100,120,120",1
2:egaoem.fon,"AT&T (640x400) resolution Terminal Font (USA/Europe)","120,96,80",1
 
;   The win.copy section is a list of files or sections to copy to the WINDOWS
;   directoy.
;
;   FORMAT      from,to
;
;   IE
;       1:foo.txt,  0:        copy foo.txt from disk 1 to the windows directory
;       #386,       0:system  copy all files in the 386 SECTION to the
;
;
[win.copy]
; copy this section for setup on 286 machines
   #net,       0:
   #win.shell, 0:
   #win.other, 0:system
 
[win.copy.net]
; copy this section for network setup on 286 machines
   #net,              0:
 
[win.copy.net.win386]
; copy this section for network setup on 386 machines
   #net,       0:
 
[win.copy.win386]
; copy this section for full setup on 386 machines
   #net,       0:
   #win.shell, 0:
   #pwin386,   0:system
   #win.other, 0:system
 
[net]
   6:CONTROL.SRC,    "Windows User Files"
   5:WINVER
 
[win.devices]
; These devices will be copied on all machines
   4:HIMEM.SYS,      "XMS Memory Manager"
   5:SMARTDRV.EXE,   "Disk Caching Program"
   5:RAMDRIVE.SYS,   "RAM Drive Program"
 
[win.devices.win386]
; These devices will be copied on 386 machines only
   4:HIMEM.SYS,      "XMS Memory Manager"
   4:EMM386.EXE,     "LIM Expanded Memory Manager"
   5:SMARTDRV.EXE,   "Disk Caching Program"
   5:RAMDRIVE.SYS,   "RAM Drive Program"
 
[win.other]
   5:WINOLDAP.MOD,   "Windows Drivers"
   4:WIN87EM.DLL
   5:SYSEDIT.EXE
   4:COMMDLG.DLL
   5:DDEML.DLL
   4:OLECLI.DLL
   5:OLESVR.DLL
   5:DSWAP.EXE
   5:WSWAP.EXE
   6:SETUP.REG
   5:SHELL.DLL
   5:MAIN.CPL
   4:MIDIMAP.DRV
   6:MIDIMAP.CFG
   6:SND.CPL
   5:DRIVERS.CPL
   5:MMSYSTEM.DLL
   6:MMTASK.TSK
   3:TIMER.DRV
   5:MCISEQ.DRV
   6:MCIWAVE.DRV
   6:CONTROL.INF
   6:APPS.INF
   5:TOOLHELP.DLL
 
[win.shell]
   4:PROGMAN.EXE,    "Program Manager"
   6:TASKMAN.EXE,    "Task Manager"
   4:WINFILE.EXE,    "File Manager"
   4:CLIPBRD.EXE,    "Clipboard Viewer"
   4:CONTROL.EXE,    "Control Panel"
   5:PIFEDIT.EXE,    "PIF Editor"
   3:REGEDIT.EXE,    "Registration database"
   4:PRINTMAN.EXE,   "Print Manager"
   5:MSD.EXE,        "Microsoft Diagnostics"
   6:msd.ini
   3:WRITE.EXE,      "Write Word Processor"
   4:WRITE.HLP,      "Write Word Processor Help"
   4:moricons.dll    "Icons"
 
[pwin386]
   4:WINOA386.MOD,   "386 Enhanced Mode files"
   6:WIN386.PS2
   5:WIN386.EXE
   3:VTDAPI.386
 
[DelFiles]
;Statically initialize the list of files that will be DELETED during the
;  3.0 to 3.1 up-grade process. Add or remove items from this list at will,
;  (Wildcards accepted in list)
; The first files in the list are deleted from Windows system dir(local setup).
; Nb : Note that DelFiles section always is processed before RenFiles section.
   tmsr?.fon
   helv?.fon
   swapfile.exe
   kernel.exe
   pmspl.dll
   netapi.dll
   midi.cpl
   _default.pif
; All files in the list AFTER this point will be deleted from Windows dir.
; WARNING: The "..\" is needed, the code depends on it!!!
   ..\setup.inf
   shell.dll
   olecli.dll
   olesvr.dll
   commdlg.dll
   ver.dll
   toolhelp.dll
   *.pcl
   3270.txt
   networks.txt
   printers.txt
   readme.txt
   sysini?.txt
   winini?.txt
   DRWATSON.EXE
; Various names for old Windows SETUP.EXE
   SETUP.EXE
   INSTALL.EXE
   ASETTA.EXE
   CONFIG.EXE
   INSTALAR.EXE
   KURMA.EXE
 
[RenFiles]
; Similar section but for file renaming to create .bak if needed
   MIDIMAP.CFG,MIDIMAP.OLD
   ADLIB.DRV,MSADLIB.DRV
 
 
; The win.apps, win.games, win.scrs, win.bmps, and win.readme sections are
; all formatted as described below.
;
; X:FileName,      Description,     FileSize,   Profile String
;
; Where profile string is used by setup.exe to "lookup" the item in the
; appropiate progman groups section to determine if and how the item is
; to be added to a Program manager group via DDE. The profile string is
; also used to "lookup" and needed dependent files in the [win.dependents]
; section.
;
[win.apps]
   5:CALC.EXE,     "Calculator"                ,  43072, calc
   4:CALENDAR.EXE, "Calendar"                  ,  59824, calendar
   4:CARDFILE.EXE, "Cardfile"                  ,  93184, cardfile
   4:CLOCK.EXE,    "Clock"                     ,  16416, clock
   3:NOTEPAD.EXE,  "Notepad"                   ,  32736, notepad
   5:PBRUSH.EXE,   "Paintbrush"                , 183168, pbrush
   4:TERMINAL.EXE, "Terminal"                  , 148160, terminal
   5:CALC.HLP,     "Calculator Help"           ,  18076
   5:CALENDAR.HLP, "Calendar Help"             ,  20656
   4:CARDFILE.HLP, "Cardfile Help"             ,  24810
   4:NOTEPAD.HLP,  "Notepad Help"              ,  13894
   4:PBRUSH.HLP,   "Paintbrush Help"           ,  40269
   3:RECORDER.EXE, "Recorder"                  ,  39152, recorder
   3:RECORDER.HLP, "Recorder Help"             ,  18200
   4:TERMINAL.HLP, "Terminal Help"             ,  36279
   4:PACKAGER.EXE, "Object Packager"           ,  76480, packager
   3:PACKAGER.HLP, "Object Packager Help"      ,  21156
   3:CHARMAP.EXE,  "Character Map"             ,  22016, charmap
   4:CHARMAP.HLP,  "Character Map Help"        ,  10797
   5:MPLAYER.EXE,  "Media Player"              ,  33312, mplayer
   3:MPLAYER.HLP,  "Media Player Help"         ,  12825
   4:SOUNDREC.EXE, "Sound Recorder"            ,  51241, soundrec
   3:SOUNDREC.HLP, "Sound Recorder Help"       ,  17730
   6:CLIPBRD.HLP,  "Clipboard Viewer Help"     ,  13071
   4:DRWATSON.EXE, "Dr. Watson System Utility" ,  26864
   5:PIFEDIT.HLP,  "PIF Editor Help"           ,  33270
   4:PRINTMAN.HLP, "Print Manager Help"        ,  40879
   5:PROGMAN.HLP,  "Program Manager Help"      ,  30911
   6:REGEDIT.HLP,  "Registration Help"         ,  22681
   5:REGEDITV.HLP, "Registration Advanced Help",  15731
   3:WINFILE.HLP,  "File Manager Help"         ,  76855
   3:WINTUTOR.EXE, "Windows Tutorial"          , 124416, wintutor
   3:WINHELP.HLP,  "Help Utility Help"         ,  26960
   3:GLOSSARY.HLP, "Glossary Help"             ,  46570
   3:EXPAND.EXE,   "File Expansion Utility"    ,  15285
   diskspace=1506946
 
[win.dependents]
pbrush   = 4:PBRUSH.DLL
recorder = 3:RECORDER.DLL
wintutor = 4:WINTUTOR.DAT
 
[win.games]
   4:SOL.EXE,      "Solitaire"        , 180688, sol
   4:WINMINE.EXE,  "Minesweeper"      ,  27776, winmine
   5:SOL.HLP,      "Solitaire Help"   ,  13753
   4:WINMINE.HLP,  "Minesweeper Help" ,  12754
   diskspace=234971
 
[win.scrs]
   4:SCRNSAVE.SCR, "Default Screen Saver"     ,   5328
   4:SSMARQUE.SCR, "Marquee Screen Saver"     ,  16896
   4:SSMYST.SCR,   "Mystify Screen Saver"     ,  19456
   4:SSSTARS.SCR,  "Stars Screen Saver"       ,  17536
   3:ssflywin.scr, "Flying Windows Screen Saver",  16160
   diskspace=75376
 
[win.bmps]
   4:256COLOR.BMP, "256-Color Wallpaper"      ,   5078
   6:ARCADE.BMP,   "Arcade Wallpaper"         ,    630
   4:ARCHES.BMP,   "Arches Wallpaper"         ,  10358
   3:ARGYLE.BMP,   "Argyle Wallpaper"         ,    630
   3:CARS.BMP,     "Cars Wallpaper"           ,    630
   6:CASTLE.BMP,   "Castle Wallpaper"         ,    778
   5:CHITZ.BMP,    "Chitz Wallpaper"          ,  19918
   5:EGYPT.BMP,    "Egypt Wallpaper"          ,    630
   3:FLOCK.BMP,    "Flock Wallpaper"          ,   1630
   4:HONEY.BMP,    "Honey Wallpaper"          ,    854
   4:MARBLE.BMP,   "Marble Wallpaper"         ,  27646
   4:RIVETS.BMP,   "Rivets Wallpaper"         ,    630
   3:REDBRICK.BMP, "Red Brick Wallpaper"      ,    630
   6:SQUARES.BMP,  "Squares Wallpaper"        ,    630
   4:TARTAN.BMP,   "Tartan Wallpaper"         ,  32886
   4:THATCH.BMP,   "Thatch Wallpaper"         ,    598
   4:WINLOGO.BMP,  "Windows Logo Wallpaper"   ,  38518
   3:ZIGZAG.BMP,   "Zigzag Wallpaper"         ,    630
   6:LEAVES.BMP,   "Leaves Wallpaper"         ,  15118
   5:ding.wav,     "Ding Sound"               ,  11598
   3:chord.wav,    "Chord Sound"              ,  24982
   4:chimes.wav,   "Chimes Sound"             ,  15920
   4:tada.wav,     "Trumpet Sound"            ,  27804
   5:canyon.mid,   "Canyon MIDI Song"         ,  33883
   diskspace=272609
 
[win.readme]
   3:readme.wri,   "General Readme"           ,  92928, readme
   3:networks.wri, "Networks Readme"          ,  62336
   3:winini.wri,   "Win.ini Readme"           ,  31104
   3:sysini.wri,   "System.ini Readme"        ,  52864
   3:printers.wri, "Printers Readme"          ,  41984
   3:apps.hlp,     "Application Compatibility Help",  15930
   diskspace=297146
 
; The [*.groups] sections maps a group section to the group name used in
; Program Manager.
;
; Section Name = Progman group name, Min/Max switch. ( 1 = Max, nothing = Min).
;
; This section is used for upgrading from 3.X to 3.1.
[new.groups]
group7=Main,1
group1=StartUp
group2=Accessories
group6=Games
 
; This section is for new install.
[progman.groups]
group3=Main,1
group4=Accessories
group5=Games
group1=StartUp
 
; Progman DDE control section. This section controls the progman DDE and defines which
; .exe's will be added to which groups. The [progman.groups] sections lists section
; names that each describe the contents of that group.
;
; Description string,  .EXE name, Icon extraction .EXE, Icon extraction index, profile
;
; If the profile field is left NULL, the item will always be added to the group. Otherwise
; the item will only be added if it was installed via the partial install dlg.
;
;
; NOTE: If EXE name is NULL item will be deleted from the group if it exists there.
;
 
[group3]
"File Manager",     WINFILE.EXE
"Control Panel",    CONTROL.EXE
"Print Manager",    PRINTMAN.EXE
"Clipboard Viewer", CLIPBRD.EXE
"MS-DOS Prompt",    DOSPRMPT.PIF, PROGMAN.EXE, 9
"Windows Setup",    SETUP.EXE
"PIF Editor",       PIFEDIT.EXE
"Read Me",          README.WRI,,,                              readme
 
[group4]
"Write",            WRITE.EXE
"Paintbrush",       PBRUSH.EXE,,,                              pbrush
"Terminal",         TERMINAL.EXE,,,                            terminal
"Notepad",          NOTEPAD.EXE,,,                             notepad
"Recorder",         RECORDER.EXE,,,                            recorder
"Cardfile",         CARDFILE.EXE,,,                            cardfile
"Calendar",         CALENDAR.EXE,,,                            calendar
"Calculator",       CALC.EXE,,,                                calc
"Clock",            CLOCK.EXE,,,                               clock
"Object Packager",  PACKAGER.EXE,,,                            packager
"Character Map",    CHARMAP.EXE,,,                             charmap
"Media Player",     MPLAYER.EXE,,,                             mplayer
"Sound Recorder",   SOUNDREC.EXE,,,                            soundrec
 
[group5]
"Solitaire",        SOL.EXE,,,                                 sol
"Minesweeper",      WINMINE.EXE,,,                             winmine
 
[group1]
"Dr. Watson"
 
[group2]
"Object Packager",  PACKAGER.EXE,,,                            packager
"Character Map",    CHARMAP.EXE,,,                             charmap
"Media Player",     MPLAYER.EXE,,,                             mplayer
"Sound Recorder",   SOUNDREC.EXE,,,                            soundrec
"PIF Editor"
"Write",            WRITE.EXE
 
[group6]
"Solitaire",        SOL.EXE,,,                                 sol
"Minesweeper",      WINMINE.EXE,,,                             winmine
 
[group7]
"PIF Editor",       PIFEDIT.EXE
"Read Me"
"DOS Prompt"
"MS-DOS Prompt",    DOSPRMPT.PIF, PROGMAN.EXE, 9
"Read Me",          README.WRI,,,                              readme
"Tutorial"
 
[fonts]
   6:SSERIFB.FON, "MS Sans Serif 8,10,12,14,18,24 (EGA res)", "133,96,72"
   5:SSERIFE.FON, "MS Sans Serif 8,10,12,14,18,24 (VGA res)", "100,96,96"
   5:SSERIFF.FON, "MS Sans Serif 8,10,12,14,18,24 (8514/a res)", "100,120,120"
 
   6:COURB.FON, "Courier 8,10,12,15 (EGA res)", "133,96,72"
   6:COURE.FON, "Courier 10,12,15 (VGA res)", "100,96,96"
   6:COURF.FON, "Courier 10,12,15 (8514/a res)", "100,120,120"
 
   6:SERIFB.FON, "MS Serif 8,10,12,14,18,24 (EGA res)", "133,96,72"
   6:SERIFE.FON, "MS Serif 8,10,12,14,18,24 (VGA res)", "100,96,96"
   5:SERIFF.FON, "MS Serif 8,10,12,14,18,24 (8514/a res)", "100,120,120"
 
   6:ARIALB.FON, "Arial 8,10 (EGA res)", "133,96,72"
   6:TIMESB.FON, "Times New Roman 8,10 (EGA res)", "133,96,72"
 
   6:SYMBOLB.FON, "Symbol 8,10,12,14,18,24 (EGA res)", "133,96,72"
   6:SYMBOLE.FON, "Symbol 8,10,12,14,18,24 (VGA res)", "100,96,96"
   3:SYMBOLF.FON, "Symbol 8,10,12,14,18,24 (8514/a res)", "100,120,120"
 
   6:SMALLB.FON, "Small Fonts (EGA res)", "133,96,72"
   6:SMALLE.FON, "Small Fonts (VGA res)", "100,96,96"
   6:SMALLF.FON, "Small Fonts (8514/a res)", "100,120,120"
 
   6:ROMAN.FON, "Roman (Plotter)",   "CONTINUOUSSCALING"
   6:SCRIPT.FON, "Script (Plotter)", "CONTINUOUSSCALING"
   6:MODERN.FON, "Modern (Plotter)", "CONTINUOUSSCALING"
 
[ttfonts]
;
;Font Header file, Description string,       Font file,     FontFamily/Flags
;
; Flags:  0000 = Normal weighted font.
;         0100 = Bolded font.
;         1000 = Italic font.
; NOTE: Flags not currently used.
;
; NOTE: The first letter of each word in the font desctiption string needs
;       to be capitalized.
;
6:ARIAL.FOT,   "Arial (TrueType)",                       6:arial.ttf,   ""
6:ARIALBD.FOT, "Arial Bold (TrueType)",                  6:arialbd.ttf,  "Arial0100"
6:ARIALBI.FOT, "Arial Bold Italic (TrueType)",           6:arialbi.ttf, "Arial1100"
6:ARIALI.FOT,  "Arial Italic (TrueType)",                6:ariali.ttf,  "Arial1000"
6:COUR.FOT,    "Courier New (TrueType)",                 6:cour.ttf,    ""
6:COURBD.FOT,  "Courier New Bold (TrueType)",            6:courbd.ttf,  "Courier0100"
6:COURBI.FOT,  "Courier New Bold Italic (TrueType)",     6:courbi.ttf,  "Courier1100"
6:COURI.FOT,   "Courier New Italic (TrueType)",          6:couri.ttf,   "Courier1000"
6:TIMES.FOT,   "Times New Roman (TrueType)",             6:times.ttf,   ""
6:TIMESBD.FOT, "Times New Roman Bold (TrueType)",        6:timesbd.ttf, "Times New Roman0100"
6:TIMESBI.FOT, "Times New Roman Bold Italic (TrueType)", 6:timesbi.ttf, "Times New Roman1100"
6:TIMESI.FOT,  "Times New Roman Italic (TrueType)",      6:timesi.ttf,  "Times New Roman1000"
6:SYMBOL.FOT,  "Symbol (TrueType)",                      6:symbol.ttf,  ""
6:WINGDING.FOT,"WingDings (TrueType)",                   6:wingding.ttf,""
 
; If any of these drivers are found in the config.sys file, Setup removes them.
[compatibility]
icache.sys   
ibmcache.sys 
cache.sys    
cache.exe    
mcache.sys   
fast512.sys
 
; Known TSRs and drivers which may result in a hang or crash
; during execution of Setup or Windows.
;
; filename = description string
[incompTSR1]
ep.exe      = "Norton Desktop/Windows Erase Protect TSR"
qmaps.sys   = "QMAPS Memory Manager"
qcache.exe  = "386 Max Disk Cache Utility"
cache.exe   = "Disk Cache Utility"
flash.exe   = "Flash Disk Cache Utility"
hyper386.exe= "Hyper Disk Cache Utility"
hyperdkx.exe= "Hyper Disk Cache Utility"
hyper286.exe= "Hyper Disk Cache Utility"
hyperdke.exe= "Hyper Disk Cache Utility"
hyperdkc.exe= "Hyper Disk Cache Utility"
ncache.exe  = "Norton Disk Cache Utility"
pc-kwik.exe = "PC-Kwik Disk Cache Utility"
pc-cache.com= "PC Tools Disk Cache Utility"
superpck.exe= "Super PC-Kwik Disk Cache Utility"
vdisk.sys   = "IBM RAM Disk Utility" 
allemm4.sys="All Charge 386"
anarkey.com="Anarkey"
vsafe.sys = "Central Point Anti-Virus"
vsafe.com = "Central Point Anti-Virus TSR"
vdefend.sys="PC Tools VDefend"
vdefend.com="PC Tools VDefend"
kbflow.exe="KBFlow TSR by Artisoft"
s-ice.exe="SoftIce"
desktop.exe="PC Tools Desktop TSR"
sk2.exe="Sidekick Version 2.0"
sk.com="Sidekick Version 1.0"
skplus.exe="Sidekick Plus"
print.exe="MS-DOS PRINT Utility"
pyro.exe="Pyro! Screen Saver"
xgaaidos.sys="8514 emulation driver "
asplogin.exe="ASP Integrity Toolkit"
lsallow.exe="Lansight Network Utilities TSR"
lansel.exe="Lansight Network Utilities TSR"
vaccine.exe="Vaccine Antivirus Program"
newspace.exe="Newspace Disk Compression Utility"
newres.exe="Newspace Disk Compression Utility"
tscsi.sys="Trantor T100  SCSI driver"
pcpanel.exe="Lasertools Printer Control Panel"
hpemm386.sys = "HP Expanded Memory Manager"
hpemm486.sys = "HP Expanded Memory Manager"
ramtype.sys  = "Ramtype Utility"
iemm.sys     = "Memory Manager"
ilim386.sys  = "Intel Expanded Memory Emulator"
cmdedit.com  = "Command Line Editor"
hpmm.sys     = "HP Memory Manager"
ced.exe      = "PCED Command Line Editor"
ced.com      = "CED Command Line Editor"
umbpro.sys   = "UMB Pro Memory Manager"
rm386.sys    = "NetRoom Memory Manager"
 
; Known TSRs and device drivers which can(!) potentially cause problems
; if running during Setup or Windows
;
; filename = description string
[incompTSR2]
ndosedit.com  = "Command Line Editor"
doscue.com="DOSCUE Command Line Editor"
datamon.exe="PC Tools Datamon"
subst.exe="MS-DOS SUBST Utility"
join.exe="MS-DOS JOIN Utility"
viralert.sys="Data Physician Plus TSR"
graphics.com="MS-DOS GRAPHICS Utility"
le.com="Le Menu Menuing Package"
assign.com="MS-DOS ASSIGN Utility"
append.com="MS-DOS APPEND Utility"
diskmon.exe="Norton Disk Monitoring TSR"
dubldisk.sys="Double Disk Data Compression Utility"
pa.exe = "Printer Assist"
speedfxr.com = "Speedfxr"
pcsxmaem.sys = "pcsxmaem Utility"
xmaem.sys    = "xmaem Utility"
cubitr.exe   = "Cubit"
 
[block_devices]
tscsi.sys
tcscsi.sys
atdosxl.sys
dmdrvr.bin
drdrive.sys
 
[Installable.Drivers]
; key         = filename,       type(s),     description, VxD(s), Default Params
msadlib       = 3:msadlib.drv,  "MIDI",      "Ad Lib", 3:vadlibd.386,
lapc1         = 4:mpu401.drv,   "MIDI",      "Roland LAPC1",,
midimapper    = 4:midimap.drv,  "MidiMapper", "MIDI Mapper",,
mpu401        = 4:mpu401.drv,   "MIDI",      "Roland MPU-401",,
sequencer     = 5:mciseq.drv,   "Sequencer", "[MCI] MIDI Sequencer",,
soundblaster  = 3:sndblst.drv,  "Wave,MIDI", "Creative Labs Sound Blaster 1.0", 3:vsbd.386,, msadlib
soundblaster2 = 3:sndblst2.drv, "Wave,MIDI", "Creative Labs Sound Blaster 1.5", 3:vsbd.386,, msadlib
timer         = 3:timer.drv,    "Timer",     "Timer", 3:vtdapi.386,
thunder       = 3:sndblst2.drv, "Wave", "Media Vision Thunder Board", 3:vsbd.386,, msadlib
wave          = 6:mciwave.drv,  "WaveAudio", "[MCI] Sound",, "4"
cdaudio       = 5:mcicda.drv,   "CDAudio",   "[MCI] CD Audio",,
 
; This section translates Windows 3.0 OEMSETUP.INF entries to their 3.1
; equivalents. The disk names should be the first entries in the list.
 
[translate]
WinDiskName=26,"Microsoft Windows 3.0 Disk"
WinDiskName=14,"Windows Disk #"
*vddvga=1:vddvga30.386
cti.lgo=2:herclogo.lgo
herclogo.rle=2:herclogo.rle
vddega=2:vddega.386
vgacolor.gr2=1:vgacolor.2gr
vgalogo.lgo=2:vgalogo.lgo
vgalogo.rle=3:vgalogo.rle
rgdi.lgo=2:vgalogo.lgo
rgdi.rle=3:vgalogo.rle
vga.gr3=3:vga30.3gr
v7vga.gr3=2:v7vga.3gr
cga40woa.fon=2:cga40woa.fon
cga40850.fon=2:cga40850.fon
cga80woa.fon=2:cga80woa.fon
cga80850.fon=2:cga80850.fon
ega40woa.fon=2:ega40woa.fon
ega40850.fon=2:ega40850.fon
ega80woa.fon=2:ega80woa.fon
ega80850.fon=2:ega80850.fon
vgasys.fon=2:vgasys.fon
vgafix.fon=2:vgafix.fon
vgaoem.fon=2:vgaoem.fon
8514sys.fon=2:8514sys.fon
8514fix.fon=2:8514fix.fon
8514oem.fon=2:8514oem.fon
helvb.fon=6:sserifb.fon
helve.fon=5:sserife.fon
helvf.fon=5:sseriff.fon
courb.fon=6:courb.fon
coure.fon=6:coure.fon
courf.fon=6:courf.fon
tmsrb.fon=6:serifb.fon
tmsre.fon=6:serife.fon
tmsrf.fon=5:seriff.fon
symbolb.fon=6:symbolb.fon
symbole.fon=6:symbole.fon
symbolf.fon=3:symbolf.fon
roman.fon=6:roman.fon
script.fon=6:script.fon
modern.fon=6:modern.fon
kbdbe.dll=2:kbdbe.dll
kbduk.dll=2:kbduk.dll
kbdda.dll=2:kbdda.dll
kbdne.dll=2:kbdne.dll
kbdfi.dll=2:kbdfi.dll
kbdfr.dll=2:kbdfr.dll
kbdca.dll=2:kbdca.dll
kbdgr.dll=2:kbdgr.dll
kbdic.dll=2:kbdic.dll
kbdit.dll=2:kbdit.dll
kbdla.dll=2:kbdla.dll
kbdno.dll=2:kbdno.dll
kbdpo.dll=2:kbdpo.dll
kbdsp.dll=3:kbdsp.dll
kbdsw.dll=3:kbdsw.dll
kbdsf.dll=2:kbdsf.dll
kbdsg.dll=2:kbdsg.dll
kbdus.dll=3:kbdus.dll
kbddv.dll=3:kbddv.dll
kbdusx.dll=2:kbdusx.dll
xlat863.bin=1:xlat863.bin
xlat861.bin=2:xlat861.bin
xlat865.bin=3:xlat865.bin
xlat850.bin=1:xlat850.bin
xlat860.bin=2:xlat860.bin
vga863.fon=3:vga863.fon
vga861.fon=2:vga861.fon
vga865.fon=3:vga865.fon
vga850.fon=2:vga850.fon
vga860.fon=2:vga860.fon
win.cnf=2:win.cnf
 
; Used to update files that already exist on the disk
;
[Update.Files]
0:system,3:sndblst.drv
0:system,3:sndblst2.drv
0:system,4:mpu401.drv
0:system,3:msadlib.drv
0:system,3:vtdapi.386
0:system,3:vsbd.386
0:system,3:vadlibd.386
0:system,5:mcicda.drv
 
; Used to update dependents of files in the [Update.Files] section.
;
[Update.Dependents]
msadlib.drv = 3:vadlibd.386
sndblst.drv = 3:vsbd.386
sndblst2.drv = 3:vsbd.386
 
; This section is processed by both the DOS and WINDOWS portions of setup
; for temporarily renaming profile strings during setup. THE RENAME
; OPERATION WILL ONLY TAKE PLACE IF THE ORIGINAL PROFILE STRING EXISTS AND HAS
; A RIGHT HAND SIDE STRING.
;
; .ini file,  section name, temporary profile name, Original profile name.
;
[ini.upd.patches]
  system.ini, Boot,    "olddrivers"    ,"drivers"
  win.ini   , Desktop, "oldwallpaper"  ,"wallpaper"
  system.ini, Boot,    "oldtaskman"    ,"taskman.exe"
  system.ini, Boot,    "oldshell"      ,"shell"
 
; Used by the windows half to shrink the memory needed to hold this pig.
;
[blowaway]
   this line needed
 
[ini.upd.31]
;
; WARNING: This section only works on win.ini or system.ini !!
;
; .ini file,  section,  old line to be replaced,  new line,  rename operater.
;
; If the "old line to be replaced" field is empty, setup will assume that
; the new line is to be added. The rename operater tells setup to retain the RHS
; of the profile. This is used as a renaming mechanism during upgrades.
; Nb : Simple string substitution is implemented :
;     ?P means any valid MS-DOS path
;
  system.ini, Boot,                               ,   "taskman.exe="
  system.ini, mci,     "waveaudio="               ,   "WaveAudio=mciwave.drv"
  system.ini, mci,     "sequencer="               ,   "Sequencer=mciseq.drv"
  system.ini, mci,     "cdaudio="                 ,   "CDAudio=mcicda.drv"                      
  system.ini, drivers,                            ,   "timer=timer.drv"
  system.ini, drivers,         "midimapper="      ,   "midimapper=midimap.drv"
  system.ini, drivers, "midi=adlib.drv"           ,   "midi=msadlib.drv"          ,rename
  system.ini, drivers, "midi1=adlib.drv"          ,   "midi1=msadlib.drv"         ,rename
  system.ini, drivers, "midi2=adlib.drv"          ,   "midi2=msadlib.drv"         ,rename
  system.ini, drivers, "midi3=adlib.drv"          ,   "midi3=msadlib.drv"         ,rename
  system.ini, drivers, "midi4=adlib.drv"          ,   "midi4=msadlib.drv"         ,rename
  system.ini, 386Enh,       "keyboard=?Pbpvkd.386",
  system.ini, 386Enh,          "keyboard="        ,   "keyboard=*vkd"             ,noclobber
  system.ini, 386Enh,          "device=vpicda.386",   "device=*vpicd"
  system.ini, 386Enh,          "device=*vhd"      ,   "device=*blockdev"
  system.ini, 386Enh,          "device=*vpd"      ,
  system.ini, 386Enh,          "device=vdmad.386" ,   "device=*vdmad"
  system.ini, 386Enh,          "device=vdmadx.386",   "device=*vdmad"
  system.ini, 386Enh,                             ,   "device=*pagefile"
  system.ini, 386Enh,       "device=?Pvtdapi.386" ,   "device=vtdapi.386"
  system.ini, NonWindowsApp,"localtsrs="          ,   "localtsrs=dosedit,ced"  ,noclobber
  win.ini   , Sounds,  "SystemDefault="           ,   "SystemDefault=ding.wav, Default Beep"      ,noclobber
  win.ini   , Sounds,  "SystemExclamation="       ,   "SystemExclamation=chord.wav, Exclamation"  ,noclobber
  win.ini   , Sounds,  "SystemStart="             ,   "SystemStart=tada.wav, Windows Start"       ,noclobber
  win.ini   , Sounds,  "SystemExit="              ,   "SystemExit=chimes.wav, Windows Exit"       ,noclobber
  win.ini   , Sounds,  "SystemHand="              ,   "SystemHand=chord.wav, Critical Stop"       ,noclobber
  win.ini   , Sounds,  "SystemQuestion="          ,   "SystemQuestion=chord.wav, Question"        ,noclobber
  win.ini   , Sounds,  "SystemAsterisk="          ,   "SystemAsterisk=chord.wav, Asterisk"        ,noclobber
  win.ini   , "mci extensions",                   ,   "wav=waveaudio"
  win.ini   , "mci extensions",                   ,   "mid=sequencer"
  win.ini   , "mci extensions",                   ,   "rmi=sequencer"
  win.ini   , FontSubstitutes,                    ,   "Helv=MS Sans Serif"
  win.ini   , FontSubstitutes,                    ,   "Tms Rmn=MS Serif"
  win.ini   , FontSubstitutes, "Courier=Courier New" ,
  win.ini   , FontSubstitutes,                    ,   "Times=Times New Roman"
  win.ini   , FontSubstitutes,                    ,   "Helvetica=Arial"
  win.ini   , "Microsoft Word 2.0", "HPDSKJET="   ,   "HPDSKJET=+1"             ,noclobber
  ;
  ; Remove these Win 3.0 font entries from win.ini because they have either
  ; been replaced or removed for Win 3.1
  ;
  win.ini, Fonts, "Helv 8,10,12,14,18,24 (CGA res)="
  win.ini, Fonts, "Helv 8,10,12,14,18,24 (EGA res)="
  win.ini, Fonts, "Helv 8,10,12,14,18,24 (60 dpi)="
  win.ini, Fonts, "Helv 8,10,12,14,18,24 (120 dpi)="
  win.ini, Fonts, "Helv 8,10,12,14,18,24 (VGA res)="
  win.ini, Fonts, "Helv 8,10,12,14,18,24 (8514/a res)="
  win.ini, Fonts, "Tms Rmn 8,10,12,14,18,24 (CGA res)="
  win.ini, Fonts, "Tms Rmn 8,10,12,14,18,24 (EGA res)="
  win.ini, Fonts, "Tms Rmn 8,10,12,14,18,24 (60 dpi)="
  win.ini, Fonts, "Tms Rmn 8,10,12,14,18,24 (120 dpi)="
  win.ini, Fonts, "Tms Rmn 8,10,12,14,18,24 (VGA res)="
  win.ini, Fonts, "Tms Rmn 8,10,12,14,18,24 (8514/a res)="
  ;
  ; Remove these font entries if they exist because these .ini entries
  ; are obsolete. We use "TrueType" rather than "Scalable"
  ;
  win.ini, Fonts, "Arial (Scalable)="
  win.ini, Fonts, "Arial Bold (Scalable)="
  win.ini, Fonts, "Arial Bold Italic (Scalable)="
  win.ini, Fonts, "Arial Italic (Scalable)="
  win.ini, Fonts, "Courier (Scalable)="
  win.ini, Fonts, "Courier Bold (Scalable)="
  win.ini, Fonts, "Courier Italic (Scalable)="
  win.ini, Fonts, "Courier Bold Italic (Scalable)="
  win.ini, Fonts, "Courier (TrueType)"
  win.ini, Fonts, "Courier Bold (TrueType)"
  win.ini, Fonts, "Courier Bold Italic (TrueType)"
  win.ini, Fonts, "Courier Italic (TrueType)"
  win.ini, Fonts, "Times New Roman (Scalable)="
  win.ini, Fonts, "Times New Roman Bold (Scalable)="
  win.ini, Fonts, "Times New Roman Bold Italic (Scalable)="
  win.ini, Fonts, "Times New Roman Italic (Scalable)="
  win.ini, Fonts, "Symbol PS (Scalable)="
  win.ini, Fonts, "Symbol (Scalable)="
  ;
  ; Remove these font entries if they exist because these .ini entries
  ; are obsolete. We use "Plotter" rather than "All res" Also, 8 point was
  ; added to the EGA res courier so we remove the old "Courier 10,12,15" font.
  ;
  win.ini, Fonts, "Roman (All res)="
  win.ini, Fonts, "Script (All res)="
  win.ini, Fonts, "Modern (All res)="
  win.ini, Fonts, "Courier 10,12,15 (EGA res)="
  ;
  ; The following lines will cause the MS-DOS half of setup to effectivly
  ; rename the [Fonts] section in win.ini. Setup does this by adding the
  ; [wt4gpi8s56bz] string to the [Fonts] section and then deleting the
  ; [Fonts] section string. Later, in the windows half of setup, it will
  ; rename [wt4gpi8s56bz] back to [Fonts]. Do not change these names!
  ;
  win.ini, Fonts,              , "[wt4gpi8s56bz]"
  win.ini, Fonts,   "[Fonts]"  ,
 
  ; The following line makes USER skip persistent net connections
  ; USER immediately deletes the entry so it is a onetime thing.
  win.ini, windows,, "SetupWin=1"
 
  ; The following lines fix problems with APPS
  win.ini, Compatibility,"NOTSHELL=", "NOTSHELL=0x0001"
  win.ini, Compatibility,"WPWINFIL=", "WPWINFIL=0x0006"
  win.ini, Compatibility,"CCMAIL=", "CCMAIL=0x0008"
  win.ini, Compatibility,"AMIPRO=", "AMIPRO=0x0010"
  win.ini, Compatibility,"REM=", "REM=0x8022"
  win.ini, Compatibility,"PIXIE=", "PIXIE=0x0040"
  win.ini, Compatibility,"CP=", "CP=0x0040"
  win.ini, Compatibility,"JW=", "JW=0x42080"
  win.ini, Compatibility,"TME=", "TME=0x0100"
  win.ini, Compatibility,"VB=", "VB=0x0200"
  win.ini, Compatibility,"WIN2WRS=", "WIN2WRS=0x1210"
  win.ini, Compatibility,"PACKRAT=", "PACKRAT=0x0800"
  win.ini, Compatibility,"VISION=", "VISION=0x0040"
  win.ini, Compatibility,"MCOURIER=", "MCOURIER=0x0800"
  win.ini, Compatibility,"_BNOTES=", "_BNOTES=0x24000"
  win.ini, Compatibility,"MILESV3=", "MILESV3=0x1000"
  win.ini, Compatibility,"PM4=", "PM4=0x2000"
  win.ini, Compatibility,"DESIGNER=", "DESIGNER=0x2000"
  win.ini, Compatibility,"PLANNER=", "PLANNER=0x2000"
  win.ini, Compatibility,"DRAW=", "DRAW=0x2000"
  win.ini, Compatibility,"WINSIM=", "WINSIM=0x2000"
  win.ini, Compatibility,"CHARISMA=", "CHARISMA=0x2000"
  win.ini, Compatibility,"PR2=", "PR2=0x2000"
  win.ini, Compatibility,"PLUS=", "PLUS=0x1000"
  win.ini, Compatibility,"ED=", "ED=0x00010000"
  win.ini, Compatibility,"PP=",
  win.ini, Compatibility,"APORIA=", "APORIA=0x0100"
  win.ini, Compatibility,"EXCEL=", "EXCEL=0x1000"
  win.ini, Compatibility,"GUIDE=", "GUIDE=0x1000"
  win.ini, Compatibility,"NETSET2=", "NETSET2=0x0100"
  win.ini, Compatibility,"W4GL=", "W4GL=0x4000"
  win.ini, Compatibility,"W4GLR=","W4GLR=0x4000"
  win.ini, Compatibility,"TURBOTAX=","TURBOTAX=0x00080000"
 
[system]
; The various SYSTEM.DRV, SOUND.DRV, COMM.DRV
;
; These   are the   drivers   which may vary from system to system,
; but are selected only   by the [machine] menu -- they do not have
; special menus   for their selection.
system   =    2:system.drv
sound    =    2:mmsound.drv
comm     =    2:comm.drv
hpsystem =    2:hpsystem.drv
 
[machine]
; This section defines default machine selections.  The   system
; description from each   entry will appear in the initial machine
; selection menu of Setup.
;
; An * means that setup will use the device specified here and override
; the detected device, this applies to keyboards, mice, and displays.
;
; Each entry contains a   descriptive line for the system-selection menu,
; followed by the filenames of the drivers in fixed order.
;
;      Field      1         2           3        4         5          6         7          8         9             10     11
; prof_str      = Desc Str, System drv, kbd drv, kbd type, mouse drv, disp drv, sound drv, comm drv, himem switch, ebios, cookies
;
ibm_compatible  = "MS-DOS System",system,kbd,t4s0enha,nomouse,egahires,sound,comm,,ebios,
ast_386_486     = "AST Premium 386/25 and 386/33 (CUPID)",system,kbd,t4s0enha,nomouse,egahires,sound,comm,,ebios,ast_cookz
at_and_t        = "AT&T PC",system,kbd,t4s0enha,nomouse,!olibw,sound,comm,,ebios,
everex_386_25   = "Everex Step 386/25 (or Compatible)",system,kbd,t4s0enha,nomouse,egahires,sound,comm,,ebios,everex_cookz
hewlett_packard = "Hewlett-Packard: all machines",hpsystem,kbdhp,t4s0enha,nomouse,egahires,sound,comm,,hpebios,
ibm_ps2_70p     = "IBM PS/2 Model P70",system,kbd,t4s0enha,nomouse,!vga,sound,comm,,ebios,
ibm_ps2_l40sx   = "IBM PS/2 Model L40sx",system,kbd,!t4s0enha,nomouse,vga,sound,comm,,ebios,ibml40_cookz
ncr_386sx       = "NCR: all 80386 and 80486 based machines",system,kbd,t4s0enha,nomouse,egahires,sound,comm,,ebios,ncr386sx_cookz
nec_pm_sx+      = "NEC PowerMate SX Plus",system,kbd,t4s0enha,nomouse,egahires,sound,comm,,ebios,nec_pm_cookz
nec_prospeed    = "NEC ProSpeed 386",system,kbd,t4s0enha,nomouse,!egahires,sound,comm,,ebios,
toshiba_1200xe  = "Toshiba 1200XE",system,kbd,t4s0enha,nomouse,egahires,sound,comm,"TOSHIBA",ebios,
toshiba_1600    = "Toshiba 1600",system,kbd,t4s0enha,nomouse,egahires,sound,comm,"TOSHIBA",ebios,
toshiba_5200    = "Toshiba 5200",system,kbd,t4s0enha,nomouse,egahires,sound,comm,,ebios,t5200_cookz
zenith_386      = "Zenith: all 80386 based machines",system,kbd,t4s0enha,nomouse,egahires,sound,comm,,ebios,zen386_cookz
att_nsx_20      = "AT&T NSX 20 : Safari notebook",system,kbd,t4s0enha,nomouse,egahires,sound,comm,,ebios
apm             = "MS-DOS System with APM",system,kbd,t4s0enha,nomouse,egahires,sound,comm,,ebios,apm_cookz
apm_sl          = "Intel 386SL Based System with APM",system,kbd,t4s0enha,nomouse,egahires,sound,comm,,ebios,apm_sl_cookz
;
; Cookies as specified in machine section
;
; ini file, section, cookie, needed file
;
; specialdriver,,,file will add an installable driver to [boot]drivers=
;
 
[apm_cookz]
specialdriver,,,3:power.drv
system.ini,386enh,"device=vpowerd.386",3:vpowerd.386
,,,2:power.hlp
 
[apm_sl_cookz]
specialdriver,,,3:power.drv
system.ini,386enh,"device=vpowerd.386",3:vpowerd.386
,,,2:power.hlp
system.ini,power.drv,"OptionsDLL=sl.dll",2:sl.dll
,,,2:sl.hlp
 
[ast_cookz]
system.ini,386enh,"emmexclude=E000-EFFF",
 
[everex_cookz]
system.ini,386enh,"8042ReadCmd=A2,1,F",
system.ini,386enh,"8042ReadCmd=A3,1,F",
system.ini,386enh,"8042WriteCmd=B3,8,F",
 
[ibml40_cookz]
system.ini,386enh,"emmexclude=E000-EFFF",
system.ini,386enh,"DMAbuffersize=64"
 
 
[ncr386sx_cookz]
system.ini,386enh,"emmexclude=E000-EFFF",
system.ini,386enh,"emmexclude=C600-C7FF",
 
[nec_pm_cookz]
system.ini,386enh,"VirtualHDirq=NO",
 
[t5200_cookz]
system.ini,386enh,"emmexclude=C000-C7FF",
 
[zen386_cookz]
system.ini,386enh,"emmexclude=E000-EFFF",
 
[special_adapter]
eitherlink  = DMAbuffersize,32          ; Needed if EitherLink MC is detected.
cdrom       = 2:lanman10.386            ; Needed for CD Rom extensions.
 
[ebios]
ebios       = x:*ebios               ; Required for most 386 machines.
hpebios     = 3:hpebios.386,x:*ebios ; Required for HP 386 machines.
 
;
; Language DLL must be installed for non US installation.
;
; profile = language DLL, DLL description, language ID (ilanguage)
;
[language]
dan = 2:langsca.dll, "Danish"                              ,1030
nld = 2:langdut.dll, "Dutch"                               ,1043
enu =                     , "English (American)"             ,1033
eng = 2:langeng.dll, "English (International)" ,2057
fin = 2:langsca.dll, "Finnish"                     ,1035
fra = 3:langfrn.dll, "French"                              ,1036
frc = 2:langeng.dll, "French Canadian"       ,3084
deu = 2:langger.dll, "German"                              ,1031
isl = 2:langsca.dll, "Icelandic"                           ,1039
ita = 2:langeng.dll, "Italian"                     ,1040
nor = 2:langsca.dll, "Norwegian"                           ,1044
ptg = 2:langeng.dll, "Portuguese"                       ,2070
esp = 2:langspa.dll, "Spanish"             ,1034
esn = 2:langeng.dll, "Spanish (Modern)"      ,3082
sve = 2:langsca.dll, "Swedish"                ,1053
 
 
 
 
 
 
Here is also the TDSSKiller log:
 
16:26:55.0890 0x0910  TDSS rootkit removing tool 3.1.0.11 Aug  5 2016 12:13:31
16:26:56.0734 0x0910  ============================================================
16:26:56.0734 0x0910  Current date / time: 2016/09/06 16:26:56.0734
16:26:56.0734 0x0910  SystemInfo:
16:26:56.0734 0x0910  
16:26:56.0734 0x0910  OS Version: 5.1.2600 ServicePack: 3.0
16:26:56.0734 0x0910  Product type: Workstation
16:26:56.0734 0x0910  ComputerName: KEVGIL
16:26:56.0734 0x0910  UserName: Kevin Gilhooly
16:26:56.0734 0x0910  Windows directory: C:\WINDOWS
16:26:56.0734 0x0910  System windows directory: C:\WINDOWS
16:26:56.0734 0x0910  Processor architecture: Intel x86
16:26:56.0734 0x0910  Number of processors: 2
16:26:56.0734 0x0910  Page size: 0x1000
16:26:56.0734 0x0910  Boot type: Normal boot
16:26:56.0750 0x0910  ============================================================
16:26:56.0859 0x0910  KLMD ARK init status: drvProperties = 0xFFFF00, osBuild = 2600.6419, osProperties = 0x0
16:26:56.0859 0x0910  KLMD BG init status: drvProperties = 0xFFFF00, osBuild = 2600.6419, osProperties = 0x0
16:26:56.0859 0x0910  BG loaded
16:26:57.0406 0x0910  System UUID: {A1287582-152A-E7B2-2A86-8BFC261E047D}
16:27:00.0406 0x0910  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:27:00.0421 0x0910  Drive \Device\Harddisk1\DR4 - Size: 0x1E3000000 ( 7.55 Gb ), SectorSize: 0x200, Cylinders: 0x3D9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:27:00.0421 0x0910  ============================================================
16:27:00.0421 0x0910  \Device\Harddisk0\DR0:
16:27:00.0421 0x0910  MBR partitions:
16:27:00.0421 0x0910  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC02F10, BlocksNum 0x8E168F0
16:27:00.0421 0x0910  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9A19800, BlocksNum 0x8FFF800
16:27:00.0421 0x0910  \Device\Harddisk1\DR4:
16:27:00.0421 0x0910  MBR partitions:
16:27:00.0421 0x0910  \Device\Harddisk1\DR4\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xF17FE0
16:27:00.0421 0x0910  ============================================================
16:27:00.0453 0x0910  C: <-> \Device\Harddisk0\DR0\Partition1
16:27:00.0515 0x0910  D: <-> \Device\Harddisk0\DR0\Partition2
16:27:00.0515 0x0910  ============================================================
16:27:00.0515 0x0910  Initialize success
16:27:00.0515 0x0910  ============================================================
16:27:45.0859 0x0e3c  ============================================================
16:27:45.0859 0x0e3c  Scan started
16:27:45.0859 0x0e3c  Mode: Manual; SigCheck; TDLFS; 
16:27:45.0859 0x0e3c  ============================================================
16:27:45.0859 0x0e3c  KSN ping started
16:27:46.0093 0x0e3c  KSN ping finished: false
16:27:47.0046 0x0e3c  ================ Scan system memory ========================
16:27:47.0062 0x0e3c  System memory - ok
16:27:47.0062 0x0e3c  ================ Scan services =============================
16:27:47.0265 0x0e3c  [ C07D5197410AAB28D0D93F943F59656D, 482164BA2B57C7026A7DF3213E0AC59B752A898D9B880BC0629F9CADD05D2894 ] 6to4            C:\WINDOWS\System32\6to4svc.dll
16:27:48.0828 0x0e3c  6to4 - ok
16:27:49.0000 0x0e3c  Abiosdsk - ok
16:27:49.0000 0x0e3c  abp480n5 - ok
16:27:49.0078 0x0e3c  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:27:49.0625 0x0e3c  ACPI - ok
16:27:49.0656 0x0e3c  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:27:49.0859 0x0e3c  ACPIEC - ok
16:27:49.0859 0x0e3c  adpu160m - ok
16:27:49.0937 0x0e3c  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
16:27:50.0156 0x0e3c  aec - ok
16:27:50.0187 0x0e3c  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
16:27:50.0250 0x0e3c  AFD - ok
16:27:50.0265 0x0e3c  Aha154x - ok
16:27:50.0265 0x0e3c  aic78u2 - ok
16:27:50.0281 0x0e3c  aic78xx - ok
16:27:50.0328 0x0e3c  [ BCFB7633680F7EC5688D39CA9640A1AF, EDFFF2254662FA87D3C36FF12F926B49A55174026C65233F6B43285AD39B24CC ] AlcatelOTDCWwan C:\WINDOWS\system32\DRIVERS\AlcatelOTDCWwan.sys
16:27:50.0750 0x0e3c  AlcatelOTDCWwan - ok
16:27:50.0796 0x0e3c  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
16:27:51.0000 0x0e3c  Alerter - ok
16:27:51.0046 0x0e3c  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
16:27:51.0125 0x0e3c  ALG - ok
16:27:51.0140 0x0e3c  AliIde - ok
16:27:51.0140 0x0e3c  amsint - ok
16:27:51.0156 0x0e3c  AppMgmt - ok
16:27:51.0281 0x0e3c  [ 6EACC829E76B1EFDFACE633619A3DB31, 001030656AAD181BBC3DC1569165B24C25044CB62FC4BF15377ADC67FE9E8B59 ] AR5416          C:\WINDOWS\system32\DRIVERS\athw.sys
16:27:51.0484 0x0e3c  AR5416 - ok
16:27:51.0500 0x0e3c  asc - ok
16:27:51.0500 0x0e3c  asc3350p - ok
16:27:51.0515 0x0e3c  asc3550 - ok
16:27:51.0546 0x0e3c  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:27:51.0750 0x0e3c  AsyncMac - ok
16:27:51.0781 0x0e3c  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
16:27:52.0000 0x0e3c  atapi - ok
16:27:52.0000 0x0e3c  Atdisk - ok
16:27:52.0031 0x0e3c  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:27:52.0234 0x0e3c  Atmarpc - ok
16:27:52.0265 0x0e3c  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
16:27:52.0484 0x0e3c  AudioSrv - ok
16:27:52.0515 0x0e3c  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
16:27:52.0718 0x0e3c  audstub - ok
16:27:52.0750 0x0e3c  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
16:27:52.0968 0x0e3c  Beep - ok
16:27:53.0031 0x0e3c  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
16:27:53.0265 0x0e3c  BITS - ok
16:27:53.0312 0x0e3c  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
16:27:53.0359 0x0e3c  Browser - ok
16:27:53.0421 0x0e3c  [ ECDC40CC54603C711E1A7A1C9255184A, 7F109180AAC41D79036085A5725544BFA3895CAF791B272D9460133A0868AECB ] btaudio         C:\WINDOWS\system32\drivers\btaudio.sys
16:27:53.0750 0x0e3c  btaudio - ok
16:27:53.0796 0x0e3c  [ 58A49BD10E08D3D4333A60DEDCB1CED8, 2110462BDD51BCEB661C089376E60E5ECE5F5908CF80A09035190529C9F306A4 ] BTDriver        C:\WINDOWS\system32\DRIVERS\btport.sys
16:27:54.0015 0x0e3c  BTDriver - ok
16:27:54.0171 0x0e3c  [ 885B6D0F826A216EEE4C3AD883809012, C0C1DFE0E076464721C116CAF7193F3E5A3747097B4CAAD165511C2D391B3C58 ] BTKRNL          C:\WINDOWS\system32\DRIVERS\btkrnl.sys
16:27:54.0671 0x0e3c  BTKRNL - ok
16:27:54.0828 0x0e3c  [ 49E9ED37FAEC5E8C03E81FD73D3884D6, EE5AB3D1E4B6A3625B3DEEF7B83214AD557480DC393E16099EB8DA23F2FA4F79 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
16:27:55.0125 0x0e3c  btwdins - ok
16:27:55.0171 0x0e3c  [ B1D350F3F13CF340FCE93912D2BA1EBF, ADB2F5F70CB094AA0E582AD67A4D77F68B27DA6115722A2B9DD472C19BFB9DD0 ] BTWDNDIS        C:\WINDOWS\system32\DRIVERS\btwdndis.sys
16:27:55.0562 0x0e3c  BTWDNDIS - ok
16:27:55.0593 0x0e3c  [ 57E91E9925976BBC98984EEBAAF1D84C, 7AC67CE1026D589F66C31F9B30D65C4F94EE5F56FA1FE4992023AE31F6D142D2 ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys
16:27:55.0875 0x0e3c  BTWUSB - ok
16:27:55.0921 0x0e3c  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
16:27:56.0156 0x0e3c  cbidf2k - ok
16:27:56.0171 0x0e3c  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:27:56.0390 0x0e3c  CCDECODE - ok
16:27:56.0390 0x0e3c  cd20xrnt - ok
16:27:56.0421 0x0e3c  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
16:27:56.0640 0x0e3c  Cdaudio - ok
16:27:56.0656 0x0e3c  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
16:27:56.0875 0x0e3c  Cdfs - ok
16:27:56.0921 0x0e3c  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:27:57.0125 0x0e3c  Cdrom - ok
16:27:57.0125 0x0e3c  Changer - ok
16:27:57.0156 0x0e3c  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
16:27:57.0359 0x0e3c  CiSvc - ok
16:27:57.0390 0x0e3c  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
16:27:57.0593 0x0e3c  ClipSrv - ok
16:27:57.0609 0x0e3c  [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:27:57.0812 0x0e3c  CmBatt - ok
16:27:57.0812 0x0e3c  CmdIde - ok
16:27:57.0843 0x0e3c  [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:27:58.0046 0x0e3c  Compbatt - ok
16:27:58.0046 0x0e3c  COMSysApp - ok
16:27:58.0062 0x0e3c  Cpqarray - ok
16:27:58.0109 0x0e3c  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
16:27:58.0312 0x0e3c  CryptSvc - ok
16:27:58.0328 0x0e3c  dac2w2k - ok
16:27:58.0343 0x0e3c  dac960nt - ok
16:27:58.0406 0x0e3c  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
16:27:58.0500 0x0e3c  DcomLaunch - ok
16:27:58.0531 0x0e3c  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
16:27:58.0750 0x0e3c  Dhcp - ok
16:27:58.0781 0x0e3c  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
16:27:59.0000 0x0e3c  Disk - ok
16:27:59.0000 0x0e3c  dmadmin - ok
16:27:59.0093 0x0e3c  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
16:27:59.0406 0x0e3c  dmboot - ok
16:27:59.0484 0x0e3c  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
16:27:59.0703 0x0e3c  dmio - ok
16:27:59.0718 0x0e3c  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
16:27:59.0921 0x0e3c  dmload - ok
16:27:59.0953 0x0e3c  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
16:28:00.0171 0x0e3c  dmserver - ok
16:28:00.0203 0x0e3c  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
16:28:00.0390 0x0e3c  DMusic - ok
16:28:00.0437 0x0e3c  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
16:28:00.0484 0x0e3c  Dnscache - ok
16:28:00.0515 0x0e3c  [ 128AE3AEDDE1E3AE772C88320628FE7C, BCADE974F0CFF2F558C228DC82D68C901790B5C9B94956B908B6BCFC69A1A15E ] DNSeFilter      C:\WINDOWS\system32\drivers\SamsungEDS.sys
16:28:00.0718 0x0e3c  DNSeFilter - detected UnsignedFile.Multi.Generic ( 1 )
16:28:00.0906 0x0e3c  DNSeFilter ( UnsignedFile.Multi.Generic ) - warning
16:28:00.0968 0x0e3c  Dodo_Australia Flame Modem Device Helper - ok
16:28:01.0000 0x0e3c  [ 8A4CB9438571814B128B6DC30D698064, 2CE7DC464723C427C88E6FFB086330719DFE57F9EF0FE31AE9E0D8D0C910C388 ] DOSMEMIO        C:\WINDOWS\system32\MEMIO.SYS
16:28:01.0187 0x0e3c  DOSMEMIO - detected UnsignedFile.Multi.Generic ( 1 )
16:28:01.0187 0x0e3c  DOSMEMIO ( UnsignedFile.Multi.Generic ) - warning
16:28:01.0234 0x0e3c  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
16:28:01.0453 0x0e3c  Dot3svc - ok
16:28:01.0453 0x0e3c  dpti2o - ok
16:28:01.0500 0x0e3c  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
16:28:01.0703 0x0e3c  drmkaud - ok
16:28:01.0718 0x0e3c  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
16:28:01.0937 0x0e3c  EapHost - ok
16:28:01.0953 0x0e3c  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
16:28:02.0187 0x0e3c  ERSvc - ok
16:28:02.0218 0x0e3c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
16:28:02.0265 0x0e3c  Eventlog - ok
16:28:02.0312 0x0e3c  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
16:28:02.0390 0x0e3c  EventSystem - ok
16:28:02.0421 0x0e3c  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
16:28:02.0640 0x0e3c  Fastfat - ok
16:28:02.0687 0x0e3c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:28:02.0765 0x0e3c  FastUserSwitchingCompatibility - ok
16:28:02.0796 0x0e3c  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
16:28:03.0031 0x0e3c  Fdc - ok
16:28:03.0046 0x0e3c  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
16:28:03.0265 0x0e3c  Fips - ok
16:28:03.0281 0x0e3c  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
16:28:03.0500 0x0e3c  Flpydisk - ok
16:28:03.0546 0x0e3c  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:28:03.0750 0x0e3c  FltMgr - ok
16:28:03.0765 0x0e3c  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:28:03.0968 0x0e3c  Fs_Rec - ok
16:28:04.0000 0x0e3c  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:28:04.0203 0x0e3c  Ftdisk - ok
16:28:04.0218 0x0e3c  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:28:04.0421 0x0e3c  Gpc - ok
16:28:04.0453 0x0e3c  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:28:05.0000 0x0e3c  HDAudBus - ok
16:28:05.0062 0x0e3c  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:28:05.0265 0x0e3c  helpsvc - ok
16:28:05.0296 0x0e3c  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
16:28:05.0484 0x0e3c  HidServ - ok
16:28:05.0515 0x0e3c  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:28:05.0734 0x0e3c  HidUsb - ok
16:28:05.0796 0x0e3c  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
16:28:06.0031 0x0e3c  hkmsvc - ok
16:28:06.0046 0x0e3c  hpn - ok
16:28:06.0078 0x0e3c  [ F6AACF5BCE2893E0C1754AFEB672E5C9, 62A7A70515B5570A649DC30A3A122B1302F6839A63927C8B29EBE04ABA654892 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
16:28:06.0296 0x0e3c  HTTP - ok
16:28:06.0328 0x0e3c  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
16:28:06.0531 0x0e3c  HTTPFilter - ok
16:28:06.0531 0x0e3c  i2omgmt - ok
16:28:06.0546 0x0e3c  i2omp - ok
16:28:06.0593 0x0e3c  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:28:06.0796 0x0e3c  i8042prt - ok
16:28:07.0234 0x0e3c  [ 48846B31BE5A4FA662CCFDE7A1BA86B9, BC653F3ADAD70E766484986F196D4045D2CC6D92E5D827907E734254EE489A33 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:28:07.0890 0x0e3c  ialm - ok
16:28:07.0953 0x0e3c  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
16:28:08.0171 0x0e3c  Imapi - ok
16:28:08.0218 0x0e3c  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
16:28:08.0468 0x0e3c  ImapiService - ok
16:28:08.0468 0x0e3c  ini910u - ok
16:28:08.0906 0x0e3c  [ 32915772CCD5BC2BF9762195C002A949, FA15B2B51F99A0E76696B0EF92373B4793CEB65B193683C0B02218008BFB63C9 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:28:09.0578 0x0e3c  IntcAzAudAddService - ok
16:28:09.0640 0x0e3c  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:28:09.0859 0x0e3c  intelppm - ok
16:28:09.0890 0x0e3c  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:28:10.0109 0x0e3c  Ip6Fw - ok
16:28:10.0140 0x0e3c  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:28:10.0343 0x0e3c  IpFilterDriver - ok
16:28:10.0343 0x0e3c  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:28:10.0546 0x0e3c  IpInIp - ok
16:28:10.0578 0x0e3c  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:28:10.0828 0x0e3c  IpNat - ok
16:28:10.0859 0x0e3c  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:28:11.0078 0x0e3c  IPSec - ok
16:28:11.0093 0x0e3c  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
16:28:11.0171 0x0e3c  IRENUM - ok
16:28:11.0203 0x0e3c  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:28:11.0421 0x0e3c  isapnp - ok
16:28:11.0437 0x0e3c  [ 42933B35F756C5B51441F4C6B3CABDB6, 74CDC829856448B0EC4644B2ED979C81C333D86FC06BDBE50885180AA34A6599 ] jrdusbser       C:\WINDOWS\system32\DRIVERS\jrdusbser.sys
16:28:11.0859 0x0e3c  jrdusbser - ok
16:28:11.0906 0x0e3c  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:28:12.0203 0x0e3c  Kbdclass - ok
16:28:12.0234 0x0e3c  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:28:12.0500 0x0e3c  kbdhid - ok
16:28:12.0546 0x0e3c  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
16:28:12.0781 0x0e3c  kmixer - ok
16:28:12.0828 0x0e3c  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
16:28:12.0921 0x0e3c  KSecDD - ok
16:28:12.0953 0x0e3c  [ F385F4B02C535BFFE1D70CAB80838123, A1695E161673BCB77CE150C2D98A07FCB454C53F10EEBECD754D2CC40DEAA1E0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
16:28:13.0156 0x0e3c  LanmanServer - ok
16:28:13.0203 0x0e3c  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:28:13.0265 0x0e3c  lanmanworkstation - ok
16:28:13.0265 0x0e3c  lbrtfdc - ok
16:28:13.0296 0x0e3c  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
16:28:13.0515 0x0e3c  LmHosts - ok
16:28:13.0609 0x0e3c  [ 6309670BF9BF87C05F2C68DE2B73BA9E, 786EC473DE07C5D5E2D8CEB1F814CC365B76B64102C3FFDCBDFC3465728CA73A ] mcmscsvc        C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
16:28:13.0890 0x0e3c  mcmscsvc - ok
16:28:14.0156 0x0e3c  [ CAB349949B698CDA5EC6E3F03B8F1D38, 7C22DF2EB422DF29CE50EF27F0C76302C44316A56F4921772D7791E7C2AC7D76 ] McNASvc         c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
16:28:14.0390 0x0e3c  McNASvc - ok
16:28:14.0468 0x0e3c  [ 21456F3051CBEFD1F2D60D8B9AB9C6EE, 59154C771E385A2DC4FC1F8A91B3298CB754BE34F45FB9CBF35CC0EFD871F0BB ] McODS           C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
16:28:14.0750 0x0e3c  McODS - ok
16:28:14.0796 0x0e3c  [ 755248C1852325B1ADB34E304802454D, 375463ED54125750A5B9D79969CCEB506E711093EBE4E9AEA27255DA549159F0 ] McProxy         c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
16:28:15.0140 0x0e3c  McProxy - ok
16:28:15.0203 0x0e3c  [ 33734ABFA52EC8D096A1254D645E9B4F, 7C28D9E3370E41FF7A3F0BD29CB0A587BE57121A1F02EC6C8C8AE0151944BAF6 ] McShield        C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
16:28:15.0468 0x0e3c  McShield - ok
16:28:15.0640 0x0e3c  [ 65FF2F0B0AAFCA4720186C4C2F4822CE, C885FE67D743D0FBF850D671C9C95E22E18E653B39B17AA436B2F6E34393019D ] McSysmon        C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
16:28:15.0984 0x0e3c  McSysmon - ok
16:28:16.0031 0x0e3c  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
16:28:16.0265 0x0e3c  Messenger - ok
16:28:16.0296 0x0e3c  [ 21DD45CAE791D0CDE10631B80F16F653, 56B5901C521397C81478DB5BB24D6C70AFFCBC4028F241DD6575742A64C3D6DE ] mfeavfk         C:\WINDOWS\system32\drivers\mfeavfk.sys
16:28:16.0500 0x0e3c  mfeavfk - ok
16:28:16.0531 0x0e3c  [ DECDE1C615C256FA2893B5962B0B91E5, 3A3F014DD51FA9A4E7982C39559174D64AE24FBAEFA3BD063FA8B5C397E27751 ] mfebopk         C:\WINDOWS\system32\drivers\mfebopk.sys
16:28:16.0750 0x0e3c  mfebopk - ok
16:28:16.0781 0x0e3c  [ F85CD2B918202B7EE49757C361C7EAC2, 61EED9E99FDDE7EA468EB237C6A54209F7AF9FF9AB3376C62562FC029B604E46 ] mfehidk         C:\WINDOWS\system32\drivers\mfehidk.sys
16:28:17.0062 0x0e3c  mfehidk - ok
16:28:17.0093 0x0e3c  [ 5F33A57F904B64D1C6A548ECA47A8656, EBD19F16B1D38826D162F0389A83B020CF26C5DA39AF6A8656838FF96371C615 ] mferkdk         C:\WINDOWS\system32\drivers\mferkdk.sys
16:28:17.0312 0x0e3c  mferkdk - ok
16:28:17.0328 0x0e3c  [ 299A86B780C9627AAA24E74292363ED2, E8DA1C00F99B9291A98D8862990F443A132068BA84FCCA40FB2A85AC1C59D0F2 ] mfesmfk         C:\WINDOWS\system32\drivers\mfesmfk.sys
16:28:17.0671 0x0e3c  mfesmfk - ok
16:28:17.0703 0x0e3c  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
16:28:17.0890 0x0e3c  mnmdd - ok
16:28:17.0937 0x0e3c  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
16:28:18.0140 0x0e3c  mnmsrvc - ok
16:28:18.0187 0x0e3c  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
16:28:18.0406 0x0e3c  Modem - ok
16:28:18.0437 0x0e3c  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:28:18.0640 0x0e3c  Mouclass - ok
16:28:18.0671 0x0e3c  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:28:18.0875 0x0e3c  mouhid - ok
16:28:18.0890 0x0e3c  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
16:28:19.0078 0x0e3c  MountMgr - ok
16:28:19.0109 0x0e3c  [ E454F42AE5524D695D76EAB5D363B8AC, C36D6C28D1A8AAD0D25122A6BB0019B74D8AE857C964326A66F947ACABF2C17F ] MPFP            C:\WINDOWS\system32\Drivers\Mpfp.sys
16:28:19.0484 0x0e3c  MPFP - ok
16:28:19.0609 0x0e3c  [ 346F30F1FF73553AA466F4AE7948DA00, 7CE6A4A733F04A70050C12E4A13CF15A6C04773DA69199316B28765FFB3E201C ] MpfService      C:\Program Files\McAfee\MPF\MPFSrv.exe
16:28:19.0890 0x0e3c  MpfService - ok
16:28:19.0890 0x0e3c  mraid35x - ok
16:28:19.0921 0x0e3c  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:28:20.0125 0x0e3c  MRxDAV - ok
16:28:20.0171 0x0e3c  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:28:20.0250 0x0e3c  MRxSmb - ok
16:28:20.0296 0x0e3c  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
16:28:20.0484 0x0e3c  MSDTC - ok
16:28:20.0500 0x0e3c  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
16:28:20.0718 0x0e3c  Msfs - ok
16:28:20.0734 0x0e3c  MSIServer - ok
16:28:20.0781 0x0e3c  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:28:20.0968 0x0e3c  MSKSSRV - ok
16:28:21.0000 0x0e3c  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:28:21.0187 0x0e3c  MSPCLOCK - ok
16:28:21.0218 0x0e3c  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
16:28:21.0390 0x0e3c  MSPQM - ok
16:28:21.0437 0x0e3c  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:28:21.0625 0x0e3c  mssmbios - ok
16:28:21.0640 0x0e3c  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
16:28:21.0828 0x0e3c  MSTEE - ok
16:28:21.0859 0x0e3c  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
16:28:21.0906 0x0e3c  Mup - ok
16:28:21.0921 0x0e3c  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:28:22.0140 0x0e3c  NABTSFEC - ok
16:28:22.0187 0x0e3c  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
16:28:22.0421 0x0e3c  napagent - ok
16:28:22.0484 0x0e3c  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
16:28:22.0703 0x0e3c  NDIS - ok
16:28:22.0734 0x0e3c  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:28:22.0906 0x0e3c  NdisIP - ok
16:28:22.0937 0x0e3c  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:28:22.0984 0x0e3c  NdisTapi - ok
16:28:23.0015 0x0e3c  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:28:23.0203 0x0e3c  Ndisuio - ok
16:28:23.0218 0x0e3c  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:28:23.0421 0x0e3c  NdisWan - ok
16:28:23.0453 0x0e3c  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
16:28:23.0484 0x0e3c  NDProxy - ok
16:28:23.0500 0x0e3c  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
16:28:23.0703 0x0e3c  NetBIOS - ok
16:28:23.0734 0x0e3c  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
16:28:23.0937 0x0e3c  NetBT - ok
16:28:23.0968 0x0e3c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
16:28:24.0156 0x0e3c  NetDDE - ok
16:28:24.0171 0x0e3c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
16:28:24.0359 0x0e3c  NetDDEdsdm - ok
16:28:24.0406 0x0e3c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
16:28:24.0593 0x0e3c  Netlogon - ok
16:28:24.0625 0x0e3c  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
16:28:24.0828 0x0e3c  Netman - ok
16:28:24.0890 0x0e3c  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
16:28:24.0921 0x0e3c  Nla - ok
16:28:24.0937 0x0e3c  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
16:28:25.0140 0x0e3c  Npfs - ok
16:28:25.0203 0x0e3c  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
16:28:25.0484 0x0e3c  Ntfs - ok
16:28:25.0484 0x0e3c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
16:28:25.0703 0x0e3c  NtLmSsp - ok
16:28:25.0765 0x0e3c  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
16:28:26.0015 0x0e3c  NtmsSvc - ok
16:28:26.0046 0x0e3c  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
16:28:26.0234 0x0e3c  Null - ok
16:28:26.0250 0x0e3c  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:28:26.0437 0x0e3c  NwlnkFlt - ok
16:28:26.0437 0x0e3c  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:28:26.0625 0x0e3c  NwlnkFwd - ok
16:28:26.0656 0x0e3c  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
16:28:26.0843 0x0e3c  Parport - ok
16:28:26.0859 0x0e3c  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
16:28:27.0046 0x0e3c  PartMgr - ok
16:28:27.0062 0x0e3c  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
16:28:27.0265 0x0e3c  ParVdm - ok
16:28:27.0281 0x0e3c  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
16:28:27.0484 0x0e3c  PCI - ok
16:28:27.0484 0x0e3c  PCIDump - ok
16:28:27.0500 0x0e3c  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
16:28:27.0687 0x0e3c  PCIIde - ok
16:28:27.0703 0x0e3c  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
16:28:27.0906 0x0e3c  Pcmcia - ok
16:28:27.0921 0x0e3c  PDCOMP - ok
16:28:27.0921 0x0e3c  PDFRAME - ok
16:28:27.0937 0x0e3c  PDRELI - ok
16:28:27.0937 0x0e3c  PDRFRAME - ok
16:28:27.0953 0x0e3c  perc2 - ok
16:28:27.0968 0x0e3c  perc2hib - ok
16:28:28.0000 0x0e3c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
16:28:28.0031 0x0e3c  PlugPlay - ok
16:28:28.0046 0x0e3c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
16:28:28.0234 0x0e3c  PolicyAgent - ok
16:28:28.0265 0x0e3c  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:28:28.0453 0x0e3c  PptpMiniport - ok
16:28:28.0453 0x0e3c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:28:28.0656 0x0e3c  ProtectedStorage - ok
16:28:28.0671 0x0e3c  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
16:28:28.0843 0x0e3c  PSched - ok
16:28:28.0859 0x0e3c  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:28:29.0046 0x0e3c  Ptilink - ok
16:28:29.0062 0x0e3c  ql1080 - ok
16:28:29.0062 0x0e3c  Ql10wnt - ok
16:28:29.0078 0x0e3c  ql12160 - ok
16:28:29.0078 0x0e3c  ql1240 - ok
16:28:29.0093 0x0e3c  ql1280 - ok
16:28:29.0109 0x0e3c  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:28:29.0296 0x0e3c  RasAcd - ok
16:28:29.0343 0x0e3c  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
16:28:29.0531 0x0e3c  RasAuto - ok
16:28:29.0578 0x0e3c  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:28:29.0765 0x0e3c  Rasl2tp - ok
16:28:29.0796 0x0e3c  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
16:28:29.0984 0x0e3c  RasMan - ok
16:28:30.0000 0x0e3c  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:28:30.0187 0x0e3c  RasPppoe - ok
16:28:30.0203 0x0e3c  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
16:28:30.0390 0x0e3c  Raspti - ok
16:28:30.0437 0x0e3c  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:28:30.0656 0x0e3c  Rdbss - ok
16:28:30.0687 0x0e3c  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:28:30.0859 0x0e3c  RDPCDD - ok
16:28:30.0921 0x0e3c  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
16:28:30.0984 0x0e3c  RDPWD - ok
16:28:31.0062 0x0e3c  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
16:28:31.0250 0x0e3c  RDSessMgr - ok
16:28:31.0296 0x0e3c  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
16:28:31.0500 0x0e3c  redbook - ok
16:28:31.0515 0x0e3c  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
16:28:31.0703 0x0e3c  RemoteAccess - ok
16:28:31.0734 0x0e3c  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
16:28:31.0921 0x0e3c  RpcLocator - ok
16:28:31.0968 0x0e3c  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
16:28:32.0031 0x0e3c  RpcSs - ok
16:28:32.0062 0x0e3c  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
16:28:32.0250 0x0e3c  RSVP - ok
16:28:32.0265 0x0e3c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
16:28:32.0453 0x0e3c  SamSs - ok
16:28:32.0515 0x0e3c  [ B1C20CF045A559FF8B622893D05067B5, 934027EF63A54F4E96BBA14024032F8B1FAE1DF70FD35C4F51E54E1705125ED6 ] Samsung Update Plus C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
16:28:32.0734 0x0e3c  Samsung Update Plus - detected UnsignedFile.Multi.Generic ( 1 )
16:28:32.0734 0x0e3c  Samsung Update Plus ( UnsignedFile.Multi.Generic ) - warning
16:28:32.0765 0x0e3c  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
16:28:32.0968 0x0e3c  SCardSvr - ok
16:28:33.0015 0x0e3c  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
16:28:33.0218 0x0e3c  Schedule - ok
16:28:33.0234 0x0e3c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:28:33.0671 0x0e3c  Secdrv - ok
16:28:33.0718 0x0e3c  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
16:28:33.0906 0x0e3c  seclogon - ok
16:28:33.0953 0x0e3c  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
16:28:34.0140 0x0e3c  SENS - ok
16:28:34.0171 0x0e3c  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
16:28:34.0359 0x0e3c  Serial - ok
16:28:34.0375 0x0e3c  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
16:28:34.0562 0x0e3c  Sfloppy - ok
16:28:34.0609 0x0e3c  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
16:28:34.0828 0x0e3c  SharedAccess - ok
16:28:34.0859 0x0e3c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:28:34.0890 0x0e3c  ShellHWDetection - ok
16:28:34.0890 0x0e3c  Simbad - ok
16:28:34.0906 0x0e3c  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:28:35.0093 0x0e3c  SLIP - ok
16:28:35.0156 0x0e3c  [ A44FAD36D97FB5FF5B57CCEB581EB29F, D9A443434AFFFA5C97B8A7846C359AF1AE2ACC8992031B000254ACADA5B95A1C ] SNM WLAN Service C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
16:28:35.0343 0x0e3c  SNM WLAN Service - detected UnsignedFile.Multi.Generic ( 1 )
16:28:35.0343 0x0e3c  SNM WLAN Service ( UnsignedFile.Multi.Generic ) - warning
16:28:35.0359 0x0e3c  Sparrow - ok
16:28:35.0390 0x0e3c  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
16:28:35.0562 0x0e3c  splitter - ok
16:28:35.0593 0x0e3c  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
16:28:35.0687 0x0e3c  Spooler - ok
16:28:35.0734 0x0e3c  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
16:28:35.0828 0x0e3c  sr - ok
16:28:35.0875 0x0e3c  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
16:28:35.0953 0x0e3c  srservice - ok
16:28:36.0000 0x0e3c  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
16:28:36.0093 0x0e3c  Srv - ok
16:28:36.0109 0x0e3c  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
16:28:36.0218 0x0e3c  SSDPSRV - ok
16:28:36.0265 0x0e3c  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
16:28:36.0500 0x0e3c  stisvc - ok
16:28:36.0531 0x0e3c  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:28:36.0718 0x0e3c  streamip - ok
16:28:36.0750 0x0e3c  [ C0137B5947AE3D3FC1C17BA6FDFB3DAD, 072FF3B1B8A4DABC75A0AD848007C36EC37B6DA590D9C9F282A5C0F76CD16BF1 ] SUEPD           C:\WINDOWS\system32\DRIVERS\SUE_PD.sys
16:28:36.0921 0x0e3c  SUEPD - detected UnsignedFile.Multi.Generic ( 1 )
16:28:36.0937 0x0e3c  SUEPD ( UnsignedFile.Multi.Generic ) - warning
16:28:36.0953 0x0e3c  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
16:28:37.0140 0x0e3c  swenum - ok
16:28:37.0203 0x0e3c  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
16:28:37.0390 0x0e3c  swmidi - ok
16:28:37.0390 0x0e3c  SwPrv - ok
16:28:37.0406 0x0e3c  symc810 - ok
16:28:37.0421 0x0e3c  symc8xx - ok
16:28:37.0421 0x0e3c  sym_hi - ok
16:28:37.0437 0x0e3c  sym_u3 - ok
16:28:37.0546 0x0e3c  [ EA447F6DB6115E8A32352F9FAFFA824D, 36246E8780A085CE8122E30380DBDF708E3F48B81B851302608B27AFD0B8E953 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
16:28:37.0828 0x0e3c  SynTP - ok
16:28:37.0859 0x0e3c  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
16:28:38.0046 0x0e3c  sysaudio - ok
16:28:38.0093 0x0e3c  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
16:28:38.0281 0x0e3c  SysmonLog - ok
16:28:38.0328 0x0e3c  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
16:28:38.0531 0x0e3c  TapiSrv - ok
16:28:38.0593 0x0e3c  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:28:38.0656 0x0e3c  Tcpip - ok
16:28:38.0703 0x0e3c  [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7, D084EFE07AC200672A1CE7BB8AE736612B3E353271188D26E29EC973E26E1F5F ] Tcpip6          C:\WINDOWS\system32\DRIVERS\tcpip6.sys
16:28:38.0750 0x0e3c  Tcpip6 - ok
16:28:38.0796 0x0e3c  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
16:28:38.0984 0x0e3c  TDPIPE - ok
16:28:39.0000 0x0e3c  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
16:28:39.0203 0x0e3c  TDTCP - ok
16:28:39.0234 0x0e3c  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
16:28:39.0421 0x0e3c  TermDD - ok
16:28:39.0468 0x0e3c  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
16:28:39.0671 0x0e3c  TermService - ok
16:28:39.0765 0x0e3c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
16:28:39.0796 0x0e3c  Themes - ok
16:28:39.0812 0x0e3c  TosIde - ok
16:28:39.0843 0x0e3c  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
16:28:40.0140 0x0e3c  TrkWks - ok
16:28:40.0187 0x0e3c  [ 8F861EDA21C05857EB8197300A92501C, 374FF9464F273610A051B9220C8D20F01FD4DD029095A7BE37244E20C5C8B5BB ] tunmp           C:\WINDOWS\system32\DRIVERS\tunmp.sys
16:28:40.0437 0x0e3c  tunmp - ok
16:28:40.0468 0x0e3c  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
16:28:40.0781 0x0e3c  Udfs - ok
16:28:40.0781 0x0e3c  ultra - ok
16:28:40.0890 0x0e3c  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
16:28:41.0218 0x0e3c  Update - ok
16:28:41.0281 0x0e3c  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
16:28:41.0421 0x0e3c  upnphost - ok
16:28:41.0437 0x0e3c  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
16:28:41.0718 0x0e3c  UPS - ok
16:28:41.0750 0x0e3c  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:28:41.0796 0x0e3c  usbccgp - ok
16:28:41.0828 0x0e3c  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:28:41.0859 0x0e3c  usbehci - ok
16:28:41.0890 0x0e3c  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:28:42.0140 0x0e3c  usbhub - ok
16:28:42.0187 0x0e3c  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:28:42.0468 0x0e3c  usbprint - ok
16:28:42.0500 0x0e3c  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:28:42.0750 0x0e3c  usbstor - ok
16:28:42.0781 0x0e3c  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:28:43.0046 0x0e3c  usbuhci - ok
16:28:43.0093 0x0e3c  [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
16:28:43.0171 0x0e3c  usbvideo - ok
16:28:43.0203 0x0e3c  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
16:28:43.0437 0x0e3c  VgaSave - ok
16:28:43.0453 0x0e3c  ViaIde - ok
16:28:43.0515 0x0e3c  [ 4F101E48D060E318752FBC458A4B49F0, 816CBCBB31710E565A82F6511D8819BD9EA72C967CCD99BE5849B88FDE2CE92F ] VMC326          C:\WINDOWS\system32\Drivers\VMC326.sys
16:28:44.0109 0x0e3c  VMC326 - ok
16:28:44.0171 0x0e3c  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
16:28:44.0437 0x0e3c  VolSnap - ok
16:28:44.0500 0x0e3c  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
16:28:44.0843 0x0e3c  VSS - ok
16:28:44.0890 0x0e3c  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
16:28:45.0187 0x0e3c  W32Time - ok
16:28:45.0234 0x0e3c  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:28:45.0531 0x0e3c  Wanarp - ok
16:28:45.0546 0x0e3c  WDICA - ok
16:28:45.0593 0x0e3c  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
16:28:45.0906 0x0e3c  wdmaud - ok
16:28:45.0953 0x0e3c  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
16:28:46.0281 0x0e3c  WebClient - ok
16:28:46.0375 0x0e3c  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
16:28:46.0812 0x0e3c  winmgmt - ok
16:28:46.0859 0x0e3c  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
16:28:47.0140 0x0e3c  WmdmPmSN - ok
16:28:47.0203 0x0e3c  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:28:47.0593 0x0e3c  WmiApSrv - ok
16:28:47.0656 0x0e3c  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
16:28:48.0171 0x0e3c  wscsvc - ok
16:28:48.0281 0x0e3c  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:28:48.0578 0x0e3c  WSTCODEC - ok
16:28:48.0609 0x0e3c  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
16:28:48.0859 0x0e3c  wuauserv - ok
16:28:48.0937 0x0e3c  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
16:28:49.0296 0x0e3c  WZCSVC - ok
16:28:49.0359 0x0e3c  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
16:28:49.0625 0x0e3c  xmlprov - ok
16:28:49.0656 0x0e3c  [ 849494D3F85A45231744CA7470246C71, 07D148335E7B2B6FD04BFFF90985724ACDC3FAF651A5B2C590E5C8C05B68F520 ] yukonwxp        C:\WINDOWS\system32\DRIVERS\yk51x86.sys
16:28:50.0187 0x0e3c  yukonwxp - ok
16:28:50.0218 0x0e3c  ================ Scan global ===============================
16:28:50.0250 0x0e3c  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
16:28:50.0296 0x0e3c  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
16:28:50.0343 0x0e3c  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
16:28:50.0375 0x0e3c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
16:28:50.0390 0x0e3c  [ Global ] - ok
16:28:50.0390 0x0e3c  ================ Scan MBR ==================================
16:28:50.0406 0x0e3c  [ A0A345F7AB6F3BAC008FB0DE602E66CD ] \Device\Harddisk0\DR0
16:28:50.0968 0x0e3c  \Device\Harddisk0\DR0 - ok
16:28:50.0984 0x0e3c  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR4
16:28:51.0187 0x0e3c  \Device\Harddisk1\DR4 - ok
16:28:51.0187 0x0e3c  ================ Scan VBR ==================================
16:28:51.0203 0x0e3c  [ 0F8211723E17CE41A5BEA52BC06C7D10 ] \Device\Harddisk0\DR0\Partition1
16:28:51.0203 0x0e3c  \Device\Harddisk0\DR0\Partition1 - ok
16:28:51.0203 0x0e3c  [ 764C20526F48CFDFE951A92D4DBE4F42 ] \Device\Harddisk0\DR0\Partition2
16:28:51.0218 0x0e3c  \Device\Harddisk0\DR0\Partition2 - ok
16:28:51.0218 0x0e3c  [ 394A0243EECE6597B39B8EA7123A64E0 ] \Device\Harddisk1\DR4\Partition1
16:28:51.0218 0x0e3c  \Device\Harddisk1\DR4\Partition1 - ok
16:28:51.0218 0x0e3c  ================ Scan active images ========================
16:28:51.0234 0x0e3c  [ 8F861EDA21C05857EB8197300A92501C, 374FF9464F273610A051B9220C8D20F01FD4DD029095A7BE37244E20C5C8B5BB ] C:\WINDOWS\system32\drivers\tunmp.sys
16:28:51.0234 0x0e3c  C:\WINDOWS\system32\drivers\tunmp.sys - ok
16:28:51.0234 0x0e3c  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] C:\WINDOWS\system32\drivers\intelppm.sys
16:28:51.0234 0x0e3c  C:\WINDOWS\system32\drivers\intelppm.sys - ok
16:28:51.0250 0x0e3c  [ E28726B72C46821A28830E077D39A55B, 66BE8A1055544C8CEBB7125726C1C306A026F3A1764589FCDDF3792076AF891F ] C:\WINDOWS\system32\drivers\videoprt.sys
16:28:51.0250 0x0e3c  C:\WINDOWS\system32\drivers\videoprt.sys - ok
16:28:51.0250 0x0e3c  [ 48846B31BE5A4FA662CCFDE7A1BA86B9, BC653F3ADAD70E766484986F196D4045D2CC6D92E5D827907E734254EE489A33 ] C:\WINDOWS\system32\drivers\igxpmp32.sys
16:28:51.0265 0x0e3c  C:\WINDOWS\system32\drivers\igxpmp32.sys - ok
16:28:51.0265 0x0e3c  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] C:\WINDOWS\system32\drivers\hdaudbus.sys
16:28:51.0265 0x0e3c  C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
16:28:51.0281 0x0e3c  [ 6EACC829E76B1EFDFACE633619A3DB31, 001030656AAD181BBC3DC1569165B24C25044CB62FC4BF15377ADC67FE9E8B59 ] C:\WINDOWS\system32\drivers\athw.sys
16:28:51.0281 0x0e3c  C:\WINDOWS\system32\drivers\athw.sys - ok
16:28:51.0281 0x0e3c  [ 849494D3F85A45231744CA7470246C71, 07D148335E7B2B6FD04BFFF90985724ACDC3FAF651A5B2C590E5C8C05B68F520 ] C:\WINDOWS\system32\drivers\yk51x86.sys
16:28:51.0281 0x0e3c  C:\WINDOWS\system32\drivers\yk51x86.sys - ok
16:28:51.0296 0x0e3c  [ 6DF35CA139C3BC15CC74390ABB114EFE, 5401724E49243625C43B3F9032E592EF43605C2510E809C1D318A7792AB9FBBA ] C:\WINDOWS\system32\drivers\usbport.sys
16:28:51.0296 0x0e3c  C:\WINDOWS\system32\drivers\usbport.sys - ok
16:28:51.0296 0x0e3c  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] C:\WINDOWS\system32\drivers\usbuhci.sys
16:28:51.0296 0x0e3c  C:\WINDOWS\system32\drivers\usbuhci.sys - ok
16:28:51.0312 0x0e3c  [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] C:\WINDOWS\system32\drivers\CmBatt.sys
16:28:51.0312 0x0e3c  C:\WINDOWS\system32\drivers\CmBatt.sys - ok
16:28:51.0312 0x0e3c  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] C:\WINDOWS\system32\drivers\i8042prt.sys
16:28:51.0312 0x0e3c  C:\WINDOWS\system32\drivers\i8042prt.sys - ok
16:28:51.0328 0x0e3c  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] C:\WINDOWS\system32\drivers\usbehci.sys
16:28:51.0328 0x0e3c  C:\WINDOWS\system32\drivers\usbehci.sys - ok
16:28:51.0328 0x0e3c  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] C:\WINDOWS\system32\drivers\kbdclass.sys
16:28:51.0328 0x0e3c  C:\WINDOWS\system32\drivers\kbdclass.sys - ok
16:28:51.0343 0x0e3c  [ 04FE5EF6ED4818EC4839EA5C611A6310, 666479AF6789FC5DF2EA8D4B6216FDA9A4998D252F95BD003619D9376B1DC9E7 ] C:\WINDOWS\system32\drivers\usbd.sys
16:28:51.0343 0x0e3c  C:\WINDOWS\system32\drivers\usbd.sys - ok
16:28:51.0343 0x0e3c  [ EA447F6DB6115E8A32352F9FAFFA824D, 36246E8780A085CE8122E30380DBDF708E3F48B81B851302608B27AFD0B8E953 ] C:\WINDOWS\system32\drivers\SynTP.sys
16:28:51.0343 0x0e3c  C:\WINDOWS\system32\drivers\SynTP.sys - ok
16:28:51.0359 0x0e3c  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] C:\WINDOWS\system32\drivers\mouclass.sys
16:28:51.0359 0x0e3c  C:\WINDOWS\system32\drivers\mouclass.sys - ok
16:28:51.0359 0x0e3c  [ 885B6D0F826A216EEE4C3AD883809012, C0C1DFE0E076464721C116CAF7193F3E5A3747097B4CAAD165511C2D391B3C58 ] C:\WINDOWS\system32\drivers\btkrnl.sys
16:28:51.0359 0x0e3c  C:\WINDOWS\system32\drivers\btkrnl.sys - ok
16:28:51.0375 0x0e3c  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] C:\WINDOWS\system32\drivers\audstub.sys
16:28:51.0375 0x0e3c  C:\WINDOWS\system32\drivers\audstub.sys - ok
16:28:51.0375 0x0e3c  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] C:\WINDOWS\system32\drivers\rasl2tp.sys
16:28:51.0375 0x0e3c  C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
16:28:51.0390 0x0e3c  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] C:\WINDOWS\system32\drivers\ndistapi.sys
16:28:51.0390 0x0e3c  C:\WINDOWS\system32\drivers\ndistapi.sys - ok
16:28:51.0390 0x0e3c  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] C:\WINDOWS\system32\drivers\ndiswan.sys
16:28:51.0390 0x0e3c  C:\WINDOWS\system32\drivers\ndiswan.sys - ok
16:28:51.0406 0x0e3c  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] C:\WINDOWS\system32\drivers\raspppoe.sys
16:28:51.0406 0x0e3c  C:\WINDOWS\system32\drivers\raspppoe.sys - ok
16:28:51.0406 0x0e3c  [ 0539D5E53587F82D1B4FD74C5BE205CF, 9C578FC46AC3B8260258B83C89A33C3D7990B365D7708AEF2296CD235C7D301A ] C:\WINDOWS\system32\drivers\tdi.sys
16:28:51.0406 0x0e3c  C:\WINDOWS\system32\drivers\tdi.sys - ok
16:28:51.0421 0x0e3c  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] C:\WINDOWS\system32\drivers\raspptp.sys
16:28:51.0421 0x0e3c  C:\WINDOWS\system32\drivers\raspptp.sys - ok
16:28:51.0437 0x0e3c  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] C:\WINDOWS\system32\drivers\msgpc.sys
16:28:51.0437 0x0e3c  C:\WINDOWS\system32\drivers\msgpc.sys - ok
16:28:51.0437 0x0e3c  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] C:\WINDOWS\system32\drivers\psched.sys
16:28:51.0437 0x0e3c  C:\WINDOWS\system32\drivers\psched.sys - ok
16:28:51.0453 0x0e3c  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] C:\WINDOWS\system32\drivers\ptilink.sys
16:28:51.0453 0x0e3c  C:\WINDOWS\system32\drivers\ptilink.sys - ok
16:28:51.0453 0x0e3c  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] C:\WINDOWS\system32\drivers\raspti.sys
16:28:51.0453 0x0e3c  C:\WINDOWS\system32\drivers\raspti.sys - ok
16:28:51.0468 0x0e3c  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] C:\WINDOWS\system32\drivers\termdd.sys
16:28:51.0468 0x0e3c  C:\WINDOWS\system32\drivers\termdd.sys - ok
16:28:51.0468 0x0e3c  [ 0753515F78DF7F271A5E61C20BCD36A1, A8D600CD0C592DFB875DE2D4F1AEDB207B80A43CF724051B6552BB6E539E9AFC ] C:\WINDOWS\system32\drivers\ks.sys
16:28:51.0468 0x0e3c  C:\WINDOWS\system32\drivers\ks.sys - ok
16:28:51.0484 0x0e3c  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] C:\WINDOWS\system32\drivers\swenum.sys
16:28:51.0484 0x0e3c  C:\WINDOWS\system32\drivers\swenum.sys - ok
16:28:51.0484 0x0e3c  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] C:\WINDOWS\system32\drivers\update.sys
16:28:51.0484 0x0e3c  C:\WINDOWS\system32\drivers\update.sys - ok
16:28:51.0500 0x0e3c  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] C:\WINDOWS\system32\drivers\mssmbios.sys
16:28:51.0500 0x0e3c  C:\WINDOWS\system32\drivers\mssmbios.sys - ok
16:28:51.0500 0x0e3c  [ 58A49BD10E08D3D4333A60DEDCB1CED8, 2110462BDD51BCEB661C089376E60E5ECE5F5908CF80A09035190529C9F306A4 ] C:\WINDOWS\system32\drivers\btport.sys
16:28:51.0500 0x0e3c  C:\WINDOWS\system32\drivers\btport.sys - ok
16:28:51.0515 0x0e3c  [ 6CB08593487F5701D2D2254E693EAFCE, 0518A1FC540C036E6864DA8C01CADE043D4F897D7FCF8C61352865131DEB7414 ] C:\WINDOWS\system32\drivers\drmk.sys
16:28:51.0515 0x0e3c  C:\WINDOWS\system32\drivers\drmk.sys - ok
16:28:51.0515 0x0e3c  [ E82A496C3961EFC6828B508C310CE98F, E142A0809525B34A376B3063B07B8822930056BBCB886B7CF1D7585BCEC371A0 ] C:\WINDOWS\system32\drivers\portcls.sys
16:28:51.0515 0x0e3c  C:\WINDOWS\system32\drivers\portcls.sys - ok
16:28:51.0531 0x0e3c  [ ECDC40CC54603C711E1A7A1C9255184A, 7F109180AAC41D79036085A5725544BFA3895CAF791B272D9460133A0868AECB ] C:\WINDOWS\system32\drivers\btaudio.sys
16:28:51.0531 0x0e3c  C:\WINDOWS\system32\drivers\btaudio.sys - ok
16:28:51.0531 0x0e3c  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] C:\WINDOWS\system32\drivers\ndproxy.sys
16:28:51.0531 0x0e3c  C:\WINDOWS\system32\drivers\ndproxy.sys - ok
16:28:51.0546 0x0e3c  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] C:\WINDOWS\system32\drivers\usbhub.sys
16:28:51.0546 0x0e3c  C:\WINDOWS\system32\drivers\usbhub.sys - ok
16:28:51.0546 0x0e3c  [ 32915772CCD5BC2BF9762195C002A949, FA15B2B51F99A0E76696B0EF92373B4793CEB65B193683C0B02218008BFB63C9 ] C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:28:51.0546 0x0e3c  C:\WINDOWS\system32\drivers\RtkHDAud.sys - ok
16:28:51.0562 0x0e3c  [ 128AE3AEDDE1E3AE772C88320628FE7C, BCADE974F0CFF2F558C228DC82D68C901790B5C9B94956B908B6BCFC69A1A15E ] C:\WINDOWS\system32\drivers\SamsungEDS.SYS
16:28:51.0562 0x0e3c  C:\WINDOWS\system32\drivers\SamsungEDS.SYS - ok
16:28:51.0562 0x0e3c  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] C:\WINDOWS\system32\drivers\fdc.sys
16:28:51.0562 0x0e3c  C:\WINDOWS\system32\drivers\fdc.sys - ok
16:28:51.0578 0x0e3c  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] C:\WINDOWS\system32\drivers\flpydisk.sys
16:28:51.0578 0x0e3c  C:\WINDOWS\system32\drivers\flpydisk.sys - ok
16:28:51.0578 0x0e3c  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] C:\WINDOWS\system32\drivers\sfloppy.sys
16:28:51.0578 0x0e3c  C:\WINDOWS\system32\drivers\sfloppy.sys - ok
16:28:51.0593 0x0e3c  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] C:\WINDOWS\system32\drivers\beep.sys
16:28:51.0593 0x0e3c  C:\WINDOWS\system32\drivers\beep.sys - ok
16:28:51.0593 0x0e3c  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] C:\WINDOWS\system32\drivers\cdaudio.sys
16:28:51.0593 0x0e3c  C:\WINDOWS\system32\drivers\cdaudio.sys - ok
16:28:51.0609 0x0e3c  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] C:\WINDOWS\system32\drivers\cdrom.sys
16:28:51.0609 0x0e3c  C:\WINDOWS\system32\drivers\cdrom.sys - ok
16:28:51.0609 0x0e3c  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] C:\WINDOWS\system32\drivers\fs_rec.sys
16:28:51.0609 0x0e3c  C:\WINDOWS\system32\drivers\fs_rec.sys - ok
16:28:51.0625 0x0e3c  [ C569EF030B11F896E123A30AC92678DB, F851E99B968BBAB82E3B0D1D2F985AEE1EAD10C3BBACDD02BAB2ACEE57CB048A ] C:\WINDOWS\system32\drivers\hidparse.sys
16:28:51.0625 0x0e3c  C:\WINDOWS\system32\drivers\hidparse.sys - ok
16:28:51.0625 0x0e3c  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] C:\WINDOWS\system32\drivers\null.sys
16:28:51.0625 0x0e3c  C:\WINDOWS\system32\drivers\null.sys - ok
16:28:51.0640 0x0e3c  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] C:\WINDOWS\system32\drivers\kbdhid.sys
16:28:51.0640 0x0e3c  C:\WINDOWS\system32\drivers\kbdhid.sys - ok
16:28:51.0656 0x0e3c  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] C:\WINDOWS\system32\drivers\mnmdd.sys
16:28:51.0656 0x0e3c  C:\WINDOWS\system32\drivers\mnmdd.sys - ok
16:28:51.0656 0x0e3c  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] C:\WINDOWS\system32\drivers\vga.sys
16:28:51.0656 0x0e3c  C:\WINDOWS\system32\drivers\vga.sys - ok
16:28:51.0671 0x0e3c  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] C:\WINDOWS\system32\drivers\msfs.sys
16:28:51.0671 0x0e3c  C:\WINDOWS\system32\drivers\msfs.sys - ok
16:28:51.0671 0x0e3c  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] C:\WINDOWS\system32\drivers\rdpcdd.sys
16:28:51.0671 0x0e3c  C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
16:28:51.0687 0x0e3c  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] C:\WINDOWS\system32\drivers\ipsec.sys
16:28:51.0687 0x0e3c  C:\WINDOWS\system32\drivers\ipsec.sys - ok
16:28:51.0687 0x0e3c  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] C:\WINDOWS\system32\drivers\npfs.sys
16:28:51.0687 0x0e3c  C:\WINDOWS\system32\drivers\npfs.sys - ok
16:28:51.0703 0x0e3c  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] C:\WINDOWS\system32\drivers\rasacd.sys
16:28:51.0703 0x0e3c  C:\WINDOWS\system32\drivers\rasacd.sys - ok
16:28:51.0703 0x0e3c  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] C:\WINDOWS\system32\drivers\tcpip.sys
16:28:51.0703 0x0e3c  C:\WINDOWS\system32\drivers\tcpip.sys - ok
16:28:51.0718 0x0e3c  [ E454F42AE5524D695D76EAB5D363B8AC, C36D6C28D1A8AAD0D25122A6BB0019B74D8AE857C964326A66F947ACABF2C17F ] C:\WINDOWS\system32\drivers\Mpfp.sys
16:28:51.0718 0x0e3c  C:\WINDOWS\system32\drivers\Mpfp.sys - ok
16:28:51.0718 0x0e3c  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] C:\WINDOWS\system32\drivers\ipnat.sys
16:28:51.0718 0x0e3c  C:\WINDOWS\system32\drivers\ipnat.sys - ok
16:28:51.0734 0x0e3c  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] C:\WINDOWS\system32\drivers\ipfltdrv.sys
16:28:51.0734 0x0e3c  C:\WINDOWS\system32\drivers\ipfltdrv.sys - ok
16:28:51.0734 0x0e3c  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] C:\WINDOWS\system32\drivers\wanarp.sys
16:28:51.0734 0x0e3c  C:\WINDOWS\system32\drivers\wanarp.sys - ok
16:28:51.0750 0x0e3c  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] C:\WINDOWS\system32\drivers\netbt.sys
16:28:51.0750 0x0e3c  C:\WINDOWS\system32\drivers\netbt.sys - ok
16:28:51.0750 0x0e3c  [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7, D084EFE07AC200672A1CE7BB8AE736612B3E353271188D26E29EC973E26E1F5F ] C:\WINDOWS\system32\drivers\tcpip6.sys
16:28:51.0750 0x0e3c  C:\WINDOWS\system32\drivers\tcpip6.sys - ok
16:28:51.0765 0x0e3c  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] C:\WINDOWS\system32\drivers\afd.sys
16:28:51.0765 0x0e3c  C:\WINDOWS\system32\drivers\afd.sys - ok
16:28:51.0765 0x0e3c  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] C:\WINDOWS\system32\drivers\ip6fw.sys
16:28:51.0781 0x0e3c  C:\WINDOWS\system32\drivers\ip6fw.sys - ok
16:28:51.0781 0x0e3c  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] C:\WINDOWS\system32\drivers\netbios.sys
16:28:51.0781 0x0e3c  C:\WINDOWS\system32\drivers\netbios.sys - ok
16:28:51.0796 0x0e3c  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] C:\WINDOWS\system32\drivers\redbook.sys
16:28:51.0796 0x0e3c  C:\WINDOWS\system32\drivers\redbook.sys - ok
16:28:51.0796 0x0e3c  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] C:\WINDOWS\system32\drivers\rdbss.sys
16:28:51.0796 0x0e3c  C:\WINDOWS\system32\drivers\rdbss.sys - ok
16:28:51.0812 0x0e3c  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
16:28:51.0812 0x0e3c  C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
16:28:51.0812 0x0e3c  [ F85CD2B918202B7EE49757C361C7EAC2, 61EED9E99FDDE7EA468EB237C6A54209F7AF9FF9AB3376C62562FC029B604E46 ] C:\WINDOWS\system32\drivers\mfehidk.sys
16:28:51.0812 0x0e3c  C:\WINDOWS\system32\drivers\mfehidk.sys - ok
16:28:51.0812 0x0e3c  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] C:\WINDOWS\system32\drivers\imapi.sys
16:28:51.0812 0x0e3c  C:\WINDOWS\system32\drivers\imapi.sys - ok
16:28:51.0828 0x0e3c  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] C:\WINDOWS\system32\drivers\fips.sys
16:28:51.0828 0x0e3c  C:\WINDOWS\system32\drivers\fips.sys - ok
16:28:51.0843 0x0e3c  [ F8F0D25CA553E39DDE485D8FC7FCCE89, 54DF909101AAEC63234A5C33B51D6689FEF58B943942BFFA9606864F43EC1085 ] C:\WINDOWS\system32\ntdll.dll
16:28:51.0843 0x0e3c  C:\WINDOWS\system32\ntdll.dll - ok
16:28:51.0843 0x0e3c  [ 5F816C1F539266D2D4C78694239DA0B5, 10BFCCF4EFFC3813A563D528DC5464827BEF10AE21D6B9C1138930228E7047D1 ] C:\WINDOWS\system32\smss.exe
16:28:51.0843 0x0e3c  C:\WINDOWS\system32\smss.exe - ok
16:28:51.0859 0x0e3c  [ 23043C91A0F9DFB4B9E9F87B680863B4, 318A6F6DB4A1EDE7D3758E324350EA852449ABD2A7BB77004FBC403CF9FFB08B ] C:\WINDOWS\system32\autochk.exe
16:28:51.0859 0x0e3c  C:\WINDOWS\system32\autochk.exe - ok
16:28:51.0859 0x0e3c  [ 9DD07AF82244867CA36681EA2D29CE79, 84926A50CB38C322D1CDFD4C0D5F8FFE3B2EF3080B3401F5D5AE8CBD0A719685 ] C:\WINDOWS\system32\sfcfiles.dll
16:28:51.0859 0x0e3c  C:\WINDOWS\system32\sfcfiles.dll - ok
16:28:51.0875 0x0e3c  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] C:\WINDOWS\system32\drivers\usbstor.sys
16:28:51.0875 0x0e3c  C:\WINDOWS\system32\drivers\usbstor.sys - ok
16:28:51.0875 0x0e3c  [ 4F101E48D060E318752FBC458A4B49F0, 816CBCBB31710E565A82F6511D8819BD9EA72C967CCD99BE5849B88FDE2CE92F ] C:\WINDOWS\system32\drivers\VMC326.sys
16:28:51.0875 0x0e3c  C:\WINDOWS\system32\drivers\VMC326.sys - ok
16:28:51.0890 0x0e3c  [ 57E91E9925976BBC98984EEBAAF1D84C, 7AC67CE1026D589F66C31F9B30D65C4F94EE5F56FA1FE4992023AE31F6D142D2 ] C:\WINDOWS\system32\drivers\btwusb.sys
16:28:51.0890 0x0e3c  C:\WINDOWS\system32\drivers\btwusb.sys - ok
16:28:51.0890 0x0e3c  [ 2F31B7F954BED437F2C75026C65CAF7B, 1F8D6CBB01AD403BC89D1E987012E2F63CDFD9C49F402F358B64B31C13E4DD14 ] C:\WINDOWS\system32\drivers\wmilib.sys
16:28:51.0890 0x0e3c  C:\WINDOWS\system32\drivers\wmilib.sys - ok
16:28:51.0906 0x0e3c  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] C:\WINDOWS\system32\drivers\atapi.sys
16:28:51.0906 0x0e3c  C:\WINDOWS\system32\drivers\atapi.sys - ok
16:28:51.0906 0x0e3c  [ FE97D0343ACFDEBDD578FC67CC91FA87, FE26FBA13079189EF96A1C994036EA472A4BF34FA14C163C693AD481BF31E676 ] C:\WINDOWS\system32\drivers\dxapi.sys
16:28:51.0906 0x0e3c  C:\WINDOWS\system32\drivers\dxapi.sys - ok
16:28:51.0921 0x0e3c  [ 9A10AACBFDC4922715375FB4065EC930, E407953587C04F75DDB163420A5121FF520D31F74753D452E316042C42D360CF ] C:\WINDOWS\system32\watchdog.sys
16:28:51.0921 0x0e3c  C:\WINDOWS\system32\watchdog.sys - ok
16:28:51.0921 0x0e3c  [ 80AAA73D56272FD54DC6DE8643D10E9F, 0DC91699D5AF322C78AF7783CF3D55A1F561219EE32DC8DA186F2255704D52FC ] C:\WINDOWS\system32\win32k.sys
16:28:51.0921 0x0e3c  C:\WINDOWS\system32\win32k.sys - ok
16:28:51.0937 0x0e3c  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
16:28:51.0937 0x0e3c  C:\WINDOWS\system32\basesrv.dll - ok
16:28:51.0937 0x0e3c  [ DD40363ABAD230A84C5E2178B11EFA88, E4B406C0B10686CF245EC0053A03424CE1FB8AC7FB3545525F13BB3BC5086FF1 ] C:\WINDOWS\system32\csrsrv.dll
16:28:51.0937 0x0e3c  C:\WINDOWS\system32\csrsrv.dll - ok
16:28:51.0953 0x0e3c  [ 44F275C64738EA2056E3D9580C23B60F, 5D4B7306E71A44440E7F0B32A373AEC120C01B69F87756589E39EB85C40CD742 ] C:\WINDOWS\system32\csrss.exe
16:28:51.0953 0x0e3c  C:\WINDOWS\system32\csrss.exe - ok
16:28:51.0953 0x0e3c  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
16:28:51.0953 0x0e3c  C:\WINDOWS\system32\winsrv.dll - ok
16:28:51.0968 0x0e3c  [ AFFE0B7126A86603D3F49A19A5B7DC46, 63C91B4726F583C1DC1B3F26CC8DC39C519401CF0005F223EE17A363BDBEA22F ] C:\WINDOWS\system32\gdi32.dll
16:28:51.0968 0x0e3c  C:\WINDOWS\system32\gdi32.dll - ok
16:28:51.0968 0x0e3c  [ 4A45B692D2BAA74124DF57472D5EA2F1, DFC6B595BBADFEF4930CCCF48E9FE55551CF0891571257E3E0A0DE328077A89B ] C:\WINDOWS\system32\kernel32.dll
16:28:51.0968 0x0e3c  C:\WINDOWS\system32\kernel32.dll - ok
16:28:51.0984 0x0e3c  [ B26B135FF1B9F60C9388B4A7D16F600B, ACD0AE7B4D5F871E148276C6CC4AE3A216E33F67FC78D827C16986E1F945438C ] C:\WINDOWS\system32\user32.dll
16:28:51.0984 0x0e3c  C:\WINDOWS\system32\user32.dll - ok
16:28:51.0984 0x0e3c  [ AC7280566A7BB85CB3291F04DDC1198E, 7640BC4C28B5D5167A10C4B0DA0FC8C7A255334D4BA11FD3E28A697A5B58583C ] C:\WINDOWS\system32\drivers\dxg.sys
16:28:51.0984 0x0e3c  C:\WINDOWS\system32\drivers\dxg.sys - ok
16:28:52.0000 0x0e3c  [ A73F5D6705B1D820C19B18782E176EFD, C36486504C3A596FDCA487143F6D3B43C0BEE01321F6F1F3071976556533C419 ] C:\WINDOWS\system32\drivers\dxgthk.sys
16:28:52.0000 0x0e3c  C:\WINDOWS\system32\drivers\dxgthk.sys - ok
16:28:52.0015 0x0e3c  [ 74DBB7ED3ABB6C9F0D8E1A2CCADDF4FB, 7275455598BAFE0A5BCA1A24D3EACF87C74FC92C4DC1F6EB67541778FE24C164 ] C:\WINDOWS\system32\igxpgd32.dll
16:28:52.0015 0x0e3c  C:\WINDOWS\system32\igxpgd32.dll - ok
16:28:52.0015 0x0e3c  [ C1A0DEB3A8E701D53C7B25A7735B9CD2, A64CE3ED71FAD0592CD4E729DF7ADC438D8FADEC7DC80CD9239D09BEEB6920BF ] C:\WINDOWS\system32\igxprd32.dll
16:28:52.0015 0x0e3c  C:\WINDOWS\system32\igxprd32.dll - ok
16:28:52.0031 0x0e3c  [ ECB7591870F8BFB1A4C17B718AD5A4AA, 67E8D218F107F78F9C62999F560E47AEC799E4B4DC4AB3EBC0DC61670BFE3E3D ] C:\WINDOWS\system32\vga.dll
16:28:52.0031 0x0e3c  C:\WINDOWS\system32\vga.dll - ok
16:28:52.0031 0x0e3c  [ CBAE8185F15210BE3F9E09F5BF14E94E, 7764A28EAB6871EEA930587EF40847DA662051A6361BF128CC60BB4ABC7E00E8 ] C:\WINDOWS\system32\igxpdv32.dll
16:28:52.0031 0x0e3c  C:\WINDOWS\system32\igxpdv32.dll - ok
16:28:52.0046 0x0e3c  [ 8BF96C13124872CC1054D7F8CC9F5A26, C8F2202A1F1DD4923941E8E05B68818E51C214BB1A0D6E80E14E2B344AF220C8 ] C:\WINDOWS\system32\igxpdx32.dll
16:28:52.0046 0x0e3c  C:\WINDOWS\system32\igxpdx32.dll - ok
16:28:52.0046 0x0e3c  [ ED0EF0A136DEC83DF69F04118870003E, 45377CB8E9F0120F836FC8261C711F7DBF7199117AFB3652EBF100D5F0429B1E ] C:\WINDOWS\system32\winlogon.exe
16:28:52.0046 0x0e3c  C:\WINDOWS\system32\winlogon.exe - ok
16:28:52.0062 0x0e3c  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] C:\WINDOWS\system32\advapi32.dll
16:28:52.0062 0x0e3c  C:\WINDOWS\system32\advapi32.dll - ok
16:28:52.0062 0x0e3c  [ 44C164B34A72F29087ECA32411F2ED44, 112761CCEFE8F4B936AC58FF1F13589C0DBA3BE1AC348584D874B65DAB1EDED6 ] C:\WINDOWS\system32\rpcrt4.dll
16:28:52.0062 0x0e3c  C:\WINDOWS\system32\rpcrt4.dll - ok
16:28:52.0078 0x0e3c  [ 5357826C8A8DD6A07F17C48BB45BE46E, E081B04F8C8A31951A0ADEC889E6CA4DEED5FF738446D5A5614B11B113000BCA ] C:\WINDOWS\system32\secur32.dll
16:28:52.0078 0x0e3c  C:\WINDOWS\system32\secur32.dll - ok
16:28:52.0078 0x0e3c  [ 714705F29A917993536A6AB2DEDB0B7F, 5C3EA97044A7AF8027000DFA40901C0097EC935A7149C0A46AA2C6A2F9FD6CC1 ] C:\WINDOWS\system32\authz.dll
16:28:52.0078 0x0e3c  C:\WINDOWS\system32\authz.dll - ok
16:28:52.0093 0x0e3c  [ 355EDBB4D412B01F1740C17E3F50FA00, 8619D345C864CD8EA704EFAA0A391F5F31AA56BB6D30F62FC60F465873CC1BF9 ] C:\WINDOWS\system32\msvcrt.dll
16:28:52.0093 0x0e3c  C:\WINDOWS\system32\msvcrt.dll - ok
16:28:52.0093 0x0e3c  [ 636DF3FF20A1B69B3F9D21325E7115C7, 6B38CF96E92273995F40B6D7029D20B4041342D6EDD5B6CA73967A401823D4F5 ] C:\WINDOWS\system32\crypt32.dll
16:28:52.0093 0x0e3c  C:\WINDOWS\system32\crypt32.dll - ok
16:28:52.0109 0x0e3c  [ 04D898830DF96A17A20FD35D7590F87E, 09C75D1D434FF6BBE9B3F5E0A8E63944ACB34E364C4A89676DED2204DBD1AEF5 ] C:\WINDOWS\system32\msasn1.dll
16:28:52.0109 0x0e3c  C:\WINDOWS\system32\msasn1.dll - ok
16:28:52.0109 0x0e3c  [ 013C1148C1EC025596896E093F60F608, E19D20E0852372ED7DA66939E995F8F7ECC52ED5B650E8B833944788C0A34F61 ] C:\WINDOWS\system32\nddeapi.dll
16:28:52.0109 0x0e3c  C:\WINDOWS\system32\nddeapi.dll - ok
16:28:52.0125 0x0e3c  [ CAC752BF84DB4666ED3CE0948E6EA937, C84F9D57C076DE6ACC1720B66147D0CA963C65714593FAFD7FB1FE1F01CC464B ] C:\WINDOWS\system32\netapi32.dll
16:28:52.0125 0x0e3c  C:\WINDOWS\system32\netapi32.dll - ok
16:28:52.0125 0x0e3c  [ FCFA1C55971CC229D353B3A15ACCD995, 6C21D6EAD676AF8C100666261CE7AA5AA86671883B78092AD61008234C96BBBA ] C:\WINDOWS\system32\profmap.dll
16:28:52.0125 0x0e3c  C:\WINDOWS\system32\profmap.dll - ok
16:28:52.0140 0x0e3c  [ 43D13C80EBEC0135A3611E0F616F179B, 9C5409ECBD2C3B89C80F0A59B96220178E790A7D78967C6281D56EB1965E9ECD ] C:\WINDOWS\system32\userenv.dll
16:28:52.0140 0x0e3c  C:\WINDOWS\system32\userenv.dll - ok
16:28:52.0140 0x0e3c  [ 9CFCB3CA3D83B4EAA133F0644A2C6F31, CC0A76B55B38183B8C6141C290D1858A9D118333C804784AB305FE76A0FCE775 ] C:\WINDOWS\system32\psapi.dll
16:28:52.0140 0x0e3c  C:\WINDOWS\system32\psapi.dll - ok
16:28:52.0156 0x0e3c  [ AF11C591F2F4AFF4A6CF699D376F618B, B61C0D1944D5D8F536AB5422017C99773BD89EA59784969E4F8F269BF9EF57C3 ] C:\WINDOWS\system32\regapi.dll
16:28:52.0156 0x0e3c  C:\WINDOWS\system32\regapi.dll - ok
16:28:52.0156 0x0e3c  [ 24192246760E0E64435522E246B1D6C2, B1C5A16A73250DEA900FF6ECE71F604E2411B4FDFD497564BEB7D867A75640BF ] C:\WINDOWS\system32\setupapi.dll
16:28:52.0156 0x0e3c  C:\WINDOWS\system32\setupapi.dll - ok
16:28:52.0171 0x0e3c  [ C7CE131408739B0B3A318BE2D0032719, CAEEED45F6BAB22F611B2200DC91E68426F169F5646247893CF3AC7EFDDD07B8 ] C:\WINDOWS\system32\version.dll
16:28:52.0171 0x0e3c  C:\WINDOWS\system32\version.dll - ok
16:28:52.0171 0x0e3c  [ 430CEB794F6E6EF8AC86958C242366D6, 48066566EDC18654095EAD7F4449CD42B44AD758465A6B36A42B489F32C7E64B ] C:\WINDOWS\system32\winsta.dll
16:28:52.0171 0x0e3c  C:\WINDOWS\system32\winsta.dll - ok
16:28:52.0187 0x0e3c  [ D458B738B4C2CE33174CFB2CE12412DB, C8FCA4B1BE8358B1F14BB25F39899A18804133544701DFCF40E8782C2487C912 ] C:\WINDOWS\system32\wintrust.dll
16:28:52.0187 0x0e3c  C:\WINDOWS\system32\wintrust.dll - ok
16:28:52.0187 0x0e3c  [ 16E916243BDDBAF44D98E623B2D0CEAD, A1C56AC378EDA9ACBE73342BEE0897E028BDD368288552108FC77A7AA1478690 ] C:\WINDOWS\system32\imagehlp.dll
16:28:52.0187 0x0e3c  C:\WINDOWS\system32\imagehlp.dll - ok
16:28:52.0203 0x0e3c  [ 2CCC474EB85CEAA3E1FA1726580A3E5A, 6E99D2FB4997E54E8B1B7D769CF2C0FAE296A6441DC39984850EA26BFEB7E500 ] C:\WINDOWS\system32\ws2_32.dll
16:28:52.0203 0x0e3c  C:\WINDOWS\system32\ws2_32.dll - ok
16:28:52.0203 0x0e3c  [ 9789E95E1D88EEB4B922BF3EA7779C28, 2D17FD78E71BDB5D51B69DE6B36D7481A7AA3C61EA7636CD71638AF501883A91 ] C:\WINDOWS\system32\ws2help.dll
16:28:52.0203 0x0e3c  C:\WINDOWS\system32\ws2help.dll - ok
16:28:52.0218 0x0e3c  [ 0DA85218E92526972A821587E6A8BF8F, 9377F61D4B10974D5962E03F54BB89C8F804883245D61C670E51228AFE4559EB ] C:\WINDOWS\system32\imm32.dll
16:28:52.0218 0x0e3c  C:\WINDOWS\system32\imm32.dll - ok
16:28:52.0234 0x0e3c  [ DAB9952E3626D84E74CBF4958B1B1F52, F14F88288FC3E6CA83602D33EA399E65ADDF80EB3AB561A8FF45AF2BF1AFD7E0 ] C:\WINDOWS\system32\kbduk.dll
16:28:52.0234 0x0e3c  C:\WINDOWS\system32\kbduk.dll - ok
16:28:52.0234 0x0e3c  [ 56C5B179FE3308B655EB6208C3256FEC, C70BCE54E5DF47D37C835804EAAEC7C06C1A226EFA2003226BE290D1D552126F ] C:\WINDOWS\system32\kbdus.dll
16:28:52.0234 0x0e3c  C:\WINDOWS\system32\kbdus.dll - ok
16:28:52.0250 0x0e3c  [ D7B7A57C0E57C836F18CF12A4C62A1CA, 651B16027B4F4B0ED2F827E32B7E66188CDB023DB8C7B1A9A1A44063FB35B9DE ] C:\WINDOWS\system32\msgina.dll
16:28:52.0250 0x0e3c  C:\WINDOWS\system32\msgina.dll - ok
16:28:52.0250 0x0e3c  [ 93AFB83FBC1F9443CAC722FCA63D73BF, 853C4A03A153F232E5CAF219F7FD732CB82CB62171F077DE737B32169F7832AB ] C:\WINDOWS\system32\comctl32.dll
16:28:52.0250 0x0e3c  C:\WINDOWS\system32\comctl32.dll - ok
16:28:52.0265 0x0e3c  [ 40B0F98BAD16AD5DEF894E88C3EF8014, 916B7BFC23BB5A3F757160BCF2013A8260D9382EFDE6AADAFC4D297828C71003 ] C:\WINDOWS\system32\odbc32.dll
16:28:52.0265 0x0e3c  C:\WINDOWS\system32\odbc32.dll - ok
16:28:52.0265 0x0e3c  [ 86987A5000DFA3EBE2275C0456BCF2FE, 31B699E8FD11DD59ADBAE56650C1B7AE80484091B3B6D9015A95F590E2C3EB05 ] C:\WINDOWS\system32\comdlg32.dll
16:28:52.0265 0x0e3c  C:\WINDOWS\system32\comdlg32.dll - ok
16:28:52.0281 0x0e3c  [ 6843D54BC4A40CC8C5741AF750233D10, D998B54B7D23A986DD14D8BC56169A10EE43267F4F1914FBDD55B6B028993FAC ] C:\WINDOWS\system32\shell32.dll
16:28:52.0281 0x0e3c  C:\WINDOWS\system32\shell32.dll - ok
16:28:52.0281 0x0e3c  [ C448A248B743F5FB935C787A5D97268B, 26E88FF449F938B218FAED6D8F3F095577216A29D656D17ACEA7F6C16E638BED ] C:\WINDOWS\system32\shlwapi.dll
16:28:52.0281 0x0e3c  C:\WINDOWS\system32\shlwapi.dll - ok
16:28:52.0296 0x0e3c  [ 694503348B586E99D56C0E30AB5B3EF8, 53A0C2604574058F1520D8F0805F1247B15BB0E00A5B5BAFE027C702D55E5076 ] C:\WINDOWS\system32\sxs.dll
16:28:52.0296 0x0e3c  C:\WINDOWS\system32\sxs.dll - ok
16:28:52.0312 0x0e3c  [ 736B12B725AEB2B07F0241A9F680CB10, 9EF1406CAEE256117DA8C8904BCB20FB8F9421F02F812B4DC2CE1F16D2B315F2 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
16:28:52.0312 0x0e3c  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
16:28:52.0312 0x0e3c  [ 6B7C6B32F8E84D56C6260D684019FEA2, A10B4D413452D95B6B4087838F2FCE0B9F42D8C0CBE7A91DC080AE1163FB6D1A ] C:\WINDOWS\system32\odbcint.dll
16:28:52.0312 0x0e3c  C:\WINDOWS\system32\odbcint.dll - ok
16:28:52.0328 0x0e3c  [ 96E1C926F22EE1BFBAE82901A35F6BF3, 95568F138216FFADCFC4BAE8A12825FFE53F2EA04C5CAC2AD10F65FC0C4E3CDB ] C:\WINDOWS\system32\sfc.dll
16:28:52.0328 0x0e3c  C:\WINDOWS\system32\sfc.dll - ok
16:28:52.0328 0x0e3c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] C:\WINDOWS\system32\shsvcs.dll
16:28:52.0328 0x0e3c  C:\WINDOWS\system32\shsvcs.dll - ok
16:28:52.0343 0x0e3c  [ 59B408E5B8489B0B36A0D783D150EDCC, CB234B25502B0CE0C1E6CFA883FDDF64DAB7A6E50A6AD36CAB3B30A7C872B403 ] C:\WINDOWS\system32\ole32.dll
16:28:52.0343 0x0e3c  C:\WINDOWS\system32\ole32.dll - ok
16:28:52.0343 0x0e3c  [ 6B5DB6789177A4FD0DEBC248041D0739, 3E3239C3613CCBB9EE2539D78BC745ED19134E1D3BED88C3D5273796FA2507DA ] C:\WINDOWS\system32\sfc_os.dll
16:28:52.0343 0x0e3c  C:\WINDOWS\system32\sfc_os.dll - ok
16:28:52.0359 0x0e3c  [ CF492D7E9AF1C628B3536D20EF6F5CC7, 3D7A5A5D6B804C0A3F3E7256B3AC19397567700271CABCD7C4C8B51565958BC8 ] C:\WINDOWS\system32\apphelp.dll
16:28:52.0359 0x0e3c  C:\WINDOWS\system32\apphelp.dll - ok
16:28:52.0359 0x0e3c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
16:28:52.0359 0x0e3c  C:\WINDOWS\system32\services.exe - ok
16:28:52.0375 0x0e3c  [ BD31DC6DBE9333C4FBD4BDF0899F2160, 545D83178CCD74C68B72C607201EF9E1C8A5FC26A08288F8D3A77106964D1034 ] C:\WINDOWS\system32\lsasrv.dll
16:28:52.0375 0x0e3c  C:\WINDOWS\system32\lsasrv.dll - ok
16:28:52.0375 0x0e3c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] C:\WINDOWS\system32\lsass.exe
16:28:52.0375 0x0e3c  C:\WINDOWS\system32\lsass.exe - ok
16:28:52.0390 0x0e3c  [ EC29A79F1E76DC509E24D401F29D0678, 2CECCD7CE806152F6DD1A6812C7DAEC46FB197E63D14414808D713C829EE4260 ] C:\WINDOWS\system32\ncobjapi.dll
16:28:52.0390 0x0e3c  C:\WINDOWS\system32\ncobjapi.dll - ok
16:28:52.0390 0x0e3c  [ F404830F3CD9BF8F2515E489C0CDA297, 4FFFBBDD04B82623983B8B51E52E113EBF0E32E8328BFD3754B7A299E5673569 ] C:\WINDOWS\system32\msvcp60.dll
16:28:52.0390 0x0e3c  C:\WINDOWS\system32\msvcp60.dll - ok
16:28:52.0406 0x0e3c  [ B24A42A413E694AD73FDFB7FBD492C31, 52411B5C714ED7FCFF3A120980EB75BF5A64E022303D3E717048E0E44F604AC0 ] C:\WINDOWS\system32\scesrv.dll
16:28:52.0406 0x0e3c  C:\WINDOWS\system32\scesrv.dll - ok
16:28:52.0406 0x0e3c  [ DD7BD97FB8BD800963789158A5E4B41D, 4C265CB9AC1B8C398E625C1775A5AADD8A030D158B557E24F90CA57C0253FF0D ] C:\WINDOWS\system32\mpr.dll
16:28:52.0406 0x0e3c  C:\WINDOWS\system32\mpr.dll - ok
16:28:52.0421 0x0e3c  [ 2EDFC2A8893435723AD80481803C6D5C, CD547E4749EE6466FD4F50CF2EAD37AD993C6BC89068BD51726869D5ADB2AF8E ] C:\WINDOWS\system32\umpnpmgr.dll
16:28:52.0421 0x0e3c  C:\WINDOWS\system32\umpnpmgr.dll - ok
16:28:52.0437 0x0e3c  [ EC4C0D9BFD9F7E33F8B395AD54E13063, 18E60FF334376604F213F3323FAB81F392493496C6CA809FAD66BB8B0EEB3396 ] C:\WINDOWS\system32\ntdsapi.dll
16:28:52.0437 0x0e3c  C:\WINDOWS\system32\ntdsapi.dll - ok
16:28:52.0437 0x0e3c  [ 1F03103598BD817B1078DAB1326DDE11, 0F0D19E67E25E9D2113920166B7326B46BACD22BA08476EC91D9C564AFC1FAF3 ] C:\WINDOWS\system32\shimeng.dll
16:28:52.0437 0x0e3c  C:\WINDOWS\system32\shimeng.dll - ok
16:28:52.0453 0x0e3c  [ EA9EE60B408878E5F2012F9C783836DB, 354A6660705759C0E767BCD7FB6F1B4371B74784A986431A626DF3793D0421EC ] C:\WINDOWS\AppPatch\AcAdProc.dll
16:28:52.0453 0x0e3c  C:\WINDOWS\AppPatch\AcAdProc.dll - ok
16:28:52.0453 0x0e3c  [ 389496118B3B03C2328024AF320132AC, 11F85CA49596CE12B1F80B5BC059B6F5549FC09A43E2C47841A688F2ACEBB8B8 ] C:\WINDOWS\system32\dnsapi.dll
16:28:52.0453 0x0e3c  C:\WINDOWS\system32\dnsapi.dll - ok
16:28:52.0468 0x0e3c  [ 0492CF5870F0E616B0C71695A433D162, 47C9FB64A4CF3DF54F664B2B31A834ACF75B504650007E6201546C2D0E44D9C2 ] C:\WINDOWS\system32\wldap32.dll
16:28:52.0468 0x0e3c  C:\WINDOWS\system32\wldap32.dll - ok
16:28:52.0468 0x0e3c  [ 8329A39D5A402A75A74301D6A62ECDA1, 1947B2B19F2D0C690EC880B5A92F88903D78C6BB6EE47261B3D744B5A863D562 ] C:\WINDOWS\system32\samlib.dll
16:28:52.0468 0x0e3c  C:\WINDOWS\system32\samlib.dll - ok
16:28:52.0484 0x0e3c  [ F05B8CDB7FE0E55DCCFB1D946CE80064, E59BC2F25EBFF5F0CF459C9B8DEE882ADE227323F4768EBACFCC6784861BF260 ] C:\WINDOWS\system32\samsrv.dll
16:28:52.0484 0x0e3c  C:\WINDOWS\system32\samsrv.dll - ok
16:28:52.0484 0x0e3c  [ 17A1D675C12BBF80CAAC54A4855C41D0, F6185E42180218E932ADFFD63EF78EE8324B816BD57EA217322A46D1D2F47928 ] C:\WINDOWS\system32\cryptdll.dll
16:28:52.0484 0x0e3c  C:\WINDOWS\system32\cryptdll.dll - ok
16:28:52.0500 0x0e3c  [ 310C15FD8358B2C4CD7A5B98A112883F, CA656F066373B164A138032F5BF7EF68603EBDB0D49BD4663C99061F47F29085 ] C:\WINDOWS\AppPatch\AcGenral.dll
16:28:52.0500 0x0e3c  C:\WINDOWS\AppPatch\AcGenral.dll - ok
16:28:52.0500 0x0e3c  [ 4A953F13942867BA8FB41F141EC1B80C, BAE05A8CEDA4411324E38DB8A2153A988C6A3FAC8AD7CB27EE14E18FE7C47569 ] C:\WINDOWS\system32\winmm.dll
16:28:52.0500 0x0e3c  C:\WINDOWS\system32\winmm.dll - ok
16:28:52.0515 0x0e3c  [ EFF03460E542EEA6B0ABDEC6BF19C897, C2A0DDE6E8B49B152C295E97CFC35557391DEEE5A3A0B1BB4E445C405C716C55 ] C:\WINDOWS\system32\oleaut32.dll
16:28:52.0515 0x0e3c  C:\WINDOWS\system32\oleaut32.dll - ok
16:28:52.0515 0x0e3c  [ 2098AB52BD5316E59AA36F3437B13BE6, C4C9F2CFCAFF91B4A6F68E28EFE12EED216B41F081F8D577597C0634ECE57018 ] C:\WINDOWS\system32\msacm32.dll
16:28:52.0515 0x0e3c  C:\WINDOWS\system32\msacm32.dll - ok
16:28:52.0531 0x0e3c  [ 7A2CC3719B255E6B5D74396183B7715B, 2C4A2D5B42CFFE42BE72A652D1B0EED43D7EECF7CA3416660A3E0C539AA2AC34 ] C:\WINDOWS\system32\uxtheme.dll
16:28:52.0531 0x0e3c  C:\WINDOWS\system32\uxtheme.dll - ok
16:28:52.0531 0x0e3c  [ F24B12786D60A17008319E3F2AEE7799, BF916F65D770C61612678171CC184A0BF259992CEC0BF607D26834CE2A234FB3 ] C:\WINDOWS\system32\msapsspc.dll
16:28:52.0531 0x0e3c  C:\WINDOWS\system32\msapsspc.dll - ok
16:28:52.0546 0x0e3c  [ 7A660EDC0757849DF5F8706FB6E9F740, CA3820507A92EE9AB4EE8E804736FE1795224AE02D396AADB5BFD53223D9B7E2 ] C:\WINDOWS\system32\msvcrt40.dll
16:28:52.0546 0x0e3c  C:\WINDOWS\system32\msvcrt40.dll - ok
16:28:52.0546 0x0e3c  [ 0F64207B49390C8063C36AE7CBF9C2DB, 52C4A7A38EE11CA247001EB0A3C67BFEB1A09E9AC406486132D5AC38BE3A6A6F ] C:\WINDOWS\system32\schannel.dll
16:28:52.0546 0x0e3c  C:\WINDOWS\system32\schannel.dll - ok
16:28:52.0562 0x0e3c  [ 3D76DD0CBC536E0F8C45D23ED230BEB2, F74F94525AB7CE1E269452C9E1DD08411A668CFDD94F069C90FC2EE33CB35A12 ] C:\WINDOWS\system32\digest.dll
16:28:52.0562 0x0e3c  C:\WINDOWS\system32\digest.dll - ok
16:28:52.0562 0x0e3c  [ A4388DF80E52695AE92EE5F3F61F1619, A4B7C6E10B92B5022CA6E8FD9094098614FD63178EA86A7B035EB89B373BF033 ] C:\WINDOWS\system32\msnsspc.dll
16:28:52.0562 0x0e3c  C:\WINDOWS\system32\msnsspc.dll - ok
16:28:52.0578 0x0e3c  [ 5733177BCF16EE78B99543C9B0AB81EA, 6504D3D665AC8AB27A44F863F9C1A23FF3B68EAC0512F418712CC0D56F739E24 ] C:\WINDOWS\system32\MSCTFIME.IME
16:28:52.0578 0x0e3c  C:\WINDOWS\system32\MSCTFIME.IME - ok
16:28:52.0578 0x0e3c  [ C6BB1D1500DB4A0E224CB65E6C7E8A80, 32099A486457D1DC3B1269DE9570EE922F118C3BD443FE78ED051DD764EF4DE3 ] C:\WINDOWS\system32\msprivs.dll
16:28:52.0578 0x0e3c  C:\WINDOWS\system32\msprivs.dll - ok
16:28:52.0593 0x0e3c  [ A525C96C51D55111FDF3BEA9FFFFC7AE, AA5B080E01573B96A37E67F871F97AE975E1E9519EDB16476472AA3FA2144643 ] C:\WINDOWS\system32\kerberos.dll
16:28:52.0593 0x0e3c  C:\WINDOWS\system32\kerberos.dll - ok
16:28:52.0593 0x0e3c  [ 517561A1113B04E51D936CD018DE1C1F, A5F572C3557705F28F7A465970F0432F55B616EFD208BA0CBDFFBF7A41F07C04 ] C:\WINDOWS\system32\msv1_0.dll
16:28:52.0593 0x0e3c  C:\WINDOWS\system32\msv1_0.dll - ok
16:28:52.0609 0x0e3c  [ AF07DC9B7CC455629E732340C7B15F3A, 4403503F24FB76AB55D347273319B98BC0955AB3E537FA5ADA498B9AED76484A ] C:\WINDOWS\system32\iphlpapi.dll
16:28:52.0609 0x0e3c  C:\WINDOWS\system32\iphlpapi.dll - ok
16:28:52.0609 0x0e3c  [ 1B7F071C51B77C272875C3A23E1E4550, 9D6EA6DF4F4A531E35B843CE11AB6BDBEF0C2716773C14660E98038C1F68B7C4 ] C:\WINDOWS\system32\netlogon.dll
16:28:52.0609 0x0e3c  C:\WINDOWS\system32\netlogon.dll - ok
16:28:52.0625 0x0e3c  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] C:\WINDOWS\system32\w32time.dll
16:28:52.0625 0x0e3c  C:\WINDOWS\system32\w32time.dll - ok
16:28:52.0625 0x0e3c  [ 3AAF9B35939FF9E58CCD18D41655C2FC, AF7358AB0A507D77569A8D38D2392C224BFBEFD1264C069BBC6C677BC20C6B8B ] C:\WINDOWS\system32\wdigest.dll
16:28:52.0625 0x0e3c  C:\WINDOWS\system32\wdigest.dll - ok
16:28:52.0640 0x0e3c  [ 54DAE3EA34802B4ED9AE1C6B1209FA56, EEB1FA90DB44C821B371D5F7C323B4F88E843107BBA16DA2ACB124D6A848B257 ] C:\WINDOWS\system32\rsaenh.dll
16:28:52.0640 0x0e3c  C:\WINDOWS\system32\rsaenh.dll - ok
16:28:52.0656 0x0e3c  [ 02988B904C386B500CD08639C4C20EEA, 66E96045957AABD7F5C364D64DE23A09D4C292C844FA00C45626A8D1EC21F206 ] C:\WINDOWS\system32\winscard.dll
16:28:52.0656 0x0e3c  C:\WINDOWS\system32\winscard.dll - ok
16:28:52.0656 0x0e3c  [ 0E2735281FBB9A764D5584C2A5DCBA59, B1EFF5D7BFDDFEC3A3E5B2F17A6A0F3F47C344A64AB57E6918B4DEC094FC9444 ] C:\WINDOWS\system32\wtsapi32.dll
16:28:52.0656 0x0e3c  C:\WINDOWS\system32\wtsapi32.dll - ok
16:28:52.0671 0x0e3c  [ A86BB5E61BF3E39B62AB4C7E7085A084, B88446E007153BB58C5AE867AC3FB4C46618BBAA5A152687201E0E81F881465A ] C:\WINDOWS\system32\scecli.dll
16:28:52.0671 0x0e3c  C:\WINDOWS\system32\scecli.dll - ok
16:28:52.0671 0x0e3c  [ 8A4CB9438571814B128B6DC30D698064, 2CE7DC464723C427C88E6FFB086330719DFE57F9EF0FE31AE9E0D8D0C910C388 ] C:\WINDOWS\system32\MEMIO.SYS
16:28:52.0671 0x0e3c  C:\WINDOWS\system32\MEMIO.SYS - ok
16:28:52.0687 0x0e3c  [ 27C6D03BCDB8CFEB96B716F3D8BE3E18, 2910EBC692D833D949BFD56059E8106D324A276D5F165F874F3FB1B6C613CDD5 ] C:\WINDOWS\system32\svchost.exe
16:28:52.0687 0x0e3c  C:\WINDOWS\system32\svchost.exe - ok
16:28:52.0687 0x0e3c  [ 549290DBC280C887681D7652978DBBE0, CA2CA8561F11CDD5FD5D23D9D88A96A7FFE4AF6DFE8CE783B0969B6ED3C4CBF8 ] C:\WINDOWS\system32\ntmarta.dll
16:28:52.0687 0x0e3c  C:\WINDOWS\system32\ntmarta.dll - ok
16:28:52.0703 0x0e3c  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] C:\WINDOWS\system32\rpcss.dll
16:28:52.0703 0x0e3c  C:\WINDOWS\system32\rpcss.dll - ok
16:28:52.0703 0x0e3c  [ 16403217AB6FC5C30C14C6B12098AD4B, DEA7C556BA9C91E056E6035E77A793A77E428D493518D1C6F796B003D4F07305 ] C:\WINDOWS\system32\xpsp2res.dll
16:28:52.0703 0x0e3c  C:\WINDOWS\system32\xpsp2res.dll - ok
16:28:52.0718 0x0e3c  [ 6D4FEB43EE538FC5428CC7F0565AA656, 4091D82537198562F0CA1D032B2D4BEC75101342B7BCA7778FDA2D515300BC36 ] C:\WINDOWS\system32\eventlog.dll
16:28:52.0718 0x0e3c  C:\WINDOWS\system32\eventlog.dll - ok
16:28:52.0718 0x0e3c  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] C:\WINDOWS\system32\mswsock.dll
16:28:52.0718 0x0e3c  C:\WINDOWS\system32\mswsock.dll - ok
16:28:52.0734 0x0e3c  [ 3CB32D3B8CBE79899D63280BB7A83CD9, F34DB3B3DD65F0135F1F7005703B824D2C9B17F7A43062F1FFBEC53B3B26EFC3 ] C:\WINDOWS\system32\hnetcfg.dll
16:28:52.0734 0x0e3c  C:\WINDOWS\system32\hnetcfg.dll - ok
16:28:52.0734 0x0e3c  [ 4E3D06D6E68EEDB52565080F55B460D3, A503BFC29D3936045488EDC1771914EC84BE80E422F772F53D7961F526D707E6 ] C:\WINDOWS\system32\wshtcpip.dll
16:28:52.0734 0x0e3c  C:\WINDOWS\system32\wshtcpip.dll - ok
16:28:52.0750 0x0e3c  [ D72B9EC3337B247A666F098F3D6B43DE, 4BC52AD1116078B0B313AB6555024302225D6CC03CA428151F78B7C48821489F ] C:\WINDOWS\system32\winrnr.dll
16:28:52.0750 0x0e3c  C:\WINDOWS\system32\winrnr.dll - ok
16:28:52.0750 0x0e3c  [ 60B8C0DB5A8E4D7B4712DF66D6FF2788, 6E788B3FD033DAC4D63D02159B9A40026D0FE79D419F20568BE60445C1BA6C8E ] C:\WINDOWS\system32\wship6.dll
16:28:52.0750 0x0e3c  C:\WINDOWS\system32\wship6.dll - ok
16:28:52.0765 0x0e3c  [ 6F9BEF24C578D5D6740E080BEDD6A448, 72426D49BC31488261D226C7D0C98AD11192019E71654F53D1D17183C328CC7C ] C:\WINDOWS\system32\rasadhlp.dll
16:28:52.0765 0x0e3c  C:\WINDOWS\system32\rasadhlp.dll - ok
16:28:52.0765 0x0e3c  [ 2081A5B5E4ABA206A0A8A1A97DF0FB23, 032B6D1F541F180A2FE619664EF180D3FD748AEF7E311BA925FCED74E7ED4713 ] C:\WINDOWS\system32\logonui.exe
16:28:52.0765 0x0e3c  C:\WINDOWS\system32\logonui.exe - ok
16:28:52.0781 0x0e3c  [ 515A7FAE2070C2B0242B2353443E2F11, 6121C5613784831F584B50E8DC91BBD7AC58BDB602FE4CDB4B237670B6BB4537 ] C:\WINDOWS\system32\cscdll.dll
16:28:52.0781 0x0e3c  C:\WINDOWS\system32\cscdll.dll - ok
16:28:52.0781 0x0e3c  [ 3D41A9326F0376FC73AF961DD23B1FB1, 1242F3B57599675D1E0E26615E206CE3DB15FA6A23BC5D21EB630EE9858EBC7B ] C:\WINDOWS\system32\duser.dll
16:28:52.0781 0x0e3c  C:\WINDOWS\system32\duser.dll - ok
16:28:52.0796 0x0e3c  [ 49E9ED37FAEC5E8C03E81FD73D3884D6, EE5AB3D1E4B6A3625B3DEEF7B83214AD557480DC393E16099EB8DA23F2FA4F79 ] C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
16:28:52.0796 0x0e3c  C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe - ok
16:28:52.0812 0x0e3c  [ E2092F0A1D7ABC243F9C2362483D150D, 50028400D6BA1C5B27BFC9AAC9D41539383F3EC723977CA937715E14094D846A ] C:\WINDOWS\system32\dimsntfy.dll
16:28:52.0812 0x0e3c  C:\WINDOWS\system32\dimsntfy.dll - ok
16:28:52.0812 0x0e3c  [ 2CC34E8BB667EEF78899546E12649196, 5BA2604041BF7C1D580D4D2AEDC7708F9E9B0AF6E0928663E3D9C7297296D721 ] C:\WINDOWS\system32\wlnotify.dll
16:28:52.0812 0x0e3c  C:\WINDOWS\system32\wlnotify.dll - ok
16:28:52.0812 0x0e3c  [ AFFC87E2501FCE8F09D4C10BA6421CCF, E63837B281C4AE90A7CBA8E072E07A9A5A2FDD5B15E7FB5C2D7562FE72BE5408 ] C:\WINDOWS\system32\msimg32.dll
16:28:52.0812 0x0e3c  C:\WINDOWS\system32\msimg32.dll - ok
16:28:52.0828 0x0e3c  [ 20200EE3CFE10E9F0C028D8653BE11C6, 3ACF2110D72509CBA3BF780C5D6D662BAFEEA6CA423BE8B0F97288B953127035 ] C:\WINDOWS\system32\oleacc.dll
16:28:52.0828 0x0e3c  C:\WINDOWS\system32\oleacc.dll - ok
16:28:52.0828 0x0e3c  [ BD83ABA61E8ACCC8D9FFB869F29418CE, 45ED22E825047A1BE07B017F95FBF965A90602C59E6B110D0C604FBE07DE1562 ] C:\WINDOWS\system32\winspool.drv
16:28:52.0828 0x0e3c  C:\WINDOWS\system32\winspool.drv - ok
16:28:52.0843 0x0e3c  [ F137A0CA70003DB20448D540651FA003, 4D3095FD8431D0839B6EE785A979D005A1035368A152CDC705804E85B7673198 ] C:\WINDOWS\system32\clbcatq.dll
16:28:52.0843 0x0e3c  C:\WINDOWS\system32\clbcatq.dll - ok
16:28:52.0843 0x0e3c  [ 1280A158C722FA95A80FB7AEBE78FA7D, 9B6E8158E581500C5C417F6453A6414901020123D34FDBC04289750E8B072538 ] C:\WINDOWS\system32\comres.dll
16:28:52.0843 0x0e3c  C:\WINDOWS\system32\comres.dll - ok
16:28:52.0859 0x0e3c  [ E5EDBD51476DB5001ABF5C82AE5C3DD1, 5C97ABF5802A7F886781788FE6107F9F06962F9D704A2A43A03062C9405F56C3 ] C:\WINDOWS\system32\shgina.dll
16:28:52.0859 0x0e3c  C:\WINDOWS\system32\shgina.dll - ok
16:28:52.0875 0x0e3c  [ 8973122796E3B5D6B5900FC186E55FEA, 350120A20F8591C27E68A5903E3175DD3F4F85BA2FF1F8B6E1D3B3758B5B509D ] C:\WINDOWS\system32\hid.dll
16:28:52.0875 0x0e3c  C:\WINDOWS\system32\hid.dll - ok
16:28:52.0875 0x0e3c  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] C:\WINDOWS\system32\drivers\ndisuio.sys
16:28:52.0875 0x0e3c  C:\WINDOWS\system32\drivers\ndisuio.sys - ok
16:28:52.0890 0x0e3c  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] C:\WINDOWS\system32\dhcpcsvc.dll
16:28:52.0890 0x0e3c  C:\WINDOWS\system32\dhcpcsvc.dll - ok
16:28:52.0890 0x0e3c  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] C:\WINDOWS\system32\dnsrslvr.dll
16:28:52.0890 0x0e3c  C:\WINDOWS\system32\dnsrslvr.dll - ok
16:28:52.0906 0x0e3c  [ 085ED2E391A871C7BAE87E0228B546BA, 15C050965A7377CDE1178A0C28C3E05B16838A1D7DEB1DD190E3C5D58511F5AC ] C:\WINDOWS\system32\cscui.dll
16:28:52.0906 0x0e3c  C:\WINDOWS\system32\cscui.dll - ok
16:28:52.0906 0x0e3c  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] C:\WINDOWS\system32\lmhsvc.dll
16:28:52.0906 0x0e3c  C:\WINDOWS\system32\lmhsvc.dll - ok
16:28:52.0921 0x0e3c  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] C:\WINDOWS\system32\wzcsvc.dll
16:28:52.0921 0x0e3c  C:\WINDOWS\system32\wzcsvc.dll - ok
16:28:52.0921 0x0e3c  [ 50A166237A0FA771261275A405646CC0, CFA9B2C8CDCDB56C27B89593A106AAE211E24D8EA433129A6E9BD2FBF39AB5BB ] C:\WINDOWS\system32\powrprof.dll
16:28:52.0921 0x0e3c  C:\WINDOWS\system32\powrprof.dll - ok
16:28:52.0937 0x0e3c  [ 876CCF164E08D6B903CD14398E056DD2, 9AC7887F992F20E10EB3ED9B3AEF47B5C840172FA7895531F4EF86D6EA642D0F ] C:\WINDOWS\system32\rtutils.dll
16:28:52.0937 0x0e3c  C:\WINDOWS\system32\rtutils.dll - ok
16:28:52.0937 0x0e3c  [ 224FB925C641DA16CEB6D60F40CA4C75, 2DDB3B019D2A22B359C5974DC366EC9B95F4382DB1BF7F1958CFF0EC277895C7 ] C:\WINDOWS\system32\atl.dll
16:28:52.0937 0x0e3c  C:\WINDOWS\system32\atl.dll - ok
16:28:52.0953 0x0e3c  [ 3E2F3E2F4A82B7FAE23BAB864FB0F837, 78FEB881B5F1C90AD13DD69BB8C95CDF60C84E127871916D1EE8A938849E6282 ] C:\WINDOWS\system32\dpcdll.dll
16:28:52.0953 0x0e3c  C:\WINDOWS\system32\dpcdll.dll - ok
16:28:52.0953 0x0e3c  [ E6EF7BC927D9F8F9BA1584BFC39E0C6F, EC80729BDD250C161B29DA853D45C703CB4844DE185C5665DB0627D9568995AB ] C:\WINDOWS\system32\eapolqec.dll
16:28:52.0953 0x0e3c  C:\WINDOWS\system32\eapolqec.dll - ok
16:28:52.0968 0x0e3c  [ 7B0770526801F05D58C51A3DFB87B4BD, 7A2858DD3AE8C26DE88F8CC71E8DC9A8A50C363BA4FB34EE6EE2D81C18845A96 ] C:\WINDOWS\system32\wmi.dll
16:28:52.0968 0x0e3c  C:\WINDOWS\system32\wmi.dll - ok
16:28:52.0968 0x0e3c  [ 8AE93AACC648921BAACB8602991AC4B3, 78292B1BAEE64C997C50B6D907FE623C2EDF937A62D3C3690FA24342180B7AB2 ] C:\WINDOWS\system32\qutil.dll
16:28:52.0968 0x0e3c  C:\WINDOWS\system32\qutil.dll - ok
16:28:52.0984 0x0e3c  [ 8E2CC37BA87D8F681066E0E9C8A19F73, 90536FD502D92AE4FECE0C250373742D2E8AC9E9BE314070BB28C4A2BEA15508 ] C:\WINDOWS\system32\dot3api.dll
16:28:52.0984 0x0e3c  C:\WINDOWS\system32\dot3api.dll - ok
16:28:52.0984 0x0e3c  [ F5B754CDEA20BBB3A31E16A776EDE6D6, C5D682FA9B86810C6E3D741E507EDA024C4554BEB5B6A1686F70E109EE9CD746 ] C:\WINDOWS\system32\esent.dll
16:28:52.0984 0x0e3c  C:\WINDOWS\system32\esent.dll - ok
16:28:53.0000 0x0e3c  [ A93AEE1928A9D7CE3E16D24EC7380F89, 944CD2135E171AF338352568AA7FE1B8004733A4281395AD6723E0CF43D5F53F ] C:\WINDOWS\system32\userinit.exe
16:28:53.0000 0x0e3c  C:\WINDOWS\system32\userinit.exe - ok
16:28:53.0000 0x0e3c  [ 12896823FB95BFB3DC9B46BCAEDC9923, 1E675CB7DF214172F7EB0497F7275556038A0D09C6E5A3E6862C5E26885EF455 ] C:\WINDOWS\explorer.exe
16:28:53.0000 0x0e3c  C:\WINDOWS\explorer.exe - ok
16:28:53.0015 0x0e3c  [ A39BE37C9237DB5F1990D61B268EA555, ABAB9D73DF10D2AC78F00A6C5E5318C4DE166CDF70683408D83D218CB39B7449 ] C:\WINDOWS\system32\rastls.dll
16:28:53.0015 0x0e3c  C:\WINDOWS\system32\rastls.dll - ok
16:28:53.0015 0x0e3c  [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3, 9085384DD71F983E7FD8B6C8F54A3097412DA3C802C813C8AAB1F30558C416D6 ] C:\WINDOWS\system32\cryptui.dll
16:28:53.0015 0x0e3c  C:\WINDOWS\system32\cryptui.dll - ok
16:28:53.0031 0x0e3c  [ 02283EDE3F4575A208FDF45CA2E4A47B, E0CB71E76EAD3127E0116169DDF72C7C3D9CC012E1535443DA6C6A3250CF3EAF ] C:\WINDOWS\system32\browseui.dll
16:28:53.0031 0x0e3c  C:\WINDOWS\system32\browseui.dll - ok
16:28:53.0046 0x0e3c  [ 6CE32F7778061CCC5814D5E0F282D369, 750701728CA521AC32163E571BA8D38D4954FB93CFC2964DA0B9C4A975EBAA12 ] C:\WINDOWS\system32\wininet.dll
16:28:53.0046 0x0e3c  C:\WINDOWS\system32\wininet.dll - ok
16:28:53.0046 0x0e3c  [ 10753A3ADC3E39A3B10CC3F08E98E6B4, 99C7B1B04CD593139917ED3D68BEC36C63BCE76663505CB5D026B62AF39BB383 ] C:\WINDOWS\system32\normaliz.dll
16:28:53.0046 0x0e3c  C:\WINDOWS\system32\normaliz.dll - ok
16:28:53.0062 0x0e3c  [ 4DC9D0547B7AEEE42241A1EC4580C484, 32A7AF2A843F24A321C1BB10523F1413B6A70238AE99F71AED17BD5D24947831 ] C:\WINDOWS\system32\shdocvw.dll
16:28:53.0062 0x0e3c  C:\WINDOWS\system32\shdocvw.dll - ok
16:28:53.0062 0x0e3c  [ 05642AE6A7BDAA7541A7451F5A4C6512, 4CC42CCE79571AAE896DFDA738177A705F3D5AFBBC9BC94D43201BE3C899296A ] C:\WINDOWS\system32\urlmon.dll
16:28:53.0062 0x0e3c  C:\WINDOWS\system32\urlmon.dll - ok
16:28:53.0062 0x0e3c  [ 58BD4689E1DCD40A903721D7EF45F2EC, 0701DCE6590FD0DB00618DCA82D298AA684BE94A5B1707075C29543D370A8C58 ] C:\WINDOWS\system32\iertutil.dll
16:28:53.0062 0x0e3c  C:\WINDOWS\system32\iertutil.dll - ok
16:28:53.0078 0x0e3c  [ EA5B8BECA3F279C757578CD7F1E95855, 6FA42A9C8A114208BCB1D0A799C43CD07FB0F986495191D58C1BBD150B7B3A90 ] C:\WINDOWS\system32\mprapi.dll
16:28:53.0078 0x0e3c  C:\WINDOWS\system32\mprapi.dll - ok
16:28:53.0093 0x0e3c  [ 2CDAE321B8E878A278BA2D2FA013060B, 51A382D665EB4A8BD66A3EF9B518DC02D3637318768758AB6F1017E50826CC56 ] C:\WINDOWS\system32\activeds.dll
16:28:53.0093 0x0e3c  C:\WINDOWS\system32\activeds.dll - ok
16:28:53.0093 0x0e3c  [ 0D84657DBF93DB98673DEFDF2B29E25A, 22105E297D663790BFA1EAE5AC670B283E69FDF2428DEBC596F3EB920E53AFF9 ] C:\WINDOWS\system32\adsldpc.dll
16:28:53.0093 0x0e3c  C:\WINDOWS\system32\adsldpc.dll - ok
16:28:53.0109 0x0e3c  [ 92C4F48B62B0B876194584C3FF09CCB6, B24FF5E8D4F09B8200395B68A20A083E7ED9A29B9E9FB85F42E1A6BBB911D1C4 ] C:\WINDOWS\system32\rasapi32.dll
16:28:53.0109 0x0e3c  C:\WINDOWS\system32\rasapi32.dll - ok
16:28:53.0109 0x0e3c  [ 4DEF926F6A0545AE486A03C84F2EE482, 2D209061632634D7338C0BBEEE8056E8085BE22FA6974A2CC6BAEDC14CF6F6B1 ] C:\WINDOWS\system32\rasman.dll
16:28:53.0109 0x0e3c  C:\WINDOWS\system32\rasman.dll - ok
16:28:53.0125 0x0e3c  [ 00AABF131B4823785818DB99A075A313, FF0F24D35325EC246C758C7CF51FDDEF13757DFD7BE5F6F5D51E0DD7C6673686 ] C:\WINDOWS\system32\tapi32.dll
16:28:53.0125 0x0e3c  C:\WINDOWS\system32\tapi32.dll - ok
16:28:53.0125 0x0e3c  [ C1FAEA15E41F62D7BFA7FBC395C24BA6, 5DAA7F6E1EEA128AEDEDCAF04EB83AED4BCF856BC123BC134E9FA634DC569C0B ] C:\WINDOWS\system32\riched20.dll
16:28:53.0125 0x0e3c  C:\WINDOWS\system32\riched20.dll - ok
16:28:53.0140 0x0e3c  [ 56CE97FF94B7662A300D359CD6F4D601, D67A792E176AE3394CEB8FEF16F9E56DC614D7D4F58F6B9202E49EFD42BAE9E4 ] C:\WINDOWS\system32\raschap.dll
16:28:53.0140 0x0e3c  C:\WINDOWS\system32\raschap.dll - ok
16:28:53.0140 0x0e3c  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] C:\WINDOWS\system32\schedsvc.dll
16:28:53.0140 0x0e3c  C:\WINDOWS\system32\schedsvc.dll - ok
16:28:53.0156 0x0e3c  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] C:\WINDOWS\system32\netman.dll
16:28:53.0156 0x0e3c  C:\WINDOWS\system32\netman.dll - ok
16:28:53.0156 0x0e3c  [ 062F837C1FBDB6A0A75F82EFC2EE8E74, 3C0BFA381CBC2C55B58A8942A7148A6C27E244D26313EFB4708DD5858C689E02 ] C:\WINDOWS\system32\netshell.dll
16:28:53.0156 0x0e3c  C:\WINDOWS\system32\netshell.dll - ok
16:28:53.0171 0x0e3c  [ B4ED498E3BFEE64E952BC44FC6057DB8, 1FB5ABAE69103BF477F704189D75B0395F587234BFE94F9F79961D8FE2CE55AC ] C:\WINDOWS\system32\desk.cpl
16:28:53.0171 0x0e3c  C:\WINDOWS\system32\desk.cpl - ok
16:28:53.0171 0x0e3c  [ 235892E493845D64D890163CFEF90E97, 48FC98DD1E5F8F05DE6954FE26C0A448AA9838D7DC716518C715F35E3CFA227D ] C:\WINDOWS\system32\credui.dll
16:28:53.0171 0x0e3c  C:\WINDOWS\system32\credui.dll - ok
16:28:53.0187 0x0e3c  [ EE9710428FFB95FD3845D41E7148AC31, 5CFBE4B7BCCB136B958E21EACB965E09F7D6CC0CB29DEA9022047809582B1065 ] C:\WINDOWS\system32\themeui.dll
16:28:53.0187 0x0e3c  C:\WINDOWS\system32\themeui.dll - ok
16:28:53.0187 0x0e3c  [ 4E8F3230BAC8C1CAADF01A8C728E1C5C, 62E73A7D4C58F2E30670F6A72E734B618AF45F60A8CB2177A4D504283F829BE5 ] C:\WINDOWS\system32\dot3dlg.dll
16:28:53.0187 0x0e3c  C:\WINDOWS\system32\dot3dlg.dll - ok
16:28:53.0203 0x0e3c  [ CA04959077AFE36369D37B3504740C87, CBB90BC35A74EC03DC04CD60DAC966A9FA98DC9EEFB926089DBE7A47D3B710B1 ] C:\WINDOWS\system32\onex.dll
16:28:53.0203 0x0e3c  C:\WINDOWS\system32\onex.dll - ok
16:28:53.0203 0x0e3c  [ 5DB625E7D095604010CF84DE2D8ACFA6, DEED8055CD1F2E2D898C5C77283B56078414CC7D9FCA6FCF58BA0B66B565E826 ] C:\WINDOWS\system32\eappcfg.dll
16:28:53.0203 0x0e3c  C:\WINDOWS\system32\eappcfg.dll - ok
16:28:53.0218 0x0e3c  [ ABC4206543450C0666D152F4B65833B8, D78D5E719E7744805DF6DD1D9567E67E11223F4E3B13170E35F27D46FCB6C244 ] C:\WINDOWS\system32\eappprxy.dll
16:28:53.0218 0x0e3c  C:\WINDOWS\system32\eappprxy.dll - ok
16:28:53.0218 0x0e3c  [ 767FF54A552732CE772C2302025FA82F, 7761546C33B0E55B0A8214798FD035C2499D31D690CE03E25B0068C81EDECF3F ] C:\WINDOWS\system32\wzcsapi.dll
16:28:53.0218 0x0e3c  C:\WINDOWS\system32\wzcsapi.dll - ok
16:28:53.0234 0x0e3c  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] C:\WINDOWS\system32\drivers\fastfat.sys
16:28:53.0234 0x0e3c  C:\WINDOWS\system32\drivers\fastfat.sys - ok
16:28:53.0250 0x0e3c  [ E47E364C96467FD54FA44D59F927C3AB, D48C377A7ACF805C413D4618A099A50BE6724E8996C151B00DEAFD27CA935183 ] C:\WINDOWS\system32\msidle.dll
16:28:53.0250 0x0e3c  C:\WINDOWS\system32\msidle.dll - ok
16:28:53.0250 0x0e3c  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] C:\WINDOWS\system32\spoolsv.exe
16:28:53.0250 0x0e3c  C:\WINDOWS\system32\spoolsv.exe - ok
16:28:53.0265 0x0e3c  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] C:\WINDOWS\system32\audiosrv.dll
16:28:53.0265 0x0e3c  C:\WINDOWS\system32\audiosrv.dll - ok
16:28:53.0265 0x0e3c  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] C:\WINDOWS\system32\wkssvc.dll
16:28:53.0265 0x0e3c  C:\WINDOWS\system32\wkssvc.dll - ok
16:28:53.0281 0x0e3c  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] C:\WINDOWS\system32\drivers\mrxdav.sys
16:28:53.0281 0x0e3c  C:\WINDOWS\system32\drivers\mrxdav.sys - ok
16:28:53.0281 0x0e3c  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] C:\WINDOWS\system32\webclnt.dll
16:28:53.0281 0x0e3c  C:\WINDOWS\system32\webclnt.dll - ok
16:28:53.0296 0x0e3c  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] C:\WINDOWS\system32\drivers\serial.sys
16:28:53.0296 0x0e3c  C:\WINDOWS\system32\drivers\serial.sys - ok
16:28:53.0296 0x0e3c  [ 00709952D444EAE14DBBD30D36FBAE0F, A65B57C68F9119940133F6680AF3644866EEBDA5378F9B6AED441FB999B50526 ] C:\WINDOWS\system32\certcli.dll
16:28:53.0296 0x0e3c  C:\WINDOWS\system32\certcli.dll - ok
16:28:53.0312 0x0e3c  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] C:\WINDOWS\system32\cryptsvc.dll
16:28:53.0312 0x0e3c  C:\WINDOWS\system32\cryptsvc.dll - ok
16:28:53.0312 0x0e3c  [ C6682AC4A7B38CB6721D6C49ABCB1765, DA5E64DD3AA62CDB9C07C59747C53DBD5AA3AC0C284B9A5E12A1CA595065776B ] C:\Program Files\Dodo Mobile\BackgroundService\ServiceManager.exe
16:28:53.0312 0x0e3c  C:\Program Files\Dodo Mobile\BackgroundService\ServiceManager.exe - ok
16:28:53.0328 0x0e3c  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] C:\WINDOWS\system32\ersvc.dll
16:28:53.0328 0x0e3c  C:\WINDOWS\system32\ersvc.dll - ok
16:28:53.0328 0x0e3c  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] C:\WINDOWS\system32\es.dll
16:28:53.0328 0x0e3c  C:\WINDOWS\system32\es.dll - ok
16:28:53.0343 0x0e3c  [ 6309670BF9BF87C05F2C68DE2B73BA9E, 786EC473DE07C5D5E2D8CEB1F814CC365B76B64102C3FFDCBDFC3465728CA73A ] C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
16:28:53.0343 0x0e3c  C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe - ok
16:28:53.0343 0x0e3c  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] C:\WINDOWS\system32\hidserv.dll
16:28:53.0343 0x0e3c  C:\WINDOWS\system32\hidserv.dll - ok
16:28:53.0359 0x0e3c  [ F385F4B02C535BFFE1D70CAB80838123, A1695E161673BCB77CE150C2D98A07FCB454C53F10EEBECD754D2CC40DEAA1E0 ] C:\WINDOWS\system32\srvsvc.dll
16:28:53.0359 0x0e3c  C:\WINDOWS\system32\srvsvc.dll - ok
16:28:53.0359 0x0e3c  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
16:28:53.0359 0x0e3c  C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
16:28:53.0375 0x0e3c  [ 20FD44370267CCD0A64A1B31861C21D2, D98194A17D1C63434EC6449742C10033F1B94D80826B20464519B1DD4DE1DB5F ] C:\WINDOWS\system32\netmsg.dll
16:28:53.0375 0x0e3c  C:\WINDOWS\system32\netmsg.dll - ok
16:28:53.0375 0x0e3c  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] C:\WINDOWS\system32\drivers\srv.sys
16:28:53.0375 0x0e3c  C:\WINDOWS\system32\drivers\srv.sys - ok
16:28:53.0390 0x0e3c  [ C14AA05881A35B6D6BB8D55B117EE22D, F30873FA983CE21734BE1A357CDF855EF33511990C14B454EBAA3D6059CD823D ] C:\WINDOWS\system32\shfolder.dll
16:28:53.0390 0x0e3c  C:\WINDOWS\system32\shfolder.dll - ok
16:28:53.0390 0x0e3c  [ 134E28413C736D1FB1A64566B2D9F84B, 06DB9C93EE7D94F207217C9835DE1A95BE4332CBA8CF95001C3DCA8FE88E94A6 ] C:\PROGRA~1\COMMON~1\McAfee\MSC\mcutil\8_0_15~1\mcutil.dll
16:28:53.0390 0x0e3c  C:\PROGRA~1\COMMON~1\McAfee\MSC\mcutil\8_0_15~1\mcutil.dll - ok
16:28:53.0406 0x0e3c  [ CAB349949B698CDA5EC6E3F03B8F1D38, 7C22DF2EB422DF29CE50EF27F0C76302C44316A56F4921772D7791E7C2AC7D76 ] C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
16:28:53.0406 0x0e3c  C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe - ok
16:28:53.0406 0x0e3c  [ CF5C2CBCCC496B9157A7C56DA71EA6BB, 1D9F6733E2BF8C9AB2278CE25D09985C6FE3024049FC03D88CEBE48FB11A22C4 ] C:\PROGRA~1\McAfee\MSC\mcres.dll
16:28:53.0406 0x0e3c  C:\PROGRA~1\McAfee\MSC\mcres.dll - ok
16:28:53.0421 0x0e3c  [ DE03A659287685A64C4B98F9EED3F39E, 8F56DE4F9D175E507A8D679E3926797D6479FFAB25EA605C42F8AA690AF14EC3 ] C:\PROGRA~1\McAfee\MSC\mclocres.dll
16:28:53.0421 0x0e3c  C:\PROGRA~1\McAfee\MSC\mclocres.dll - ok
16:28:53.0421 0x0e3c  [ EF41DB2BEE0DCC99E7BA7E33FAE301CE, D582B3D1901CC21406BEE8D42C80FB62610DDA1DCB01A62D0A8E8D73BBBDCC7D ] C:\Program Files\McAfee\MSC\oem\532-2\mccobres.dll
16:28:53.0421 0x0e3c  C:\Program Files\McAfee\MSC\oem\532-2\mccobres.dll - ok
16:28:53.0437 0x0e3c  [ B8C3C776D03D76F2002552CCE1EBEE3C, 5830A0ADA2EF47091DF5042CB2A81A8BE7A1BB8696182775EAFFC8E2B4658CAF ] C:\PROGRA~1\McAfee\MSC\mccobres.dll
16:28:53.0437 0x0e3c  C:\PROGRA~1\McAfee\MSC\mccobres.dll - ok
16:28:53.0453 0x0e3c  [ 6CC063B45BA29EEBF757355ED16D8E14, 386E0EB3CFE3375567531D7FD139B5174E729D464E79E3874FCA0FC3648B0504 ] C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll
16:28:53.0453 0x0e3c  C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll - ok
16:28:53.0453 0x0e3c  [ D9E2D4F58DF0AEE4A090D37463D84AFA, 4EC585F2EA35E590526E84C7395FC12EF569C45A726EA5C5D92054EF0D652963 ] C:\WINDOWS\system32\bt2k_ins.dll
16:28:53.0453 0x0e3c  C:\WINDOWS\system32\bt2k_ins.dll - ok
16:28:53.0468 0x0e3c  [ 755248C1852325B1ADB34E304802454D, 375463ED54125750A5B9D79969CCEB506E711093EBE4E9AEA27255DA549159F0 ] C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
16:28:53.0468 0x0e3c  C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe - ok
16:28:53.0468 0x0e3c  [ 256EE6ADA258062BAAD28263BBC34BCA, 25186F3F3A12FDDC8A36A3FFC14C29EE1CCBAC53AF19AA5596EA2A853D8F12C9 ] C:\PROGRA~1\McAfee\MSC\McNmcSrv.dll
16:28:53.0468 0x0e3c  C:\PROGRA~1\McAfee\MSC\McNmcSrv.dll - ok
16:28:53.0484 0x0e3c  [ 33734ABFA52EC8D096A1254D645E9B4F, 7C28D9E3370E41FF7A3F0BD29CB0A587BE57121A1F02EC6C8C8AE0151944BAF6 ] C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
16:28:53.0484 0x0e3c  C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe - ok
16:28:53.0484 0x0e3c  [ E4E16F8BF35413211DFF5E955C220874, DC79A270EEB660DA3B878653A454DD23A8D24F534159FDC08DB6CB1B763E29D6 ] C:\PROGRA~1\McAfee\VIRUSS~1\EscnPlug.dll
16:28:53.0484 0x0e3c  C:\PROGRA~1\McAfee\VIRUSS~1\EscnPlug.dll - ok
16:28:53.0500 0x0e3c  [ 0906307AB33EA67610C5F8EC588FD34F, F100ADEC3988DDC5174292291EC19772C7654073AF5798204A14DB3B45B959ED ] C:\PROGRA~1\McAfee\VIRUSS~1\lockdown.dll
16:28:53.0500 0x0e3c  C:\PROGRA~1\McAfee\VIRUSS~1\lockdown.dll - ok
16:28:53.0500 0x0e3c  [ C3200506FB212A0F4FB736A80E646C40, 19D041704CB052BD52BD0DFD70E66E7A55EDEE56888DEEF56A9739476AF91944 ] C:\WINDOWS\system32\lz32.dll
16:28:53.0500 0x0e3c  C:\WINDOWS\system32\lz32.dll - ok
16:28:53.0515 0x0e3c  [ 77739EAB2C2595DC4F4D5EFEDFA47945, 7CF4294D5E93E872648FF9131D6E00F4B0DEE65F9184106FC02EDF6C158ACF24 ] C:\PROGRA~1\McAfee\VIRUSS~1\mytilus3.dll
16:28:53.0515 0x0e3c  C:\PROGRA~1\McAfee\VIRUSS~1\mytilus3.dll - ok
16:28:53.0515 0x0e3c  [ A03ECC2416C792241B66B93725B5EB15, 58B48FB98D3FF77F235CB97B3F654A9D99C71B73A75BA3717DC7995DE8F1625F ] C:\PROGRA~1\McAfee\VIRUSS~1\mytilus3_worker.dll
16:28:53.0515 0x0e3c  C:\PROGRA~1\McAfee\VIRUSS~1\mytilus3_worker.dll - ok
16:28:53.0531 0x0e3c  [ 546DF14A1661D8C80354C992767A26A8, 6CF9575F5075D62EFDBE028341B2541EB84295BD06E4C7A2B67740FF988861E2 ] C:\PROGRA~1\McAfee\VIRUSS~1\mytilus3_server.dll
16:28:53.0531 0x0e3c  C:\PROGRA~1\McAfee\VIRUSS~1\mytilus3_server.dll - ok
16:28:53.0531 0x0e3c  [ 19E0FBD24CB1A016E035BC1A526AA1ED, D856101BA2EF04F8E068747701DA67A9F3BA53AE186F5B88E11F22EEB5BA7CAB ] C:\PROGRA~1\COMMON~1\McAfee\Core\mccoreps.dll
16:28:53.0531 0x0e3c  C:\PROGRA~1\COMMON~1\McAfee\Core\mccoreps.dll - ok
16:28:53.0546 0x0e3c  [ 1E648639BD89045A9DF767276AC9731B, 7D0775EC17F07194891EBAC9C2322CD990E2B7B8B3C98172BD5FCE3E725CBB5E ] C:\PROGRA~1\McAfee\VIRUSS~1\Res00\McShield.dll
16:28:53.0546 0x0e3c  C:\PROGRA~1\McAfee\VIRUSS~1\Res00\McShield.dll - ok
16:28:53.0546 0x0e3c  [ DF88AF2C0AEB0376F46DA58566A69C93, 03F10A9C31FF24605DA9CF5B0B42869DD1C426F7DCF6E127FB29D5C80E78D7F3 ] C:\PROGRA~1\McAfee\MSC\mcshllps.dll
16:28:53.0546 0x0e3c  C:\PROGRA~1\McAfee\MSC\mcshllps.dll - ok
16:28:53.0562 0x0e3c  [ B13E341E5BC49059BF0B45020CEC5E02, 2F82EF2ABFB6219C665996F50E6B441E75DF189A6DE6E1A0FE9B5B8FDF489109 ] C:\PROGRA~1\McAfee\VIRUSS~1\esplgres.dll
16:28:53.0562 0x0e3c  C:\PROGRA~1\McAfee\VIRUSS~1\esplgres.dll - ok
16:28:53.0562 0x0e3c  [ 92A7081C5AE5471FE3337AA9083A6D78, 8F0C1284F586AF59DE6B14B6D0A4B1BD77A2EDC90C4BA366D7E86066BE861F05 ] C:\PROGRA~1\McAfee\VIRUSS~1\mvscfg.dll
16:28:53.0562 0x0e3c  C:\PROGRA~1\McAfee\VIRUSS~1\mvscfg.dll - ok
16:28:53.0578 0x0e3c  [ CCF0D793988E55D306B38A9EFE0B11DF, 456CA90D47110210C4D1DAD83DB15D854FE205AA492DF451B39E4F6A2B3DEB09 ] C:\PROGRA~1\McAfee\VIRUSS~1\ftl.dll
16:28:53.0578 0x0e3c  C:\PROGRA~1\McAfee\VIRUSS~1\ftl.dll - ok
16:28:53.0578 0x0e3c  [ 346F30F1FF73553AA466F4AE7948DA00, 7CE6A4A733F04A70050C12E4A13CF15A6C04773DA69199316B28765FFB3E201C ] C:\Program Files\McAfee\MPF\MpfSrv.exe
16:28:53.0578 0x0e3c  C:\Program Files\McAfee\MPF\MpfSrv.exe - ok
16:28:53.0593 0x0e3c  [ 680B56A8B62D1BCF4A0B2AAAD03D88E4, C095D8A3A1CEAD1D78B0EE17B982718CDF4B3FE1F86D9D273875B8C1893C981B ] C:\WINDOWS\system32\wdmaud.drv
16:28:53.0593 0x0e3c  C:\WINDOWS\system32\wdmaud.drv - ok
16:28:53.0593 0x0e3c  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] C:\WINDOWS\system32\drivers\wdmaud.sys
16:28:53.0593 0x0e3c  C:\WINDOWS\system32\drivers\wdmaud.sys - ok
16:28:53.0609 0x0e3c  [ B80F1D88C0FFA1302D0CEB8F6D1C4954, B0916CF994EC205A44F95D42B39FE0995828854BCFD35C398583325E90704AC3 ] C:\PROGRA~1\McAfee\MSC\mcsubmgr\8_0_22~1\mcsubmgr.dll
16:28:53.0609 0x0e3c  C:\PROGRA~1\McAfee\MSC\mcsubmgr\8_0_22~1\mcsubmgr.dll - ok
16:28:53.0609 0x0e3c  [ B84BD0E69DCACF4FC772B2E6AF1E0204, AA62C5ABF9642AF825B0FACDE6EBCE3C87247309B181D7F542002A4512790566 ] C:\PROGRA~1\McAfee\VIRUSS~1\naiann.dll
16:28:53.0609 0x0e3c  C:\PROGRA~1\McAfee\VIRUSS~1\naiann.dll - ok
16:28:53.0625 0x0e3c  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] C:\WINDOWS\system32\drivers\sysaudio.sys
16:28:53.0625 0x0e3c  C:\WINDOWS\system32\drivers\sysaudio.sys - ok
16:28:53.0625 0x0e3c  [ 82202254AD1D2F65C8B58F112ACCBE0D, 914B8EE8E2CFC1268A7809C28499781E09E4AE33D00D14BF838211EC55F6205A ] C:\PROGRA~1\McAfee\VIRUSS~1\mcvsps.dll
16:28:53.0625 0x0e3c  C:\PROGRA~1\McAfee\VIRUSS~1\mcvsps.dll - ok
16:28:53.0640 0x0e3c  [ FE2571A8C9FFAB1D45502D6B0BF472AA, 1442FC0180B555BC4F9B97B9A0D7674F75E67A6F61B87A6D690A20AE7D1EF360 ] C:\WINDOWS\system32\xp_eos.exe
16:28:53.0640 0x0e3c  C:\WINDOWS\system32\xp_eos.exe - ok
16:28:53.0640 0x0e3c  [ 332760FBA1655FCFD35BD6F4FD871300, 6C539FD14B9CF9423E305EAF60CB5C12CA0F7AEF571FB09BAF64E83F108B7F2D ] C:\WINDOWS\system32\ipsecsvc.dll
16:28:53.0640 0x0e3c  C:\WINDOWS\system32\ipsecsvc.dll - ok
16:28:53.0656 0x0e3c  [ 0255E9CEA240A664F403DA759FD50954, 713715F4EEA1EF45A21E07C6DE7CE8AF8142293F86F6ACBEFECAB7AC89685C38 ] C:\PROGRA~1\McAfee\VIRUSS~1\naiannps.dll
16:28:53.0656 0x0e3c  C:\PROGRA~1\McAfee\VIRUSS~1\naiannps.dll - ok
16:28:53.0671 0x0e3c  [ 584C4DA856450CB22EBBE7A68CC6250F, 56030767CFD2DAFDAE8CC767DC1EED39DD2E6E42152BFAE7904C2C8826B2C3E2 ] C:\WINDOWS\system32\oakley.dll
16:28:53.0671 0x0e3c  C:\WINDOWS\system32\oakley.dll - ok
16:28:53.0671 0x0e3c  [ B1C20CF045A559FF8B622893D05067B5, 934027EF63A54F4E96BBA14024032F8B1FAE1DF70FD35C4F51E54E1705125ED6 ] C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
16:28:53.0671 0x0e3c  C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe - ok
16:28:53.0687 0x0e3c  [ 853D0D0C6F02D7BFDF1CF99DD7553732, AC761B4CA518B787CB2C18101606E5F64245049D140C72B6B1112556DEC86B2E ] C:\WINDOWS\system32\pstorsvc.dll
16:28:53.0687 0x0e3c  C:\WINDOWS\system32\pstorsvc.dll - ok
16:28:53.0687 0x0e3c  [ 248712EA6BA17B9FF0C542A3828375DD, 03EFDE351860C4C49F42D6129C6A6F2B3FC859C20F14FE0652F9C4FBD81244B4 ] C:\WINDOWS\system32\winipsec.dll
16:28:53.0687 0x0e3c  C:\WINDOWS\system32\winipsec.dll - ok
16:28:53.0703 0x0e3c  [ 22D89D84E8E081CDA529DBF8C0255A38, 26863A2D27BE257D99EF28A612FC1B514558B27002EF10B0F682BC15C6D1CD74 ] C:\WINDOWS\system32\psbase.dll
16:28:53.0703 0x0e3c  C:\WINDOWS\system32\psbase.dll - ok
16:28:53.0703 0x0e3c  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] C:\WINDOWS\system32\drivers\splitter.sys
16:28:53.0703 0x0e3c  C:\WINDOWS\system32\drivers\splitter.sys - ok
16:28:53.0718 0x0e3c  [ A44FAD36D97FB5FF5B57CCEB581EB29F, D9A443434AFFFA5C97B8A7846C359AF1AE2ACC8992031B000254ACADA5B95A1C ] C:\Program Files\Samsung\Samsung Network Manager\SNMWLANService.exe
16:28:53.0718 0x0e3c  C:\Program Files\Samsung\Samsung Network Manager\SNMWLANService.exe - ok
16:28:53.0718 0x0e3c  [ 28223D573C66522CF9F9DCE551747E06, DD55CC461F3889B12BC84F4C5B73BDC71FCAB784CF72B5E05CA26A87285830A0 ] C:\PROGRA~1\COMMON~1\McAfee\Core\McEvtBrk.dll
16:28:53.0718 0x0e3c  C:\PROGRA~1\COMMON~1\McAfee\Core\McEvtBrk.dll - ok
16:28:53.0734 0x0e3c  [ D07F2BA1451AE4F97985A2870F682A8E, 37FA43C979AF62EA1E1668C320C8F9F2345C5F19C1538227ADA58DA2B6B08994 ] C:\PROGRA~1\COMMON~1\McAfee\HACKER~1\HWAPI.dll
16:28:53.0734 0x0e3c  C:\PROGRA~1\COMMON~1\McAfee\HACKER~1\HWAPI.dll - ok
16:28:53.0734 0x0e3c  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] C:\WINDOWS\system32\seclogon.dll
16:28:53.0734 0x0e3c  C:\WINDOWS\system32\seclogon.dll - ok
16:28:53.0750 0x0e3c  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] C:\WINDOWS\system32\drivers\aec.sys
16:28:53.0750 0x0e3c  C:\WINDOWS\system32\drivers\aec.sys - ok
16:28:53.0750 0x0e3c  [ FEDE68BF80052BAD393AFD5C2E60DCB0, 6A40D89524317C554C5C33A35FB659147A3118F4C646AB36653A19A8811627CB ] C:\WINDOWS\system32\dssenh.dll
16:28:53.0750 0x0e3c  C:\WINDOWS\system32\dssenh.dll - ok
16:28:53.0765 0x0e3c  [ BC41C0D3144FFBEBAE2881B8EEB478E9, 52106B7794C774A9936D8CA41B1A6863E0F8AE799B2D2CC8258F367D2A63878C ] C:\Program Files\Samsung\Samsung Network Manager\SNMCoreDll.dll
16:28:53.0765 0x0e3c  C:\Program Files\Samsung\Samsung Network Manager\SNMCoreDll.dll - ok
16:28:53.0765 0x0e3c  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] C:\WINDOWS\system32\sens.dll
16:28:53.0765 0x0e3c  C:\WINDOWS\system32\sens.dll - ok
16:28:53.0781 0x0e3c  [ 684559A03CBC1D05BA120A18B0D8BA5D, 7425F27C8EF8CEF26B071D7FD5FED538C74EF524AEF73E427B1781F3A3C16C42 ] C:\WINDOWS\system32\winhttp.dll
16:28:53.0781 0x0e3c  C:\WINDOWS\system32\winhttp.dll - ok
16:28:53.0781 0x0e3c  [ 912B67BB8249925A5C972FC5839EAE09, 11F9F26C2D5EADD683F9FA4FDC8C25A1FB7EE9D6E3F4419C9DAB8C4E434F1857 ] C:\WINDOWS\system32\actxprxy.dll
16:28:53.0781 0x0e3c  C:\WINDOWS\system32\actxprxy.dll - ok
16:28:53.0796 0x0e3c  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] C:\WINDOWS\system32\drivers\swmidi.sys
16:28:53.0796 0x0e3c  C:\WINDOWS\system32\drivers\swmidi.sys - ok
16:28:53.0796 0x0e3c  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] C:\WINDOWS\system32\srsvc.dll
16:28:53.0796 0x0e3c  C:\WINDOWS\system32\srsvc.dll - ok
16:28:53.0812 0x0e3c  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] C:\WINDOWS\system32\drivers\DMusic.sys
16:28:53.0812 0x0e3c  C:\WINDOWS\system32\drivers\DMusic.sys - ok
16:28:53.0812 0x0e3c  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] C:\WINDOWS\system32\drivers\kmixer.sys
16:28:53.0812 0x0e3c  C:\WINDOWS\system32\drivers\kmixer.sys - ok
16:28:53.0828 0x0e3c  [ 6D778E0F95447E6546553EEEA709D03C, 62ABED7D45040381BBCED97EA7B6C697B418448FD3322FD4BFB2BBFDB6155EB4 ] C:\WINDOWS\system32\cmd.exe
16:28:53.0828 0x0e3c  C:\WINDOWS\system32\cmd.exe - ok
16:28:53.0828 0x0e3c  [ 835E11BD5DF2E91F1E241D0EEB5C6E89, A512330B532C1802A14A78003133B959B4BF48E9B004A9D7BB98C28958B762AF ] C:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll
16:28:53.0828 0x0e3c  C:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll - ok
16:28:53.0843 0x0e3c  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] C:\WINDOWS\system32\drivers\drmkaud.sys
16:28:53.0843 0x0e3c  C:\WINDOWS\system32\drivers\drmkaud.sys - ok
16:28:53.0843 0x0e3c  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] C:\WINDOWS\system32\wiaservc.dll
16:28:53.0843 0x0e3c  C:\WINDOWS\system32\wiaservc.dll - ok
16:28:53.0859 0x0e3c  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] C:\WINDOWS\system32\trkwks.dll
16:28:53.0859 0x0e3c  C:\WINDOWS\system32\trkwks.dll - ok
16:28:53.0859 0x0e3c  [ 5F0CE62E0831CF972EC6949FD3E37DA7, DFDD251D3FC6CDBD971F52EF0AECEC0344B57214615AA486AA9234D30A40AF60 ] C:\WINDOWS\system32\cfgmgr32.dll
16:28:53.0859 0x0e3c  C:\WINDOWS\system32\cfgmgr32.dll - ok
16:28:53.0875 0x0e3c  [ 4AC2FA4A6F0DF2511BAC13393C06EFF1, 502B9D43EB6305508E8CDF034528C3F1DDF4525727C1B7663EA835BE2307FF20 ] C:\WINDOWS\system32\mscms.dll
16:28:53.0875 0x0e3c  C:\WINDOWS\system32\mscms.dll - ok
16:28:53.0890 0x0e3c  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] C:\WINDOWS\system32\wbem\wmisvc.dll
16:28:53.0890 0x0e3c  C:\WINDOWS\system32\wbem\wmisvc.dll - ok
16:28:53.0890 0x0e3c  [ ACACB8B14E66109B8ACD6644B5574B9A, 2373E67EB51F8045E7CD346F75B4BAD093E29CC609955BBC4C9FEF7A97A5FD86 ] C:\WINDOWS\system32\vssapi.dll
16:28:53.0890 0x0e3c  C:\WINDOWS\system32\vssapi.dll - ok
16:28:53.0906 0x0e3c  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] C:\WINDOWS\system32\wuauserv.dll
16:28:53.0906 0x0e3c  C:\WINDOWS\system32\wuauserv.dll - ok
16:28:53.0906 0x0e3c  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] C:\WINDOWS\system32\wuaueng.dll
16:28:53.0906 0x0e3c  C:\WINDOWS\system32\wuaueng.dll - ok
16:28:53.0921 0x0e3c  [ F9D3C78CFE15271D80790677C893CE45, 885425736648DF7B315E92680ED3BD058ACE97A86D388FEA80EB0C039ADF25D7 ] C:\WINDOWS\system32\cabinet.dll
16:28:53.0921 0x0e3c  C:\WINDOWS\system32\cabinet.dll - ok
16:28:53.0921 0x0e3c  [ B85E95679B5ADC12311BCD3F5385D623, 378D304CF408AE1928EF6290A5A9F2388920B55FD69382759B356B6A3FF94F3A ] C:\WINDOWS\system32\mspatcha.dll
16:28:53.0921 0x0e3c  C:\WINDOWS\system32\mspatcha.dll - ok
16:28:53.0937 0x0e3c  [ D5FA1043DA20F12373B529E3CCDAAFB0, C0879F0E1D952C5E2079EE14DD77939AA4A7C207D8E17B36146E900FF9FEBA7A ] C:\Program Files\McAfee\VirusScan\Engine\5100.194\mcscan32.dll
16:28:53.0937 0x0e3c  C:\Program Files\McAfee\VirusScan\Engine\5100.194\mcscan32.dll - ok
16:28:53.0937 0x0e3c  [ 09DEF3ABB6A196749299359AC5578DD8, 056D88D5A6E7C3D0C5EB1CB0C3EF3B03AB5E34D48E53121B674040804620A6FB ] C:\WINDOWS\system32\msxml4.dll
16:28:53.0937 0x0e3c  C:\WINDOWS\system32\msxml4.dll - ok
16:28:53.0953 0x0e3c  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] C:\WINDOWS\system32\browser.dll
16:28:53.0953 0x0e3c  C:\WINDOWS\system32\browser.dll - ok
16:28:53.0953 0x0e3c  [ C07D5197410AAB28D0D93F943F59656D, 482164BA2B57C7026A7DF3213E0AC59B752A898D9B880BC0629F9CADD05D2894 ] C:\WINDOWS\system32\6to4svc.dll
16:28:53.0953 0x0e3c  C:\WINDOWS\system32\6to4svc.dll - ok
16:28:53.0968 0x0e3c  [ 729DA5D23A9AD20A6AA353156A126420, 233B4820396EE5CE7043922FDA906C18ADB698C1B0B191343A6B0CE25A97617E ] C:\WINDOWS\system32\ieframe.dll
16:28:53.0968 0x0e3c  C:\WINDOWS\system32\ieframe.dll - ok
16:28:53.0968 0x0e3c  [ 973411647A7FE64A78A463640969EA9D, 38B9B0F4E7E49087672BFB9D368333C4CB130FBA44C3844B2A28B52D34FBF7E3 ] C:\PROGRA~1\McAfee\MPF\MC\MpfMISP.dll
16:28:53.0968 0x0e3c  C:\PROGRA~1\McAfee\MPF\MC\MpfMISP.dll - ok
16:28:53.0984 0x0e3c  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] C:\WINDOWS\system32\wscsvc.dll
16:28:53.0984 0x0e3c  C:\WINDOWS\system32\wscsvc.dll - ok
16:28:53.0984 0x0e3c  [ D3F72D50DE53F9F1F55240115AF4D42E, F8831B6B33EE2EE49615AE45A81C8434E154331BEB1E64C491E64C1348314F3C ] C:\WINDOWS\system32\msi.dll
16:28:53.0984 0x0e3c  C:\WINDOWS\system32\msi.dll - ok
16:28:54.0000 0x0e3c  [ 9A3BD5F55AADFF859539142F6328A66E, B8165F650F0E24D380601D54BC81A84C06D886A6CF995EA6CA63EABCFA75554A ] C:\WINDOWS\system32\msacm32.drv
16:28:54.0000 0x0e3c  C:\WINDOWS\system32\msacm32.drv - ok
16:28:54.0000 0x0e3c  [ 5C12660A97822F6E61576943B49AAAD6, 621BE8E009DC95A8901F701F529ED98BD8E6D62D272AE0E1FAF69889A4D5633B ] C:\WINDOWS\system32\midimap.dll
16:28:54.0000 0x0e3c  C:\WINDOWS\system32\midimap.dll - ok
16:28:54.0015 0x0e3c  [ 71987B191F2FD94CECDF29C3C599D3CB, 072B754B79998420CEB4F154D843A17A63024CD89BA0B08BC96B49EE889631A5 ] C:\PROGRA~1\McAfee\MSC\mcmispps.dll
16:28:54.0015 0x0e3c  C:\PROGRA~1\McAfee\MSC\mcmispps.dll - ok
16:28:54.0015 0x0e3c  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] C:\WINDOWS\system32\ipnathlp.dll
16:28:54.0015 0x0e3c  C:\WINDOWS\system32\ipnathlp.dll - ok
16:28:54.0031 0x0e3c  [ ED0C0DF222209E43AD9AFBF3FE87DDE0, 927329F9244DA9F0074FA0D4C101EE793AFCF433155E58714C33444C5EF35014 ] C:\WINDOWS\system32\comsvcs.dll
16:28:54.0031 0x0e3c  C:\WINDOWS\system32\comsvcs.dll - ok
16:28:54.0031 0x0e3c  [ 690D97864735E8ECD87F55777E266690, 2098D2AADEF82C3EDD82FD6182C14568CDE1EF02205ED1EA4CB19252B74BB807 ] C:\WINDOWS\system32\colbact.dll
16:28:54.0031 0x0e3c  C:\WINDOWS\system32\colbact.dll - ok
16:28:54.0046 0x0e3c  [ 36795A645EAA47FE31D2A8F136A2C69B, D681D7DFC4A2A2F10658D76A93F009BDBFC6117E245E0883C509A286DC952EAD ] C:\WINDOWS\system32\mtxclu.dll
16:28:54.0046 0x0e3c  C:\WINDOWS\system32\mtxclu.dll - ok
16:28:54.0062 0x0e3c  [ 67156D5A9AC356DC99D7BCCB388E3316, 449A140065197779C0F8588E5C53014BBF54A9C74818D5CFDCB88CC7B36F44CF ] C:\WINDOWS\system32\wsock32.dll
16:28:54.0062 0x0e3c  C:\WINDOWS\system32\wsock32.dll - ok
16:28:54.0062 0x0e3c  [ DF82E222578DBE59FCBBD69A02E4C806, 0F0CD9DC739500536F252475F84F8EF378428CAC7DD9CFCDEC676862A20A0C46 ] C:\WINDOWS\system32\clusapi.dll
16:28:54.0062 0x0e3c  C:\WINDOWS\system32\clusapi.dll - ok
16:28:54.0062 0x0e3c  [ F51EBB6FC536A6B2D588FD668D3A8249, 6C22B5FBE3F721025879447B006EC5A343D482A87E23674B5A3BB43983AB328E ] C:\WINDOWS\system32\resutils.dll
16:28:54.0062 0x0e3c  C:\WINDOWS\system32\resutils.dll - ok
16:28:54.0078 0x0e3c  [ 205ADD80FF8099B1A8101EB490B933D1, 6B4D94F1683B1D30A1BB0019E2E3E0AE1AA85561D416708198EC2BDAB649E178 ] C:\WINDOWS\system32\wbem\wbemprox.dll
16:28:54.0078 0x0e3c  C:\WINDOWS\system32\wbem\wbemprox.dll - ok
16:28:54.0078 0x0e3c  [ D95C71052E5EF63B55997FB31483D02F, 829A559050680C039CA7AFCFE3246745D465ED11722A603AA32253FD413894C3 ] C:\WINDOWS\system32\wbem\wbemcomn.dll
16:28:54.0078 0x0e3c  C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
16:28:54.0093 0x0e3c  [ 84C023061D022E0356300B3F4113694F, 606D5035BDD208EBDBBBAB31606FE8F0C207CB676164E0C88A462059C1E44946 ] C:\DOCUME~1\KEVING~1\LOCALS~1\Temp\{054B61A4-A83E-4D83-BA7F-7F54BFFF60CC}\{051B93A8-AE19-40A1-8749-BAA6FE0C5404}.exe
16:28:54.0093 0x0e3c  C:\DOCUME~1\KEVING~1\LOCALS~1\Temp\{054B61A4-A83E-4D83-BA7F-7F54BFFF60CC}\{051B93A8-AE19-40A1-8749-BAA6FE0C5404}.exe - ok
16:28:54.0109 0x0e3c  [ F0BF811622F2DD6C8E26EE4600D83731, 81CFC1118551E84F5BBD2A863419529AA32DA92E5834C71DA77D13854F6CF048 ] C:\WINDOWS\system32\wbem\wbemcore.dll
16:28:54.0109 0x0e3c  C:\WINDOWS\system32\wbem\wbemcore.dll - ok
16:28:54.0109 0x0e3c  [ E4616430709F440CF1809D88DC2366EA, C2CBC0A21A892FD8341E5A29E7164172340E07A75A5D54493036156D907AEAE7 ] C:\WINDOWS\system32\wbem\esscli.dll
16:28:54.0109 0x0e3c  C:\WINDOWS\system32\wbem\esscli.dll - ok
16:28:54.0125 0x0e3c  [ 378A0AEFB11D8B0DC8C27B9F7604B88D, D0D6863FCE412B75B9B5FC38EA923759201E7193ED40CFBAA674630E2DE56FD3 ] C:\WINDOWS\system32\wbem\fastprox.dll
16:28:54.0125 0x0e3c  C:\WINDOWS\system32\wbem\fastprox.dll - ok
16:28:54.0125 0x0e3c  [ 39DD0C97932CDFDCF006569E1A942728, 6A93C95F328E60CC1D7051941EDFCDF3488099E567A6082F649D654F8033384D ] C:\WINDOWS\system32\wiavusd.dll
16:28:54.0125 0x0e3c  C:\WINDOWS\system32\wiavusd.dll - ok
16:28:54.0140 0x0e3c  [ 29ECDA17BA5E6D98430F698587569ACC, 9C37D92CCBED1F9ED4E585F98E7FB17C6AD083712B078ABCB40476310BCDB7F8 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.23084_x-ww_f3f35550\GdiPlus.dll
16:28:54.0140 0x0e3c  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.23084_x-ww_f3f35550\GdiPlus.dll - ok
16:28:54.0140 0x0e3c  [ 3458EDA96E30FBD0477A2800D3FB1909, BDF84362E4D8A102E7FB5F352D950B84D1A8E1E7928521B68E7671D4176803C5 ] C:\WINDOWS\system32\wups.dll
16:28:54.0140 0x0e3c  C:\WINDOWS\system32\wups.dll - ok
16:28:54.0156 0x0e3c  [ BDC0C99E472176C8C2C853A68ADC5073, 9A0A0CEE321C9BAF5545D6CB0BE3E725228B694F331FFACCEB770350AAF2C8C3 ] C:\WINDOWS\system32\wups2.dll
16:28:54.0156 0x0e3c  C:\WINDOWS\system32\wups2.dll - ok
16:28:54.0156 0x0e3c  [ 010472D0AE758227C6F6E6933549C219, 4082365231756E2889BD9A19EEFA27665B9902F8C8BC376C70DC3AA80AEA541B ] C:\WINDOWS\system32\wbem\wbemsvc.dll
16:28:54.0156 0x0e3c  C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
16:28:54.0171 0x0e3c  [ 3273D1565BF30225C115B480A3BB2C9D, DF802F845EFEE506A0D3CA1EA9AEE1EDE73BCC02F2B64EDFACE0BBEFCF965455 ] C:\WINDOWS\system32\wbem\wmiutils.dll
16:28:54.0171 0x0e3c  C:\WINDOWS\system32\wbem\wmiutils.dll - ok
16:28:54.0171 0x0e3c  [ 942A17D2901A31EA68627CBFFCD268CC, C75E1C03929E16EDDBACFC37BD6C40E941F9D99E3E40ED3A07238343342685BD ] C:\WINDOWS\system32\wbem\repdrvfs.dll
16:28:54.0171 0x0e3c  C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
16:28:54.0187 0x0e3c  [ A70A2D85AD143D6BB823C246CEB699A5, D8ED98DC2964A2DAF448893718E6381FBABAB53DD7497266851E0F4221F1B01F ] C:\WINDOWS\system32\ntshrui.dll
16:28:54.0187 0x0e3c  C:\WINDOWS\system32\ntshrui.dll - ok
16:28:54.0187 0x0e3c  [ 071143F687B4F887E21461CA6CC7EB29, 92C849517F985F19926E6425CD99E21029E1CA14FC92C9E40091DC79D4A723F2 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
16:28:54.0187 0x0e3c  C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
16:28:54.0203 0x0e3c  [ 91790D6749EBED90E2C40479C0A91879, 3C267950F13CCE412474C5228FC0E3D8D7F912E82464BD2CE6312A0326F84A80 ] C:\WINDOWS\system32\verclsid.exe
16:28:54.0203 0x0e3c  C:\WINDOWS\system32\verclsid.exe - ok
16:28:54.0203 0x0e3c  [ 26D881D27CBE51D3614E68D7313EA026, BC84CFD5F382F6D844815065118793950E922B8FB52944E337DAA62874C103A3 ] C:\WINDOWS\system32\wbem\wbemess.dll
16:28:54.0203 0x0e3c  C:\WINDOWS\system32\wbem\wbemess.dll - ok
16:28:54.0218 0x0e3c  [ B9348D55BEAE639F5BF2531A58B81DA8, 34922A26CB17720CA62D948980C29E005875747A616129738180E088CAB57CEA ] C:\PROGRA~1\McAfee\MSC\mcoemmgr.exe
16:28:54.0218 0x0e3c  C:\PROGRA~1\McAfee\MSC\mcoemmgr.exe - ok
16:28:54.0218 0x0e3c  [ 2E0B0A051FFAA86E358465BB0880D453, 493CF6150DE95B269727631D50FE21405A41E449C4FF43E94F93D27559EA5624 ] C:\WINDOWS\system32\wuauclt.exe
16:28:54.0218 0x0e3c  C:\WINDOWS\system32\wuauclt.exe - ok
16:28:54.0234 0x0e3c  [ 9405B452064BFA6A0F78E2F177A988A4, 9442854C9810F12134C834F5A4300B34B05717F3E9130C54BB720D976EA6E968 ] C:\Program Files\McAfee.com\Agent\mcagent.exe
16:28:54.0234 0x0e3c  C:\Program Files\McAfee.com\Agent\mcagent.exe - ok
16:28:54.0234 0x0e3c  [ FFC7A8AA516B0D2A27DADF146EB538CC, A2CF156BEB5588457271928BA71466F979CB40FED7739521F20EF3FF3DA23F0D ] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
16:28:54.0234 0x0e3c  C:\Program Files\Java\jre1.5.0\bin\jusched.exe - ok
16:28:54.0250 0x0e3c  [ B376AF03DEFF319984E58ADB84D78FE7, 2BBB0169821986FDEEFE1C59638CD41AE76180D10CD2D97680FE404B4F9A909F ] C:\WINDOWS\RTHDCPL.EXE
16:28:54.0250 0x0e3c  C:\WINDOWS\RTHDCPL.EXE - ok
16:28:54.0265 0x0e3c  [ EA31039E691C6F8F5469649526EEA5FB, 921910627814F3F237F59BBF5C97D383CF954DFF885F3A60475B9F76CD55461F ] C:\WINDOWS\ALCMTR.EXE
16:28:54.0265 0x0e3c  C:\WINDOWS\ALCMTR.EXE - ok
16:28:54.0265 0x0e3c  [ 4D83ED8BDDEC431FC8AD907B47CFB6E3, 4687B8DD40CA9B83AA5CE1268F62476EBA886C10CC8B7B5AB716E4C56AF1EEAF ] C:\WINDOWS\system32\dsound.dll
16:28:54.0265 0x0e3c  C:\WINDOWS\system32\dsound.dll - ok
16:28:54.0281 0x0e3c  [ 57B463FB782C46D30E680ACF8983CFD3, 5FEA865FE4F0A2DB3EFB348795071DC2ADB0B8E11FB973C2B8AB78FA5D2EC87E ] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
16:28:54.0281 0x0e3c  C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe - ok
16:28:54.0281 0x0e3c  [ 9F6B6D0BE4F77F8693E9FD15D81C8A01, 0AC84C233B937372A6EB88CF2186BF8A1884B634660BBF790E9A752A942BFDDC ] C:\WINDOWS\system32\igfxtray.exe
16:28:54.0281 0x0e3c  C:\WINDOWS\system32\igfxtray.exe - ok
16:28:54.0296 0x0e3c  [ 1A617835452EEE5060976C9B9F5FE635, DCCAAB049681BE876B73F0880EA32196CDA7EC954D452768A48D366096C5BD53 ] C:\WINDOWS\system32\wuapi.dll
16:28:54.0296 0x0e3c  C:\WINDOWS\system32\wuapi.dll - ok
16:28:54.0296 0x0e3c  [ 9CCA783AC94DED99F23985142D5F3991, 8484DFC3A6010A847D09BF8D396AF0FB7C48687EE5744E8E4B3D24DAF6E9E881 ] C:\WINDOWS\system32\hccutils.dll
16:28:54.0296 0x0e3c  C:\WINDOWS\system32\hccutils.dll - ok
16:28:54.0312 0x0e3c  [ 4C53C44E7C20E65445037954DC3A6BA4, F621F9EAA005244CC945FAF87DC0C783FD168B94D40E8E95A07CA86769B778F5 ] C:\WINDOWS\system32\hkcmd.exe
16:28:54.0312 0x0e3c  C:\WINDOWS\system32\hkcmd.exe - ok
16:28:54.0312 0x0e3c  [ D8F3B455D3FA4B40C9BF544F55647C19, 92B1D7794F19C448CA802D3A4CB9CD171541CDEA35968F015D8BE0344747A89C ] C:\WINDOWS\system32\igfxpers.exe
16:28:54.0312 0x0e3c  C:\WINDOWS\system32\igfxpers.exe - ok
16:28:54.0328 0x0e3c  [ FFD1C110E23B515EE0EFE15D9993EC45, B7F4A1A1A85777B144E0DB267A974B18F0D5F919BD33D0FB98C62B57BABE5A7F ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
16:28:54.0328 0x0e3c  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - ok
16:28:54.0328 0x0e3c  [ 8B9145D229D4E89D15ACB820D4A3A90F, F3831D9AE752B6AFBD3380E0BC849E4B051D6E06A88C1F61293A6DE4F66794E1 ] C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
16:28:54.0328 0x0e3c  C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe - ok
16:28:54.0343 0x0e3c  [ BD6A56DD05AF6B77288BC7A03B492E7D, 8FDA63799209D86F5DCFB9C9EC378DE504E19596432719BB2104B5EEF13DA0F5 ] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
16:28:54.0343 0x0e3c  C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe - ok
16:28:54.0343 0x0e3c  [ 4C3D13615705ABE391917F3B773A2E4E, BCBAB25789395166F2D059FEA68A0EE790AD348DEAD405814B9261E6849DA555 ] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
16:28:54.0343 0x0e3c  C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe - ok
16:28:54.0359 0x0e3c  [ 0B467F470CC9918FDCEEDCFD7DC4D697, 87C8BCC4DFF318FC393A8C0FB0B82CCC9DA83EC0F5811CF303F3AC265A575578 ] C:\WINDOWS\system32\oledlg.dll
16:28:54.0359 0x0e3c  C:\WINDOWS\system32\oledlg.dll - ok
16:28:54.0359 0x0e3c  [ F33A2734000FC6D3DBAE2E1337E2BB1F, 01455B24A2A82746DDBCB840FACED2C46C870211EB9A2694B1D01047991DAB15 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
16:28:54.0359 0x0e3c  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll - ok
16:28:54.0375 0x0e3c  [ 30D0552CFA5B80FD6B907DFB9957E68A, 977EDA216983F4E9B33041B78FFAB010024118DCF4BCDB401FEAFB2FE38FAD73 ] C:\Program Files\Samsung\MagicKBD\PreMKbd.exe
16:28:54.0375 0x0e3c  C:\Program Files\Samsung\MagicKBD\PreMKbd.exe - ok
16:28:54.0375 0x0e3c  [ D26451B540720A7313A9BCBE794DAF62, 255B3594876F9D9222760A53D1119E73D3BA4E4766C9DFAD63DCB180C5F33846 ] C:\WINDOWS\system32\wbem\ncprov.dll
16:28:54.0375 0x0e3c  C:\WINDOWS\system32\wbem\ncprov.dll - ok
16:28:54.0390 0x0e3c  [ F56197D5CBDCC6A87C242DC8B8EEEE34, 0B142C68557DE36846D8BE2B40520A54E5264DE23B88C2A056EB52E25FE4CED0 ] C:\WINDOWS\system32\igfxsrvc.exe
16:28:54.0390 0x0e3c  C:\WINDOWS\system32\igfxsrvc.exe - ok
16:28:54.0390 0x0e3c  [ 5652F6CE1D9E9D8068B9D29BC21B5409, 807A8B8FD8CCFC04409E1D64947FE35F847F194FF6FC09CCCF66F274F2A994C6 ] C:\WINDOWS\system32\olepro32.dll
16:28:54.0390 0x0e3c  C:\WINDOWS\system32\olepro32.dll - ok
16:28:54.0406 0x0e3c  [ 37A62C6092AADD2EFDE0468DD8818E99, 2D01A2EEE0BE81B3252E1A3EAD21D3D91EA6DE826A1783B14948A0E0B475BAB1 ] C:\WINDOWS\system32\netcfgx.dll
16:28:54.0406 0x0e3c  C:\WINDOWS\system32\netcfgx.dll - ok
16:28:54.0406 0x0e3c  [ E8B7A11BBB7E1E47B58BA5BC69D73556, 93B9AEA6D6E781CF5E56F8212254BDC673B4A0551F5DAB65B5ABA0AB53CD4A3A ] C:\PROGRA~1\McAfee\MSC\mcregobj\8_0_22~1\mcregobj.dll
16:28:54.0406 0x0e3c  C:\PROGRA~1\McAfee\MSC\mcregobj\8_0_22~1\mcregobj.dll - ok
16:28:54.0421 0x0e3c  [ 6743F2972F662F3A67A5136FA09A7C89, 65F0FC71B88A488E5506E928C78A6CAB764F1349EE71F61D86BF7C30AB22F9A1 ] C:\Program Files\Dodo Mobile\BackgroundService\ModemListener.exe
16:28:54.0421 0x0e3c  C:\Program Files\Dodo Mobile\BackgroundService\ModemListener.exe - ok
16:28:54.0421 0x0e3c  [ 76848CB1AA5818DB47D5F5986E0A7485, 03BAB6981C6F447E41B78A96187FA619E4755C2101FF1A0B2ABF111BE53D9F92 ] C:\WINDOWS\system32\mfc42.dll
16:28:54.0421 0x0e3c  C:\WINDOWS\system32\mfc42.dll - ok
16:28:54.0437 0x0e3c  [ 055309C927DEF2F09305ED0F3065CF66, ED92413E6D719B61208C4E0E598D64D989D220D0902F3E2A4A54972FD2595057 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
16:28:54.0437 0x0e3c  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll - ok
16:28:54.0437 0x0e3c  [ 79E3A8C328E7E569C32B0998377D9742, F5854956E452AD663004679BBDF8B006695B69C8962534CD243193F04F294DF3 ] C:\WINDOWS\system32\spoolss.dll
16:28:54.0453 0x0e3c  C:\WINDOWS\system32\spoolss.dll - ok
16:28:54.0453 0x0e3c  [ A9663DBF7D74E68C306330B35B611E06, CC5EBAC471A5A9A8CAAAF56E9C1E90DF771C1011F1476005A3C8667D8406A22F ] C:\Program Files\Samsung\Samsung Battery Manager\SABI2.dll
16:28:54.0453 0x0e3c  C:\Program Files\Samsung\Samsung Battery Manager\SABI2.dll - ok
16:28:54.0468 0x0e3c  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
16:28:54.0468 0x0e3c  C:\WINDOWS\system32\ctfmon.exe - ok
16:28:54.0468 0x0e3c  [ CC8915DB4E33E8FB29CA0D2DBF75306E, 6319C0580FFDA989A2726814667C330F6A5C864D34B8C87645DD5A98E7A2C7FB ] C:\WINDOWS\system32\webcheck.dll
16:28:54.0468 0x0e3c  C:\WINDOWS\system32\webcheck.dll - ok
16:28:54.0484 0x0e3c  [ B714735C12A70171DE28657948FD91F1, DF7BF2D1BEBB016A8CB739EEE2670CF9F44A5CC2319A532E5C3DE0F5AA3AA144 ] C:\WINDOWS\system32\mlang.dll
16:28:54.0484 0x0e3c  C:\WINDOWS\system32\mlang.dll - ok
16:28:54.0484 0x0e3c  [ E4FECE18310E23B1D8FEE993E35E7A6F, 02BDDE38E4C6BD795A092D496B8D6060CDBE71E22EF4D7A204E3050C1BE44FA9 ] C:\Program Files\Samsung\Samsung Battery Manager\Microsoft.VC80.CRT\msvcr80.dll
16:28:54.0484 0x0e3c  C:\Program Files\Samsung\Samsung Battery Manager\Microsoft.VC80.CRT\msvcr80.dll - ok
16:28:54.0500 0x0e3c  [ E40FCF943127DDC8FD60554B722D762B, 2E7A7C08B56E07D69CB32F335D93F6D2C748EFA2CF4C41102A18C7761A4E9CF0 ] C:\WINDOWS\system32\MSCTF.dll
16:28:54.0500 0x0e3c  C:\WINDOWS\system32\MSCTF.dll - ok
16:28:54.0500 0x0e3c  [ 8F79048DC31973B6B5BE2AFB1DE3FBF4, 268A9B2B27E0E4B8268EC4E82358ACAEB3760088174F3EC798EC6A5EB802041A ] C:\WINDOWS\system32\SynCOM.dll
16:28:54.0500 0x0e3c  C:\WINDOWS\system32\SynCOM.dll - ok
16:28:54.0515 0x0e3c  [ 5677DFE438EC1F009273FC84FEED6B10, 44B62CC4D138E13C22FC29E9751CB7ED0B0C6C8897A8E6469172F8642B0527BE ] C:\WINDOWS\system32\localspl.dll
16:28:54.0515 0x0e3c  C:\WINDOWS\system32\localspl.dll - ok
16:28:54.0515 0x0e3c  [ 17AA58A54C00F1746B8654C050491F43, AADA0D527FB96852998073E58F93710C4B3A25D7D1414BA9F23A28DA3D06B4CD ] C:\WINDOWS\system32\msutb.dll
16:28:54.0515 0x0e3c  C:\WINDOWS\system32\msutb.dll - ok
16:28:54.0531 0x0e3c  [ 50512FC9B7878E3C2C147BC17326A7DB, 670006280CA98213C3A23B442615FD729C83953795619360F9D2988E56A602D7 ] C:\WINDOWS\system32\stobject.dll
16:28:54.0531 0x0e3c  C:\WINDOWS\system32\stobject.dll - ok
16:28:54.0531 0x0e3c  [ 5C8FE9DCCEFBEF154025B50FF63FA3C3, 30ADD429A551B0FA18D83B86DA7F32FE4A611A6286BED12EFCF9CF083CCF7998 ] C:\WINDOWS\system32\SynTPAPI.dll
16:28:54.0531 0x0e3c  C:\WINDOWS\system32\SynTPAPI.dll - ok
16:28:54.0546 0x0e3c  [ 231A0B0E3BA7ABFE469A8262FAA1FD71, 76F8AE2680438B279081EDFC2728E3785736E82A5C6396AA705BFFFF5C361294 ] C:\WINDOWS\system32\batmeter.dll
16:28:54.0546 0x0e3c  C:\WINDOWS\system32\batmeter.dll - ok
16:28:54.0546 0x0e3c  [ 5D3D1AB0EF4EA55B731863050482C111, 8713DAA48DBC5FDF95BE993863BEE669BBB4026347DC575D72F520F423EE21BA ] C:\WINDOWS\system32\cnbjmon.dll
16:28:54.0546 0x0e3c  C:\WINDOWS\system32\cnbjmon.dll - ok
16:28:54.0562 0x0e3c  [ 88BEEF09C654252F3E46B6167B7F4ECB, 94A78D2D709AEED74BA1C29D00CFD55EF68A95764C067B470E1C19C376F32478 ] C:\WINDOWS\system32\msisip.dll
16:28:54.0562 0x0e3c  C:\WINDOWS\system32\msisip.dll - ok
16:28:54.0562 0x0e3c  [ B653949DB738EFD1C9F873D22C64039B, 56CDC73593B5F55A3AF3110893C83BF63ABD28C46B7427F1359636BB6FABD074 ] C:\WINDOWS\system32\bthcrp.dll
16:28:54.0562 0x0e3c  C:\WINDOWS\system32\bthcrp.dll - ok
16:28:54.0578 0x0e3c  [ 3A6D465F379E5C815F4AD565391E654C, EE40580ED71282B1D5D95752DD843DCC30689196B22051AF8CDF6127B985411E ] C:\WINDOWS\system32\wshext.dll
16:28:54.0578 0x0e3c  C:\WINDOWS\system32\wshext.dll - ok
16:28:54.0578 0x0e3c  [ 30DB789A2D61DBE9BFCC07E3E9F3CDA8, 028D6DA461DF6E15259EB451ED4A5A4AD48853E90A0CA3AFEC03B1BD1E392B97 ] C:\WINDOWS\system32\igfxsrvc.dll
16:28:54.0578 0x0e3c  C:\WINDOWS\system32\igfxsrvc.dll - ok
16:28:54.0593 0x0e3c  [ 1180852DBFADAFC375DBBA1F6B23EEE7, B041D3319260297562C4CBF358A7DFABDEDFDD3AA9532054D98919845277749D ] C:\WINDOWS\system32\igfxdev.dll
16:28:54.0593 0x0e3c  C:\WINDOWS\system32\igfxdev.dll - ok
16:28:54.0593 0x0e3c  [ D030167F9EA9797BF6AA02A0A91BFA3A, 6B99FEFDD2C8BA618BC560865BAE15D55B7CBD58EEE9EAC7DF32B8BDD2438306 ] C:\PROGRA~1\McAfee\MSC\mcregist.exe
16:28:54.0593 0x0e3c  C:\PROGRA~1\McAfee\MSC\mcregist.exe - ok
16:28:54.0609 0x0e3c  [ 029A8C889519E38198E21B1574ADCE0D, CCA39391D4E966A1F914C899C08C54C337D789E7E97A059BE3396870E85EFE11 ] C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
16:28:54.0609 0x0e3c  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - ok
16:28:54.0609 0x0e3c  [ 376EC4615F3DB21F1D5A99E7A73EE232, A26A1D12EAF58D7C1AFC4731E8BE9F6F3CA067E2DE9BF6AFEDF20531C5D44B95 ] C:\WINDOWS\system32\WidcommSdk.dll
16:28:54.0609 0x0e3c  C:\WINDOWS\system32\WidcommSdk.dll - ok
16:28:54.0625 0x0e3c  [ 22D71D1DB6FC789A1CE8AC6963580259, DD5307A108936AAE840F973F7F718A6954E173D4E210A375C75DB644B2162CFD ] C:\WINDOWS\system32\hhctrl.ocx
16:28:54.0625 0x0e3c  C:\WINDOWS\system32\hhctrl.ocx - ok
16:28:54.0640 0x0e3c  [ E027A6E99EF709AFD195FD6329224C47, B31B85BF369DC36363B0E527AE3B8E95B33699D17D09C6313C43E7373A3E6874 ] C:\DOCUME~1\KEVING~1\LOCALS~1\Temp\{F09DA93D-2352-4532-9C06-71B0B8604F5E}\{D1EC1C59-0BFB-46CB-9758-2B6D52690606}.tmp
16:28:54.0640 0x0e3c  C:\DOCUME~1\KEVING~1\LOCALS~1\Temp\{F09DA93D-2352-4532-9C06-71B0B8604F5E}\{D1EC1C59-0BFB-46CB-9758-2B6D52690606}.tmp - ok
16:28:54.0640 0x0e3c  [ AB67816718E5C65CC326BE56AC0B9E73, D6F19026CB87C9BB5521D668B13347B68F297FCE34C5F1BFE530574B16ADB2D5 ] C:\DOCUME~1\KEVING~1\LOCALS~1\Temp\{F09DA93D-2352-4532-9C06-71B0B8604F5E}\{4648B7AF-0A65-4358-A128-F8D9440A5AC2}.tmp
16:28:54.0640 0x0e3c  C:\DOCUME~1\KEVING~1\LOCALS~1\Temp\{F09DA93D-2352-4532-9C06-71B0B8604F5E}\{4648B7AF-0A65-4358-A128-F8D9440A5AC2}.tmp - ok
16:28:54.0656 0x0e3c  [ 321FF1DF7F4CEF3FA690419110BEE55A, 41243293C9876D8B94F83B28C98F1797CD217140153DDEE631C2EEB8E102C6A0 ] C:\DOCUME~1\KEVING~1\LOCALS~1\Temp\{F09DA93D-2352-4532-9C06-71B0B8604F5E}\{10460766-BCE2-420A-B317-79147353C059}.tmp
16:28:54.0656 0x0e3c  C:\DOCUME~1\KEVING~1\LOCALS~1\Temp\{F09DA93D-2352-4532-9C06-71B0B8604F5E}\{10460766-BCE2-420A-B317-79147353C059}.tmp - ok
16:28:54.0656 0x0e3c  [ 03C7B71249B08CE1F0392B75DF9BF53B, 7BD9B77549DF1555B888CD0C30DD916CA94982B1A683799FC10845B27DC4B62C ] C:\WINDOWS\system32\wbtapi.dll
16:28:54.0656 0x0e3c  C:\WINDOWS\system32\wbtapi.dll - ok
16:28:54.0671 0x0e3c  [ 03A02D5A2D50198BDF6C62AF209438D0, 7A2577BB31B937436689EB8E3F415F71D3744209EFFC110C9B12C42025F36C88 ] C:\WINDOWS\system32\msxml3.dll
16:28:54.0671 0x0e3c  C:\WINDOWS\system32\msxml3.dll - ok
16:28:54.0671 0x0e3c  [ DC6DB08D85337C9675F94B01043279AE, B09E491113F9E95F4EE00BB51BB21D4967BAC333C0DCD030A10AEA9B9E52032B ] C:\DOCUME~1\KEVING~1\LOCALS~1\Temp\{F09DA93D-2352-4532-9C06-71B0B8604F5E}\{1F6E6123-0B32-4BED-9B02-5EFED2A0DCB0}.tmp
16:28:54.0671 0x0e3c  C:\DOCUME~1\KEVING~1\LOCALS~1\Temp\{F09DA93D-2352-4532-9C06-71B0B8604F5E}\{1F6E6123-0B32-4BED-9B02-5EFED2A0DCB0}.tmp - ok
16:28:54.0687 0x0e3c  [ F6FAEC07446A78A9C5AF4558FF5BD118, 9291106F6666913DB6D18943D255D60F77CCDB5A46BD4C100A5E80D40D6927D9 ] C:\WINDOWS\ime\SPTIP.dll
16:28:54.0687 0x0e3c  C:\WINDOWS\ime\SPTIP.dll - ok
16:28:54.0687 0x0e3c  [ C74D46C1F542F5FEB9B7E1A8EC04986D, FA83733A81BA8D96EDFD15C1914D5A6056D73C61540C8747E9AE1343DA47A63D ] C:\DOCUME~1\KEVING~1\LOCALS~1\Temp\{F09DA93D-2352-4532-9C06-71B0B8604F5E}\{74D3D6B9-C4E6-4AB9-93BF-319481DD9275}.tmp
16:28:54.0687 0x0e3c  C:\DOCUME~1\KEVING~1\LOCALS~1\Temp\{F09DA93D-2352-4532-9C06-71B0B8604F5E}\{74D3D6B9-C4E6-4AB9-93BF-319481DD9275}.tmp - ok
16:28:54.0703 0x0e3c  [ 50612D80EFDCEC2B5D60096CC96341DD, 94EE98DE86DC776433C5DB32769E2CF4E0ADBBEFF8AC2DB77490D641C7559345 ] C:\WINDOWS\system32\btosif.dll
16:28:54.0703 0x0e3c  C:\WINDOWS\system32\btosif.dll - ok
16:28:54.0703 0x0e3c  [ 6005D67F3CCDE118DB2224C90D7C5AFD, FDD6E4FE8892DBFF280F0439A6C3DEA798E98A777100E3F89AA2D4EEC2CBA8B5 ] C:\WINDOWS\system32\btwhidcs.dll
16:28:54.0703 0x0e3c  C:\WINDOWS\system32\btwhidcs.dll - ok
16:28:54.0718 0x0e3c  [ 517ECD823EB9A03368294C6C33A695D0, 7BA4EF2C5E9D15A4EE8ACC169CA233010DF8D1BC7088665E06C9E71BBA0CD40C ] C:\DOCUME~1\KEVING~1\LOCALS~1\Temp\{F09DA93D-2352-4532-9C06-71B0B8604F5E}\{1F2C051B-DC39-4D33-94D9-B8FA02F15417}.tmp
16:28:54.0718 0x0e3c  C:\DOCUME~1\KEVING~1\LOCALS~1\Temp\{F09DA93D-2352-4532-9C06-71B0B8604F5E}\{1F2C051B-DC39-4D33-94D9-B8FA02F15417}.tmp - ok
16:28:54.0718 0x0e3c  [ 3428F170E1953B4C4EA10A5F58B55908, B554E04021472C3C2BBDED2B4BBB4F6648932356F8DA409A2A7F6AC02E54B306 ] C:\DOCUME~1\KEVING~1\LOCALS~1\Temp\{F09DA93D-2352-4532-9C06-71B0B8604F5E}\{5A0C8ABB-B250-436A-AF12-96050CDDC9AA}.tmp
16:28:54.0718 0x0e3c  C:\DOCUME~1\KEVING~1\LOCALS~1\Temp\{F09DA93D-2352-4532-9C06-71B0B8604F5E}\{5A0C8ABB-B250-436A-AF12-96050CDDC9AA}.tmp - ok
16:28:54.0734 0x0e3c  [ 50E187E0EC23EF6C46E68109FB75D31B, 0F40DF020159D702D5EAD8D2B724896F1CD6E8D8C245636CE9D973BAEBBE6209 ] C:\Program Files\Samsung\MagicKBD\MagicKBD.exe
16:28:54.0734 0x0e3c  C:\Program Files\Samsung\MagicKBD\MagicKBD.exe - ok
16:28:54.0750 0x0e3c  [ 3048C513A620837E94F527435012E25B, 7FADFB80AF7D37B4BC0FF6B7DED0D4187E6B5B51D3CE3D459B235CD0D47BC30F ] C:\Program Files\Samsung\MagicKBD\PerformanceManager.exe
16:28:54.0750 0x0e3c  C:\Program Files\Samsung\MagicKBD\PerformanceManager.exe - ok
16:28:54.0750 0x0e3c  [ B7CE9694077C622D471CE963951CE605, A0FA18BD780E684B12D056D58EDBAB41547D9EEBE31F04F07A9E12E14068651F ] C:\Program Files\WIDCOMM\Bluetooth Software\BtBalloon.dll
16:28:54.0750 0x0e3c  C:\Program Files\WIDCOMM\Bluetooth Software\BtBalloon.dll - ok
16:28:54.0765 0x0e3c  [ 01921762F0525B17057ECEAD1ADFC22D, 69217B521F21B8F985119F3F79BA3854A7B45019C71EA9FEE6BC2E51FB1EC257 ] C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
16:28:54.0765 0x0e3c  C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe - ok
16:28:54.0765 0x0e3c  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] C:\WINDOWS\system32\rasmans.dll
16:28:54.0765 0x0e3c  C:\WINDOWS\system32\rasmans.dll - ok
16:28:54.0781 0x0e3c  [ 96D681B7DE0BA6BFA1DC55915003CD05, 26CDA6A9A67F20A494F0EF3577D14F5DDA1F0D4428891DBD271A757833285939 ] C:\DOCUME~1\KEVING~1\LOCALS~1\Temp\{F09DA93D-2352-4532-9C06-71B0B8604F5E}\{49943FE4-D93C-40DD-B345-CA18342F3EA1}.tmp
16:28:54.0781 0x0e3c  C:\DOCUME~1\KEVING~1\LOCALS~1\Temp\{F09DA93D-2352-4532-9C06-71B0B8604F5E}\{49943FE4-D93C-40DD-B345-CA18342F3EA1}.tmp - ok
16:28:54.0781 0x0e3c  [ 8C83E643E864F4CCBDAA851D12564924, 033EABAC85C121580D82D2D4D75984CE1EDC538ED3018EEB836929D4B4026CC3 ] C:\WINDOWS\system32\igfxres.dll
16:28:54.0781 0x0e3c  C:\WINDOWS\system32\igfxres.dll - ok
16:28:54.0796 0x0e3c  [ A82C3C26938E6163764A8F35CA89BD84, C2405FAFA373E8541210847F13F34013159082F5E53708F1F10E5C5E3EFBE595 ] C:\Program Files\Samsung\MagicKBD\EasyBoxDll.dll
16:28:54.0796 0x0e3c  C:\Program Files\Samsung\MagicKBD\EasyBoxDll.dll - ok
16:28:54.0796 0x0e3c  [ A9663DBF7D74E68C306330B35B611E06, CC5EBAC471A5A9A8CAAAF56E9C1E90DF771C1011F1476005A3C8667D8406A22F ] C:\Program Files\Samsung\MagicKBD\SABI2.dll
16:28:54.0796 0x0e3c  C:\Program Files\Samsung\MagicKBD\SABI2.dll - ok
16:28:54.0812 0x0e3c  [ 222DE7F5EDB9DDBE628384A1A8BE59CE, 063AF8C6C251961ABC93A8E8A07DB9B9582CD1812CA3BB297FAFDF0AD3E5B4CC ] C:\WINDOWS\system32\pjlmon.dll
16:28:54.0812 0x0e3c  C:\WINDOWS\system32\pjlmon.dll - ok
16:28:54.0812 0x0e3c  [ E4FECE18310E23B1D8FEE993E35E7A6F, 02BDDE38E4C6BD795A092D496B8D6060CDBE71E22EF4D7A204E3050C1BE44FA9 ] C:\Program Files\Samsung\MagicKBD\Microsoft.VC80.CRT\msvcr80.dll
16:28:54.0812 0x0e3c  C:\Program Files\Samsung\MagicKBD\Microsoft.VC80.CRT\msvcr80.dll - ok
16:28:54.0828 0x0e3c  [ AE0382AD9C73D343D85E1A50C80B7C20, 7477A5A33C0ACF80BE73F0169893A7D53AF8ABC514FCE190A6ACC677092E5A55 ] C:\WINDOWS\system32\tcpmon.dll
16:28:54.0828 0x0e3c  C:\WINDOWS\system32\tcpmon.dll - ok
16:28:54.0828 0x0e3c  [ F26385E8BA4549B5186B774EC0E45D86, 0BA8CA4C06918690EA68678CA5887F1B7E2B0976C99BDFAF99CC1C99F3E300A0 ] C:\WINDOWS\system32\usbmon.dll
16:28:54.0828 0x0e3c  C:\WINDOWS\system32\usbmon.dll - ok
16:28:54.0843 0x0e3c  [ 85D8D497E3CFCD66607DAD332378DE8B, FEB2FF9315B41A7D13C9F3EB4CFDD612C951CA02330BC5A9129881E148769C7F ] C:\DOCUME~1\KEVING~1\LOCALS~1\Temp\{F09DA93D-2352-4532-9C06-71B0B8604F5E}\{DA649F62-FAF8-4C38-A08F-57FB7D8DAC2C}.tmp
16:28:54.0843 0x0e3c  C:\DOCUME~1\KEVING~1\LOCALS~1\Temp\{F09DA93D-2352-4532-9C06-71B0B8604F5E}\{DA649F62-FAF8-4C38-A08F-57FB7D8DAC2C}.tmp - ok
16:28:54.0843 0x0e3c  [ CD0DAF878147B723108C428370FF0355, A5C3D8A516FD0A15DAAB442DA424E996112C355239B985413EAA4DC1FAB76303 ] C:\DOCUME~1\KEVING~1\LOCALS~1\Temp\{F09DA93D-2352-4532-9C06-71B0B8604F5E}\{29786953-4D53-477E-A813-A2D93C78F133}.tmp
16:28:54.0843 0x0e3c  C:\DOCUME~1\KEVING~1\LOCALS~1\Temp\{F09DA93D-2352-4532-9C06-71B0B8604F5E}\{29786953-4D53-477E-A813-A2D93C78F133}.tmp - ok
16:28:54.0859 0x0e3c  [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C, 7123FC923BA4C3DD3EDFE9F8936442C4CCE7757D370AB799B0B5668223B965EE ] C:\WINDOWS\system32\win32spl.dll
16:28:54.0859 0x0e3c  C:\WINDOWS\system32\win32spl.dll - ok
16:28:54.0859 0x0e3c  [ B41D53899E37CC43DA85DA19998BEE81, CA92B8313338F0F8B1B630A0057B9C114E8D8BC10F09825C9008A5A824B91FDC ] C:\WINDOWS\system32\netrap.dll
16:28:54.0859 0x0e3c  C:\WINDOWS\system32\netrap.dll - ok
16:28:54.0875 0x0e3c  [ EE4C651A217B01D636B5364AC77DA892, E40C7DD39234673A3BA8FD87C189653C391E326ECB3E8011B5020BB9D78F56D0 ] C:\WINDOWS\system32\inetpp.dll
16:28:54.0875 0x0e3c  C:\WINDOWS\system32\inetpp.dll - ok
16:28:54.0875 0x0e3c  [ 1498259FFF991A4135737080AA0679D1, 5D9D08A6338F84DCC87D217B9BE01531D11C0243F35D6E4B4CE8718F84624129 ] C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
16:28:54.0875 0x0e3c  C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll - ok
16:28:54.0890 0x0e3c  [ AC52E0E1FCBA1C276725F73A55CD8AE5, C5909FA475453824B50CA2D228A5CC66C5F673710C1E71CE3A764AF1751C7705 ] C:\WINDOWS\system32\btrez.dll
16:28:54.0890 0x0e3c  C:\WINDOWS\system32\btrez.dll - ok
16:28:54.0890 0x0e3c  [ 465B379791643F69B77A3B67708C5B55, C5C7B4C4F4C02D521FCA51DDC3DBDEC82F99AF932A264087935183E1B8F7AE8A ] C:\WINDOWS\system32\btwicons.dll
16:28:54.0890 0x0e3c  C:\WINDOWS\system32\btwicons.dll - ok
16:28:54.0906 0x0e3c  [ D0FE2293B556496C4213887237451CAB, 52EDFC24705399EFC8E7A85EF14BA0E69EF3F3726A42EAF4E55C40D54B9A6C47 ] C:\PROGRA~1\COMMON~1\McAfee\MSC\misplf.dll
16:28:54.0906 0x0e3c  C:\PROGRA~1\COMMON~1\McAfee\MSC\misplf.dll - ok
16:28:54.0921 0x0e3c  [ A372F172FBD4D15B6C15E09DBCD22A94, 86A453F51D71E766014D728FEA978CAB1CEF6B43AEF8C8FDA55318DECCBFDD98 ] C:\Program Files\Samsung\Easy Display Manager\SABI2.dll
16:28:54.0921 0x0e3c  C:\Program Files\Samsung\Easy Display Manager\SABI2.dll - ok
16:28:54.0921 0x0e3c  [ E4FECE18310E23B1D8FEE993E35E7A6F, 02BDDE38E4C6BD795A092D496B8D6060CDBE71E22EF4D7A204E3050C1BE44FA9 ] C:\Program Files\Samsung\Easy Display Manager\Microsoft.VC80.CRT\msvcr80.dll
16:28:54.0921 0x0e3c  C:\Program Files\Samsung\Easy Display Manager\Microsoft.VC80.CRT\msvcr80.dll - ok
16:28:54.0937 0x0e3c  [ 00EB62ACC774E539A0D824C7EED893A4, F6B13184E51E4F9B663CAA21633FF892F6E83259D08759F47B6A0F9C38A88BF6 ] C:\PROGRA~1\McAfee.com\Agent\mcpatch.dll
16:28:54.0937 0x0e3c  C:\PROGRA~1\McAfee.com\Agent\mcpatch.dll - ok
16:28:54.0937 0x0e3c  [ F00040B558CD54D663D0300BFA5B31BD, 37310EA83E0E5BFF587F767D29A3B6D6A04DF05B9C08871D3ADA2470058C99B6 ] C:\PROGRA~1\McAfee\MSC\mccfgpv.dll
16:28:54.0937 0x0e3c  C:\PROGRA~1\McAfee\MSC\mccfgpv.dll - ok
16:28:54.0953 0x0e3c  [ 7C36AFFA39FF126EB483F289604EFCC1, DE7688B006BDF5C8E4C2C5B1F5DACC56D000121288160EEC206ED38B5A5E3BBB ] C:\WINDOWS\system32\igfxext.exe
16:28:54.0953 0x0e3c  C:\WINDOWS\system32\igfxext.exe - ok
16:28:54.0953 0x0e3c  [ 34B8ECDBA9B8806578DD3770264E2702, 87F1330B12B4CCBC86F6C5A66AA59B846E1062629C0E7C61D1B1C3EC1096896A ] C:\PROGRA~1\McAfee.com\Agent\mcagntps.dll
16:28:54.0953 0x0e3c  C:\PROGRA~1\McAfee.com\Agent\mcagntps.dll - ok
16:28:54.0968 0x0e3c  [ BB1CD0F02F1C752C810D5B66FD96AC7A, A45C8981ECFD3ECEEBA655942126DE151E73F22185CBC4333B9B18F03B668D01 ] C:\WINDOWS\system32\BtMmHook.dll
16:28:54.0968 0x0e3c  C:\WINDOWS\system32\BtMmHook.dll - ok
16:28:54.0968 0x0e3c  [ 116A0967068A711B8A7123EA70BE20A5, 169BBF87BC84886179B2B80006BA2A181F3D34EC5880ED15322F5182B248366D ] C:\PROGRA~1\COMMON~1\McAfee\MSC\mcbrwsr2.dll
16:28:54.0968 0x0e3c  C:\PROGRA~1\COMMON~1\McAfee\MSC\mcbrwsr2.dll - ok
16:28:54.0984 0x0e3c  [ 86459B513E33109A678AC452C7C695C6, 225C9A646D9259CC5A026CAC093A881E9523A95ABFC69B7D5FCEF96DD0C63095 ] C:\WINDOWS\system32\igfxexps.dll
16:28:54.0984 0x0e3c  C:\WINDOWS\system32\igfxexps.dll - ok
16:28:54.0984 0x0e3c  [ C0B8160ACA4B375EF52E9C84DB9AD4DA, 5EF86F1AC9B0CDBFFE1AD26416542341149B6186ACC0A5FEC3C9E786525C518A ] C:\Program Files\Samsung\MagicKBD\SITSndMx.dll
16:28:54.0984 0x0e3c  C:\Program Files\Samsung\MagicKBD\SITSndMx.dll - ok
16:28:55.0000 0x0e3c  [ C775AE2828A4641A780722E5287C8DD7, D64F077948A6BD0AC22935AF2E3EA3F8B6E105CBAB8B26963040DA59433D2984 ] C:\PROGRA~1\McAfee\MSC\rwcoreui.dll
16:28:55.0000 0x0e3c  C:\PROGRA~1\McAfee\MSC\rwcoreui.dll - ok
16:28:55.0000 0x0e3c  [ 9B9F1C38D559047B8AC0DBA2D5FEBDE9, F64DEF5213CC6E96DD62125A3D44522200F66FF6A2CBA198096484F61D1C088B ] C:\WINDOWS\system32\ksuser.dll
16:28:55.0000 0x0e3c  C:\WINDOWS\system32\ksuser.dll - ok
16:28:55.0015 0x0e3c  [ D469A0EBA2EF5C6BEE8065B7E3196E5E, D7D6D9A1AF0F0A98D63FD9AF17247B51AC9B7FC2AFBA7757D806FF64C64D1E1F ] C:\WINDOWS\system32\mshtml.dll
16:28:55.0015 0x0e3c  C:\WINDOWS\system32\mshtml.dll - ok
16:28:55.0031 0x0e3c  [ EF3826EF665E5E52506522AAD1064984, C70ECC3F2276C683173D186DA01FA9F2A55A741E004F7E7A407A09D247FE5AFF ] C:\Program Files\Samsung\MagicKBD\SITKbdHk.dll
16:28:55.0031 0x0e3c  C:\Program Files\Samsung\MagicKBD\SITKbdHk.dll - ok
16:28:55.0031 0x0e3c  [ 6C176C0E322626F3A7231566B2623517, 8F66AE11C48BC7DCD371C2CFAE2C1F5020AD027359442066A3986C4EFA3FC006 ] C:\Program Files\Samsung\MagicKBD\KbdHID9x.dll
16:28:55.0031 0x0e3c  C:\Program Files\Samsung\MagicKBD\KbdHID9x.dll - ok
16:28:55.0046 0x0e3c  [ 2ACCD352451EC0F99AF2AD9DB6DB4439, 7EFFA9D4561674633B2FFB35F629947B061AFE5DA756DA6D02E0584FCE221445 ] C:\WINDOWS\system32\msls31.dll
16:28:55.0046 0x0e3c  C:\WINDOWS\system32\msls31.dll - ok
16:28:55.0046 0x0e3c  [ E11457C66FDD966EE415FBBC6D9BE643, 9CAF889C740D79F56F1CE817DA7C8F2BAEE740212B578DAC509EA2C8BA2D790E ] C:\WINDOWS\system32\MSIMTF.dll
16:28:55.0046 0x0e3c  C:\WINDOWS\system32\MSIMTF.dll - ok
16:28:55.0062 0x0e3c  [ 7586AE543FCEEBC47892D112628B70A9, D338C01EDED36745CB9B28A5A01F0A93E179BF942936B7F7E5DDC31810743FF1 ] C:\PROGRA~1\McAfee\VIRUSS~1\scriptsn.dll
16:28:55.0062 0x0e3c  C:\PROGRA~1\McAfee\VIRUSS~1\scriptsn.dll - ok
16:28:55.0062 0x0e3c  [ 38FFEC2CD31441A6B57D7A0B490D7299, EC40875816A0B3CA35B45CA6907EDD05BA8786EFC442D3982261F268EA2D2361 ] C:\WINDOWS\system32\jscript.dll
16:28:55.0062 0x0e3c  C:\WINDOWS\system32\jscript.dll - ok
16:28:55.0078 0x0e3c  [ 7CC3C8FC1056A229B05926C44D1ADEE4, 7C32865D095C6DC6812ECC457B457A16BB0CCA6ECE5D29B980C17EF2C82809D0 ] C:\WINDOWS\system32\vbscript.dll
16:28:55.0078 0x0e3c  C:\WINDOWS\system32\vbscript.dll - ok
16:28:55.0078 0x0e3c  [ 12C89FF9C85E088343E562E52A1B035D, 1684DCD6B299341229116F62BE741F2D542B94862056F374F39585B995F6A632 ] C:\PROGRA~1\McAfee\MSC\rwoemres.dll
16:28:55.0078 0x0e3c  C:\PROGRA~1\McAfee\MSC\rwoemres.dll - ok
16:28:55.0093 0x0e3c  [ 254CA8F8B2A387CD59E659991E3E3DBD, 7BD87CF894FF40E3384603578EF526A959FBD8746A0E78D61C288920F4D92120 ] C:\WINDOWS\system32\iepeers.dll
16:28:55.0093 0x0e3c  C:\WINDOWS\system32\iepeers.dll - ok
16:28:55.0093 0x0e3c  [ 8EDB46B71BF5C9847D60E3D117E19E47, FB1A693B0628CDD6E289E01F0BD0BDDA0CD3D5AA2FE3AEFEB7C451A1DCF5DEFC ] C:\WINDOWS\system32\scrrun.dll
16:28:55.0093 0x0e3c  C:\WINDOWS\system32\scrrun.dll - ok
16:28:55.0109 0x0e3c  [ 67F341B6E477ACF579D3FA06BE68FD75, 10322EBCDEFA47CFFC3A72C84E6AEC76C8B3DF04D6182D149DDD9F7706906090 ] C:\PROGRA~1\McAfee\VIRUSS~1\mfebopa.dll
16:28:55.0109 0x0e3c  C:\PROGRA~1\McAfee\VIRUSS~1\mfebopa.dll - ok
16:28:55.0109 0x0e3c  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] C:\WINDOWS\system32\termsrv.dll
16:28:55.0109 0x0e3c  C:\WINDOWS\system32\termsrv.dll - ok
16:28:55.0125 0x0e3c  [ E3D005ADF03A20BC887496E4C568F7C8, B4F8E4757A8EC87F52EE99CAED5223EE645597B9246CD80BE5D9E7A190E25A3D ] C:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll
16:28:55.0125 0x0e3c  C:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll - ok
16:28:55.0140 0x0e3c  [ DECDE1C615C256FA2893B5962B0B91E5, 3A3F014DD51FA9A4E7982C39559174D64AE24FBAEFA3BD063FA8B5C397E27751 ] C:\WINDOWS\system32\drivers\mfebopk.sys
16:28:55.0140 0x0e3c  C:\WINDOWS\system32\drivers\mfebopk.sys - ok
16:28:55.0140 0x0e3c  [ 739F897CFE3BF8D96B93D24FB481DAB7, 06452CE869EA4124D7D18C62F49A0AA10BA3273854446BBA6E380A958A852600 ] C:\PROGRA~1\McAfee\VIRUSS~1\mfeavfa.dll
16:28:55.0140 0x0e3c  C:\PROGRA~1\McAfee\VIRUSS~1\mfeavfa.dll - ok
16:28:55.0156 0x0e3c  [ 21DD45CAE791D0CDE10631B80F16F653, 56B5901C521397C81478DB5BB24D6C70AFFCBC4028F241DD6575742A64C3D6DE ] C:\WINDOWS\system32\drivers\mfeavfk.sys
16:28:55.0156 0x0e3c  C:\WINDOWS\system32\drivers\mfeavfk.sys - ok
16:28:55.0156 0x0e3c  [ DF6551E4C4C46655A0C76194F1FCEA5D, F3895AE4B36BC85C458EDC85FBD1F5AB5C33913CD91C60A65083DC0BDD037BF5 ] C:\WINDOWS\system32\icaapi.dll
16:28:55.0156 0x0e3c  C:\WINDOWS\system32\icaapi.dll - ok
16:28:55.0171 0x0e3c  [ 2D65D56C2F8B6CC5EBFF8E7200C30304, 10CD5FF00D110D1AE2313DBCBDB17C2B9DFF930F5DAD65C35C08FCF9C152C053 ] C:\WINDOWS\system32\mstlsapi.dll
16:28:55.0171 0x0e3c  C:\WINDOWS\system32\mstlsapi.dll - ok
16:28:55.0171 0x0e3c  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] C:\WINDOWS\system32\tapisrv.dll
16:28:55.0171 0x0e3c  C:\WINDOWS\system32\tapisrv.dll - ok
16:28:55.0187 0x0e3c  [ 6404807ABC7AF52FA3792697AE638B50, 75FB44348CCC53A4EA2C3677F42098A12CE882F3E015E3D847A07972C1E4AEF5 ] C:\WINDOWS\system32\wbem\wbemcons.dll
16:28:55.0187 0x0e3c  C:\WINDOWS\system32\wbem\wbemcons.dll - ok
16:28:55.0187 0x0e3c  [ 5F7692CEC90E2E9AA32CD58321E234B8, 0F76BD005B6FC51EE8B2D167C5E792947F8A8FF1A4FBC7F9CB3572BEAFC12639 ] C:\WINDOWS\system32\rastapi.dll
16:28:55.0187 0x0e3c  C:\WINDOWS\system32\rastapi.dll - ok
16:28:55.0203 0x0e3c  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] C:\WINDOWS\system32\alg.exe
16:28:55.0203 0x0e3c  C:\WINDOWS\system32\alg.exe - ok
16:28:55.0203 0x0e3c  [ AACE07FE34FADDDF973CE068A6424957, A14DC612762F56EE3CF9FBDF58E9476400F2CD9513319AD90E3818B2DB9F4580 ] C:\WINDOWS\system32\unimdm.tsp
16:28:55.0203 0x0e3c  C:\WINDOWS\system32\unimdm.tsp - ok
16:28:55.0218 0x0e3c  [ 995252FCC4692B5B97EE17D596C9386E, E0EC754ADC0976BCF88C4777E788A67844428DF0B828D8EE7B8A039C763DFFDD ] C:\WINDOWS\system32\uniplat.dll
16:28:55.0218 0x0e3c  C:\WINDOWS\system32\uniplat.dll - ok
16:28:55.0218 0x0e3c  [ 76EC97C5068D3D9FAA7774B0F659D31A, 4E2EF0DC0B05187A6154D4D672B7530E14103D7D1EDF1BDE960F9B988B5EC41F ] C:\WINDOWS\system32\kmddsp.tsp
16:28:55.0218 0x0e3c  C:\WINDOWS\system32\kmddsp.tsp - ok
16:28:55.0234 0x0e3c  [ 4589963D84F2984FA5949A72162BA4F4, BC927EC7D0EBDBD2B4780D892D41739840DD31B0FF8C79013014925F52860808 ] C:\WINDOWS\system32\ndptsp.tsp
16:28:55.0234 0x0e3c  C:\WINDOWS\system32\ndptsp.tsp - ok
16:28:55.0234 0x0e3c  [ 8B8A45DF7CEF36D93C7BD3E4C84003B8, 7E3A0204FCDD5DFFB3B352451232DD86F8298F83918533D874C122A2EF29081B ] C:\WINDOWS\system32\ipconf.tsp
16:28:55.0234 0x0e3c  C:\WINDOWS\system32\ipconf.tsp - ok
16:28:55.0250 0x0e3c  [ 8BC2B02DC11C98D14CEE43B8E8393FF3, 1314C33E2E5F11B361CF1E88884B2A9862F8BAB1C498F48DC4C49ACDB28D4732 ] C:\WINDOWS\system32\h323.tsp
16:28:55.0250 0x0e3c  C:\WINDOWS\system32\h323.tsp - ok
16:28:55.0250 0x0e3c  [ 6B552ED3BEE5AA3C4560478FF779BA98, 1778F0B7200F93EB255E1F215BB5FBEAA0DBF63BC60B286D76120F8A787995C4 ] C:\WINDOWS\system32\hidphone.tsp
16:28:55.0250 0x0e3c  C:\WINDOWS\system32\hidphone.tsp - ok
16:28:55.0265 0x0e3c  [ D0545A010ED2259A740C8414899A938F, 5E6FD116C6F65241A075E4469C5AD1967B8D66DE11E223F7A3F00139FB0160C3 ] C:\WINDOWS\system32\rasppp.dll
16:28:55.0265 0x0e3c  C:\WINDOWS\system32\rasppp.dll - ok
16:28:55.0265 0x0e3c  [ B464BD425D5D09ABE4192234D1577B22, DF7333CAF299A18DEA43ACEF0A6D8C3F79918D1B3FCE437FDED6B54F95C106B9 ] C:\WINDOWS\system32\ntlsapi.dll
16:28:55.0265 0x0e3c  C:\WINDOWS\system32\ntlsapi.dll - ok
16:28:55.0281 0x0e3c  [ A655C88AA555BB8EF8957BD29408827F, 6CD48D32D1DFF68FEED5CC20D0DE12729101381EB8A6774408566C14E0B18FFB ] C:\WINDOWS\system32\rasqec.dll
16:28:55.0281 0x0e3c  C:\WINDOWS\system32\rasqec.dll - ok
16:28:55.0296 0x0e3c  [ 401A8C0BE0BAA7D7A470F0942244152D, EC21ED13E526617697CD8E6D79FC706CBDA0AF36C02C05B39E8603B217E406BC ] C:\WINDOWS\system32\rasdlg.dll
16:28:55.0296 0x0e3c  C:\WINDOWS\system32\rasdlg.dll - ok
16:28:55.0296 0x0e3c  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] C:\WINDOWS\system32\rasauto.dll
16:28:55.0296 0x0e3c  C:\WINDOWS\system32\rasauto.dll - ok
16:28:55.0312 0x0e3c  [ 4EA92135C436D18975C2EBEC242B71DA, DD2B489667D9A196D120A9AE73E5DA9CECD92E876A59C9C0645DA4C641E8F4B4 ] C:\WINDOWS\system32\icmp.dll
16:28:55.0312 0x0e3c  C:\WINDOWS\system32\icmp.dll - ok
16:28:55.0312 0x0e3c  [ F6AACF5BCE2893E0C1754AFEB672E5C9, 62A7A70515B5570A649DC30A3A122B1302F6839A63927C8B29EBE04ABA654892 ] C:\WINDOWS\system32\drivers\http.sys
16:28:55.0312 0x0e3c  C:\WINDOWS\system32\drivers\http.sys - ok
16:28:55.0312 0x0e3c  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] C:\WINDOWS\system32\ssdpsrv.dll
16:28:55.0312 0x0e3c  C:\WINDOWS\system32\ssdpsrv.dll - ok
16:28:55.0328 0x0e3c  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] C:\WINDOWS\system32\upnphost.dll
16:28:55.0328 0x0e3c  C:\WINDOWS\system32\upnphost.dll - ok
16:28:55.0328 0x0e3c  [ 3D075865DCC26931972F6476AD0497BE, E1FB17787F54D9A4E2A04DD699FA770C9CE100A427E6EFBF4E0CF24EAAD3A9BA ] C:\WINDOWS\system32\ssdpapi.dll
16:28:55.0328 0x0e3c  C:\WINDOWS\system32\ssdpapi.dll - ok
16:28:55.0343 0x0e3c  [ 93C088C2AEB2F23E720BDA7E32BD5117, 7ECFCAF8E057986501B42181E049E48063D940A34A3F3E425FF82D2183008E90 ] C:\WINDOWS\system32\upnp.dll
16:28:55.0343 0x0e3c  C:\WINDOWS\system32\upnp.dll - ok
16:28:55.0343 0x0e3c  [ 144840418C0B702852F269EA6FAA8C17, 16A79785BE3B59443FB240089810BBFC7329BDB192F6411839BE2B5237E3AEFE ] C:\WINDOWS\system32\httpapi.dll
16:28:55.0343 0x0e3c  C:\WINDOWS\system32\httpapi.dll - ok
16:28:55.0359 0x0e3c  [ E5786E13F8C86427A2062C009EED4ED9, C58AAD8F42AD5B2226D1E28E0B5F0A950BDA33B5D0A06C4D7C0D540706C37FEB ] C:\WINDOWS\system32\strmfilt.dll
16:28:55.0359 0x0e3c  C:\WINDOWS\system32\strmfilt.dll - ok
16:28:55.0375 0x0e3c  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] C:\WINDOWS\system32\w3ssl.dll
16:28:55.0375 0x0e3c  C:\WINDOWS\system32\w3ssl.dll - ok
16:28:55.0375 0x0e3c  [ 798A9E6828997EEF4517ADA8A2259831, 64389FAD94D54E2D43A7292AD3C57CB16F90F2C80EA44099E02D11E19E390A5B ] C:\WINDOWS\system32\wbem\wmiprvse.exe
16:28:55.0375 0x0e3c  C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
16:28:55.0375 0x0e3c  ================ Scan generic autorun ======================
16:28:55.0437 0x0e3c  [ FFC7A8AA516B0D2A27DADF146EB538CC, A2CF156BEB5588457271928BA71466F979CB40FED7739521F20EF3FF3DA23F0D ] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
16:28:55.0703 0x0e3c  SunJavaUpdateSched - detected UnsignedFile.Multi.Generic ( 1 )
16:28:55.0703 0x0e3c  SunJavaUpdateSched ( UnsignedFile.Multi.Generic ) - warning
16:28:56.0984 0x0e3c  [ B376AF03DEFF319984E58ADB84D78FE7, 2BBB0169821986FDEEFE1C59638CD41AE76180D10CD2D97680FE404B4F9A909F ] C:\WINDOWS\RTHDCPL.EXE
16:28:59.0859 0x0e3c  RTHDCPL - ok
16:28:59.0953 0x0e3c  [ EA31039E691C6F8F5469649526EEA5FB, 921910627814F3F237F59BBF5C97D383CF954DFF885F3A60475B9F76CD55461F ] C:\WINDOWS\ALCMTR.EXE
16:29:00.0218 0x0e3c  Alcmtr - ok
16:29:00.0281 0x0e3c  [ 57B463FB782C46D30E680ACF8983CFD3, 5FEA865FE4F0A2DB3EFB348795071DC2ADB0B8E11FB973C2B8AB78FA5D2EC87E ] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
16:29:00.0593 0x0e3c  EDS - detected UnsignedFile.Multi.Generic ( 1 )
16:29:00.0593 0x0e3c  EDS ( UnsignedFile.Multi.Generic ) - warning
16:29:00.0625 0x0e3c  [ 9F6B6D0BE4F77F8693E9FD15D81C8A01, 0AC84C233B937372A6EB88CF2186BF8A1884B634660BBF790E9A752A942BFDDC ] C:\WINDOWS\system32\igfxtray.exe
16:29:00.0859 0x0e3c  IgfxTray - ok
16:29:00.0875 0x0e3c  [ 4C53C44E7C20E65445037954DC3A6BA4, F621F9EAA005244CC945FAF87DC0C783FD168B94D40E8E95A07CA86769B778F5 ] C:\WINDOWS\system32\hkcmd.exe
16:29:01.0093 0x0e3c  HotKeysCmds - ok
16:29:01.0125 0x0e3c  [ D8F3B455D3FA4B40C9BF544F55647C19, 92B1D7794F19C448CA802D3A4CB9CD171541CDEA35968F015D8BE0344747A89C ] C:\WINDOWS\system32\igfxpers.exe
16:29:01.0343 0x0e3c  Persistence - ok
16:29:01.0437 0x0e3c  [ FFD1C110E23B515EE0EFE15D9993EC45, B7F4A1A1A85777B144E0DB267A974B18F0D5F919BD33D0FB98C62B57BABE5A7F ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
16:29:01.0843 0x0e3c  SynTPEnh - ok
16:29:01.0859 0x0e3c  [ 8B9145D229D4E89D15ACB820D4A3A90F, F3831D9AE752B6AFBD3380E0BC849E4B051D6E06A88C1F61293A6DE4F66794E1 ] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
16:29:02.0093 0x0e3c  Adobe Reader Speed Launcher - ok
16:29:02.0156 0x0e3c  [ BD6A56DD05AF6B77288BC7A03B492E7D, 8FDA63799209D86F5DCFB9C9EC378DE504E19596432719BB2104B5EEF13DA0F5 ] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
16:29:02.0390 0x0e3c  DMHotKey - detected UnsignedFile.Multi.Generic ( 1 )
16:29:02.0390 0x0e3c  DMHotKey ( UnsignedFile.Multi.Generic ) - warning
16:29:02.0625 0x0e3c  [ 4C3D13615705ABE391917F3B773A2E4E, BCBAB25789395166F2D059FEA68A0EE790AD348DEAD405814B9261E6849DA555 ] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
16:29:03.0000 0x0e3c  BatteryManager - detected UnsignedFile.Multi.Generic ( 1 )
16:29:03.0000 0x0e3c  BatteryManager ( UnsignedFile.Multi.Generic ) - warning
16:29:03.0031 0x0e3c  [ 30D0552CFA5B80FD6B907DFB9957E68A, 977EDA216983F4E9B33041B78FFAB010024118DCF4BCDB401FEAFB2FE38FAD73 ] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
16:29:03.0312 0x0e3c  MagicKeyboard - detected UnsignedFile.Multi.Generic ( 1 )
16:29:03.0312 0x0e3c  MagicKeyboard ( UnsignedFile.Multi.Generic ) - warning
16:29:03.0390 0x0e3c  [ 9405B452064BFA6A0F78E2F177A988A4, 9442854C9810F12134C834F5A4300B34B05717F3E9130C54BB720D976EA6E968 ] C:\Program Files\McAfee.com\Agent\mcagent.exe
16:29:03.0625 0x0e3c  mcagent_exe - ok
16:29:03.0687 0x0e3c  [ 6743F2972F662F3A67A5136FA09A7C89, 65F0FC71B88A488E5506E928C78A6CAB764F1349EE71F61D86BF7C30AB22F9A1 ] C:\Program Files\Dodo Mobile\BackgroundService\ModemListener.exe
16:29:03.0953 0x0e3c  Dodo_Australia Flame ModemListener - detected UnsignedFile.Multi.Generic ( 1 )
16:29:03.0953 0x0e3c  Dodo_Australia Flame ModemListener ( UnsignedFile.Multi.Generic ) - warning
16:29:03.0968 0x0e3c  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
16:29:04.0156 0x0e3c  ctfmon.exe - ok
16:29:04.0234 0x0e3c  AV detected via SS1: McAfee VirusScan, , enabled, outofdate
16:29:04.0250 0x0e3c  FW detected via SS1: McAfee Personal Firewall, , disabled
16:29:04.0250 0x0e3c  Win FW state via NFM: enabled
16:29:04.0250 0x0e3c  ============================================================
16:29:04.0250 0x0e3c  Scan finished
16:29:04.0250 0x0e3c  ============================================================
16:29:04.0265 0x0e34  Detected object count: 11
16:29:04.0265 0x0e34  Actual detected object count: 11
16:29:55.0203 0x0e34  DNSeFilter ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:55.0203 0x0e34  DNSeFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:29:55.0218 0x0e34  DOSMEMIO ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:55.0218 0x0e34  DOSMEMIO ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:29:55.0218 0x0e34  Samsung Update Plus ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:55.0218 0x0e34  Samsung Update Plus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:29:55.0218 0x0e34  SNM WLAN Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:55.0218 0x0e34  SNM WLAN Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:29:55.0218 0x0e34  SUEPD ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:55.0234 0x0e34  SUEPD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:29:55.0234 0x0e34  SunJavaUpdateSched ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:55.0234 0x0e34  SunJavaUpdateSched ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:29:55.0234 0x0e34  EDS ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:55.0234 0x0e34  EDS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:29:55.0234 0x0e34  DMHotKey ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:55.0234 0x0e34  DMHotKey ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:29:55.0234 0x0e34  BatteryManager ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:55.0234 0x0e34  BatteryManager ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:29:55.0234 0x0e34  MagicKeyboard ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:55.0250 0x0e34  MagicKeyboard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:29:55.0250 0x0e34  Dodo_Australia Flame ModemListener ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:55.0250 0x0e34  Dodo_Australia Flame ModemListener ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:30:18.0578 0x0474  Deinitialize success
 
 
 
 
 
 
And the MWB log:
 
 
 

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 06/09/2016
Scan Time: 16:36:12
Logfile: MWB log.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.02.16.06
Rootkit Database: v2016.02.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Kevin Gilhooly
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 321531
Time Elapsed: 12 min, 10 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 2
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),Replaced,[9fc7f36ebddcd56117b86f7a6d97b14f]
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),Replaced,[174fafb2099069cdf0e035b4fd0702fe]
 
Folders: 0
(No malicious items detected)
 
Files: 0

  • 0

#11
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts
Hi clutsta,
 
My instructor and myself would like to extend our apology to you due to the delay in our reply.
 

When the format was complete, McAfee was the default AV that was on the computer.

As you previously mentioned that McAfee came with the machine after you formatted, can I assume that you did not paid for the software (McAfee Anti-virus and Firewall)?

And since you have previously turned on Windows Firewall and not McAfee Firewall, would you like to have it uninstalled?
 

16:29:04.0234 0x0e3c AV detected via SS1: McAfee VirusScan, , enabled, outofdate

Your latest log also indicated that although you did enable your McAfee anti-virus (AV), you did not keep it updated. It is very important to have your AV to be constantly updated. Please do update your anti-virus to keep yourself protected from malware.

From your logs, it does not seem to have any indication of malware in your machine. But there is one more thing I would like you to try.

MiniToolBox

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Reset IE Proxy Settings
  • Reset FF Proxy Settings
  • List IP configuration
  • List Winsock Entries
  • List Devices (Only Problems)
Once this is done, click on Go and wait for the scan to complete.
Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
  • 0

#12
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts

Hi clutsta,

 

I'll be away for ~ a day. So there might be a delay in my response if you happen to post during my time away.


  • 0

#13
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP