Jump to content

MSE reports cleaned ROVNIX.W, PANGIMOP.V, Kryperade.a, but keep showing up


goode

Recommended Posts

Hi,

 

Somewhat recently noticed XP slowing down, sometimes displaying IE instances on the system tray (no text displayed on the tabs)(we use FF exclusively), when open they look like a wannabe disney or yahoo sites, sometimes accessing website pages is agonizingly slow, for ex. starting this thread took 15-20 mins.

 

MSE reports cleared or quarantined or removed ROVNIX.W, PANGIMOP.V, Kryperade.a virus/exploit but they keep returning.

 

Updated & ran MB. Here are the FRST logs:

 

FRST,txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by lavonne (administrator) on GUYHARDMAN on 19-09-2014 20:34:20
Running from E:\Documents and Settings\lavonne\My Documents\downloads
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) E:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) E:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Marvell) E:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
(HP) E:\WINDOWS\system32\HPSIsvc.exe
(Intel Corporation) E:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) E:\WINDOWS\system32\igfxpers.exe
(Microsoft Corporation) E:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor Corp.) E:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) E:\WINDOWS\system32\igfxsrvc.exe
(SUPERAntiSpyware) E:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) E:\Program Files\Messenger\msmsgs.exe
(Mozilla Corporation) E:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) E:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) E:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) E:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) E:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) E:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => e:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDCPL] => E:\WINDOWS\RTHDCPL.EXE [18750976 2009-10-06] (Realtek Semiconductor Corp.)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse]  <==== ATTENTION!
HKU\S-1-5-21-796845957-1580436667-839522115-1005\...\Run: [sUPERAntiSpyware] => E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6690072 2014-09-19] (SUPERAntiSpyware)
HKU\S-1-5-21-796845957-1580436667-839522115-1005\...\Run: [MSMSGS] => E:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-796845957-1580436667-839522115-1005\...\Run: [ukiqxoinxaev] => "E:\Documents and Settings\lavonne\Application Data\Keromaib\qoumg.exe"
Startup: E:\Documents and Settings\lavonne\Start Menu\Programs\Startup\Billminder.lnk
ShortcutTarget: Billminder.lnk -> E:\QUICKENW\BILLMIND.EXE (Intuit)
AlternateShell:

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - E:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - E:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
ShellExecuteHooks: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - E:\Program Files\Qualcomm\Eudora\EuShlExt.dll [86016 2005-08-09] (Qualcomm Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.221.136.4 209.221.136.9

FireFox:
========
FF ProfilePath: E:\Documents and Settings\lavonne\Application Data\Mozilla\Firefox\Profiles\wlk5ki5n.default
FF Plugin: @adobe.com/FlashPlayer -> E:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> E:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> E:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> E:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: E:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: E:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Extension: No Name - E:\Documents and Settings\lavonne\Application Data\Mozilla\Firefox\Profiles\wlk5ki5n.default\Extensions\staged [2014-09-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-05-20]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; E:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-12] (SUPERAntiSpyware.com)
R2 HPM1210RcvFaxSrvc; E:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [245760 2009-11-20] (Marvell) [File not signed]
R2 MsMpSvc; e:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; E:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
S3 Monfilt; E:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R0 MpFilter; E:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 SASDIFSV; E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 asoufuqa; \??\E:\WINDOWS\system32\drivers\asoufuqa.sys [X]
S1 basfwynk; \??\E:\WINDOWS\system32\drivers\basfwynk.sys [X]
S1 bmrtexpn; \??\E:\WINDOWS\system32\drivers\bmrtexpn.sys [X]
S1 fqjjbabe; \??\E:\WINDOWS\system32\drivers\fqjjbabe.sys [X]
S1 fumhmkzp; \??\E:\WINDOWS\system32\drivers\fumhmkzp.sys [X]
S1 gthyleim; \??\E:\WINDOWS\system32\drivers\gthyleim.sys [X]
S1 gyevzyhq; \??\E:\WINDOWS\system32\drivers\gyevzyhq.sys [X]
S4 IntelIde; No ImagePath
S1 mqmddadt; \??\E:\WINDOWS\system32\drivers\mqmddadt.sys [X]
S1 navlzhjt; \??\E:\WINDOWS\system32\drivers\navlzhjt.sys [X]
S1 qnmcfouq; \??\E:\WINDOWS\system32\drivers\qnmcfouq.sys [X]
U5 ScsiPort; E:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S1 vspqmgan; \??\E:\WINDOWS\system32\drivers\vspqmgan.sys [X]
S1 wjhfgmuv; \??\E:\WINDOWS\system32\drivers\wjhfgmuv.sys [X]
S1 yhvfpdrs; \??\E:\WINDOWS\system32\drivers\yhvfpdrs.sys [X]
S1 zpandemo; \??\E:\WINDOWS\system32\drivers\zpandemo.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-19 20:33 - 2014-09-19 20:34 - 00000000 ____D () E:\FRST
2014-09-19 19:18 - 2008-04-14 00:15 - 00010368 ____C (Microsoft Corporation) E:\WINDOWS\system32\dllcache\hidusb.sys
2014-09-19 19:18 - 2008-04-14 00:15 - 00010368 _____ (Microsoft Corporation) E:\WINDOWS\system32\Drivers\hidusb.sys
2014-09-19 19:18 - 2008-04-14 00:09 - 00014592 ____C (Microsoft Corporation) E:\WINDOWS\system32\dllcache\kbdhid.sys
2014-09-19 19:18 - 2008-04-14 00:09 - 00014592 _____ (Microsoft Corporation) E:\WINDOWS\system32\Drivers\kbdhid.sys
2014-09-19 19:18 - 2001-08-17 13:48 - 00012160 ____C (Microsoft Corporation) E:\WINDOWS\system32\dllcache\mouhid.sys
2014-09-19 19:18 - 2001-08-17 13:48 - 00012160 _____ (Microsoft Corporation) E:\WINDOWS\system32\Drivers\mouhid.sys
2014-09-19 17:38 - 2014-09-19 18:07 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-09-19 17:36 - 2014-09-19 18:07 - 00000000 ____D () E:\Documents and Settings\lavonne\Desktop\mbar
2014-09-19 16:32 - 2014-09-19 16:43 - 00000000 ____D () E:\AdwCleaner
2014-09-19 11:54 - 2014-09-19 17:37 - 00113880 _____ (Malwarebytes Corporation) E:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 11:53 - 2014-09-19 17:36 - 00054232 _____ (Malwarebytes Corporation) E:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-19 11:53 - 2014-09-19 11:53 - 00000000 ____D () E:\Program Files\Malwarebytes Anti-Malware
2014-09-19 11:53 - 2014-09-19 11:53 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-19 11:50 - 2014-09-19 11:50 - 00000000 ____D () E:\Documents and Settings\guy\Application Data\Malwarebytes
2014-09-19 11:19 - 2014-09-15 16:49 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin20146.xls
2014-09-19 11:19 - 2014-09-15 16:31 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\codyevans5.xls
2014-09-19 11:19 - 2014-09-13 16:12 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoedinvoice3.xls
2014-09-19 11:19 - 2014-09-06 20:07 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoedinvoice2.xls
2014-09-19 11:19 - 2014-08-30 14:37 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoedinvoice.xls
2014-09-19 11:19 - 2014-08-27 07:21 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\petersoninvoice14.xls
2014-09-19 11:19 - 2014-08-13 09:32 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\codyevans4.xls
2014-09-19 11:19 - 2014-08-13 09:21 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\vin grou invoice14.xls
2014-09-19 11:19 - 2014-08-13 09:12 - 00266240 _____ () E:\Documents and Settings\guy\My Documents\martininvoice.xls
2014-09-19 11:19 - 2014-08-04 05:42 - 00265728 _____ () E:\Documents and Settings\guy\My Documents\martin.xls
2014-09-19 11:19 - 2014-08-02 19:22 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice201414.xls
2014-09-19 11:19 - 2014-07-26 18:33 - 00256512 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice201413.xls
2014-09-19 11:19 - 2014-07-18 22:10 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice201412.xls
2014-09-19 11:19 - 2014-07-13 09:34 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice201411.xls
2014-09-19 11:19 - 2014-07-08 18:38 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\schroederinvoice2.xls
2014-09-19 11:19 - 2014-07-05 09:08 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\huneryager.xls
2014-09-19 11:19 - 2014-07-05 08:42 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice201410.xls
2014-09-19 11:19 - 2014-07-05 08:30 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\lodmill3invoice.xls
2014-09-19 11:19 - 2014-06-29 08:55 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\codyevans3.xls
2014-09-19 11:19 - 2014-06-28 02:48 - 00266752 _____ () E:\Documents and Settings\guy\My Documents\Kohninvoice.xls
2014-09-19 11:19 - 2014-06-22 14:52 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\doctorbob.xls
2014-09-19 11:19 - 2014-06-22 14:31 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\codyevans2.xls
2014-09-19 11:19 - 2014-06-21 15:44 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20149.xls
2014-09-19 11:19 - 2014-06-14 21:39 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\schroederinvoice.xls
2014-09-19 11:19 - 2014-06-14 21:28 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\codyevans.xls
2014-09-19 11:19 - 2014-06-14 21:12 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\lindanancyinvoice2014.xls
2014-09-19 11:19 - 2014-06-14 21:01 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20148.xls
2014-09-19 11:19 - 2014-06-07 18:30 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20147.xls
2014-09-19 11:19 - 2014-06-05 07:34 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\lodmill2invoice.xls
2014-09-19 11:19 - 2014-05-31 09:14 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20146.xls
2014-09-19 11:19 - 2014-05-30 07:53 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\kentrhodesinvoice2.xls
2014-09-19 11:19 - 2014-05-26 21:02 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20145.xls
2014-09-19 11:19 - 2014-05-17 11:22 - 00256512 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20144.xls
2014-09-19 11:19 - 2014-05-10 17:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20143.xls
2014-09-19 11:19 - 2014-05-03 14:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20142.xls
2014-09-19 11:19 - 2014-05-03 14:18 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice2014.xls
2014-09-19 11:19 - 2014-05-03 14:13 - 00256000 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice2014-2.xls
2014-09-19 11:19 - 2014-04-24 07:20 - 00258048 _____ () E:\Documents and Settings\guy\My Documents\kentrhodesinvoice1.xls
2014-09-19 11:19 - 2014-04-18 08:58 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\lodmillinvoice.xls
2014-09-19 11:19 - 2014-04-15 18:27 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\behrmaninvoice2014.xls
2014-09-19 11:19 - 2014-03-27 07:58 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\petersoninvoice.xls
2014-09-19 11:19 - 2014-03-25 06:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\thamerinvoice.xls
2014-09-19 11:19 - 2014-03-16 16:18 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin20145.xls
2014-09-19 11:19 - 2014-02-22 10:34 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin20144.xls
2014-09-19 11:19 - 2014-02-22 09:49 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice2014.xls
2014-09-19 11:19 - 2014-02-06 09:23 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwinfloorrepair2014.xls
2014-09-19 11:19 - 2014-02-04 20:44 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\curtcarlson.xls
2014-09-19 11:19 - 2014-02-02 20:42 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice20132.xls
2014-09-19 11:19 - 2014-02-02 14:26 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin20143.xls
2014-09-19 11:19 - 2014-01-24 08:45 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin20142.xls
2014-09-19 11:19 - 2014-01-24 08:24 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin2014.xls
2014-09-19 11:19 - 2014-01-24 08:23 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\thamer.xls
2014-09-19 11:19 - 2013-12-23 07:06 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin3.xls
2014-09-19 11:19 - 2013-12-17 12:09 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin2.xls
2014-09-19 11:19 - 2013-12-06 16:08 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin.xls
2014-09-19 11:19 - 2013-12-04 16:15 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\johnbarry2.xls
2014-09-19 11:19 - 2013-11-22 09:50 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\lindanancyinvoice2013.xls
2014-09-19 11:19 - 2013-11-12 08:42 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\short2.xls
2014-09-19 11:19 - 2013-11-12 08:14 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\short.xls
2014-09-19 11:19 - 2013-10-25 14:03 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\lindanancyinvoice20133.xls
2014-09-19 11:19 - 2013-10-16 08:37 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\johnbarry.xls
2014-09-19 11:19 - 2013-10-14 17:17 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\johansoninvoice.xls
2014-09-19 11:19 - 2013-10-14 09:27 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\lindanancyinvoice20132.xls
2014-09-19 11:19 - 2013-10-03 10:21 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\cysewskiinvoice3.xls
2014-09-19 11:19 - 2013-10-03 10:06 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\kellygoodwininvoice13#2.xls
2014-09-19 11:19 - 2013-09-27 08:37 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\cysewskiinvoice2.xls
2014-09-19 11:19 - 2013-09-18 07:50 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\cysewskiinvoice.xls
2014-09-19 11:19 - 2013-09-12 07:05 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\clinganinvoice.xls
2014-09-19 11:19 - 2013-09-12 06:59 - 00255488 _____ () E:\Documents and Settings\guy\My Documents\clinganinvoice2013.xls1.xls
2014-09-19 11:19 - 2013-09-12 06:54 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\clothierinvoice2013.xls1.xls
2014-09-19 11:19 - 2013-09-08 17:11 - 00256512 _____ () E:\Documents and Settings\guy\My Documents\eusticeinvoice.xls
2014-09-19 11:19 - 2013-08-18 09:37 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\hawley2invoice.xls
2014-09-19 11:19 - 2013-08-15 09:00 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\behrmandoorknobinvoice.xls
2014-09-19 11:19 - 2013-08-15 08:42 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\kellygoodwininvoice13.xls
2014-09-19 11:19 - 2013-08-09 12:12 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\welchhenleyinvoice4.xls
2014-09-19 11:19 - 2013-08-07 08:38 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\stewartinvoice2013.xls
2014-09-19 11:19 - 2013-07-26 08:02 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\welchhenleyinvoice3.xls
2014-09-19 11:19 - 2013-07-26 07:56 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\walshhenleyinvoice3.xls
2014-09-19 11:19 - 2013-07-10 18:58 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\walshhenleyinvoice2.xls
2014-09-19 11:19 - 2013-07-10 18:23 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\walshhenleyinvoice.xls
2014-09-19 11:19 - 2013-06-28 14:10 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\hawleyinvoice.xls
2014-09-19 11:19 - 2013-06-28 13:24 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\walshhenleycontract.xls
2014-09-19 11:19 - 2013-06-18 14:47 - 00240640 _____ () E:\Documents and Settings\guy\My Documents\armstronginvoice.xls
2014-09-19 11:19 - 2013-06-12 07:49 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\glendaleinvoice.2013xls.xls
2014-09-19 11:19 - 2013-05-28 20:00 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\fultonmats.3xls.xls
2014-09-19 11:19 - 2013-05-28 19:49 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice.xls3.xls
2014-09-19 11:19 - 2013-05-21 08:51 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\behrmaninvoice9.xls
2014-09-19 11:19 - 2013-05-21 08:49 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\berhman 9.xls
2014-09-19 11:19 - 2013-05-21 08:39 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\behrmaninvoice3.xls
2014-09-19 11:19 - 2013-05-21 08:39 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\behrmaninvoice2.xls
2014-09-19 11:19 - 2013-05-07 18:16 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\geraldhoefer2013.xls
2014-09-19 11:19 - 2013-04-21 11:38 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\behrmanmaterials.xls
2014-09-19 11:19 - 2013-04-21 11:37 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\dullabhmats.xls
2014-09-19 11:19 - 2013-04-21 11:12 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\behrmaninvoice.xls
2014-09-19 11:19 - 2013-04-03 08:30 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\vinagroup2013.xls
2014-09-19 11:19 - 2013-04-03 08:00 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\vin grou invoice13.xls
2014-09-19 11:19 - 2013-03-22 07:27 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\oyabeinvoice.xls
2014-09-19 11:19 - 2013-03-08 15:19 - 00240640 _____ () E:\Documents and Settings\guy\My Documents\olyinvoice.xls
2014-09-19 11:19 - 2013-03-01 19:01 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\torresinvoice.xls2013.xls
2014-09-19 11:19 - 2013-03-01 19:00 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\torresinvoice.xls2011.xls
2014-09-19 11:19 - 2013-02-28 06:47 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\hernandezinvoice.xls
2014-09-19 11:19 - 2013-02-08 10:06 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\kelligoodwininvoice2.xls
2014-09-19 11:19 - 2013-02-03 22:00 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\torresmats2013.xls
2014-09-19 11:19 - 2013-01-12 15:58 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\kellygoodwininvoice.xls
2014-09-19 11:19 - 2012-11-30 12:50 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\vinagroupinv.xls
2014-09-19 11:19 - 2012-11-30 12:27 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\kitanoinv1012.xls
2014-09-19 11:19 - 2012-11-22 10:55 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\bradleyinvoice.xls
2014-09-19 11:19 - 2012-11-22 10:35 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice2.xls
2014-09-19 11:19 - 2012-11-20 12:56 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\collierinv2.xls
2014-09-19 11:19 - 2012-11-20 12:47 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\paullmantelinv.xls
2014-09-19 11:19 - 2012-11-20 12:28 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\libertyinvoice.xls
2014-09-19 11:19 - 2012-11-09 11:45 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\paullshowerinv..xls
2014-09-19 11:19 - 2012-11-09 10:59 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\fulton2inv..xls
2014-09-19 11:19 - 2012-11-09 10:58 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\collierinvoice.xls
2014-09-19 11:19 - 2012-11-09 10:57 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\fultoninv..xls
2014-09-19 11:19 - 2012-11-09 10:56 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\collierinv..xls
2014-09-19 11:19 - 2012-10-29 10:07 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\vina group invoice 21.xls2.xls3.xls
2014-09-19 11:19 - 2012-10-27 19:04 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\geraldhoeferdentalinv..xls
2014-09-19 11:19 - 2012-10-24 06:15 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\paulbeaconinvoicePaullinvoice.xls
2014-09-19 11:19 - 2012-10-20 11:59 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\zionislandinv..xls
2014-09-19 11:19 - 2012-09-10 13:26 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\ronjohnsoninvoice.xls
2014-09-19 11:19 - 2012-09-05 09:47 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\hoeferginvoice.xls
2014-09-19 11:19 - 2012-08-22 20:13 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\herman3.xls
2014-09-19 11:19 - 2012-08-22 20:12 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\hermanllc.xls
2014-09-19 11:19 - 2012-08-20 20:35 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice.xls2.xls
2014-09-19 11:19 - 2012-08-20 20:12 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\cenciinvoice2.xls
2014-09-19 11:19 - 2012-07-12 12:05 - 00256000 _____ () E:\Documents and Settings\guy\My Documents\besharainvoice.xls
2014-09-19 11:19 - 2012-07-02 17:41 - 00265728 _____ () E:\Documents and Settings\guy\My Documents\Kohnmats.xls
2014-09-19 11:19 - 2012-06-30 14:53 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\zioninvoice.xls
2014-09-19 11:19 - 2012-06-20 09:53 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\hermaninvoice2.xls
2014-09-19 11:19 - 2012-06-12 17:54 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\houstoninvoice.xls
2014-09-19 11:19 - 2012-05-31 09:28 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\hoeferinvoice2.xls
2014-09-19 11:19 - 2012-05-31 09:27 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\ryanmcquadeivoice.xls
2014-09-19 11:19 - 2012-05-27 10:37 - 00256512 _____ () E:\Documents and Settings\guy\My Documents\cenciinvoice.xls
2014-09-19 11:19 - 2012-05-26 11:06 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\haerman2.xls
2014-09-19 11:19 - 2012-04-22 18:24 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\cristinewaldman.xls
2014-09-19 11:19 - 2012-04-06 15:01 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\clothierinvoice2012.xls1.xls
2014-09-19 11:19 - 2012-03-27 17:05 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\Harperinvoice.xls
2014-09-19 11:19 - 2012-03-27 17:02 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\torresinvoice.xls
2014-09-19 11:19 - 2012-03-21 08:37 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\tovarinvoice.xls
2014-09-19 11:19 - 2012-02-29 11:58 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\DamborgDan.xls
2014-09-19 11:19 - 2012-01-12 14:23 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\annemooreandmel2012.xls
2014-09-19 11:19 - 2011-12-14 13:02 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\lawinvoice.xls
2014-09-19 11:19 - 2011-12-14 12:50 - 00256000 _____ () E:\Documents and Settings\guy\My Documents\lawmats.xls
2014-09-19 11:19 - 2011-12-14 12:40 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\glendale invoice 2.xls
2014-09-19 11:19 - 2011-11-11 16:59 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\lydenmats.xls
2014-09-19 11:19 - 2011-11-11 16:52 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\lydeninvoice.xls
2014-09-19 11:19 - 2011-11-01 17:26 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\juanandhazelmaterials.xls
2014-09-19 11:19 - 2011-11-01 17:23 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\juanandhazelinvoice.xls
2014-09-19 11:19 - 2011-11-01 15:55 - 00256000 _____ () E:\Documents and Settings\guy\My Documents\clothierinvoice.xls
2014-09-19 11:19 - 2011-10-21 15:05 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\Waltoninvoice.xls
2014-09-19 11:19 - 2011-10-19 08:16 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\hermaninvoice.xls
2014-09-19 11:19 - 2011-10-09 15:35 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\taylorinvoice.xls
2014-09-19 11:19 - 2011-10-01 11:11 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\Randy and Robinnormany park.xls
2014-09-19 11:19 - 2011-09-30 09:28 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\lindanancyinvoice.xls
2014-09-19 11:19 - 2011-09-30 09:19 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\nancymats.xls
2014-09-19 11:19 - 2011-09-14 18:16 - 00259584 _____ () E:\Documents and Settings\guy\My Documents\bennettmats.xls
2014-09-19 11:19 - 2011-09-14 18:08 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\bennettinvoice.xls
2014-09-19 11:19 - 2011-09-05 15:15 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\vina group invoice 21.xls
2014-09-19 11:19 - 2011-07-31 10:27 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\lindanancycabinets.xls
2014-09-19 11:19 - 2011-07-31 10:13 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\lindanancyinvoice.xlsdp.xls
2014-09-19 11:19 - 2011-06-27 14:18 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\martyandlenayschneider.xls
2014-09-19 11:19 - 2011-06-21 13:02 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\Randy and Robin2 2011.xls2.xls
2014-09-19 11:19 - 2011-05-22 11:34 - 00261632 _____ () E:\Documents and Settings\guy\My Documents\nancyinvoice.xls
2014-09-19 11:19 - 2011-05-22 11:10 - 00260096 _____ () E:\Documents and Settings\guy\My Documents\nancylinda.xls
2014-09-19 11:19 - 2011-04-29 06:52 - 00261632 _____ () E:\Documents and Settings\guy\My Documents\lindanancy.xls
2014-09-19 11:19 - 2011-04-14 08:31 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice3.xls
2014-09-19 11:19 - 2011-04-02 10:23 - 00266240 _____ () E:\Documents and Settings\guy\My Documents\Randy and Robin2 2011.xls
2014-09-19 11:19 - 2011-03-29 07:08 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\torresinvoice.xls2011.xls2.1.xls
2014-09-19 11:19 - 2011-03-28 18:46 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\Hall.xls
2014-09-19 11:19 - 2011-03-20 11:15 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\Bettyinvoice.xls
2014-09-19 11:19 - 2011-02-18 19:15 - 00255488 _____ () E:\Documents and Settings\guy\My Documents\torresinvoice.xls2011.xls2.xls
2014-09-19 11:19 - 2011-02-18 17:12 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\Randy and Robin 2011.xls
2014-09-19 11:19 - 2011-02-08 19:11 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\glendaleinvoice.xls2011.xls
2014-09-19 11:19 - 2011-01-28 18:48 - 00265728 _____ () E:\Documents and Settings\guy\My Documents\anne moore 2011 xls.xls
2014-09-19 11:19 - 2011-01-28 18:43 - 00266240 _____ () E:\Documents and Settings\guy\My Documents\anne moore 2010.xls2.xls
2014-09-19 11:19 - 2011-01-28 18:42 - 00265728 _____ () E:\Documents and Settings\guy\My Documents\anne moore 2010.xls
2014-09-19 11:19 - 2011-01-01 11:00 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\Darren Williams.xls
2014-09-19 11:19 - 2010-12-08 09:19 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\pittaway invoice.xls
2014-09-19 11:19 - 2010-12-03 14:35 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\hartz.xls
2014-09-19 11:19 - 2010-12-01 10:02 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\GCDInvoice.xls4.xls5.xls
2014-09-19 11:19 - 2010-12-01 09:47 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\GCDInvoice.xls4.xls
2014-09-19 11:19 - 2010-11-02 10:09 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\vinagroup.xls 1.xls
2014-09-19 11:19 - 2010-11-02 10:09 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\vinagroup.xls
2014-09-19 11:19 - 2010-11-02 10:08 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\vina group invoice 21.xls2.xls
2014-09-19 11:19 - 2010-10-04 10:54 - 00266240 _____ () E:\Documents and Settings\guy\My Documents\GCDInvoice.xls3.xls1.xls
2014-09-19 11:19 - 2010-10-04 10:44 - 00265728 _____ () E:\Documents and Settings\guy\My Documents\GCDInvoice.xls3.xls
2014-09-19 11:19 - 2010-10-04 10:37 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\glendaleinvoice.xls
2014-09-19 11:19 - 2010-10-04 10:27 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\fultonmats.xls
2014-09-19 11:19 - 2010-10-04 10:21 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice.xls
2014-09-19 11:19 - 2010-09-17 11:35 - 00265728 _____ () E:\Documents and Settings\guy\My Documents\GCDInvoice.xls
2014-09-19 11:19 - 2010-07-28 04:23 - 00237056 _____ () E:\Documents and Settings\guy\My Documents\greghoefer.xls
2014-09-19 11:19 - 2010-07-13 07:45 - 00253952 _____ () E:\Documents and Settings\guy\My Documents\Paullinvoice.xls
2014-09-19 11:19 - 2010-07-13 07:26 - 00242176 _____ () E:\Documents and Settings\guy\My Documents\paullmats.xls
2014-09-19 11:19 - 2010-06-13 04:11 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\clothierinvoice.xls1.xls
2014-09-19 11:19 - 2010-06-08 07:36 - 00245760 _____ () E:\Documents and Settings\guy\My Documents\vinagroupmats.xls
2014-09-19 11:19 - 2010-04-20 06:40 - 00237056 _____ () E:\Documents and Settings\guy\My Documents\glendalemats.xls 2.xls
2014-09-19 11:19 - 2010-02-28 04:24 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\nelsonmaterials.xls
2014-09-19 11:19 - 2010-02-28 04:07 - 00237056 _____ () E:\Documents and Settings\guy\My Documents\glendalemats.xls
2014-09-19 11:19 - 2010-02-21 03:30 - 00243200 _____ () E:\Documents and Settings\guy\My Documents\nelsoninvoice.xls
2014-09-19 11:19 - 2010-01-29 02:57 - 00241152 _____ () E:\Documents and Settings\guy\My Documents\torresmats.xls
2014-09-19 11:19 - 2010-01-24 13:53 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\nelsonmats.xls
2014-09-19 11:19 - 2010-01-24 13:13 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\apgarmats.xls
2014-09-19 11:19 - 2009-12-28 13:48 - 00250368 _____ () E:\Documents and Settings\guy\My Documents\greghoefermats.xls
2014-09-19 11:19 - 2009-11-06 00:49 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\hoefersubs.xls
2014-09-19 11:19 - 2009-10-05 06:55 - 00242688 _____ () E:\Documents and Settings\guy\My Documents\hoeferinvoice.xls
2014-09-19 11:19 - 2009-08-27 03:02 - 00281088 _____ () E:\Documents and Settings\guy\My Documents\Spencerinvoice.xls
2014-09-19 11:19 - 2009-08-21 00:51 - 00261632 _____ () E:\Documents and Settings\guy\My Documents\rigosinvoice.xls
2014-09-19 11:19 - 2009-07-13 06:23 - 00241152 _____ () E:\Documents and Settings\guy\My Documents\hoefermats.xls
2014-09-19 11:19 - 2009-06-29 10:10 - 00237056 _____ () E:\Documents and Settings\guy\My Documents\ghoefermats.xls
2014-09-19 11:19 - 2009-05-26 13:10 - 00242176 _____ () E:\Documents and Settings\guy\My Documents\krohinvoice.xls
2014-09-19 11:19 - 2009-05-26 00:10 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\kohnmats.xls hours.xls
2014-09-19 11:19 - 2009-04-07 12:30 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\shorettmats.xls
2014-09-19 11:19 - 2009-04-07 11:57 - 00238080 _____ () E:\Documents and Settings\guy\My Documents\shorettinvooice.xls
2014-09-19 11:19 - 2009-03-08 11:50 - 00261632 _____ () E:\Documents and Settings\guy\My Documents\nancy and linda.xls
2014-09-19 11:19 - 2009-03-08 11:50 - 00247296 _____ () E:\Documents and Settings\guy\My Documents\schroeterinvoice.xls
2014-09-19 11:19 - 2009-01-25 02:20 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\jenkinsonmats.xls
2014-09-19 11:19 - 2009-01-25 02:04 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\beaneinvoice.xls
2014-09-19 11:19 - 2008-12-14 03:47 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\eusticehours.xls
2014-09-19 11:19 - 2008-12-14 03:43 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\eusticemats.xls
2014-09-19 11:19 - 2008-11-23 04:12 - 00012762 _____ () E:\Documents and Settings\guy\My Documents\Shunning-A Part of the Faith of Jehovahs Witnesses.htm
2014-09-19 11:19 - 2008-11-22 13:26 - 00177664 _____ () E:\Documents and Settings\guy\My Documents\CF 11.6.08 - 11.21.08.xls
2014-09-19 11:19 - 2008-10-31 06:24 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\stewartinvoice.xls
2014-09-19 11:19 - 2008-08-06 09:27 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\Harperhours.xls
2014-09-19 11:19 - 2008-08-06 09:22 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\Harpermats.xls
2014-09-19 11:19 - 2008-06-16 11:07 - 00242176 _____ () E:\Documents and Settings\guy\My Documents\wattshours.xls
2014-09-19 11:19 - 2008-06-16 08:20 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\wattsmats.xls
2014-09-19 11:19 - 2008-06-16 08:09 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\wattsinvoice.xls
2014-09-19 11:19 - 2008-04-24 09:58 - 00238592 _____ () E:\Documents and Settings\guy\My Documents\dullabhinvoice.xls
2014-09-19 11:19 - 2008-04-07 10:28 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\schroetermats.xls
2014-09-19 11:19 - 2008-01-07 05:26 - 00238080 _____ () E:\Documents and Settings\guy\My Documents\clayinvoice.xls
2014-09-19 11:19 - 2007-11-07 02:50 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\derryinvoice.xls
2014-09-19 11:19 - 2007-11-02 07:12 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\Meyersinvoice.xls
2014-09-19 11:19 - 2007-10-19 02:38 - 00242688 _____ () E:\Documents and Settings\guy\My Documents\wheatinvoice.xls
2014-09-19 11:19 - 2007-09-07 01:11 - 00242176 _____ () E:\Documents and Settings\guy\My Documents\meyersmats.xls
2014-09-19 11:19 - 2007-08-07 03:47 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\glendalehours.xls
2014-09-19 11:19 - 2007-06-04 10:58 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\stewartmats.xls
2014-09-19 11:19 - 2007-05-23 08:46 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\clinganmats.xls
2014-09-19 11:19 - 2007-05-17 11:37 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\tblummats.xls
2014-09-19 11:19 - 2007-05-17 11:36 - 00242688 _____ () E:\Documents and Settings\guy\My Documents\tbluminvoice.xls
2014-09-19 11:19 - 2007-02-13 07:08 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\bloomenthalinvoice1.xls
2014-09-19 11:19 - 2007-02-02 07:32 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\derrymats.xls
2014-09-19 11:19 - 2007-01-18 03:23 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\piovesaninovoice.xls
2014-09-19 11:19 - 2006-12-06 07:47 - 00242176 _____ () E:\Documents and Settings\guy\My Documents\olymats.xls
2014-09-19 11:19 - 2006-10-14 03:47 - 00242176 _____ () E:\Documents and Settings\guy\My Documents\shorettinvoice.xls
2014-09-19 11:19 - 2006-08-11 01:34 - 00238080 _____ () E:\Documents and Settings\guy\My Documents\apgarinvoice.xls
2014-09-19 11:19 - 2006-07-27 03:43 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\helmmats.xls
2014-09-19 11:19 - 2006-07-27 03:32 - 00242688 _____ () E:\Documents and Settings\guy\My Documents\helminvoice.xls
2014-09-19 11:19 - 2006-07-19 04:08 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\Blumenthalmats.xls
2014-09-19 11:19 - 2006-07-19 04:05 - 00238080 _____ () E:\Documents and Settings\guy\My Documents\blumenthallinvoice.xls
2014-09-19 11:19 - 2006-03-07 04:17 - 00237056 _____ () E:\Documents and Settings\guy\My Documents\wintersmats.xls
2014-09-19 11:19 - 2006-03-07 03:59 - 00242688 _____ () E:\Documents and Settings\guy\My Documents\wintersinvoice.xls
2014-09-19 11:19 - 2005-10-23 02:49 - 00248320 _____ () E:\Documents and Settings\guy\My Documents\jenkinsoninvoice1.xls
2014-09-19 11:19 - 2005-08-01 10:46 - 00242688 _____ () E:\Documents and Settings\guy\My Documents\remediesinvoice.xls
2014-09-19 11:19 - 2005-05-02 05:52 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\Higginsmats.xls
2014-09-19 11:19 - 2005-05-02 05:49 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\higginsinvoice.xls
2014-09-19 11:19 - 2005-03-03 02:00 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\zionmats.xls
2014-09-18 13:57 - 2014-09-18 13:59 - 00000000 ____D () E:\Program Files\Mozilla Firefox
2014-09-15 16:33 - 2014-09-15 16:49 - 00257536 _____ () E:\Documents and Settings\lavonne\My Documents\tracigoodwin20146.xls
2014-09-15 16:31 - 2014-09-15 16:31 - 00252416 _____ () E:\Documents and Settings\lavonne\My Documents\codyevans5.xls
2014-09-13 15:51 - 2014-09-13 16:12 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\todoedinvoice3.xls
2014-09-06 20:03 - 2014-09-06 20:07 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\todoedinvoice2.xls
2014-08-30 14:32 - 2014-08-30 14:36 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\todoedinvoice.xls
2014-08-27 05:51 - 2014-08-27 07:20 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\petersoninvoice14.xls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-19 20:34 - 2014-09-19 20:33 - 00000000 ____D () E:\FRST
2014-09-19 20:34 - 2012-05-15 14:05 - 00000000 ____D () E:\Documents and Settings\lavonne\Local Settings\Temp
2014-09-19 19:45 - 2012-10-27 17:48 - 00000830 _____ () E:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-19 19:28 - 2014-03-28 03:10 - 00000384 ____H () E:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-09-19 19:18 - 2014-03-09 10:00 - 00000218 _____ () E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-09-19 19:18 - 2012-05-15 21:26 - 00693179 _____ () E:\WINDOWS\setupapi.log
2014-09-19 19:18 - 2012-05-15 21:26 - 00172619 _____ () E:\WINDOWS\setupact.log
2014-09-19 19:18 - 2012-05-15 14:38 - 01466237 _____ () E:\WINDOWS\WindowsUpdate.log
2014-09-19 19:17 - 2012-05-15 13:57 - 00000006 ____H () E:\WINDOWS\Tasks\SA.DAT
2014-09-19 18:09 - 2012-05-15 14:05 - 00000178 ___SH () E:\Documents and Settings\lavonne\ntuser.ini
2014-09-19 18:09 - 2012-05-15 14:04 - 00032526 _____ () E:\WINDOWS\SchedLgU.Txt
2014-09-19 18:07 - 2014-09-19 17:38 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-09-19 18:07 - 2014-09-19 17:36 - 00000000 ____D () E:\Documents and Settings\lavonne\Desktop\mbar
2014-09-19 17:41 - 2014-03-29 08:55 - 00000426 ____H () E:\WINDOWS\Tasks\User_Feed_Synchronization-{60A9699E-D563-4A84-B463-336407475A7C}.job
2014-09-19 17:37 - 2014-09-19 11:54 - 00113880 _____ (Malwarebytes Corporation) E:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 17:36 - 2014-09-19 11:53 - 00054232 _____ (Malwarebytes Corporation) E:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-19 16:47 - 2012-05-15 15:11 - 00000000 ____D () E:\Program Files\SUPERAntiSpyware
2014-09-19 16:43 - 2014-09-19 16:32 - 00000000 ____D () E:\AdwCleaner
2014-09-19 15:34 - 2012-05-15 14:04 - 00000000 ____D () E:\Documents and Settings\NetworkService\Local Settings\Temp
2014-09-19 15:24 - 2012-05-15 22:58 - 00000000 ____D () E:\Documents and Settings\guy\Local Settings\Temp
2014-09-19 15:17 - 2012-05-15 22:58 - 00000178 ___SH () E:\Documents and Settings\guy\ntuser.ini
2014-09-19 15:17 - 2012-05-15 14:05 - 00000000 ____D () E:\Documents and Settings\lavonne
2014-09-19 11:53 - 2014-09-19 11:53 - 00000000 ____D () E:\Program Files\Malwarebytes Anti-Malware
2014-09-19 11:53 - 2014-09-19 11:53 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-19 11:53 - 2012-05-15 15:15 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-09-19 11:50 - 2014-09-19 11:50 - 00000000 ____D () E:\Documents and Settings\guy\Application Data\Malwarebytes
2014-09-18 16:41 - 2012-05-15 14:31 - 00000000 ____D () E:\Program Files\Mozilla Maintenance Service
2014-09-18 13:59 - 2014-09-18 13:57 - 00000000 ____D () E:\Program Files\Mozilla Firefox
2014-09-15 16:49 - 2014-09-19 11:19 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin20146.xls
2014-09-15 16:49 - 2014-09-15 16:33 - 00257536 _____ () E:\Documents and Settings\lavonne\My Documents\tracigoodwin20146.xls
2014-09-15 16:31 - 2014-09-19 11:19 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\codyevans5.xls
2014-09-15 16:31 - 2014-09-15 16:31 - 00252416 _____ () E:\Documents and Settings\lavonne\My Documents\codyevans5.xls
2014-09-14 14:35 - 2014-03-09 10:00 - 00000212 _____ () E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-09-13 18:17 - 2003-03-31 05:00 - 00013646 _____ () E:\WINDOWS\system32\wpa.dbl
2014-09-13 16:12 - 2014-09-19 11:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoedinvoice3.xls
2014-09-13 16:12 - 2014-09-13 15:51 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\todoedinvoice3.xls
2014-09-10 10:46 - 2012-10-27 17:48 - 00701104 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-10 10:46 - 2012-10-27 17:48 - 00071344 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-10 10:45 - 2014-07-08 23:45 - 17903792 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-09-10 03:05 - 2013-08-15 03:03 - 00000000 ____D () E:\WINDOWS\system32\MRT
2014-09-10 03:01 - 2012-05-15 15:24 - 98758480 _____ (Microsoft Corporation) E:\WINDOWS\system32\MRT.exe
2014-09-06 20:07 - 2014-09-19 11:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoedinvoice2.xls
2014-09-06 20:07 - 2014-09-06 20:03 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\todoedinvoice2.xls
2014-08-30 14:37 - 2014-09-19 11:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoedinvoice.xls
2014-08-30 14:36 - 2014-08-30 14:32 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\todoedinvoice.xls
2014-08-27 07:21 - 2014-09-19 11:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\petersoninvoice14.xls
2014-08-27 07:20 - 2014-08-27 05:51 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\petersoninvoice14.xls
2014-08-21 23:32 - 2012-05-15 15:43 - 00000376 _____ () E:\WINDOWS\ODBC.INI

Some content of TEMP:
====================
E:\Documents and Settings\lavonne\Local Settings\Temp\AskSLib.dll
E:\Documents and Settings\lavonne\Local Settings\Temp\Quarantine.exe
E:\Documents and Settings\lavonne\Local Settings\Temp\siinst.exe
E:\Documents and Settings\lavonne\Local Settings\Temp\strings.dll
E:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8bb3478b.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

E:\WINDOWS\explorer.exe => File is digitally signed
E:\WINDOWS\system32\winlogon.exe => File is digitally signed
E:\WINDOWS\system32\svchost.exe => File is digitally signed
E:\WINDOWS\system32\services.exe => File is digitally signed
E:\WINDOWS\system32\User32.dll => File is digitally signed
E:\WINDOWS\system32\userinit.exe => File is digitally signed
E:\WINDOWS\system32\rpcss.dll => File is digitally signed
E:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by lavonne at 2014-09-19 20:36:05
Running from E:\Documents and Settings\lavonne\My Documents\downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Eudora (HKLM\...\{FA2FADB1-909D-415D-9726-C9F536AEF132}) (Version: 7.0 - )
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version:  - )
HP LaserJet Professional M1210 MFP Series Fax Installer (HKLM\...\{FA3AFC80-05A5-45A6-BD6E-92641BF93129}) (Version: 1.1.0 - HP)
HP LaserJet Professional M1210 MFP Series Toolbox (HKLM\...\{33FA361C-6545-4490-945C-1B869370489D}) (Version: 1.0.12 - Hewlett-Packard)
HP LaserJet Toolbox (HKLM\...\{1FA6376A-3120-45DA-8686-96DEFC8A0513}) (Version: 2.0.0 - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5160 - Intel Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.201.0 - Tracker Software Products Ltd)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - Realtek Semiconductor Corp.)
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 1.0.1 - HP)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1148 - SUPERAntiSpyware.com)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

22-06-2014 08:57:58 Software Distribution Service 3.0
23-06-2014 08:58:01 Software Distribution Service 3.0
24-06-2014 08:59:11 Software Distribution Service 3.0
25-06-2014 09:03:58 System Checkpoint
26-06-2014 08:58:06 Software Distribution Service 3.0
27-06-2014 09:46:43 System Checkpoint
27-06-2014 14:55:42 Software Distribution Service 3.0
28-06-2014 14:55:33 Software Distribution Service 3.0
29-06-2014 09:01:10 Software Distribution Service 3.0
29-06-2014 14:57:28 Software Distribution Service 3.0
30-06-2014 14:57:42 Software Distribution Service 3.0
01-07-2014 14:54:56 Software Distribution Service 3.0
02-07-2014 14:56:45 Software Distribution Service 3.0
03-07-2014 14:55:26 Software Distribution Service 3.0
04-07-2014 14:55:09 Software Distribution Service 3.0
05-07-2014 14:55:21 Software Distribution Service 3.0
06-07-2014 09:00:39 Software Distribution Service 3.0
06-07-2014 14:55:14 Software Distribution Service 3.0
07-07-2014 14:55:13 Software Distribution Service 3.0
08-07-2014 14:55:38 Software Distribution Service 3.0
09-07-2014 10:00:35 Software Distribution Service 3.0
09-07-2014 14:58:39 Software Distribution Service 3.0
10-07-2014 14:55:12 Software Distribution Service 3.0
11-07-2014 14:54:48 Software Distribution Service 3.0
12-07-2014 14:54:53 Software Distribution Service 3.0
13-07-2014 09:00:23 Software Distribution Service 3.0
13-07-2014 14:55:23 Software Distribution Service 3.0
14-07-2014 14:53:41 Software Distribution Service 3.0
15-07-2014 14:54:59 Software Distribution Service 3.0
16-07-2014 14:54:57 Software Distribution Service 3.0
17-07-2014 14:54:59 Software Distribution Service 3.0
18-07-2014 14:54:55 Software Distribution Service 3.0
19-07-2014 14:55:03 Software Distribution Service 3.0
20-07-2014 08:59:47 Software Distribution Service 3.0
20-07-2014 14:54:49 Software Distribution Service 3.0
21-07-2014 14:54:54 Software Distribution Service 3.0
22-07-2014 14:55:07 Software Distribution Service 3.0
23-07-2014 14:54:59 Software Distribution Service 3.0
24-07-2014 15:14:16 System Checkpoint
25-07-2014 14:32:42 Software Distribution Service 3.0
26-07-2014 14:32:37 Software Distribution Service 3.0
27-07-2014 08:58:09 Software Distribution Service 3.0
28-07-2014 09:32:17 System Checkpoint
28-07-2014 14:33:21 Software Distribution Service 3.0
29-07-2014 14:31:26 Software Distribution Service 3.0
30-07-2014 14:33:47 Software Distribution Service 3.0
31-07-2014 14:32:29 Software Distribution Service 3.0
01-08-2014 14:32:29 Software Distribution Service 3.0
02-08-2014 14:32:27 Software Distribution Service 3.0
03-08-2014 08:58:28 Software Distribution Service 3.0
03-08-2014 14:32:28 Software Distribution Service 3.0
04-08-2014 14:32:37 Software Distribution Service 3.0
05-08-2014 14:32:34 Software Distribution Service 3.0
06-08-2014 14:32:40 Software Distribution Service 3.0
07-08-2014 14:32:41 Software Distribution Service 3.0
08-08-2014 14:32:41 Software Distribution Service 3.0
09-08-2014 14:32:42 Software Distribution Service 3.0
10-08-2014 08:57:56 Software Distribution Service 3.0
10-08-2014 14:35:49 Software Distribution Service 3.0
11-08-2014 14:32:50 Software Distribution Service 3.0
12-08-2014 14:32:29 Software Distribution Service 3.0
13-08-2014 16:02:01 Software Distribution Service 3.0
14-08-2014 16:07:08 System Checkpoint
15-08-2014 15:05:53 Software Distribution Service 3.0
16-08-2014 10:00:24 Software Distribution Service 3.0
16-08-2014 15:06:14 Software Distribution Service 3.0
17-08-2014 08:58:27 Software Distribution Service 3.0
18-08-2014 05:18:18 Software Distribution Service 3.0
19-08-2014 05:16:31 Software Distribution Service 3.0
20-08-2014 05:15:33 Software Distribution Service 3.0
21-08-2014 05:15:31 Software Distribution Service 3.0
22-08-2014 05:15:38 Software Distribution Service 3.0
23-08-2014 05:16:05 Software Distribution Service 3.0
24-08-2014 05:15:55 Software Distribution Service 3.0
24-08-2014 08:57:44 Software Distribution Service 3.0
25-08-2014 05:15:36 Software Distribution Service 3.0
26-08-2014 05:21:33 Software Distribution Service 3.0
27-08-2014 05:16:00 Software Distribution Service 3.0
28-08-2014 05:16:52 Software Distribution Service 3.0
29-08-2014 05:16:09 Software Distribution Service 3.0
30-08-2014 05:16:01 Software Distribution Service 3.0
31-08-2014 05:16:09 Software Distribution Service 3.0
31-08-2014 08:56:46 Software Distribution Service 3.0
01-09-2014 09:18:07 System Checkpoint
01-09-2014 17:26:30 Software Distribution Service 3.0
02-09-2014 17:26:16 Software Distribution Service 3.0
03-09-2014 17:26:18 Software Distribution Service 3.0
04-09-2014 17:26:20 Software Distribution Service 3.0
05-09-2014 17:26:29 Software Distribution Service 3.0
06-09-2014 17:26:27 Software Distribution Service 3.0
07-09-2014 08:47:02 Software Distribution Service 3.0
07-09-2014 17:25:39 Software Distribution Service 3.0
08-09-2014 17:25:43 Software Distribution Service 3.0
09-09-2014 17:25:51 Software Distribution Service 3.0
10-09-2014 10:00:23 Software Distribution Service 3.0
10-09-2014 17:28:24 Software Distribution Service 3.0
11-09-2014 17:25:51 Software Distribution Service 3.0
12-09-2014 17:25:57 Software Distribution Service 3.0
13-09-2014 17:26:39 Software Distribution Service 3.0
14-09-2014 08:47:43 Software Distribution Service 3.0
14-09-2014 17:27:25 Software Distribution Service 3.0
15-09-2014 18:20:49 System Checkpoint
15-09-2014 21:32:25 Software Distribution Service 3.0
16-09-2014 21:29:29 Software Distribution Service 3.0
17-09-2014 21:30:16 Software Distribution Service 3.0
18-09-2014 21:30:20 Software Distribution Service 3.0
19-09-2014 22:05:22 System Checkpoint
19-09-2014 22:36:44 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2003-03-31 05:00 - 2003-03-31 05:00 - 00000734 ____A E:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: E:\WINDOWS\Tasks\Adobe Flash Player Updater.job => E:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: E:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => e:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => E:\WINDOWS\system32\xp_eos.exe
Task: E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => E:\WINDOWS\system32\xp_eos.exe
Task: E:\WINDOWS\Tasks\User_Feed_Synchronization-{60A9699E-D563-4A84-B463-336407475A7C}.job => E:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2012-05-15 16:57 - 2009-11-20 13:42 - 00163840 _____ () E:\WINDOWS\system32\HPM1210LM.DLL
2012-05-15 16:57 - 2009-11-20 13:42 - 00069632 _____ () E:\WINDOWS\System32\spool\PRTPROCS\W32X86\HPM1210PP.dll
2014-09-18 13:57 - 2014-09-18 13:58 - 03734640 _____ () E:\Program Files\Mozilla Firefox\mozjs.dll
2014-09-10 10:46 - 2014-09-10 10:46 - 16825520 _____ () E:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/19/2014 08:34:54 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (09/19/2014 08:34:54 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (09/19/2014 07:42:53 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (09/19/2014 07:42:53 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (09/19/2014 11:54:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam-setup.tmp, version 51.52.0.0, faulting module mbamsrv.dll, version 1.1.0.0, fault address 0x00048e54.
Processing media-specific event for [mbam-setup.tmp!ws!]

Error: (09/15/2014 04:05:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000673be.
Processing media-specific event for [explorer.exe!ws!]

Error: (09/10/2014 06:14:03 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.10904.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (09/07/2014 06:03:36 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.10904.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (09/01/2014 08:23:26 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.10904.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (08/31/2014 07:41:55 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.10904.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.


System errors:
=============
Error: (09/19/2014 08:14:41 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort3

Error: (09/19/2014 07:28:00 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (09/19/2014 07:19:33 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 10.0.0.2 for the Network Card with network address D02788AD876C has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Error: (09/19/2014 07:18:24 PM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: %Virus:DOS/Rovnix.W60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Virus:DOS/Rovnix.W603

    Name: Virus:DOS/Rovnix.W

    ID: 2147684242

    Severity: %Virus:DOS/Rovnix.W600

    Category: %Virus:DOS/Rovnix.W602

    Path: 4.5.0216.02

    Detection Origin: 4.5.0216.04

    Detection Type: 4.5.0216.08

    Detection Source: %Virus:DOS/Rovnix.W608

    User: {8BE2F00A-FA36-4E3F-B045-148FB8978EE8}9

    Process Name: %Virus:DOS/Rovnix.W609

    Action: {8BE2F00A-FA36-4E3F-B045-148FB8978EE8}1

    Action Status:  {8BE2F00A-FA36-4E3F-B045-148FB8978EE8}8

    Error Code: {8BE2F00A-FA36-4E3F-B045-148FB8978EE8}3

    Error description: {8BE2F00A-FA36-4E3F-B045-148FB8978EE8}4

    Signature Version: 2014-09-20T02:18:10.359Z1

    Engine Version: 2014-09-20T02:18:10.359Z2

Error: (09/19/2014 07:18:24 PM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk0\D

Error: (09/19/2014 07:18:23 PM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk0\D

Error: (09/19/2014 07:18:23 PM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk0\D

Error: (09/19/2014 07:18:22 PM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk0\D

Error: (09/19/2014 07:18:22 PM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk0\D

Error: (09/19/2014 07:18:10 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.


Microsoft Office Sessions:
=========================
Error: (09/19/2014 08:34:54 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (09/19/2014 08:34:54 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (09/19/2014 07:42:53 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (09/19/2014 07:42:53 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (09/19/2014 11:54:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam-setup.tmp51.52.0.0mbamsrv.dll1.1.0.000048e54

Error: (09/15/2014 04:05:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5512ntdll.dll5.1.2600.6055000673be

Error: (09/10/2014 06:14:03 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.10904.0mpengine0unspecifiedNILNILNIL

Error: (09/07/2014 06:03:36 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.10904.0mpengine0unspecifiedNILNILNIL

Error: (09/01/2014 08:23:26 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.10904.0mpengine0unspecifiedNILNILNIL

Error: (08/31/2014 07:41:55 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.10904.0mpengine0unspecifiedNILNILNIL


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 36%
Total physical RAM: 3293.07 MB
Available physical RAM: 2105.98 MB
Total Pagefile: 5177.44 MB
Available Pagefile: 4071.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1912.01 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:58.59 GB) (Free:58.53 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (Hard Drive) (Fixed) (Total:407.16 GB) (Free:387.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 3C263C26)
Partition 1: (Active) - (Size=58.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=407.2 GB) - (Type=OF Extended)

==================== End Of Log ============================

 

Thank You!

Link to post
Share on other sites

Minion%20Welcome.jpg

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.


TDSSKiller_Kaspersky.png Scan with TDSSKiller

Please download TDSSKiller by Kaspersky and save it to your desktop.

  • Right-click on TDSSKiller_Kaspersky.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Click on Change parameters and put a checkmark beside Loaded modules. A reboot will be needed to apply the changes, allow it to do so.
  • Your machine may appear very slow and unusable after that - it's normal.
  • TDSSKiller will run automaticaly. Click on Change parameters and click OK.
  • Make sure that Verify driver digital signatures & Detect TDLFS File System are marked and click OK.
  • Click the Start Scan button and wait patiently.

If anything will be found follow this guidelines:

  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    > Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    > If Cure is not available, please choose Skip instead.

  • Do not choose Delete unless instructed!

A report will be created in your root directory, (usually C:\ drive) in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt. Please include the contents of that file in your next post.

Link to post
Share on other sites

Thank you for helping Naathim.

Sorry I ran TDSS twice. First time started before I realized had to Verify driver digital signatures & Detect TDLFS File System are marked, so I cancelled, marked them and ran again. The first log is below:

08:10:08.0953 0x07b4 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58

08:10:10.0000 0x07b4 ============================================================

08:10:10.0000 0x07b4 Current date / time: 2014/09/20 08:10:10.0000

08:10:10.0000 0x07b4 SystemInfo:

08:10:10.0000 0x07b4

08:10:10.0000 0x07b4 OS Version: 5.1.2600 ServicePack: 3.0

08:10:10.0000 0x07b4 Product type: Workstation

08:10:10.0796 0x07b4 ComputerName: GUYHARDMAN

08:10:10.0796 0x07b4 UserName: lavonne

08:10:10.0796 0x07b4 Windows directory: E:\WINDOWS

08:10:10.0796 0x07b4 System windows directory: E:\WINDOWS

08:10:10.0796 0x07b4 Processor architecture: Intel x86

08:10:10.0796 0x07b4 Number of processors: 2

08:10:10.0796 0x07b4 Page size: 0x1000

08:10:10.0796 0x07b4 Boot type: Normal boot

08:10:10.0796 0x07b4 ============================================================

08:10:10.0796 0x07b4 BG loaded

08:10:14.0296 0x07b4 System UUID: {F68E6038-3880-B109-2D86-F551B1DE875E}

08:10:18.0796 0x07b4 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044

08:10:18.0843 0x07b4 ============================================================

08:10:18.0843 0x07b4 \Device\Harddisk0\DR0:

08:10:18.0875 0x07b4 MBR partitions:

08:10:18.0875 0x07b4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7530462

08:10:18.0890 0x07b4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x75304E0, BlocksNum 0x32E508A0

08:10:18.0890 0x07b4 ============================================================

08:10:19.0015 0x07b4 C: <-> \Device\Harddisk0\DR0\Partition1

08:10:19.0250 0x07b4 E: <-> \Device\Harddisk0\DR0\Partition2

08:10:19.0250 0x07b4 ============================================================

08:10:19.0250 0x07b4 Initialize success

08:10:19.0250 0x07b4 ============================================================

08:10:40.0781 0x0a8c ============================================================

08:10:40.0781 0x0a8c Scan started

08:10:40.0781 0x0a8c Mode: Manual;

08:10:40.0781 0x0a8c ============================================================

08:10:40.0781 0x0a8c KSN ping started

08:11:07.0156 0x0a8c KSN ping finished: true

08:11:07.0750 0x0a8c ================ Scan system memory ========================

08:11:07.0765 0x0a8c System memory - ok

08:11:07.0765 0x0a8c ================ Scan services =============================

08:11:07.0843 0x0a8c [ 72D6D8E2D4F82C6E829125C7EC2A88F9, F357CFC3D04EB3F8E1A504D531D099698C6E2B29EB6CEDF75C08BF8917C46573 ] !SASCORE E:\Program Files\SUPERAntiSpyware\SASCORE.EXE

08:11:07.0843 0x0a8c !SASCORE - ok

08:11:08.0281 0x0a8c Abiosdsk - ok

08:11:08.0296 0x0a8c abp480n5 - ok

08:11:08.0375 0x0a8c [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI E:\WINDOWS\system32\DRIVERS\ACPI.sys

08:11:08.0421 0x0a8c ACPI - ok

08:11:08.0468 0x0a8c [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC E:\WINDOWS\system32\drivers\ACPIEC.sys

08:11:08.0468 0x0a8c ACPIEC - ok

08:11:08.0578 0x0a8c [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc E:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

08:11:08.0640 0x0a8c AdobeFlashPlayerUpdateSvc - ok

08:11:08.0656 0x0a8c adpu160m - ok

08:11:08.0734 0x0a8c [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec E:\WINDOWS\system32\drivers\aec.sys

08:11:08.0734 0x0a8c aec - ok

08:11:08.0812 0x0a8c [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD E:\WINDOWS\System32\drivers\afd.sys

08:11:08.0812 0x0a8c AFD - ok

08:11:08.0812 0x0a8c Aha154x - ok

08:11:08.0812 0x0a8c aic78u2 - ok

08:11:08.0828 0x0a8c aic78xx - ok

08:11:08.0859 0x0a8c [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter E:\WINDOWS\system32\alrsvc.dll

08:11:08.0875 0x0a8c Alerter - ok

08:11:08.0906 0x0a8c [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG E:\WINDOWS\System32\alg.exe

08:11:08.0906 0x0a8c ALG - ok

08:11:08.0906 0x0a8c AliIde - ok

08:11:09.0375 0x0a8c [ F6AF59D6EEE5E1C304F7F73706AD11D8, F5D39EF40CDB5102A84C8594CFC54DDBD5060E193E6D07421A9003D2ABC63E30 ] Ambfilt E:\WINDOWS\system32\drivers\Ambfilt.sys

08:11:09.0828 0x0a8c Ambfilt - ok

08:11:09.0843 0x0a8c amsint - ok

08:11:09.0843 0x0a8c AppMgmt - ok

08:11:09.0843 0x0a8c asc - ok

08:11:09.0843 0x0a8c asc3350p - ok

08:11:09.0859 0x0a8c asc3550 - ok

08:11:09.0859 0x0a8c asoufuqa - ok

08:11:09.0984 0x0a8c [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

08:11:10.0062 0x0a8c aspnet_state - ok

08:11:10.0109 0x0a8c [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac E:\WINDOWS\system32\DRIVERS\asyncmac.sys

08:11:10.0125 0x0a8c AsyncMac - ok

08:11:10.0140 0x0a8c [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi E:\WINDOWS\system32\DRIVERS\atapi.sys

08:11:10.0156 0x0a8c atapi - ok

08:11:10.0156 0x0a8c Atdisk - ok

08:11:10.0187 0x0a8c [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc E:\WINDOWS\system32\DRIVERS\atmarpc.sys

08:11:10.0203 0x0a8c Atmarpc - ok

08:11:10.0234 0x0a8c [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv E:\WINDOWS\System32\audiosrv.dll

08:11:10.0234 0x0a8c AudioSrv - ok

08:11:10.0281 0x0a8c [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub E:\WINDOWS\system32\DRIVERS\audstub.sys

08:11:10.0281 0x0a8c audstub - ok

08:11:10.0281 0x0a8c basfwynk - ok

08:11:10.0312 0x0a8c [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep E:\WINDOWS\system32\drivers\Beep.sys

08:11:10.0312 0x0a8c Beep - ok

08:11:10.0437 0x0a8c [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS E:\WINDOWS\system32\qmgr.dll

08:11:10.0578 0x0a8c BITS - ok

08:11:10.0578 0x0a8c bmrtexpn - ok

08:11:10.0625 0x0a8c [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser E:\WINDOWS\System32\browser.dll

08:11:10.0625 0x0a8c Browser - ok

08:11:10.0656 0x0a8c [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k E:\WINDOWS\system32\drivers\cbidf2k.sys

08:11:10.0656 0x0a8c cbidf2k - ok

08:11:10.0656 0x0a8c cd20xrnt - ok

08:11:10.0687 0x0a8c [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio E:\WINDOWS\system32\drivers\Cdaudio.sys

08:11:10.0687 0x0a8c Cdaudio - ok

08:11:10.0703 0x0a8c [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs E:\WINDOWS\system32\drivers\Cdfs.sys

08:11:10.0703 0x0a8c Cdfs - ok

08:11:10.0734 0x0a8c [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom E:\WINDOWS\system32\DRIVERS\cdrom.sys

08:11:10.0734 0x0a8c Cdrom - ok

08:11:10.0734 0x0a8c Changer - ok

08:11:10.0765 0x0a8c [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc E:\WINDOWS\system32\cisvc.exe

08:11:10.0765 0x0a8c CiSvc - ok

08:11:10.0796 0x0a8c [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv E:\WINDOWS\system32\clipsrv.exe

08:11:10.0812 0x0a8c ClipSrv - ok

08:11:10.0859 0x0a8c [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:11:10.0921 0x0a8c clr_optimization_v2.0.50727_32 - ok

08:11:10.0921 0x0a8c CmdIde - ok

08:11:10.0921 0x0a8c COMSysApp - ok

08:11:10.0937 0x0a8c Cpqarray - ok

08:11:10.0968 0x0a8c [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc E:\WINDOWS\System32\cryptsvc.dll

08:11:10.0968 0x0a8c CryptSvc - ok

08:11:10.0968 0x0a8c dac2w2k - ok

08:11:10.0984 0x0a8c dac960nt - ok

08:11:11.0125 0x0a8c [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch E:\WINDOWS\system32\rpcss.dll

08:11:11.0125 0x0a8c DcomLaunch - ok

08:11:11.0171 0x0a8c [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp E:\WINDOWS\System32\dhcpcsvc.dll

08:11:11.0171 0x0a8c Dhcp - ok

08:11:11.0187 0x0a8c [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk E:\WINDOWS\system32\DRIVERS\disk.sys

08:11:11.0203 0x0a8c Disk - ok

08:11:11.0203 0x0a8c dmadmin - ok

08:11:11.0437 0x0a8c [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot E:\WINDOWS\system32\drivers\dmboot.sys

08:11:11.0656 0x0a8c dmboot - ok

08:11:11.0718 0x0a8c [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio E:\WINDOWS\system32\drivers\dmio.sys

08:11:11.0750 0x0a8c dmio - ok

08:11:11.0781 0x0a8c [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload E:\WINDOWS\system32\drivers\dmload.sys

08:11:11.0781 0x0a8c dmload - ok

08:11:11.0796 0x0a8c [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver E:\WINDOWS\System32\dmserver.dll

08:11:11.0812 0x0a8c dmserver - ok

08:11:11.0843 0x0a8c [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic E:\WINDOWS\system32\drivers\DMusic.sys

08:11:11.0843 0x0a8c DMusic - ok

08:11:11.0890 0x0a8c [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache E:\WINDOWS\System32\dnsrslvr.dll

08:11:11.0906 0x0a8c Dnscache - ok

08:11:11.0968 0x0a8c [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc E:\WINDOWS\System32\dot3svc.dll

08:11:12.0000 0x0a8c Dot3svc - ok

08:11:12.0015 0x0a8c dpti2o - ok

08:11:12.0062 0x0a8c [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud E:\WINDOWS\system32\drivers\drmkaud.sys

08:11:12.0062 0x0a8c drmkaud - ok

08:11:12.0093 0x0a8c [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost E:\WINDOWS\System32\eapsvc.dll

08:11:12.0109 0x0a8c EapHost - ok

08:11:12.0125 0x0a8c [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc E:\WINDOWS\System32\ersvc.dll

08:11:12.0125 0x0a8c ERSvc - ok

08:11:12.0187 0x0a8c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog E:\WINDOWS\system32\services.exe

08:11:12.0203 0x0a8c Eventlog - ok

08:11:12.0296 0x0a8c [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem E:\WINDOWS\System32\es.dll

08:11:12.0296 0x0a8c EventSystem - ok

08:11:12.0359 0x0a8c [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat E:\WINDOWS\system32\drivers\Fastfat.sys

08:11:12.0406 0x0a8c Fastfat - ok

08:11:12.0468 0x0a8c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility E:\WINDOWS\System32\shsvcs.dll

08:11:12.0468 0x0a8c FastUserSwitchingCompatibility - ok

08:11:12.0500 0x0a8c [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc E:\WINDOWS\system32\DRIVERS\fdc.sys

08:11:12.0500 0x0a8c Fdc - ok

08:11:12.0515 0x0a8c [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips E:\WINDOWS\system32\drivers\Fips.sys

08:11:12.0515 0x0a8c Fips - ok

08:11:12.0531 0x0a8c [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk E:\WINDOWS\system32\DRIVERS\flpydisk.sys

08:11:12.0531 0x0a8c Flpydisk - ok

08:11:12.0593 0x0a8c [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr E:\WINDOWS\system32\drivers\fltmgr.sys

08:11:12.0625 0x0a8c FltMgr - ok

08:11:12.0671 0x0a8c [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 e:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

08:11:12.0687 0x0a8c FontCache3.0.0.0 - ok

08:11:12.0703 0x0a8c fqjjbabe - ok

08:11:12.0703 0x0a8c [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec E:\WINDOWS\system32\drivers\Fs_Rec.sys

08:11:12.0703 0x0a8c Fs_Rec - ok

08:11:12.0734 0x0a8c [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk E:\WINDOWS\system32\DRIVERS\ftdisk.sys

08:11:12.0765 0x0a8c Ftdisk - ok

08:11:12.0781 0x0a8c fumhmkzp - ok

08:11:12.0796 0x0a8c [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc E:\WINDOWS\system32\DRIVERS\msgpc.sys

08:11:12.0796 0x0a8c Gpc - ok

08:11:12.0812 0x0a8c gthyleim - ok

08:11:12.0812 0x0a8c gyevzyhq - ok

08:11:12.0859 0x0a8c [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus E:\WINDOWS\system32\DRIVERS\HDAudBus.sys

08:11:12.0859 0x0a8c HDAudBus - ok

08:11:12.0921 0x0a8c [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc E:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

08:11:12.0921 0x0a8c helpsvc - ok

08:11:12.0921 0x0a8c HidServ - ok

08:11:12.0937 0x0a8c [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb E:\WINDOWS\system32\DRIVERS\hidusb.sys

08:11:12.0937 0x0a8c HidUsb - ok

08:11:12.0984 0x0a8c [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc E:\WINDOWS\System32\kmsvc.dll

08:11:13.0000 0x0a8c hkmsvc - ok

08:11:13.0109 0x0a8c [ 9442228D256CE6C874CFB5DC39A20540, E8059F7D3579EB6CCC4E637EE92D49B9C23FC9162A236B55B8F25D9A44B7EB9A ] HPM1210RcvFaxSrvc E:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe

08:11:13.0125 0x0a8c HPM1210RcvFaxSrvc - ok

08:11:13.0125 0x0a8c hpn - ok

08:11:13.0156 0x0a8c [ 61BFFBF840EB7285F630B5B4F1CCBC08, 012D9BA08F04A52537939B698EB66106456FB218A7A5AAAB236BF8FC2BF0D9CE ] HPSIService E:\WINDOWS\system32\HPSIsvc.exe

08:11:13.0156 0x0a8c HPSIService - ok

08:11:13.0265 0x0a8c [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP E:\WINDOWS\system32\Drivers\HTTP.sys

08:11:13.0265 0x0a8c HTTP - ok

08:11:13.0281 0x0a8c [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter E:\WINDOWS\System32\w3ssl.dll

08:11:13.0296 0x0a8c HTTPFilter - ok

08:11:13.0296 0x0a8c i2omgmt - ok

08:11:13.0296 0x0a8c i2omp - ok

08:11:13.0343 0x0a8c [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt E:\WINDOWS\system32\DRIVERS\i8042prt.sys

08:11:13.0343 0x0a8c i8042prt - ok

08:11:15.0125 0x0a8c [ 96F0E87376BC8CCA259EAA7F3259F244, 7A5898CAD54F46C133F7BE4551B635364A50938361185454C92BCF82425E0F25 ] ialm E:\WINDOWS\system32\DRIVERS\igxpmp32.sys

08:11:15.0218 0x0a8c ialm - ok

08:11:15.0531 0x0a8c [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

08:11:15.0781 0x0a8c idsvc - ok

08:11:15.0796 0x0a8c [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi E:\WINDOWS\system32\DRIVERS\imapi.sys

08:11:15.0796 0x0a8c Imapi - ok

08:11:15.0859 0x0a8c [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService E:\WINDOWS\System32\imapi.exe

08:11:15.0859 0x0a8c ImapiService - ok

08:11:15.0859 0x0a8c ini910u - ok

08:11:17.0859 0x0a8c [ 691DDA8C43BD8E33A2567B694643C3F5, AAF39228AEA669AE2E3F489978E583404639E54B8618C0AE5D775BEDBB441A91 ] IntcAzAudAddService E:\WINDOWS\system32\drivers\RtkHDAud.sys

08:11:17.0937 0x0a8c IntcAzAudAddService - ok

08:11:17.0953 0x0a8c IntelIde - ok

08:11:18.0000 0x0a8c [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm E:\WINDOWS\system32\DRIVERS\intelppm.sys

08:11:18.0000 0x0a8c intelppm - ok

08:11:18.0031 0x0a8c [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw E:\WINDOWS\system32\drivers\ip6fw.sys

08:11:18.0031 0x0a8c ip6fw - ok

08:11:18.0078 0x0a8c [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

08:11:18.0093 0x0a8c IpFilterDriver - ok

08:11:18.0109 0x0a8c [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp E:\WINDOWS\system32\DRIVERS\ipinip.sys

08:11:18.0109 0x0a8c IpInIp - ok

08:11:18.0171 0x0a8c [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat E:\WINDOWS\system32\DRIVERS\ipnat.sys

08:11:18.0171 0x0a8c IpNat - ok

08:11:18.0203 0x0a8c [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec E:\WINDOWS\system32\DRIVERS\ipsec.sys

08:11:18.0218 0x0a8c IPSec - ok

08:11:18.0234 0x0a8c [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM E:\WINDOWS\system32\DRIVERS\irenum.sys

08:11:18.0250 0x0a8c IRENUM - ok

08:11:18.0312 0x0a8c [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp E:\WINDOWS\system32\DRIVERS\isapnp.sys

08:11:18.0328 0x0a8c isapnp - ok

08:11:18.0328 0x0a8c [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass E:\WINDOWS\system32\DRIVERS\kbdclass.sys

08:11:18.0328 0x0a8c Kbdclass - ok

08:11:18.0359 0x0a8c [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid E:\WINDOWS\system32\DRIVERS\kbdhid.sys

08:11:18.0375 0x0a8c kbdhid - ok

08:11:18.0421 0x0a8c [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer E:\WINDOWS\system32\drivers\kmixer.sys

08:11:18.0437 0x0a8c kmixer - ok

08:11:18.0468 0x0a8c [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD E:\WINDOWS\system32\drivers\KSecDD.sys

08:11:18.0500 0x0a8c KSecDD - ok

08:11:18.0546 0x0a8c [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver E:\WINDOWS\System32\srvsvc.dll

08:11:18.0546 0x0a8c lanmanserver - ok

08:11:18.0609 0x0a8c [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation E:\WINDOWS\System32\wkssvc.dll

08:11:18.0609 0x0a8c lanmanworkstation - ok

08:11:18.0609 0x0a8c lbrtfdc - ok

08:11:18.0625 0x0a8c [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts E:\WINDOWS\System32\lmhsvc.dll

08:11:18.0625 0x0a8c LmHosts - ok

08:11:18.0656 0x0a8c [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger E:\WINDOWS\System32\msgsvc.dll

08:11:18.0656 0x0a8c Messenger - ok

08:11:18.0703 0x0a8c [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd E:\WINDOWS\system32\drivers\mnmdd.sys

08:11:18.0703 0x0a8c mnmdd - ok

08:11:18.0734 0x0a8c [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc E:\WINDOWS\System32\mnmsrvc.exe

08:11:18.0734 0x0a8c mnmsrvc - ok

08:11:18.0750 0x0a8c [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem E:\WINDOWS\system32\drivers\Modem.sys

08:11:18.0765 0x0a8c Modem - ok

08:11:19.0140 0x0a8c [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5, 2AC3875B2E7D9B0692253A9867B940CF214DE03574808B42C3702843BC1D5696 ] Monfilt E:\WINDOWS\system32\drivers\Monfilt.sys

08:11:19.0515 0x0a8c Monfilt - ok

08:11:19.0531 0x0a8c [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass E:\WINDOWS\system32\DRIVERS\mouclass.sys

08:11:19.0531 0x0a8c Mouclass - ok

08:11:19.0546 0x0a8c [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid E:\WINDOWS\system32\DRIVERS\mouhid.sys

08:11:19.0546 0x0a8c mouhid - ok

08:11:19.0578 0x0a8c [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr E:\WINDOWS\system32\drivers\MountMgr.sys

08:11:19.0593 0x0a8c MountMgr - ok

08:11:19.0671 0x0a8c [ FD5E45969B82B83E33CB05B5C9B0E3F2, A6C21F7A0A97683DA50FC102131618CC1BE5CA0C3625D2FDAF5861B9B6523E45 ] MozillaMaintenance E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

08:11:19.0703 0x0a8c MozillaMaintenance - ok

08:11:19.0765 0x0a8c [ 8072A7BB35D92CC621AC2605EEF79BC4, 68F61BE84A5032CEC24F04C90DACA1AE78F3744016389BE2345256B26E44E09A ] MpFilter E:\WINDOWS\system32\DRIVERS\MpFilter.sys

08:11:19.0828 0x0a8c MpFilter - ok

08:11:19.0828 0x0a8c mqmddadt - ok

08:11:19.0843 0x0a8c mraid35x - ok

08:11:19.0890 0x0a8c [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV E:\WINDOWS\system32\DRIVERS\mrxdav.sys

08:11:19.0890 0x0a8c MRxDAV - ok

08:11:20.0031 0x0a8c [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb E:\WINDOWS\system32\DRIVERS\mrxsmb.sys

08:11:20.0031 0x0a8c MRxSmb - ok

08:11:20.0078 0x0a8c [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC E:\WINDOWS\System32\msdtc.exe

08:11:20.0093 0x0a8c MSDTC - ok

08:11:20.0093 0x0a8c [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs E:\WINDOWS\system32\drivers\Msfs.sys

08:11:20.0093 0x0a8c Msfs - ok

08:11:20.0109 0x0a8c MSIServer - ok

08:11:20.0125 0x0a8c [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV E:\WINDOWS\system32\drivers\MSKSSRV.sys

08:11:20.0140 0x0a8c MSKSSRV - ok

08:11:20.0171 0x0a8c [ 1EE3643D1AA747222427F63353611AD7, 18465E375485DF4E980121449077D5BA87C25C5FA8D86F40DA3B7BE153306766 ] MsMpSvc e:\Program Files\Microsoft Security Client\MsMpEng.exe

08:11:20.0171 0x0a8c MsMpSvc - ok

08:11:20.0203 0x0a8c [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK E:\WINDOWS\system32\drivers\MSPCLOCK.sys

08:11:20.0218 0x0a8c MSPCLOCK - ok

08:11:20.0218 0x0a8c [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM E:\WINDOWS\system32\drivers\MSPQM.sys

08:11:20.0218 0x0a8c MSPQM - ok

08:11:20.0250 0x0a8c [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios E:\WINDOWS\system32\DRIVERS\mssmbios.sys

08:11:20.0250 0x0a8c mssmbios - ok

08:11:20.0296 0x0a8c [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup E:\WINDOWS\system32\drivers\Mup.sys

08:11:20.0328 0x0a8c Mup - ok

08:11:20.0421 0x0a8c [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent E:\WINDOWS\System32\qagentrt.dll

08:11:20.0500 0x0a8c napagent - ok

08:11:20.0515 0x0a8c navlzhjt - ok

08:11:20.0562 0x0a8c [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS E:\WINDOWS\system32\drivers\NDIS.sys

08:11:20.0609 0x0a8c NDIS - ok

08:11:20.0625 0x0a8c [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi E:\WINDOWS\system32\DRIVERS\ndistapi.sys

08:11:20.0625 0x0a8c NdisTapi - ok

08:11:20.0656 0x0a8c [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio E:\WINDOWS\system32\DRIVERS\ndisuio.sys

08:11:20.0656 0x0a8c Ndisuio - ok

08:11:20.0687 0x0a8c [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan E:\WINDOWS\system32\DRIVERS\ndiswan.sys

08:11:20.0687 0x0a8c NdisWan - ok

08:11:20.0718 0x0a8c [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy E:\WINDOWS\system32\drivers\NDProxy.sys

08:11:20.0718 0x0a8c NDProxy - ok

08:11:20.0734 0x0a8c [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS E:\WINDOWS\system32\DRIVERS\netbios.sys

08:11:20.0734 0x0a8c NetBIOS - ok

08:11:20.0781 0x0a8c [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT E:\WINDOWS\system32\DRIVERS\netbt.sys

08:11:20.0781 0x0a8c NetBT - ok

08:11:20.0828 0x0a8c [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE E:\WINDOWS\system32\netdde.exe

08:11:20.0859 0x0a8c NetDDE - ok

08:11:20.0890 0x0a8c [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm E:\WINDOWS\system32\netdde.exe

08:11:20.0890 0x0a8c NetDDEdsdm - ok

08:11:20.0937 0x0a8c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon E:\WINDOWS\System32\lsass.exe

08:11:20.0937 0x0a8c Netlogon - ok

08:11:21.0000 0x0a8c [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman E:\WINDOWS\System32\netman.dll

08:11:21.0015 0x0a8c Netman - ok

08:11:21.0078 0x0a8c [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

08:11:21.0109 0x0a8c NetTcpPortSharing - ok

08:11:21.0203 0x0a8c [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla E:\WINDOWS\System32\mswsock.dll

08:11:21.0203 0x0a8c Nla - ok

08:11:21.0218 0x0a8c [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs E:\WINDOWS\system32\drivers\Npfs.sys

08:11:21.0218 0x0a8c Npfs - ok

08:11:21.0390 0x0a8c [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs E:\WINDOWS\system32\drivers\Ntfs.sys

08:11:21.0546 0x0a8c Ntfs - ok

08:11:21.0546 0x0a8c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp E:\WINDOWS\System32\lsass.exe

08:11:21.0546 0x0a8c NtLmSsp - ok

08:11:21.0718 0x0a8c [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc E:\WINDOWS\system32\ntmssvc.dll

08:11:21.0843 0x0a8c NtmsSvc - ok

08:11:21.0875 0x0a8c [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null E:\WINDOWS\system32\drivers\Null.sys

08:11:21.0875 0x0a8c Null - ok

08:11:21.0921 0x0a8c [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

08:11:21.0937 0x0a8c NwlnkFlt - ok

08:11:21.0953 0x0a8c [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

08:11:21.0968 0x0a8c NwlnkFwd - ok

08:11:22.0125 0x0a8c [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

08:11:22.0171 0x0a8c ose - ok

08:11:22.0250 0x0a8c [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport E:\WINDOWS\system32\DRIVERS\parport.sys

08:11:22.0250 0x0a8c Parport - ok

08:11:22.0281 0x0a8c [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr E:\WINDOWS\system32\drivers\PartMgr.sys

08:11:22.0296 0x0a8c PartMgr - ok

08:11:22.0375 0x0a8c [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm E:\WINDOWS\system32\drivers\ParVdm.sys

08:11:22.0375 0x0a8c ParVdm - ok

08:11:22.0421 0x0a8c [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI E:\WINDOWS\system32\DRIVERS\pci.sys

08:11:22.0453 0x0a8c PCI - ok

08:11:22.0453 0x0a8c PCIDump - ok

08:11:22.0484 0x0a8c [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde E:\WINDOWS\system32\DRIVERS\pciide.sys

08:11:22.0484 0x0a8c PCIIde - ok

08:11:22.0562 0x0a8c [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia E:\WINDOWS\system32\drivers\Pcmcia.sys

08:11:22.0593 0x0a8c Pcmcia - ok

08:11:22.0609 0x0a8c PDCOMP - ok

08:11:22.0609 0x0a8c PDFRAME - ok

08:11:22.0609 0x0a8c PDRELI - ok

08:11:22.0609 0x0a8c PDRFRAME - ok

08:11:22.0625 0x0a8c perc2 - ok

08:11:22.0625 0x0a8c perc2hib - ok

08:11:22.0687 0x0a8c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay E:\WINDOWS\system32\services.exe

08:11:22.0687 0x0a8c PlugPlay - ok

08:11:22.0718 0x0a8c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent E:\WINDOWS\System32\lsass.exe

08:11:22.0718 0x0a8c PolicyAgent - ok

08:11:22.0734 0x0a8c [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport E:\WINDOWS\system32\DRIVERS\raspptp.sys

08:11:22.0734 0x0a8c PptpMiniport - ok

08:11:22.0765 0x0a8c [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor E:\WINDOWS\system32\DRIVERS\processr.sys

08:11:22.0765 0x0a8c Processor - ok

08:11:22.0765 0x0a8c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage E:\WINDOWS\system32\lsass.exe

08:11:22.0765 0x0a8c ProtectedStorage - ok

08:11:22.0796 0x0a8c [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched E:\WINDOWS\system32\DRIVERS\psched.sys

08:11:22.0796 0x0a8c PSched - ok

08:11:22.0812 0x0a8c [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink E:\WINDOWS\system32\DRIVERS\ptilink.sys

08:11:22.0812 0x0a8c Ptilink - ok

08:11:22.0812 0x0a8c ql1080 - ok

08:11:22.0812 0x0a8c Ql10wnt - ok

08:11:22.0812 0x0a8c ql12160 - ok

08:11:22.0828 0x0a8c ql1240 - ok

08:11:22.0828 0x0a8c ql1280 - ok

08:11:22.0828 0x0a8c qnmcfouq - ok

08:11:22.0843 0x0a8c [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd E:\WINDOWS\system32\DRIVERS\rasacd.sys

08:11:22.0843 0x0a8c RasAcd - ok

08:11:22.0906 0x0a8c [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto E:\WINDOWS\System32\rasauto.dll

08:11:22.0937 0x0a8c RasAuto - ok

08:11:22.0953 0x0a8c [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp E:\WINDOWS\system32\DRIVERS\rasl2tp.sys

08:11:22.0953 0x0a8c Rasl2tp - ok

08:11:23.0031 0x0a8c [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan E:\WINDOWS\System32\rasmans.dll

08:11:23.0046 0x0a8c RasMan - ok

08:11:23.0062 0x0a8c [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe E:\WINDOWS\system32\DRIVERS\raspppoe.sys

08:11:23.0062 0x0a8c RasPppoe - ok

08:11:23.0062 0x0a8c [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti E:\WINDOWS\system32\DRIVERS\raspti.sys

08:11:23.0062 0x0a8c Raspti - ok

08:11:23.0109 0x0a8c [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss E:\WINDOWS\system32\DRIVERS\rdbss.sys

08:11:23.0125 0x0a8c Rdbss - ok

08:11:23.0125 0x0a8c [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD E:\WINDOWS\system32\DRIVERS\RDPCDD.sys

08:11:23.0125 0x0a8c RDPCDD - ok

08:11:23.0187 0x0a8c [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD E:\WINDOWS\system32\drivers\RDPWD.sys

08:11:23.0234 0x0a8c RDPWD - ok

08:11:23.0265 0x0a8c [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr E:\WINDOWS\system32\sessmgr.exe

08:11:23.0312 0x0a8c RDSessMgr - ok

08:11:23.0328 0x0a8c [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook E:\WINDOWS\system32\DRIVERS\redbook.sys

08:11:23.0328 0x0a8c redbook - ok

08:11:23.0375 0x0a8c [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess E:\WINDOWS\System32\mprdim.dll

08:11:23.0390 0x0a8c RemoteAccess - ok

08:11:23.0421 0x0a8c [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator E:\WINDOWS\System32\locator.exe

08:11:23.0437 0x0a8c RpcLocator - ok

08:11:23.0562 0x0a8c [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs E:\WINDOWS\system32\rpcss.dll

08:11:23.0578 0x0a8c RpcSs - ok

08:11:23.0625 0x0a8c [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP E:\WINDOWS\System32\rsvp.exe

08:11:23.0671 0x0a8c RSVP - ok

08:11:23.0750 0x0a8c [ CB9310A5A910648D359C99A857E22A54, 7E24EF1577FC6AEE5B6102DB4126F8EC5B5A1F1D9C46E5B09203B30F3F979C9E ] RTLE8023xp E:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

08:11:23.0750 0x0a8c RTLE8023xp - ok

08:11:23.0765 0x0a8c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs E:\WINDOWS\system32\lsass.exe

08:11:23.0765 0x0a8c SamSs - ok

08:11:23.0781 0x0a8c [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

08:11:23.0781 0x0a8c SASDIFSV - ok

08:11:23.0812 0x0a8c [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

08:11:23.0812 0x0a8c SASKUTIL - ok

08:11:23.0843 0x0a8c [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr E:\WINDOWS\System32\SCardSvr.exe

08:11:23.0875 0x0a8c SCardSvr - ok

08:11:23.0937 0x0a8c [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule E:\WINDOWS\system32\schedsvc.dll

08:11:23.0953 0x0a8c Schedule - ok

08:11:23.0968 0x0a8c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv E:\WINDOWS\system32\DRIVERS\secdrv.sys

08:11:23.0968 0x0a8c Secdrv - ok

08:11:24.0000 0x0a8c [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon E:\WINDOWS\System32\seclogon.dll

08:11:24.0000 0x0a8c seclogon - ok

08:11:24.0015 0x0a8c [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS E:\WINDOWS\system32\sens.dll

08:11:24.0015 0x0a8c SENS - ok

08:11:24.0015 0x0a8c [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum E:\WINDOWS\system32\DRIVERS\serenum.sys

08:11:24.0015 0x0a8c serenum - ok

08:11:24.0046 0x0a8c [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial E:\WINDOWS\system32\DRIVERS\serial.sys

08:11:24.0046 0x0a8c Serial - ok

08:11:24.0062 0x0a8c [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy E:\WINDOWS\system32\drivers\Sfloppy.sys

08:11:24.0062 0x0a8c Sfloppy - ok

08:11:24.0187 0x0a8c [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess E:\WINDOWS\System32\ipnathlp.dll

08:11:24.0187 0x0a8c SharedAccess - ok

08:11:24.0265 0x0a8c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection E:\WINDOWS\System32\shsvcs.dll

08:11:24.0265 0x0a8c ShellHWDetection - ok

08:11:24.0265 0x0a8c Simbad - ok

08:11:24.0265 0x0a8c Sparrow - ok

08:11:24.0312 0x0a8c [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter E:\WINDOWS\system32\drivers\splitter.sys

08:11:24.0312 0x0a8c splitter - ok

08:11:24.0375 0x0a8c [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler E:\WINDOWS\system32\spoolsv.exe

08:11:24.0375 0x0a8c Spooler - ok

08:11:24.0390 0x0a8c [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr E:\WINDOWS\system32\DRIVERS\sr.sys

08:11:24.0406 0x0a8c sr - ok

08:11:24.0468 0x0a8c [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice E:\WINDOWS\System32\srsvc.dll

08:11:24.0484 0x0a8c srservice - ok

08:11:24.0578 0x0a8c [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv E:\WINDOWS\system32\DRIVERS\srv.sys

08:11:24.0593 0x0a8c Srv - ok

08:11:24.0625 0x0a8c [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV E:\WINDOWS\System32\ssdpsrv.dll

08:11:24.0625 0x0a8c SSDPSRV - ok

08:11:24.0765 0x0a8c [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc E:\WINDOWS\system32\wiaservc.dll

08:11:24.0859 0x0a8c stisvc - ok

08:11:24.0859 0x0a8c [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum E:\WINDOWS\system32\DRIVERS\swenum.sys

08:11:24.0859 0x0a8c swenum - ok

08:11:24.0875 0x0a8c [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi E:\WINDOWS\system32\drivers\swmidi.sys

08:11:24.0875 0x0a8c swmidi - ok

08:11:24.0890 0x0a8c SwPrv - ok

08:11:24.0890 0x0a8c symc810 - ok

08:11:24.0890 0x0a8c symc8xx - ok

08:11:24.0890 0x0a8c sym_hi - ok

08:11:24.0906 0x0a8c sym_u3 - ok

08:11:24.0937 0x0a8c [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio E:\WINDOWS\system32\drivers\sysaudio.sys

08:11:24.0937 0x0a8c sysaudio - ok

08:11:24.0968 0x0a8c [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog E:\WINDOWS\system32\smlogsvc.exe

08:11:25.0000 0x0a8c SysmonLog - ok

08:11:25.0062 0x0a8c [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv E:\WINDOWS\System32\tapisrv.dll

08:11:25.0062 0x0a8c TapiSrv - ok

08:11:25.0171 0x0a8c [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip E:\WINDOWS\system32\DRIVERS\tcpip.sys

08:11:25.0187 0x0a8c Tcpip - ok

08:11:25.0234 0x0a8c [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE E:\WINDOWS\system32\drivers\TDPIPE.sys

08:11:25.0234 0x0a8c TDPIPE - ok

08:11:25.0250 0x0a8c [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP E:\WINDOWS\system32\drivers\TDTCP.sys

08:11:25.0250 0x0a8c TDTCP - ok

08:11:25.0265 0x0a8c [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD E:\WINDOWS\system32\DRIVERS\termdd.sys

08:11:25.0265 0x0a8c TermDD - ok

08:11:25.0375 0x0a8c [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService E:\WINDOWS\System32\termsrv.dll

08:11:25.0375 0x0a8c TermService - ok

08:11:25.0421 0x0a8c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes E:\WINDOWS\System32\shsvcs.dll

08:11:25.0421 0x0a8c Themes - ok

08:11:25.0421 0x0a8c TosIde - ok

08:11:25.0453 0x0a8c [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks E:\WINDOWS\system32\trkwks.dll

08:11:25.0453 0x0a8c TrkWks - ok

08:11:25.0500 0x0a8c [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs E:\WINDOWS\system32\drivers\Udfs.sys

08:11:25.0515 0x0a8c Udfs - ok

08:11:25.0515 0x0a8c ultra - ok

08:11:25.0625 0x0a8c [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update E:\WINDOWS\system32\DRIVERS\update.sys

08:11:25.0625 0x0a8c Update - ok

08:11:25.0703 0x0a8c [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost E:\WINDOWS\System32\upnphost.dll

08:11:25.0750 0x0a8c upnphost - ok

08:11:25.0765 0x0a8c [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS E:\WINDOWS\System32\ups.exe

08:11:25.0765 0x0a8c UPS - ok

08:11:25.0796 0x0a8c [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp E:\WINDOWS\system32\DRIVERS\usbccgp.sys

08:11:25.0812 0x0a8c usbccgp - ok

08:11:25.0812 0x0a8c [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci E:\WINDOWS\system32\DRIVERS\usbehci.sys

08:11:25.0812 0x0a8c usbehci - ok

08:11:25.0843 0x0a8c [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub E:\WINDOWS\system32\DRIVERS\usbhub.sys

08:11:25.0843 0x0a8c usbhub - ok

08:11:25.0859 0x0a8c [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint E:\WINDOWS\system32\DRIVERS\usbprint.sys

08:11:25.0875 0x0a8c usbprint - ok

08:11:25.0890 0x0a8c [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

08:11:25.0906 0x0a8c USBSTOR - ok

08:11:25.0906 0x0a8c [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci E:\WINDOWS\system32\DRIVERS\usbuhci.sys

08:11:25.0906 0x0a8c usbuhci - ok

08:11:25.0921 0x0a8c [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave E:\WINDOWS\System32\drivers\vga.sys

08:11:25.0921 0x0a8c VgaSave - ok

08:11:25.0921 0x0a8c ViaIde - ok

08:11:25.0953 0x0a8c [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap E:\WINDOWS\system32\drivers\VolSnap.sys

08:11:25.0968 0x0a8c VolSnap - ok

08:11:25.0968 0x0a8c vspqmgan - ok

08:11:26.0062 0x0a8c [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS E:\WINDOWS\System32\vssvc.exe

08:11:26.0140 0x0a8c VSS - ok

08:11:26.0203 0x0a8c [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time E:\WINDOWS\System32\w32time.dll

08:11:26.0234 0x0a8c W32Time - ok

08:11:26.0281 0x0a8c [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp E:\WINDOWS\system32\DRIVERS\wanarp.sys

08:11:26.0281 0x0a8c Wanarp - ok

08:11:26.0281 0x0a8c WDICA - ok

08:11:26.0312 0x0a8c [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud E:\WINDOWS\system32\drivers\wdmaud.sys

08:11:26.0312 0x0a8c wdmaud - ok

08:11:26.0343 0x0a8c [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient E:\WINDOWS\System32\webclnt.dll

08:11:26.0343 0x0a8c WebClient - ok

08:11:26.0437 0x0a8c [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt E:\WINDOWS\system32\wbem\WMIsvc.dll

08:11:26.0437 0x0a8c winmgmt - ok

08:11:26.0453 0x0a8c wjhfgmuv - ok

08:11:26.0484 0x0a8c [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN E:\WINDOWS\system32\mspmsnsv.dll

08:11:26.0500 0x0a8c WmdmPmSN - ok

08:11:26.0546 0x0a8c [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv E:\WINDOWS\System32\wbem\wmiapsrv.exe

08:11:26.0687 0x0a8c WmiApSrv - ok

08:11:26.0781 0x0a8c [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc E:\WINDOWS\system32\wscsvc.dll

08:11:26.0781 0x0a8c wscsvc - ok

08:11:26.0796 0x0a8c [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv E:\WINDOWS\system32\wuauserv.dll

08:11:26.0796 0x0a8c wuauserv - ok

08:11:26.0953 0x0a8c [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC E:\WINDOWS\System32\wzcsvc.dll

08:11:26.0953 0x0a8c WZCSVC - ok

08:11:27.0015 0x0a8c [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov E:\WINDOWS\System32\xmlprov.dll

08:11:27.0046 0x0a8c xmlprov - ok

08:11:27.0046 0x0a8c yhvfpdrs - ok

08:11:27.0062 0x0a8c zpandemo - ok

08:11:27.0062 0x0a8c ================ Scan global ===============================

08:11:27.0093 0x0a8c [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] E:\WINDOWS\system32\basesrv.dll

08:11:27.0218 0x0a8c [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] E:\WINDOWS\system32\winsrv.dll

08:11:27.0296 0x0a8c [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] E:\WINDOWS\system32\winsrv.dll

08:11:27.0359 0x0a8c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] E:\WINDOWS\system32\services.exe

08:11:27.0359 0x0a8c [ Global ] - ok

08:11:27.0359 0x0a8c ================ Scan MBR ==================================

08:11:27.0375 0x0a8c [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

08:11:27.0640 0x0a8c \Device\Harddisk0\DR0 - ok

08:11:27.0640 0x0a8c ================ Scan VBR ==================================

08:11:27.0640 0x0a8c [ 5BC7D6CA91EC777398556972D40F4B2F ] \Device\Harddisk0\DR0\Partition1

08:11:27.0703 0x0a8c \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )

08:11:27.0703 0x0a8c \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected

08:11:43.0218 0x0a8c Scan was interrupted by user!

08:11:43.0218 0x0a8c Waiting for KSN requests completion. In queue: 9

08:11:44.0218 0x0a8c Waiting for KSN requests completion. In queue: 9

08:11:45.0218 0x0a8c Waiting for KSN requests completion. In queue: 9

08:11:46.0250 0x0a8c AV detected via SS1: Microsoft Security Essentials, 4.5.0216.0, disabled, updated

08:11:46.0250 0x0a8c Win FW state via NFM: enabled

08:12:01.0625 0x0a8c ============================================================

08:12:01.0625 0x0a8c Scan finished

08:12:01.0625 0x0a8c ============================================================

08:12:01.0625 0x0a84 Detected object count: 1

08:12:01.0625 0x0a84 Actual detected object count: 1

08:12:05.0046 0x0a84 \Device\Harddisk0\DR0\Partition1 - copied to quarantine

08:12:05.0062 0x0a84 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot

08:12:05.0062 0x0a84 \Device\Harddisk0\DR0\Partition1 - ok

08:12:05.0062 0x0a84 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure

08:12:06.0250 0x0a84 KLMD registered as E:\WINDOWS\system32\drivers\99020568.sys

08:12:11.0859 0x05e4 Deinitialize success

Link to post
Share on other sites

Second TDSS log follows:

08:25:37.0968 0x0864 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58

08:25:39.0796 0x0864 ============================================================

08:25:39.0796 0x0864 Current date / time: 2014/09/20 08:25:39.0796

08:25:39.0796 0x0864 SystemInfo:

08:25:39.0796 0x0864

08:25:39.0796 0x0864 OS Version: 5.1.2600 ServicePack: 3.0

08:25:39.0796 0x0864 Product type: Workstation

08:25:40.0906 0x0864 ComputerName: GUYHARDMAN

08:25:40.0906 0x0864 UserName: lavonne

08:25:40.0906 0x0864 Windows directory: E:\WINDOWS

08:25:40.0906 0x0864 System windows directory: E:\WINDOWS

08:25:40.0906 0x0864 Processor architecture: Intel x86

08:25:40.0906 0x0864 Number of processors: 2

08:25:40.0906 0x0864 Page size: 0x1000

08:25:40.0906 0x0864 Boot type: Normal boot

08:25:40.0906 0x0864 ============================================================

08:25:40.0921 0x0864 BG loaded

08:25:45.0703 0x0864 System UUID: {F68E6038-3880-B109-2D86-F551B1DE875E}

08:25:58.0140 0x0864 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044

08:25:58.0421 0x0864 ============================================================

08:25:58.0421 0x0864 \Device\Harddisk0\DR0:

08:25:58.0703 0x0864 MBR partitions:

08:25:58.0703 0x0864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7530462

08:25:58.0765 0x0864 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x75304E0, BlocksNum 0x32E508A0

08:25:58.0765 0x0864 ============================================================

08:26:04.0546 0x0864 C: <-> \Device\Harddisk0\DR0\Partition1

08:26:04.0671 0x0864 E: <-> \Device\Harddisk0\DR0\Partition2

08:26:04.0671 0x0864 ============================================================

08:26:04.0671 0x0864 Initialize success

08:26:04.0671 0x0864 ============================================================

08:26:15.0390 0x0b78 ============================================================

08:26:15.0390 0x0b78 Scan started

08:26:15.0390 0x0b78 Mode: Manual; SigCheck; TDLFS;

08:26:15.0390 0x0b78 ============================================================

08:26:15.0390 0x0b78 KSN ping started

08:26:42.0109 0x0b78 KSN ping finished: true

08:26:42.0890 0x0b78 ================ Scan system memory ========================

08:26:42.0890 0x0b78 System memory - ok

08:26:42.0906 0x0b78 ================ Scan services =============================

08:26:43.0109 0x0b78 [ 72D6D8E2D4F82C6E829125C7EC2A88F9, F357CFC3D04EB3F8E1A504D531D099698C6E2B29EB6CEDF75C08BF8917C46573 ] !SASCORE E:\Program Files\SUPERAntiSpyware\SASCORE.EXE

08:26:43.0234 0x0b78 !SASCORE - ok

08:26:45.0078 0x0b78 Abiosdsk - ok

08:26:45.0093 0x0b78 abp480n5 - ok

08:26:45.0234 0x0b78 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI E:\WINDOWS\system32\DRIVERS\ACPI.sys

08:26:51.0500 0x0b78 ACPI - ok

08:26:51.0546 0x0b78 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC E:\WINDOWS\system32\drivers\ACPIEC.sys

08:26:51.0718 0x0b78 ACPIEC - ok

08:26:51.0937 0x0b78 [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc E:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

08:26:52.0109 0x0b78 AdobeFlashPlayerUpdateSvc - ok

08:26:52.0109 0x0b78 adpu160m - ok

08:26:52.0250 0x0b78 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec E:\WINDOWS\system32\drivers\aec.sys

08:26:52.0390 0x0b78 aec - ok

08:26:52.0515 0x0b78 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD E:\WINDOWS\System32\drivers\afd.sys

08:26:52.0656 0x0b78 AFD - ok

08:26:52.0671 0x0b78 Aha154x - ok

08:26:52.0671 0x0b78 aic78u2 - ok

08:26:52.0671 0x0b78 aic78xx - ok

08:26:52.0734 0x0b78 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter E:\WINDOWS\system32\alrsvc.dll

08:26:52.0875 0x0b78 Alerter - ok

08:26:52.0921 0x0b78 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG E:\WINDOWS\System32\alg.exe

08:26:53.0078 0x0b78 ALG - ok

08:26:53.0078 0x0b78 AliIde - ok

08:26:53.0703 0x0b78 [ F6AF59D6EEE5E1C304F7F73706AD11D8, F5D39EF40CDB5102A84C8594CFC54DDBD5060E193E6D07421A9003D2ABC63E30 ] Ambfilt E:\WINDOWS\system32\drivers\Ambfilt.sys

08:26:55.0515 0x0b78 Ambfilt - ok

08:26:55.0531 0x0b78 amsint - ok

08:26:55.0531 0x0b78 AppMgmt - ok

08:26:55.0531 0x0b78 asc - ok

08:26:55.0546 0x0b78 asc3350p - ok

08:26:55.0546 0x0b78 asc3550 - ok

08:26:55.0562 0x0b78 asoufuqa - ok

08:26:55.0875 0x0b78 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

08:26:56.0062 0x0b78 aspnet_state - ok

08:26:56.0109 0x0b78 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac E:\WINDOWS\system32\DRIVERS\asyncmac.sys

08:26:56.0265 0x0b78 AsyncMac - ok

08:26:56.0312 0x0b78 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi E:\WINDOWS\system32\DRIVERS\atapi.sys

08:26:56.0500 0x0b78 atapi - ok

08:26:56.0531 0x0b78 Atdisk - ok

08:26:56.0578 0x0b78 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc E:\WINDOWS\system32\DRIVERS\atmarpc.sys

08:26:56.0765 0x0b78 Atmarpc - ok

08:26:56.0828 0x0b78 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv E:\WINDOWS\System32\audiosrv.dll

08:26:56.0937 0x0b78 AudioSrv - ok

08:26:57.0000 0x0b78 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub E:\WINDOWS\system32\DRIVERS\audstub.sys

08:26:57.0125 0x0b78 audstub - ok

08:26:57.0125 0x0b78 basfwynk - ok

08:26:57.0265 0x0b78 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep E:\WINDOWS\system32\drivers\Beep.sys

08:26:57.0437 0x0b78 Beep - ok

08:26:57.0625 0x0b78 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS E:\WINDOWS\system32\qmgr.dll

08:26:58.0203 0x0b78 BITS - ok

08:26:58.0218 0x0b78 bmrtexpn - ok

08:26:58.0328 0x0b78 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser E:\WINDOWS\System32\browser.dll

08:26:58.0421 0x0b78 Browser - ok

08:26:58.0515 0x0b78 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k E:\WINDOWS\system32\drivers\cbidf2k.sys

08:26:58.0687 0x0b78 cbidf2k - ok

08:26:58.0687 0x0b78 cd20xrnt - ok

08:26:58.0734 0x0b78 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio E:\WINDOWS\system32\drivers\Cdaudio.sys

08:26:58.0859 0x0b78 Cdaudio - ok

08:26:58.0906 0x0b78 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs E:\WINDOWS\system32\drivers\Cdfs.sys

08:26:59.0062 0x0b78 Cdfs - ok

08:26:59.0109 0x0b78 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom E:\WINDOWS\system32\DRIVERS\cdrom.sys

08:26:59.0218 0x0b78 Cdrom - ok

08:26:59.0234 0x0b78 Changer - ok

08:26:59.0296 0x0b78 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc E:\WINDOWS\system32\cisvc.exe

08:26:59.0437 0x0b78 CiSvc - ok

08:26:59.0468 0x0b78 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv E:\WINDOWS\system32\clipsrv.exe

08:26:59.0609 0x0b78 ClipSrv - ok

08:26:59.0703 0x0b78 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:26:59.0968 0x0b78 clr_optimization_v2.0.50727_32 - ok

08:26:59.0984 0x0b78 CmdIde - ok

08:26:59.0984 0x0b78 COMSysApp - ok

08:26:59.0984 0x0b78 Cpqarray - ok

08:27:00.0062 0x0b78 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc E:\WINDOWS\System32\cryptsvc.dll

08:27:00.0187 0x0b78 CryptSvc - ok

08:27:00.0187 0x0b78 dac2w2k - ok

08:27:00.0203 0x0b78 dac960nt - ok

08:27:00.0406 0x0b78 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch E:\WINDOWS\system32\rpcss.dll

08:27:00.0625 0x0b78 DcomLaunch - ok

08:27:00.0703 0x0b78 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp E:\WINDOWS\System32\dhcpcsvc.dll

08:27:00.0828 0x0b78 Dhcp - ok

08:27:00.0859 0x0b78 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk E:\WINDOWS\system32\DRIVERS\disk.sys

08:27:01.0015 0x0b78 Disk - ok

08:27:01.0015 0x0b78 dmadmin - ok

08:27:01.0296 0x0b78 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot E:\WINDOWS\system32\drivers\dmboot.sys

08:27:01.0953 0x0b78 dmboot - ok

08:27:02.0015 0x0b78 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio E:\WINDOWS\system32\drivers\dmio.sys

08:27:02.0203 0x0b78 dmio - ok

08:27:02.0265 0x0b78 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload E:\WINDOWS\system32\drivers\dmload.sys

08:27:02.0437 0x0b78 dmload - ok

08:27:02.0531 0x0b78 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver E:\WINDOWS\System32\dmserver.dll

08:27:02.0625 0x0b78 dmserver - ok

08:27:02.0687 0x0b78 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic E:\WINDOWS\system32\drivers\DMusic.sys

08:27:02.0812 0x0b78 DMusic - ok

08:27:02.0890 0x0b78 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache E:\WINDOWS\System32\dnsrslvr.dll

08:27:03.0015 0x0b78 Dnscache - ok

08:27:03.0093 0x0b78 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc E:\WINDOWS\System32\dot3svc.dll

08:27:03.0281 0x0b78 Dot3svc - ok

08:27:03.0296 0x0b78 dpti2o - ok

08:27:03.0312 0x0b78 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud E:\WINDOWS\system32\drivers\drmkaud.sys

08:27:03.0406 0x0b78 drmkaud - ok

08:27:03.0453 0x0b78 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost E:\WINDOWS\System32\eapsvc.dll

08:27:03.0578 0x0b78 EapHost - ok

08:27:03.0640 0x0b78 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc E:\WINDOWS\System32\ersvc.dll

08:27:03.0750 0x0b78 ERSvc - ok

08:27:03.0812 0x0b78 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog E:\WINDOWS\system32\services.exe

08:27:03.0875 0x0b78 Eventlog - ok

08:27:03.0968 0x0b78 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem E:\WINDOWS\System32\es.dll

08:27:04.0062 0x0b78 EventSystem - ok

08:27:04.0265 0x0b78 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat E:\WINDOWS\system32\drivers\Fastfat.sys

08:27:04.0437 0x0b78 Fastfat - ok

08:27:04.0515 0x0b78 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility E:\WINDOWS\System32\shsvcs.dll

08:27:04.0656 0x0b78 FastUserSwitchingCompatibility - ok

08:27:04.0671 0x0b78 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc E:\WINDOWS\system32\DRIVERS\fdc.sys

08:27:04.0781 0x0b78 Fdc - ok

08:27:04.0812 0x0b78 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips E:\WINDOWS\system32\drivers\Fips.sys

08:27:04.0937 0x0b78 Fips - ok

08:27:04.0984 0x0b78 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk E:\WINDOWS\system32\DRIVERS\flpydisk.sys

08:27:05.0109 0x0b78 Flpydisk - ok

08:27:05.0218 0x0b78 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr E:\WINDOWS\system32\drivers\fltmgr.sys

08:27:05.0359 0x0b78 FltMgr - ok

08:27:05.0500 0x0b78 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 e:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

08:27:05.0578 0x0b78 FontCache3.0.0.0 - ok

08:27:05.0578 0x0b78 fqjjbabe - ok

08:27:05.0593 0x0b78 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec E:\WINDOWS\system32\drivers\Fs_Rec.sys

08:27:05.0734 0x0b78 Fs_Rec - ok

08:27:05.0765 0x0b78 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk E:\WINDOWS\system32\DRIVERS\ftdisk.sys

08:27:05.0937 0x0b78 Ftdisk - ok

08:27:05.0937 0x0b78 fumhmkzp - ok

08:27:06.0000 0x0b78 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc E:\WINDOWS\system32\DRIVERS\msgpc.sys

08:27:06.0109 0x0b78 Gpc - ok

08:27:06.0109 0x0b78 gthyleim - ok

08:27:06.0125 0x0b78 gyevzyhq - ok

08:27:06.0187 0x0b78 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus E:\WINDOWS\system32\DRIVERS\HDAudBus.sys

08:27:06.0296 0x0b78 HDAudBus - ok

08:27:06.0406 0x0b78 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc E:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

08:27:06.0531 0x0b78 helpsvc - ok

08:27:06.0546 0x0b78 HidServ - ok

08:27:06.0625 0x0b78 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb E:\WINDOWS\system32\DRIVERS\hidusb.sys

08:27:06.0750 0x0b78 HidUsb - ok

08:27:06.0812 0x0b78 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc E:\WINDOWS\System32\kmsvc.dll

08:27:06.0953 0x0b78 hkmsvc - ok

08:27:07.0156 0x0b78 [ 9442228D256CE6C874CFB5DC39A20540, E8059F7D3579EB6CCC4E637EE92D49B9C23FC9162A236B55B8F25D9A44B7EB9A ] HPM1210RcvFaxSrvc E:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe

08:27:07.0203 0x0b78 HPM1210RcvFaxSrvc - detected UnsignedFile.Multi.Generic ( 1 )

08:27:17.0500 0x0b78 HPM1210RcvFaxSrvc ( UnsignedFile.Multi.Generic ) - warning

08:27:32.0890 0x0b78 hpn - ok

08:27:32.0984 0x0b78 [ 61BFFBF840EB7285F630B5B4F1CCBC08, 012D9BA08F04A52537939B698EB66106456FB218A7A5AAAB236BF8FC2BF0D9CE ] HPSIService E:\WINDOWS\system32\HPSIsvc.exe

08:27:33.0265 0x0b78 HPSIService - ok

08:27:33.0812 0x0b78 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP E:\WINDOWS\system32\Drivers\HTTP.sys

08:27:33.0875 0x0b78 HTTP - ok

08:27:33.0968 0x0b78 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter E:\WINDOWS\System32\w3ssl.dll

08:27:34.0093 0x0b78 HTTPFilter - ok

08:27:34.0109 0x0b78 i2omgmt - ok

08:27:34.0109 0x0b78 i2omp - ok

08:27:34.0203 0x0b78 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt E:\WINDOWS\system32\DRIVERS\i8042prt.sys

08:27:34.0312 0x0b78 i8042prt - ok

08:27:37.0421 0x0b78 [ 96F0E87376BC8CCA259EAA7F3259F244, 7A5898CAD54F46C133F7BE4551B635364A50938361185454C92BCF82425E0F25 ] ialm E:\WINDOWS\system32\DRIVERS\igxpmp32.sys

08:27:41.0265 0x0b78 ialm - ok

08:27:42.0265 0x0b78 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

08:27:42.0937 0x0b78 idsvc - ok

08:27:43.0125 0x0b78 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi E:\WINDOWS\system32\DRIVERS\imapi.sys

08:27:43.0218 0x0b78 Imapi - ok

08:27:43.0343 0x0b78 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService E:\WINDOWS\System32\imapi.exe

08:27:43.0468 0x0b78 ImapiService - ok

08:27:43.0484 0x0b78 ini910u - ok

08:27:46.0453 0x0b78 [ 691DDA8C43BD8E33A2567B694643C3F5, AAF39228AEA669AE2E3F489978E583404639E54B8618C0AE5D775BEDBB441A91 ] IntcAzAudAddService E:\WINDOWS\system32\drivers\RtkHDAud.sys

08:27:50.0000 0x0b78 IntcAzAudAddService - ok

08:27:50.0015 0x0b78 IntelIde - ok

08:27:50.0140 0x0b78 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm E:\WINDOWS\system32\DRIVERS\intelppm.sys

08:27:50.0234 0x0b78 intelppm - ok

08:27:50.0296 0x0b78 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw E:\WINDOWS\system32\drivers\ip6fw.sys

08:27:50.0437 0x0b78 ip6fw - ok

08:27:50.0531 0x0b78 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

08:27:50.0671 0x0b78 IpFilterDriver - ok

08:27:50.0796 0x0b78 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp E:\WINDOWS\system32\DRIVERS\ipinip.sys

08:27:50.0921 0x0b78 IpInIp - ok

08:27:51.0015 0x0b78 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat E:\WINDOWS\system32\DRIVERS\ipnat.sys

08:27:51.0312 0x0b78 IpNat - ok

08:27:51.0578 0x0b78 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec E:\WINDOWS\system32\DRIVERS\ipsec.sys

08:27:51.0718 0x0b78 IPSec - ok

08:27:51.0875 0x0b78 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM E:\WINDOWS\system32\DRIVERS\irenum.sys

08:27:52.0250 0x0b78 IRENUM - ok

08:27:52.0437 0x0b78 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp E:\WINDOWS\system32\DRIVERS\isapnp.sys

08:27:52.0625 0x0b78 isapnp - ok

08:27:52.0656 0x0b78 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass E:\WINDOWS\system32\DRIVERS\kbdclass.sys

08:27:52.0796 0x0b78 Kbdclass - ok

08:27:53.0031 0x0b78 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid E:\WINDOWS\system32\DRIVERS\kbdhid.sys

08:27:53.0140 0x0b78 kbdhid - ok

08:27:53.0265 0x0b78 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer E:\WINDOWS\system32\drivers\kmixer.sys

08:27:54.0671 0x0b78 kmixer - ok

08:27:54.0734 0x0b78 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD E:\WINDOWS\system32\drivers\KSecDD.sys

08:27:54.0984 0x0b78 KSecDD - ok

08:27:55.0062 0x0b78 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver E:\WINDOWS\System32\srvsvc.dll

08:27:55.0218 0x0b78 lanmanserver - ok

08:27:55.0328 0x0b78 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation E:\WINDOWS\System32\wkssvc.dll

08:27:55.0421 0x0b78 lanmanworkstation - ok

08:27:55.0421 0x0b78 lbrtfdc - ok

08:27:55.0484 0x0b78 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts E:\WINDOWS\System32\lmhsvc.dll

08:27:55.0593 0x0b78 LmHosts - ok

08:27:55.0671 0x0b78 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger E:\WINDOWS\System32\msgsvc.dll

08:27:55.0796 0x0b78 Messenger - ok

08:27:55.0890 0x0b78 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd E:\WINDOWS\system32\drivers\mnmdd.sys

08:27:56.0046 0x0b78 mnmdd - ok

08:27:56.0093 0x0b78 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc E:\WINDOWS\System32\mnmsrvc.exe

08:27:56.0234 0x0b78 mnmsrvc - ok

08:27:56.0265 0x0b78 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem E:\WINDOWS\system32\drivers\Modem.sys

08:27:56.0406 0x0b78 Modem - ok

08:27:56.0953 0x0b78 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5, 2AC3875B2E7D9B0692253A9867B940CF214DE03574808B42C3702843BC1D5696 ] Monfilt E:\WINDOWS\system32\drivers\Monfilt.sys

08:27:58.0000 0x0b78 Monfilt - ok

08:27:58.0062 0x0b78 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass E:\WINDOWS\system32\DRIVERS\mouclass.sys

08:27:58.0406 0x0b78 Mouclass - ok

08:27:58.0531 0x0b78 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid E:\WINDOWS\system32\DRIVERS\mouhid.sys

08:27:58.0640 0x0b78 mouhid - ok

08:27:58.0781 0x0b78 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr E:\WINDOWS\system32\drivers\MountMgr.sys

08:27:59.0015 0x0b78 MountMgr - ok

08:27:59.0515 0x0b78 [ FD5E45969B82B83E33CB05B5C9B0E3F2, A6C21F7A0A97683DA50FC102131618CC1BE5CA0C3625D2FDAF5861B9B6523E45 ] MozillaMaintenance E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

08:27:59.0562 0x0b78 MozillaMaintenance - ok

08:27:59.0687 0x0b78 [ 8072A7BB35D92CC621AC2605EEF79BC4, 68F61BE84A5032CEC24F04C90DACA1AE78F3744016389BE2345256B26E44E09A ] MpFilter E:\WINDOWS\system32\DRIVERS\MpFilter.sys

08:27:59.0796 0x0b78 MpFilter - ok

08:27:59.0812 0x0b78 mqmddadt - ok

08:27:59.0812 0x0b78 mraid35x - ok

08:28:00.0187 0x0b78 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV E:\WINDOWS\system32\DRIVERS\mrxdav.sys

08:28:00.0359 0x0b78 MRxDAV - ok

08:28:00.0828 0x0b78 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb E:\WINDOWS\system32\DRIVERS\mrxsmb.sys

08:28:01.0062 0x0b78 MRxSmb - ok

08:28:01.0109 0x0b78 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC E:\WINDOWS\System32\msdtc.exe

08:28:01.0218 0x0b78 MSDTC - ok

08:28:01.0250 0x0b78 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs E:\WINDOWS\system32\drivers\Msfs.sys

08:28:01.0406 0x0b78 Msfs - ok

08:28:01.0406 0x0b78 MSIServer - ok

08:28:01.0453 0x0b78 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV E:\WINDOWS\system32\drivers\MSKSSRV.sys

08:28:01.0578 0x0b78 MSKSSRV - ok

08:28:01.0890 0x0b78 [ 1EE3643D1AA747222427F63353611AD7, 18465E375485DF4E980121449077D5BA87C25C5FA8D86F40DA3B7BE153306766 ] MsMpSvc e:\Program Files\Microsoft Security Client\MsMpEng.exe

08:28:01.0906 0x0b78 MsMpSvc - ok

08:28:02.0000 0x0b78 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK E:\WINDOWS\system32\drivers\MSPCLOCK.sys

08:28:02.0328 0x0b78 MSPCLOCK - ok

08:28:02.0375 0x0b78 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM E:\WINDOWS\system32\drivers\MSPQM.sys

08:28:02.0531 0x0b78 MSPQM - ok

08:28:02.0718 0x0b78 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios E:\WINDOWS\system32\DRIVERS\mssmbios.sys

08:28:02.0796 0x0b78 mssmbios - ok

08:28:03.0031 0x0b78 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup E:\WINDOWS\system32\drivers\Mup.sys

08:28:03.0234 0x0b78 Mup - ok

08:28:03.0437 0x0b78 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent E:\WINDOWS\System32\qagentrt.dll

08:28:04.0140 0x0b78 napagent - ok

08:28:04.0140 0x0b78 navlzhjt - ok

08:28:04.0500 0x0b78 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS E:\WINDOWS\system32\drivers\NDIS.sys

08:28:04.0781 0x0b78 NDIS - ok

08:28:04.0906 0x0b78 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi E:\WINDOWS\system32\DRIVERS\ndistapi.sys

08:28:04.0984 0x0b78 NdisTapi - ok

08:28:05.0031 0x0b78 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio E:\WINDOWS\system32\DRIVERS\ndisuio.sys

08:28:05.0359 0x0b78 Ndisuio - ok

08:28:05.0406 0x0b78 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan E:\WINDOWS\system32\DRIVERS\ndiswan.sys

08:28:05.0500 0x0b78 NdisWan - ok

08:28:05.0562 0x0b78 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy E:\WINDOWS\system32\drivers\NDProxy.sys

08:28:05.0687 0x0b78 NDProxy - ok

08:28:05.0718 0x0b78 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS E:\WINDOWS\system32\DRIVERS\netbios.sys

08:28:05.0843 0x0b78 NetBIOS - ok

08:28:06.0000 0x0b78 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT E:\WINDOWS\system32\DRIVERS\netbt.sys

08:28:06.0109 0x0b78 NetBT - ok

08:28:06.0171 0x0b78 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE E:\WINDOWS\system32\netdde.exe

08:28:06.0375 0x0b78 NetDDE - ok

08:28:06.0437 0x0b78 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm E:\WINDOWS\system32\netdde.exe

08:28:06.0578 0x0b78 NetDDEdsdm - ok

08:28:06.0640 0x0b78 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon E:\WINDOWS\System32\lsass.exe

08:28:06.0765 0x0b78 Netlogon - ok

08:28:06.0984 0x0b78 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman E:\WINDOWS\System32\netman.dll

08:28:07.0109 0x0b78 Netman - ok

08:28:07.0281 0x0b78 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

08:28:07.0375 0x0b78 NetTcpPortSharing - ok

08:28:07.0484 0x0b78 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla E:\WINDOWS\System32\mswsock.dll

08:28:07.0515 0x0b78 Nla - ok

08:28:07.0531 0x0b78 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs E:\WINDOWS\system32\drivers\Npfs.sys

08:28:07.0640 0x0b78 Npfs - ok

08:28:07.0843 0x0b78 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs E:\WINDOWS\system32\drivers\Ntfs.sys

08:28:08.0281 0x0b78 Ntfs - ok

08:28:08.0343 0x0b78 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp E:\WINDOWS\System32\lsass.exe

08:28:08.0421 0x0b78 NtLmSsp - ok

08:28:08.0656 0x0b78 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc E:\WINDOWS\system32\ntmssvc.dll

08:28:08.0937 0x0b78 NtmsSvc - ok

08:28:08.0968 0x0b78 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null E:\WINDOWS\system32\drivers\Null.sys

08:28:09.0046 0x0b78 Null - ok

08:28:09.0093 0x0b78 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

08:28:09.0203 0x0b78 NwlnkFlt - ok

08:28:09.0234 0x0b78 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

08:28:09.0328 0x0b78 NwlnkFwd - ok

08:28:09.0421 0x0b78 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

08:28:09.0468 0x0b78 ose - ok

08:28:09.0515 0x0b78 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport E:\WINDOWS\system32\DRIVERS\parport.sys

08:28:09.0625 0x0b78 Parport - ok

08:28:09.0656 0x0b78 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr E:\WINDOWS\system32\drivers\PartMgr.sys

08:28:09.0765 0x0b78 PartMgr - ok

08:28:09.0812 0x0b78 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm E:\WINDOWS\system32\drivers\ParVdm.sys

08:28:09.0906 0x0b78 ParVdm - ok

08:28:09.0937 0x0b78 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI E:\WINDOWS\system32\DRIVERS\pci.sys

08:28:10.0046 0x0b78 PCI - ok

08:28:10.0046 0x0b78 PCIDump - ok

08:28:10.0062 0x0b78 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde E:\WINDOWS\system32\DRIVERS\pciide.sys

08:28:10.0171 0x0b78 PCIIde - ok

08:28:10.0265 0x0b78 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia E:\WINDOWS\system32\drivers\Pcmcia.sys

08:28:10.0468 0x0b78 Pcmcia - ok

08:28:10.0468 0x0b78 PDCOMP - ok

08:28:10.0484 0x0b78 PDFRAME - ok

08:28:10.0484 0x0b78 PDRELI - ok

08:28:10.0500 0x0b78 PDRFRAME - ok

08:28:10.0500 0x0b78 perc2 - ok

08:28:10.0500 0x0b78 perc2hib - ok

08:28:10.0578 0x0b78 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay E:\WINDOWS\system32\services.exe

08:28:10.0609 0x0b78 PlugPlay - ok

08:28:10.0640 0x0b78 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent E:\WINDOWS\System32\lsass.exe

08:28:10.0734 0x0b78 PolicyAgent - ok

08:28:10.0750 0x0b78 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport E:\WINDOWS\system32\DRIVERS\raspptp.sys

08:28:10.0859 0x0b78 PptpMiniport - ok

08:28:10.0890 0x0b78 [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor E:\WINDOWS\system32\DRIVERS\processr.sys

08:28:11.0000 0x0b78 Processor - ok

08:28:11.0000 0x0b78 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage E:\WINDOWS\system32\lsass.exe

08:28:11.0062 0x0b78 ProtectedStorage - ok

08:28:11.0109 0x0b78 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched E:\WINDOWS\system32\DRIVERS\psched.sys

08:28:11.0234 0x0b78 PSched - ok

08:28:11.0265 0x0b78 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink E:\WINDOWS\system32\DRIVERS\ptilink.sys

08:28:11.0406 0x0b78 Ptilink - ok

08:28:11.0406 0x0b78 ql1080 - ok

08:28:11.0421 0x0b78 Ql10wnt - ok

08:28:11.0421 0x0b78 ql12160 - ok

08:28:11.0421 0x0b78 ql1240 - ok

08:28:11.0437 0x0b78 ql1280 - ok

08:28:11.0437 0x0b78 qnmcfouq - ok

08:28:11.0468 0x0b78 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd E:\WINDOWS\system32\DRIVERS\rasacd.sys

08:28:11.0546 0x0b78 RasAcd - ok

08:28:11.0593 0x0b78 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto E:\WINDOWS\System32\rasauto.dll

08:28:11.0703 0x0b78 RasAuto - ok

08:28:11.0734 0x0b78 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp E:\WINDOWS\system32\DRIVERS\rasl2tp.sys

08:28:11.0812 0x0b78 Rasl2tp - ok

08:28:11.0890 0x0b78 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan E:\WINDOWS\System32\rasmans.dll

08:28:11.0968 0x0b78 RasMan - ok

08:28:11.0984 0x0b78 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe E:\WINDOWS\system32\DRIVERS\raspppoe.sys

08:28:12.0046 0x0b78 RasPppoe - ok

08:28:12.0046 0x0b78 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti E:\WINDOWS\system32\DRIVERS\raspti.sys

08:28:12.0109 0x0b78 Raspti - ok

08:28:12.0171 0x0b78 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss E:\WINDOWS\system32\DRIVERS\rdbss.sys

08:28:12.0234 0x0b78 Rdbss - ok

08:28:12.0250 0x0b78 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD E:\WINDOWS\system32\DRIVERS\RDPCDD.sys

08:28:12.0328 0x0b78 RDPCDD - ok

08:28:12.0390 0x0b78 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD E:\WINDOWS\system32\drivers\RDPWD.sys

08:28:12.0453 0x0b78 RDPWD - ok

08:28:12.0515 0x0b78 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr E:\WINDOWS\system32\sessmgr.exe

08:28:12.0609 0x0b78 RDSessMgr - ok

08:28:12.0625 0x0b78 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook E:\WINDOWS\system32\DRIVERS\redbook.sys

08:28:12.0703 0x0b78 redbook - ok

08:28:12.0750 0x0b78 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess E:\WINDOWS\System32\mprdim.dll

08:28:12.0828 0x0b78 RemoteAccess - ok

08:28:12.0843 0x0b78 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator E:\WINDOWS\System32\locator.exe

08:28:12.0921 0x0b78 RpcLocator - ok

08:28:13.0046 0x0b78 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs E:\WINDOWS\system32\rpcss.dll

08:28:13.0156 0x0b78 RpcSs - ok

08:28:13.0218 0x0b78 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP E:\WINDOWS\System32\rsvp.exe

08:28:13.0312 0x0b78 RSVP - ok

08:28:13.0390 0x0b78 [ CB9310A5A910648D359C99A857E22A54, 7E24EF1577FC6AEE5B6102DB4126F8EC5B5A1F1D9C46E5B09203B30F3F979C9E ] RTLE8023xp E:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

08:28:13.0484 0x0b78 RTLE8023xp - ok

08:28:13.0484 0x0b78 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs E:\WINDOWS\system32\lsass.exe

08:28:13.0546 0x0b78 SamSs - ok

08:28:13.0578 0x0b78 [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

08:28:13.0609 0x0b78 SASDIFSV - ok

08:28:13.0625 0x0b78 [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

08:28:13.0640 0x0b78 SASKUTIL - ok

08:28:13.0671 0x0b78 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr E:\WINDOWS\System32\SCardSvr.exe

08:28:13.0765 0x0b78 SCardSvr - ok

08:28:13.0843 0x0b78 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule E:\WINDOWS\system32\schedsvc.dll

08:28:13.0921 0x0b78 Schedule - ok

08:28:13.0937 0x0b78 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv E:\WINDOWS\system32\DRIVERS\secdrv.sys

08:28:14.0000 0x0b78 Secdrv - ok

08:28:14.0046 0x0b78 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon E:\WINDOWS\System32\seclogon.dll

08:28:14.0109 0x0b78 seclogon - ok

08:28:14.0140 0x0b78 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS E:\WINDOWS\system32\sens.dll

08:28:14.0218 0x0b78 SENS - ok

08:28:14.0234 0x0b78 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum E:\WINDOWS\system32\DRIVERS\serenum.sys

08:28:14.0296 0x0b78 serenum - ok

08:28:14.0312 0x0b78 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial E:\WINDOWS\system32\DRIVERS\serial.sys

08:28:14.0375 0x0b78 Serial - ok

08:28:14.0390 0x0b78 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy E:\WINDOWS\system32\drivers\Sfloppy.sys

08:28:14.0468 0x0b78 Sfloppy - ok

08:28:14.0578 0x0b78 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess E:\WINDOWS\System32\ipnathlp.dll

08:28:14.0718 0x0b78 SharedAccess - ok

08:28:14.0781 0x0b78 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection E:\WINDOWS\System32\shsvcs.dll

08:28:14.0796 0x0b78 ShellHWDetection - ok

08:28:14.0796 0x0b78 Simbad - ok

08:28:14.0796 0x0b78 Sparrow - ok

08:28:14.0828 0x0b78 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter E:\WINDOWS\system32\drivers\splitter.sys

08:28:14.0890 0x0b78 splitter - ok

08:28:14.0937 0x0b78 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler E:\WINDOWS\system32\spoolsv.exe

08:28:15.0000 0x0b78 Spooler - ok

08:28:15.0046 0x0b78 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr E:\WINDOWS\system32\DRIVERS\sr.sys

08:28:15.0125 0x0b78 sr - ok

08:28:15.0171 0x0b78 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice E:\WINDOWS\System32\srsvc.dll

08:28:15.0234 0x0b78 srservice - ok

08:28:15.0359 0x0b78 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv E:\WINDOWS\system32\DRIVERS\srv.sys

08:28:15.0453 0x0b78 Srv - ok

08:28:15.0515 0x0b78 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV E:\WINDOWS\System32\ssdpsrv.dll

08:28:15.0578 0x0b78 SSDPSRV - ok

08:28:15.0703 0x0b78 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc E:\WINDOWS\system32\wiaservc.dll

08:28:15.0921 0x0b78 stisvc - ok

08:28:15.0937 0x0b78 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum E:\WINDOWS\system32\DRIVERS\swenum.sys

08:28:15.0984 0x0b78 swenum - ok

08:28:16.0000 0x0b78 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi E:\WINDOWS\system32\drivers\swmidi.sys

08:28:16.0062 0x0b78 swmidi - ok

08:28:16.0062 0x0b78 SwPrv - ok

08:28:16.0078 0x0b78 symc810 - ok

08:28:16.0078 0x0b78 symc8xx - ok

08:28:16.0078 0x0b78 sym_hi - ok

08:28:16.0078 0x0b78 sym_u3 - ok

08:28:16.0109 0x0b78 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio E:\WINDOWS\system32\drivers\sysaudio.sys

08:28:16.0203 0x0b78 sysaudio - ok

08:28:16.0265 0x0b78 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog E:\WINDOWS\system32\smlogsvc.exe

08:28:16.0359 0x0b78 SysmonLog - ok

08:28:16.0437 0x0b78 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv E:\WINDOWS\System32\tapisrv.dll

08:28:16.0500 0x0b78 TapiSrv - ok

08:28:16.0609 0x0b78 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip E:\WINDOWS\system32\DRIVERS\tcpip.sys

08:28:16.0937 0x0b78 Tcpip - ok

08:28:16.0953 0x0b78 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE E:\WINDOWS\system32\drivers\TDPIPE.sys

08:28:17.0000 0x0b78 TDPIPE - ok

08:28:17.0015 0x0b78 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP E:\WINDOWS\system32\drivers\TDTCP.sys

08:28:17.0078 0x0b78 TDTCP - ok

08:28:17.0093 0x0b78 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD E:\WINDOWS\system32\DRIVERS\termdd.sys

08:28:17.0171 0x0b78 TermDD - ok

08:28:17.0281 0x0b78 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService E:\WINDOWS\System32\termsrv.dll

08:28:17.0343 0x0b78 TermService - ok

08:28:17.0390 0x0b78 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes E:\WINDOWS\System32\shsvcs.dll

08:28:17.0390 0x0b78 Themes - ok

08:28:17.0406 0x0b78 TosIde - ok

08:28:17.0421 0x0b78 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks E:\WINDOWS\system32\trkwks.dll

08:28:17.0484 0x0b78 TrkWks - ok

08:28:17.0515 0x0b78 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs E:\WINDOWS\system32\drivers\Udfs.sys

08:28:17.0578 0x0b78 Udfs - ok

08:28:17.0593 0x0b78 ultra - ok

08:28:17.0703 0x0b78 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update E:\WINDOWS\system32\DRIVERS\update.sys

08:28:17.0843 0x0b78 Update - ok

08:28:17.0906 0x0b78 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost E:\WINDOWS\System32\upnphost.dll

08:28:18.0015 0x0b78 upnphost - ok

08:28:18.0031 0x0b78 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS E:\WINDOWS\System32\ups.exe

08:28:18.0093 0x0b78 UPS - ok

08:28:18.0125 0x0b78 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp E:\WINDOWS\system32\DRIVERS\usbccgp.sys

08:28:18.0171 0x0b78 usbccgp - ok

08:28:18.0187 0x0b78 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci E:\WINDOWS\system32\DRIVERS\usbehci.sys

08:28:18.0203 0x0b78 usbehci - ok

08:28:18.0281 0x0b78 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub E:\WINDOWS\system32\DRIVERS\usbhub.sys

08:28:18.0328 0x0b78 usbhub - ok

08:28:18.0343 0x0b78 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint E:\WINDOWS\system32\DRIVERS\usbprint.sys

08:28:18.0421 0x0b78 usbprint - ok

08:28:18.0453 0x0b78 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

08:28:18.0531 0x0b78 USBSTOR - ok

08:28:18.0546 0x0b78 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci E:\WINDOWS\system32\DRIVERS\usbuhci.sys

08:28:18.0593 0x0b78 usbuhci - ok

08:28:18.0609 0x0b78 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave E:\WINDOWS\System32\drivers\vga.sys

08:28:18.0687 0x0b78 VgaSave - ok

08:28:18.0687 0x0b78 ViaIde - ok

08:28:18.0703 0x0b78 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap E:\WINDOWS\system32\drivers\VolSnap.sys

08:28:18.0781 0x0b78 VolSnap - ok

08:28:18.0781 0x0b78 vspqmgan - ok

08:28:18.0875 0x0b78 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS E:\WINDOWS\System32\vssvc.exe

08:28:19.0015 0x0b78 VSS - ok

08:28:19.0078 0x0b78 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time E:\WINDOWS\System32\w32time.dll

08:28:19.0140 0x0b78 W32Time - ok

08:28:19.0171 0x0b78 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp E:\WINDOWS\system32\DRIVERS\wanarp.sys

08:28:19.0218 0x0b78 Wanarp - ok

08:28:19.0218 0x0b78 WDICA - ok

08:28:19.0250 0x0b78 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud E:\WINDOWS\system32\drivers\wdmaud.sys

08:28:19.0312 0x0b78 wdmaud - ok

08:28:19.0328 0x0b78 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient E:\WINDOWS\System32\webclnt.dll

08:28:19.0390 0x0b78 WebClient - ok

08:28:19.0500 0x0b78 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt E:\WINDOWS\system32\wbem\WMIsvc.dll

08:28:19.0562 0x0b78 winmgmt - ok

08:28:19.0562 0x0b78 wjhfgmuv - ok

08:28:19.0609 0x0b78 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN E:\WINDOWS\system32\mspmsnsv.dll

08:28:19.0687 0x0b78 WmdmPmSN - ok

08:28:19.0718 0x0b78 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv E:\WINDOWS\System32\wbem\wmiapsrv.exe

08:28:19.0812 0x0b78 WmiApSrv - ok

08:28:19.0859 0x0b78 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc E:\WINDOWS\system32\wscsvc.dll

08:28:19.0921 0x0b78 wscsvc - ok

08:28:19.0921 0x0b78 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv E:\WINDOWS\system32\wuauserv.dll

08:28:19.0984 0x0b78 wuauserv - ok

08:28:20.0125 0x0b78 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC E:\WINDOWS\System32\wzcsvc.dll

08:28:20.0265 0x0b78 WZCSVC - ok

08:28:20.0328 0x0b78 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov E:\WINDOWS\System32\xmlprov.dll

08:28:20.0421 0x0b78 xmlprov - ok

08:28:20.0421 0x0b78 yhvfpdrs - ok

08:28:20.0437 0x0b78 zpandemo - ok

08:28:20.0437 0x0b78 ================ Scan global ===============================

08:28:20.0468 0x0b78 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] E:\WINDOWS\system32\basesrv.dll

08:28:20.0578 0x0b78 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] E:\WINDOWS\system32\winsrv.dll

08:28:20.0656 0x0b78 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] E:\WINDOWS\system32\winsrv.dll

08:28:20.0703 0x0b78 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] E:\WINDOWS\system32\services.exe

08:28:20.0703 0x0b78 [ Global ] - ok

08:28:20.0703 0x0b78 ================ Scan MBR ==================================

08:28:20.0734 0x0b78 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

08:28:21.0968 0x0b78 \Device\Harddisk0\DR0 - ok

08:28:21.0968 0x0b78 ================ Scan VBR ==================================

08:28:21.0968 0x0b78 [ CEF4EF42F67035415D958A98C3CD360B ] \Device\Harddisk0\DR0\Partition1

08:28:22.0078 0x0b78 \Device\Harddisk0\DR0\Partition1 - ok

08:28:22.0078 0x0b78 [ 925A44594BD639BEE18FE56E56D78361 ] \Device\Harddisk0\DR0\Partition2

08:28:22.0140 0x0b78 \Device\Harddisk0\DR0\Partition2 - ok

08:28:22.0140 0x0b78 ================ Scan active images ========================

08:28:22.0140 0x0b78 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] E:\WINDOWS\system32\drivers\intelppm.sys

08:28:22.0140 0x0b78 E:\WINDOWS\system32\drivers\intelppm.sys - ok

08:28:22.0156 0x0b78 [ E28726B72C46821A28830E077D39A55B, 66BE8A1055544C8CEBB7125726C1C306A026F3A1764589FCDDF3792076AF891F ] E:\WINDOWS\system32\drivers\videoprt.sys

08:28:22.0156 0x0b78 E:\WINDOWS\system32\drivers\videoprt.sys - ok

08:28:22.0156 0x0b78 [ 96F0E87376BC8CCA259EAA7F3259F244, 7A5898CAD54F46C133F7BE4551B635364A50938361185454C92BCF82425E0F25 ] E:\WINDOWS\system32\drivers\igxpmp32.sys

08:28:22.0156 0x0b78 E:\WINDOWS\system32\drivers\igxpmp32.sys - ok

08:28:22.0156 0x0b78 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] E:\WINDOWS\system32\drivers\hdaudbus.sys

08:28:22.0156 0x0b78 E:\WINDOWS\system32\drivers\hdaudbus.sys - ok

08:28:22.0156 0x0b78 [ CB9310A5A910648D359C99A857E22A54, 7E24EF1577FC6AEE5B6102DB4126F8EC5B5A1F1D9C46E5B09203B30F3F979C9E ] E:\WINDOWS\system32\drivers\Rtenicxp.sys

08:28:22.0156 0x0b78 E:\WINDOWS\system32\drivers\Rtenicxp.sys - ok

08:28:22.0156 0x0b78 [ 6DF35CA139C3BC15CC74390ABB114EFE, 5401724E49243625C43B3F9032E592EF43605C2510E809C1D318A7792AB9FBBA ] E:\WINDOWS\system32\drivers\usbport.sys

08:28:22.0156 0x0b78 E:\WINDOWS\system32\drivers\usbport.sys - ok

08:28:22.0171 0x0b78 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] E:\WINDOWS\system32\drivers\usbuhci.sys

08:28:22.0171 0x0b78 E:\WINDOWS\system32\drivers\usbuhci.sys - ok

08:28:22.0171 0x0b78 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] E:\WINDOWS\system32\drivers\usbehci.sys

08:28:22.0171 0x0b78 E:\WINDOWS\system32\drivers\usbehci.sys - ok

08:28:22.0171 0x0b78 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] E:\WINDOWS\system32\drivers\serial.sys

08:28:22.0171 0x0b78 E:\WINDOWS\system32\drivers\serial.sys - ok

08:28:22.0171 0x0b78 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] E:\WINDOWS\system32\drivers\serenum.sys

08:28:22.0171 0x0b78 E:\WINDOWS\system32\drivers\serenum.sys - ok

08:28:22.0171 0x0b78 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] E:\WINDOWS\system32\drivers\fdc.sys

08:28:22.0171 0x0b78 E:\WINDOWS\system32\drivers\fdc.sys - ok

08:28:22.0171 0x0b78 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] E:\WINDOWS\system32\drivers\parport.sys

08:28:22.0171 0x0b78 E:\WINDOWS\system32\drivers\parport.sys - ok

08:28:22.0187 0x0b78 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] E:\WINDOWS\system32\drivers\imapi.sys

08:28:22.0187 0x0b78 E:\WINDOWS\system32\drivers\imapi.sys - ok

08:28:22.0187 0x0b78 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] E:\WINDOWS\system32\drivers\cdrom.sys

08:28:22.0187 0x0b78 E:\WINDOWS\system32\drivers\cdrom.sys - ok

08:28:22.0187 0x0b78 [ 0753515F78DF7F271A5E61C20BCD36A1, A8D600CD0C592DFB875DE2D4F1AEDB207B80A43CF724051B6552BB6E539E9AFC ] E:\WINDOWS\system32\drivers\ks.sys

08:28:22.0187 0x0b78 E:\WINDOWS\system32\drivers\ks.sys - ok

08:28:22.0187 0x0b78 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] E:\WINDOWS\system32\drivers\redbook.sys

08:28:22.0187 0x0b78 E:\WINDOWS\system32\drivers\redbook.sys - ok

08:28:22.0187 0x0b78 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] E:\WINDOWS\system32\drivers\audstub.sys

08:28:22.0187 0x0b78 E:\WINDOWS\system32\drivers\audstub.sys - ok

08:28:22.0187 0x0b78 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] E:\WINDOWS\system32\drivers\rasl2tp.sys

08:28:22.0187 0x0b78 E:\WINDOWS\system32\drivers\rasl2tp.sys - ok

08:28:22.0203 0x0b78 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] E:\WINDOWS\system32\drivers\ndistapi.sys

08:28:22.0203 0x0b78 E:\WINDOWS\system32\drivers\ndistapi.sys - ok

08:28:22.0203 0x0b78 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] E:\WINDOWS\system32\drivers\ndiswan.sys

08:28:22.0203 0x0b78 E:\WINDOWS\system32\drivers\ndiswan.sys - ok

08:28:22.0203 0x0b78 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] E:\WINDOWS\system32\drivers\raspppoe.sys

08:28:22.0203 0x0b78 E:\WINDOWS\system32\drivers\raspppoe.sys - ok

08:28:22.0203 0x0b78 [ 0539D5E53587F82D1B4FD74C5BE205CF, 9C578FC46AC3B8260258B83C89A33C3D7990B365D7708AEF2296CD235C7D301A ] E:\WINDOWS\system32\drivers\tdi.sys

08:28:22.0203 0x0b78 E:\WINDOWS\system32\drivers\tdi.sys - ok

08:28:22.0203 0x0b78 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] E:\WINDOWS\system32\drivers\raspptp.sys

08:28:22.0203 0x0b78 E:\WINDOWS\system32\drivers\raspptp.sys - ok

08:28:22.0218 0x0b78 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] E:\WINDOWS\system32\drivers\psched.sys

08:28:22.0218 0x0b78 E:\WINDOWS\system32\drivers\psched.sys - ok

08:28:22.0218 0x0b78 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] E:\WINDOWS\system32\drivers\msgpc.sys

08:28:22.0218 0x0b78 E:\WINDOWS\system32\drivers\msgpc.sys - ok

08:28:22.0218 0x0b78 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] E:\WINDOWS\system32\drivers\ptilink.sys

08:28:22.0218 0x0b78 E:\WINDOWS\system32\drivers\ptilink.sys - ok

08:28:22.0218 0x0b78 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] E:\WINDOWS\system32\drivers\raspti.sys

08:28:22.0218 0x0b78 E:\WINDOWS\system32\drivers\raspti.sys - ok

08:28:22.0218 0x0b78 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] E:\WINDOWS\system32\drivers\termdd.sys

08:28:22.0218 0x0b78 E:\WINDOWS\system32\drivers\termdd.sys - ok

08:28:22.0218 0x0b78 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] E:\WINDOWS\system32\drivers\kbdclass.sys

08:28:22.0218 0x0b78 E:\WINDOWS\system32\drivers\kbdclass.sys - ok

08:28:22.0234 0x0b78 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] E:\WINDOWS\system32\drivers\mouclass.sys

08:28:22.0234 0x0b78 E:\WINDOWS\system32\drivers\mouclass.sys - ok

08:28:22.0234 0x0b78 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] E:\WINDOWS\system32\drivers\swenum.sys

08:28:22.0234 0x0b78 E:\WINDOWS\system32\drivers\swenum.sys - ok

08:28:22.0234 0x0b78 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] E:\WINDOWS\system32\drivers\update.sys

08:28:22.0234 0x0b78 E:\WINDOWS\system32\drivers\update.sys - ok

08:28:22.0234 0x0b78 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] E:\WINDOWS\system32\drivers\mssmbios.sys

08:28:22.0234 0x0b78 E:\WINDOWS\system32\drivers\mssmbios.sys - ok

08:28:22.0234 0x0b78 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] E:\WINDOWS\system32\drivers\ndproxy.sys

08:28:22.0234 0x0b78 E:\WINDOWS\system32\drivers\ndproxy.sys - ok

08:28:22.0250 0x0b78 [ 6CB08593487F5701D2D2254E693EAFCE, 0518A1FC540C036E6864DA8C01CADE043D4F897D7FCF8C61352865131DEB7414 ] E:\WINDOWS\system32\drivers\drmk.sys

08:28:22.0250 0x0b78 E:\WINDOWS\system32\drivers\drmk.sys - ok

08:28:22.0250 0x0b78 [ E82A496C3961EFC6828B508C310CE98F, E142A0809525B34A376B3063B07B8822930056BBCB886B7CF1D7585BCEC371A0 ] E:\WINDOWS\system32\drivers\portcls.sys

08:28:22.0250 0x0b78 E:\WINDOWS\system32\drivers\portcls.sys - ok

08:28:22.0250 0x0b78 [ 691DDA8C43BD8E33A2567B694643C3F5, AAF39228AEA669AE2E3F489978E583404639E54B8618C0AE5D775BEDBB441A91 ] E:\WINDOWS\system32\drivers\RtkHDAud.sys

08:28:22.0250 0x0b78 E:\WINDOWS\system32\drivers\RtkHDAud.sys - ok

08:28:22.0250 0x0b78 [ 04FE5EF6ED4818EC4839EA5C611A6310, 666479AF6789FC5DF2EA8D4B6216FDA9A4998D252F95BD003619D9376B1DC9E7 ] E:\WINDOWS\system32\drivers\usbd.sys

08:28:22.0250 0x0b78 E:\WINDOWS\system32\drivers\usbd.sys - ok

08:28:22.0250 0x0b78 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] E:\WINDOWS\system32\drivers\usbhub.sys

08:28:22.0250 0x0b78 E:\WINDOWS\system32\drivers\usbhub.sys - ok

08:28:22.0250 0x0b78 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] E:\WINDOWS\system32\drivers\flpydisk.sys

08:28:22.0250 0x0b78 E:\WINDOWS\system32\drivers\flpydisk.sys - ok

08:28:22.0265 0x0b78 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] E:\WINDOWS\system32\drivers\sfloppy.sys

08:28:22.0265 0x0b78 E:\WINDOWS\system32\drivers\sfloppy.sys - ok

08:28:22.0265 0x0b78 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] E:\WINDOWS\system32\drivers\cdaudio.sys

08:28:22.0265 0x0b78 E:\WINDOWS\system32\drivers\cdaudio.sys - ok

08:28:22.0265 0x0b78 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] E:\WINDOWS\system32\drivers\fs_rec.sys

08:28:22.0265 0x0b78 E:\WINDOWS\system32\drivers\fs_rec.sys - ok

08:28:22.0265 0x0b78 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] E:\WINDOWS\system32\drivers\null.sys

08:28:22.0265 0x0b78 E:\WINDOWS\system32\drivers\null.sys - ok

08:28:22.0265 0x0b78 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] E:\WINDOWS\system32\drivers\beep.sys

08:28:22.0265 0x0b78 E:\WINDOWS\system32\drivers\beep.sys - ok

08:28:22.0281 0x0b78 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] E:\WINDOWS\system32\drivers\i8042prt.sys

08:28:22.0281 0x0b78 E:\WINDOWS\system32\drivers\i8042prt.sys - ok

08:28:22.0281 0x0b78 [ C569EF030B11F896E123A30AC92678DB, F851E99B968BBAB82E3B0D1D2F985AEE1EAD10C3BBACDD02BAB2ACEE57CB048A ] E:\WINDOWS\system32\drivers\hidparse.sys

08:28:22.0281 0x0b78 E:\WINDOWS\system32\drivers\hidparse.sys - ok

08:28:22.0281 0x0b78 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] E:\WINDOWS\system32\drivers\kbdhid.sys

08:28:22.0281 0x0b78 E:\WINDOWS\system32\drivers\kbdhid.sys - ok

08:28:22.0281 0x0b78 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] E:\WINDOWS\system32\drivers\vga.sys

08:28:22.0281 0x0b78 E:\WINDOWS\system32\drivers\vga.sys - ok

08:28:22.0281 0x0b78 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] E:\WINDOWS\system32\drivers\mnmdd.sys

08:28:22.0281 0x0b78 E:\WINDOWS\system32\drivers\mnmdd.sys - ok

08:28:22.0281 0x0b78 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] E:\WINDOWS\system32\drivers\msfs.sys

08:28:22.0281 0x0b78 E:\WINDOWS\system32\drivers\msfs.sys - ok

08:28:22.0296 0x0b78 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] E:\WINDOWS\system32\drivers\rdpcdd.sys

08:28:22.0296 0x0b78 E:\WINDOWS\system32\drivers\rdpcdd.sys - ok

08:28:22.0296 0x0b78 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] E:\WINDOWS\system32\drivers\npfs.sys

08:28:22.0296 0x0b78 E:\WINDOWS\system32\drivers\npfs.sys - ok

08:28:22.0296 0x0b78 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] E:\WINDOWS\system32\drivers\rasacd.sys

08:28:22.0296 0x0b78 E:\WINDOWS\system32\drivers\rasacd.sys - ok

08:28:22.0296 0x0b78 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] E:\WINDOWS\system32\drivers\ipsec.sys

08:28:22.0296 0x0b78 E:\WINDOWS\system32\drivers\ipsec.sys - ok

08:28:22.0296 0x0b78 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] E:\WINDOWS\system32\drivers\tcpip.sys

08:28:22.0296 0x0b78 E:\WINDOWS\system32\drivers\tcpip.sys - ok

08:28:22.0312 0x0b78 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] E:\WINDOWS\system32\drivers\ipnat.sys

08:28:22.0312 0x0b78 E:\WINDOWS\system32\drivers\ipnat.sys - ok

08:28:22.0312 0x0b78 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] E:\WINDOWS\system32\drivers\netbt.sys

08:28:22.0312 0x0b78 E:\WINDOWS\system32\drivers\netbt.sys - ok

08:28:22.0312 0x0b78 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] E:\WINDOWS\system32\drivers\wanarp.sys

08:28:22.0312 0x0b78 E:\WINDOWS\system32\drivers\wanarp.sys - ok

08:28:22.0312 0x0b78 [ 1AF592532532A402ED7C060F6954004F, 84A55432A7FBBD1B84FF8DD1BD84266747E4A88297BDAA84AAD12F13B848BFF2 ] E:\WINDOWS\system32\drivers\hidclass.sys

08:28:22.0312 0x0b78 E:\WINDOWS\system32\drivers\hidclass.sys - ok

08:28:22.0312 0x0b78 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] E:\WINDOWS\system32\drivers\afd.sys

08:28:22.0312 0x0b78 E:\WINDOWS\system32\drivers\afd.sys - ok

08:28:22.0312 0x0b78 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] E:\WINDOWS\system32\drivers\hidusb.sys

08:28:22.0312 0x0b78 E:\WINDOWS\system32\drivers\hidusb.sys - ok

08:28:22.0328 0x0b78 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] E:\WINDOWS\system32\drivers\netbios.sys

08:28:22.0328 0x0b78 E:\WINDOWS\system32\drivers\netbios.sys - ok

08:28:22.0328 0x0b78 [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] E:\WINDOWS\system32\drivers\processr.sys

08:28:22.0328 0x0b78 E:\WINDOWS\system32\drivers\processr.sys - ok

08:28:22.0328 0x0b78 [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] E:\Program Files\SUPERAntiSpyware\sasdifsv.sys

08:28:22.0328 0x0b78 E:\Program Files\SUPERAntiSpyware\sasdifsv.sys - ok

08:28:22.0328 0x0b78 [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

08:28:22.0328 0x0b78 E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS - ok

08:28:22.0328 0x0b78 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] E:\WINDOWS\system32\drivers\rdbss.sys

08:28:22.0328 0x0b78 E:\WINDOWS\system32\drivers\rdbss.sys - ok

08:28:22.0343 0x0b78 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] E:\WINDOWS\system32\drivers\mouhid.sys

08:28:22.0343 0x0b78 E:\WINDOWS\system32\drivers\mouhid.sys - ok

08:28:22.0343 0x0b78 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] E:\WINDOWS\system32\drivers\mrxsmb.sys

08:28:22.0343 0x0b78 E:\WINDOWS\system32\drivers\mrxsmb.sys - ok

08:28:22.0343 0x0b78 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] E:\WINDOWS\system32\drivers\fips.sys

08:28:22.0343 0x0b78 E:\WINDOWS\system32\drivers\fips.sys - ok

08:28:22.0343 0x0b78 [ 5F816C1F539266D2D4C78694239DA0B5, 10BFCCF4EFFC3813A563D528DC5464827BEF10AE21D6B9C1138930228E7047D1 ] E:\WINDOWS\system32\smss.exe

08:28:22.0343 0x0b78 E:\WINDOWS\system32\smss.exe - ok

08:28:22.0343 0x0b78 [ F8F0D25CA553E39DDE485D8FC7FCCE89, 54DF909101AAEC63234A5C33B51D6689FEF58B943942BFFA9606864F43EC1085 ] E:\WINDOWS\system32\ntdll.dll

08:28:22.0343 0x0b78 E:\WINDOWS\system32\ntdll.dll - ok

08:28:22.0343 0x0b78 [ 23043C91A0F9DFB4B9E9F87B680863B4, 318A6F6DB4A1EDE7D3758E324350EA852449ABD2A7BB77004FBC403CF9FFB08B ] E:\WINDOWS\system32\autochk.exe

08:28:22.0343 0x0b78 E:\WINDOWS\system32\autochk.exe - ok

08:28:22.0359 0x0b78 [ 9DD07AF82244867CA36681EA2D29CE79, 84926A50CB38C322D1CDFD4C0D5F8FFE3B2EF3080B3401F5D5AE8CBD0A719685 ] E:\WINDOWS\system32\sfcfiles.dll

08:28:22.0359 0x0b78 E:\WINDOWS\system32\sfcfiles.dll - ok

08:28:22.0359 0x0b78 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] E:\WINDOWS\system32\drivers\cdfs.sys

08:28:22.0359 0x0b78 E:\WINDOWS\system32\drivers\cdfs.sys - ok

08:28:22.0359 0x0b78 [ 2F31B7F954BED437F2C75026C65CAF7B, 1F8D6CBB01AD403BC89D1E987012E2F63CDFD9C49F402F358B64B31C13E4DD14 ] E:\WINDOWS\system32\drivers\wmilib.sys

08:28:22.0359 0x0b78 E:\WINDOWS\system32\drivers\wmilib.sys - ok

08:28:22.0359 0x0b78 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] E:\WINDOWS\system32\drivers\atapi.sys

08:28:22.0359 0x0b78 E:\WINDOWS\system32\drivers\atapi.sys - ok

08:28:22.0359 0x0b78 [ FE97D0343ACFDEBDD578FC67CC91FA87, FE26FBA13079189EF96A1C994036EA472A4BF34FA14C163C693AD481BF31E676 ] E:\WINDOWS\system32\drivers\dxapi.sys

08:28:22.0359 0x0b78 E:\WINDOWS\system32\drivers\dxapi.sys - ok

08:28:22.0359 0x0b78 [ 9A10AACBFDC4922715375FB4065EC930, E407953587C04F75DDB163420A5121FF520D31F74753D452E316042C42D360CF ] E:\WINDOWS\system32\watchdog.sys

08:28:22.0359 0x0b78 E:\WINDOWS\system32\watchdog.sys - ok

08:28:22.0375 0x0b78 [ 80AAA73D56272FD54DC6DE8643D10E9F, 0DC91699D5AF322C78AF7783CF3D55A1F561219EE32DC8DA186F2255704D52FC ] E:\WINDOWS\system32\win32k.sys

08:28:22.0375 0x0b78 E:\WINDOWS\system32\win32k.sys - ok

08:28:22.0375 0x0b78 [ 44F275C64738EA2056E3D9580C23B60F, 5D4B7306E71A44440E7F0B32A373AEC120C01B69F87756589E39EB85C40CD742 ] E:\WINDOWS\system32\csrss.exe

08:28:22.0375 0x0b78 E:\WINDOWS\system32\csrss.exe - ok

08:28:22.0375 0x0b78 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] E:\WINDOWS\system32\basesrv.dll

08:28:22.0375 0x0b78 E:\WINDOWS\system32\basesrv.dll - ok

08:28:22.0375 0x0b78 [ DD40363ABAD230A84C5E2178B11EFA88, E4B406C0B10686CF245EC0053A03424CE1FB8AC7FB3545525F13BB3BC5086FF1 ] E:\WINDOWS\system32\csrsrv.dll

08:28:22.0375 0x0b78 E:\WINDOWS\system32\csrsrv.dll - ok

08:28:22.0375 0x0b78 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] E:\WINDOWS\system32\winsrv.dll

08:28:22.0375 0x0b78 E:\WINDOWS\system32\winsrv.dll - ok

08:28:22.0390 0x0b78 [ AFFE0B7126A86603D3F49A19A5B7DC46, 63C91B4726F583C1DC1B3F26CC8DC39C519401CF0005F223EE17A363BDBEA22F ] E:\WINDOWS\system32\gdi32.dll

08:28:22.0390 0x0b78 E:\WINDOWS\system32\gdi32.dll - ok

08:28:22.0390 0x0b78 [ 4A45B692D2BAA74124DF57472D5EA2F1, DFC6B595BBADFEF4930CCCF48E9FE55551CF0891571257E3E0A0DE328077A89B ] E:\WINDOWS\system32\kernel32.dll

08:28:22.0390 0x0b78 E:\WINDOWS\system32\kernel32.dll - ok

08:28:22.0390 0x0b78 [ B26B135FF1B9F60C9388B4A7D16F600B, ACD0AE7B4D5F871E148276C6CC4AE3A216E33F67FC78D827C16986E1F945438C ] E:\WINDOWS\system32\user32.dll

08:28:22.0390 0x0b78 E:\WINDOWS\system32\user32.dll - ok

08:28:22.0390 0x0b78 [ AC7280566A7BB85CB3291F04DDC1198E, 7640BC4C28B5D5167A10C4B0DA0FC8C7A255334D4BA11FD3E28A697A5B58583C ] E:\WINDOWS\system32\drivers\dxg.sys

08:28:22.0390 0x0b78 E:\WINDOWS\system32\drivers\dxg.sys - ok

08:28:22.0390 0x0b78 [ A73F5D6705B1D820C19B18782E176EFD, C36486504C3A596FDCA487143F6D3B43C0BEE01321F6F1F3071976556533C419 ] E:\WINDOWS\system32\drivers\dxgthk.sys

08:28:22.0390 0x0b78 E:\WINDOWS\system32\drivers\dxgthk.sys - ok

08:28:22.0390 0x0b78 [ 565137452A4D8F9D48BF61E338E1B128, AA70F2602D979AFBF12EDB906556341A6A6997A7F2FD839CCD863AA957AC6CD7 ] E:\WINDOWS\system32\igxpgd32.dll

08:28:22.0390 0x0b78 E:\WINDOWS\system32\igxpgd32.dll - ok

08:28:22.0406 0x0b78 [ 479D024F92A0AB5D7291D42A95D0A708, AD494BF9DA797AB157E64EB2697BD62E076EC2121CE838A41C277FD625264264 ] E:\WINDOWS\system32\igxprd32.dll

08:28:22.0406 0x0b78 E:\WINDOWS\system32\igxprd32.dll - ok

08:28:22.0406 0x0b78 [ ECB7591870F8BFB1A4C17B718AD5A4AA, 67E8D218F107F78F9C62999F560E47AEC799E4B4DC4AB3EBC0DC61670BFE3E3D ] E:\WINDOWS\system32\vga.dll

08:28:22.0406 0x0b78 E:\WINDOWS\system32\vga.dll - ok

08:28:22.0406 0x0b78 [ BF7718892EF3700F029E0536483B1973, F12E3EC2716ADE36CEF02ADCE317A4AB70AC253F71A9093A71D06023BB3AB023 ] E:\WINDOWS\system32\igxpdv32.dll

08:28:22.0406 0x0b78 E:\WINDOWS\system32\igxpdv32.dll - ok

08:28:22.0406 0x0b78 [ FE710ABB37D8A23C98B567887F7D5641, B90B6F027514F07D1B3E8F686CFB0F7949461D487D78FD6BE889302ACA90EC7B ] E:\WINDOWS\system32\igxpdx32.dll

08:28:22.0406 0x0b78 E:\WINDOWS\system32\igxpdx32.dll - ok

08:28:22.0406 0x0b78 [ ED0EF0A136DEC83DF69F04118870003E, 45377CB8E9F0120F836FC8261C711F7DBF7199117AFB3652EBF100D5F0429B1E ] E:\WINDOWS\system32\winlogon.exe

08:28:22.0406 0x0b78 E:\WINDOWS\system32\winlogon.exe - ok

08:28:22.0421 0x0b78 [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] E:\WINDOWS\system32\advapi32.dll

08:28:22.0421 0x0b78 E:\WINDOWS\system32\advapi32.dll - ok

08:28:22.0421 0x0b78 [ 44C164B34A72F29087ECA32411F2ED44, 112761CCEFE8F4B936AC58FF1F13589C0DBA3BE1AC348584D874B65DAB1EDED6 ] E:\WINDOWS\system32\rpcrt4.dll

08:28:22.0421 0x0b78 E:\WINDOWS\system32\rpcrt4.dll - ok

08:28:22.0421 0x0b78 [ 5357826C8A8DD6A07F17C48BB45BE46E, E081B04F8C8A31951A0ADEC889E6CA4DEED5FF738446D5A5614B11B113000BCA ] E:\WINDOWS\system32\secur32.dll

08:28:22.0421 0x0b78 E:\WINDOWS\system32\secur32.dll - ok

08:28:22.0421 0x0b78 [ 714705F29A917993536A6AB2DEDB0B7F, 5C3EA97044A7AF8027000DFA40901C0097EC935A7149C0A46AA2C6A2F9FD6CC1 ] E:\WINDOWS\system32\authz.dll

08:28:22.0421 0x0b78 E:\WINDOWS\system32\authz.dll - ok

08:28:22.0421 0x0b78 [ 355EDBB4D412B01F1740C17E3F50FA00, 8619D345C864CD8EA704EFAA0A391F5F31AA56BB6D30F62FC60F465873CC1BF9 ] E:\WINDOWS\system32\msvcrt.dll

08:28:22.0421 0x0b78 E:\WINDOWS\system32\msvcrt.dll - ok

08:28:22.0421 0x0b78 [ 636DF3FF20A1B69B3F9D21325E7115C7, 6B38CF96E92273995F40B6D7029D20B4041342D6EDD5B6CA73967A401823D4F5 ] E:\WINDOWS\system32\crypt32.dll

08:28:22.0421 0x0b78 E:\WINDOWS\system32\crypt32.dll - ok

08:28:22.0437 0x0b78 [ 04D898830DF96A17A20FD35D7590F87E, 09C75D1D434FF6BBE9B3F5E0A8E63944ACB34E364C4A89676DED2204DBD1AEF5 ] E:\WINDOWS\system32\msasn1.dll

08:28:22.0437 0x0b78 E:\WINDOWS\system32\msasn1.dll - ok

08:28:22.0437 0x0b78 [ 013C1148C1EC025596896E093F60F608, E19D20E0852372ED7DA66939E995F8F7ECC52ED5B650E8B833944788C0A34F61 ] E:\WINDOWS\system32\nddeapi.dll

08:28:22.0437 0x0b78 E:\WINDOWS\system32\nddeapi.dll - ok

08:28:22.0437 0x0b78 [ FCFA1C55971CC229D353B3A15ACCD995, 6C21D6EAD676AF8C100666261CE7AA5AA86671883B78092AD61008234C96BBBA ] E:\WINDOWS\system32\profmap.dll

08:28:22.0437 0x0b78 E:\WINDOWS\system32\profmap.dll - ok

08:28:22.0437 0x0b78 [ CAC752BF84DB4666ED3CE0948E6EA937, C84F9D57C076DE6ACC1720B66147D0CA963C65714593FAFD7FB1FE1F01CC464B ] E:\WINDOWS\system32\netapi32.dll

08:28:22.0437 0x0b78 E:\WINDOWS\system32\netapi32.dll - ok

08:28:22.0437 0x0b78 [ 43D13C80EBEC0135A3611E0F616F179B, 9C5409ECBD2C3B89C80F0A59B96220178E790A7D78967C6281D56EB1965E9ECD ] E:\WINDOWS\system32\userenv.dll

08:28:22.0437 0x0b78 E:\WINDOWS\system32\userenv.dll - ok

08:28:22.0437 0x0b78 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31, CC0A76B55B38183B8C6141C290D1858A9D118333C804784AB305FE76A0FCE775 ] E:\WINDOWS\system32\psapi.dll

08:28:22.0437 0x0b78 E:\WINDOWS\system32\psapi.dll - ok

Link to post
Share on other sites

Rest of second TDSS log:

08:28:22.0453 0x0b78 [ AF11C591F2F4AFF4A6CF699D376F618B, B61C0D1944D5D8F536AB5422017C99773BD89EA59784969E4F8F269BF9EF57C3 ] E:\WINDOWS\system32\regapi.dll

08:28:22.0453 0x0b78 E:\WINDOWS\system32\regapi.dll - ok

08:28:22.0453 0x0b78 [ 24192246760E0E64435522E246B1D6C2, B1C5A16A73250DEA900FF6ECE71F604E2411B4FDFD497564BEB7D867A75640BF ] E:\WINDOWS\system32\setupapi.dll

08:28:22.0453 0x0b78 E:\WINDOWS\system32\setupapi.dll - ok

08:28:22.0453 0x0b78 [ C7CE131408739B0B3A318BE2D0032719, CAEEED45F6BAB22F611B2200DC91E68426F169F5646247893CF3AC7EFDDD07B8 ] E:\WINDOWS\system32\version.dll

08:28:22.0453 0x0b78 E:\WINDOWS\system32\version.dll - ok

08:28:22.0453 0x0b78 [ 430CEB794F6E6EF8AC86958C242366D6, 48066566EDC18654095EAD7F4449CD42B44AD758465A6B36A42B489F32C7E64B ] E:\WINDOWS\system32\winsta.dll

08:28:22.0453 0x0b78 E:\WINDOWS\system32\winsta.dll - ok

08:28:22.0453 0x0b78 [ D458B738B4C2CE33174CFB2CE12412DB, C8FCA4B1BE8358B1F14BB25F39899A18804133544701DFCF40E8782C2487C912 ] E:\WINDOWS\system32\wintrust.dll

08:28:22.0453 0x0b78 E:\WINDOWS\system32\wintrust.dll - ok

08:28:22.0468 0x0b78 [ 16E916243BDDBAF44D98E623B2D0CEAD, A1C56AC378EDA9ACBE73342BEE0897E028BDD368288552108FC77A7AA1478690 ] E:\WINDOWS\system32\imagehlp.dll

08:28:22.0468 0x0b78 E:\WINDOWS\system32\imagehlp.dll - ok

08:28:22.0468 0x0b78 [ 2CCC474EB85CEAA3E1FA1726580A3E5A, 6E99D2FB4997E54E8B1B7D769CF2C0FAE296A6441DC39984850EA26BFEB7E500 ] E:\WINDOWS\system32\ws2_32.dll

08:28:22.0468 0x0b78 E:\WINDOWS\system32\ws2_32.dll - ok

08:28:22.0468 0x0b78 [ 0DA85218E92526972A821587E6A8BF8F, 9377F61D4B10974D5962E03F54BB89C8F804883245D61C670E51228AFE4559EB ] E:\WINDOWS\system32\imm32.dll

08:28:22.0468 0x0b78 E:\WINDOWS\system32\imm32.dll - ok

08:28:22.0468 0x0b78 [ 9789E95E1D88EEB4B922BF3EA7779C28, 2D17FD78E71BDB5D51B69DE6B36D7481A7AA3C61EA7636CD71638AF501883A91 ] E:\WINDOWS\system32\ws2help.dll

08:28:22.0468 0x0b78 E:\WINDOWS\system32\ws2help.dll - ok

08:28:22.0468 0x0b78 [ 56C5B179FE3308B655EB6208C3256FEC, C70BCE54E5DF47D37C835804EAAEC7C06C1A226EFA2003226BE290D1D552126F ] E:\WINDOWS\system32\kbdus.dll

08:28:22.0468 0x0b78 E:\WINDOWS\system32\kbdus.dll - ok

08:28:22.0468 0x0b78 [ D7B7A57C0E57C836F18CF12A4C62A1CA, 651B16027B4F4B0ED2F827E32B7E66188CDB023DB8C7B1A9A1A44063FB35B9DE ] E:\WINDOWS\system32\msgina.dll

08:28:22.0468 0x0b78 E:\WINDOWS\system32\msgina.dll - ok

08:28:22.0484 0x0b78 [ 93AFB83FBC1F9443CAC722FCA63D73BF, 853C4A03A153F232E5CAF219F7FD732CB82CB62171F077DE737B32169F7832AB ] E:\WINDOWS\system32\comctl32.dll

08:28:22.0484 0x0b78 E:\WINDOWS\system32\comctl32.dll - ok

08:28:22.0484 0x0b78 [ 40B0F98BAD16AD5DEF894E88C3EF8014, 916B7BFC23BB5A3F757160BCF2013A8260D9382EFDE6AADAFC4D297828C71003 ] E:\WINDOWS\system32\odbc32.dll

08:28:22.0484 0x0b78 E:\WINDOWS\system32\odbc32.dll - ok

08:28:22.0484 0x0b78 [ 86987A5000DFA3EBE2275C0456BCF2FE, 31B699E8FD11DD59ADBAE56650C1B7AE80484091B3B6D9015A95F590E2C3EB05 ] E:\WINDOWS\system32\comdlg32.dll

08:28:22.0484 0x0b78 E:\WINDOWS\system32\comdlg32.dll - ok

08:28:22.0484 0x0b78 [ 6843D54BC4A40CC8C5741AF750233D10, D998B54B7D23A986DD14D8BC56169A10EE43267F4F1914FBDD55B6B028993FAC ] E:\WINDOWS\system32\shell32.dll

08:28:22.0484 0x0b78 E:\WINDOWS\system32\shell32.dll - ok

08:28:22.0484 0x0b78 [ C448A248B743F5FB935C787A5D97268B, 26E88FF449F938B218FAED6D8F3F095577216A29D656D17ACEA7F6C16E638BED ] E:\WINDOWS\system32\shlwapi.dll

08:28:22.0484 0x0b78 E:\WINDOWS\system32\shlwapi.dll - ok

08:28:22.0500 0x0b78 [ 694503348B586E99D56C0E30AB5B3EF8, 53A0C2604574058F1520D8F0805F1247B15BB0E00A5B5BAFE027C702D55E5076 ] E:\WINDOWS\system32\sxs.dll

08:28:22.0500 0x0b78 E:\WINDOWS\system32\sxs.dll - ok

08:28:22.0500 0x0b78 [ 736B12B725AEB2B07F0241A9F680CB10, 9EF1406CAEE256117DA8C8904BCB20FB8F9421F02F812B4DC2CE1F16D2B315F2 ] E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

08:28:22.0500 0x0b78 E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok

08:28:22.0500 0x0b78 [ 6B7C6B32F8E84D56C6260D684019FEA2, A10B4D413452D95B6B4087838F2FCE0B9F42D8C0CBE7A91DC080AE1163FB6D1A ] E:\WINDOWS\system32\odbcint.dll

08:28:22.0500 0x0b78 E:\WINDOWS\system32\odbcint.dll - ok

08:28:22.0500 0x0b78 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] E:\WINDOWS\system32\shsvcs.dll

08:28:22.0500 0x0b78 E:\WINDOWS\system32\shsvcs.dll - ok

08:28:22.0500 0x0b78 [ 96E1C926F22EE1BFBAE82901A35F6BF3, 95568F138216FFADCFC4BAE8A12825FFE53F2EA04C5CAC2AD10F65FC0C4E3CDB ] E:\WINDOWS\system32\sfc.dll

08:28:22.0500 0x0b78 E:\WINDOWS\system32\sfc.dll - ok

08:28:22.0500 0x0b78 [ 6B5DB6789177A4FD0DEBC248041D0739, 3E3239C3613CCBB9EE2539D78BC745ED19134E1D3BED88C3D5273796FA2507DA ] E:\WINDOWS\system32\sfc_os.dll

08:28:22.0500 0x0b78 E:\WINDOWS\system32\sfc_os.dll - ok

08:28:22.0515 0x0b78 [ 59B408E5B8489B0B36A0D783D150EDCC, CB234B25502B0CE0C1E6CFA883FDDF64DAB7A6E50A6AD36CAB3B30A7C872B403 ] E:\WINDOWS\system32\ole32.dll

08:28:22.0515 0x0b78 E:\WINDOWS\system32\ole32.dll - ok

08:28:22.0515 0x0b78 [ CF492D7E9AF1C628B3536D20EF6F5CC7, 3D7A5A5D6B804C0A3F3E7256B3AC19397567700271CABCD7C4C8B51565958BC8 ] E:\WINDOWS\system32\apphelp.dll

08:28:22.0515 0x0b78 E:\WINDOWS\system32\apphelp.dll - ok

08:28:22.0515 0x0b78 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] E:\WINDOWS\system32\lsass.exe

08:28:22.0515 0x0b78 E:\WINDOWS\system32\lsass.exe - ok

08:28:22.0515 0x0b78 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] E:\WINDOWS\system32\services.exe

08:28:22.0515 0x0b78 E:\WINDOWS\system32\services.exe - ok

08:28:22.0515 0x0b78 [ BD31DC6DBE9333C4FBD4BDF0899F2160, 545D83178CCD74C68B72C607201EF9E1C8A5FC26A08288F8D3A77106964D1034 ] E:\WINDOWS\system32\lsasrv.dll

08:28:22.0515 0x0b78 E:\WINDOWS\system32\lsasrv.dll - ok

08:28:22.0531 0x0b78 [ EC29A79F1E76DC509E24D401F29D0678, 2CECCD7CE806152F6DD1A6812C7DAEC46FB197E63D14414808D713C829EE4260 ] E:\WINDOWS\system32\ncobjapi.dll

08:28:22.0531 0x0b78 E:\WINDOWS\system32\ncobjapi.dll - ok

08:28:22.0531 0x0b78 [ F404830F3CD9BF8F2515E489C0CDA297, 4FFFBBDD04B82623983B8B51E52E113EBF0E32E8328BFD3754B7A299E5673569 ] E:\WINDOWS\system32\msvcp60.dll

08:28:22.0531 0x0b78 E:\WINDOWS\system32\msvcp60.dll - ok

08:28:22.0531 0x0b78 [ B24A42A413E694AD73FDFB7FBD492C31, 52411B5C714ED7FCFF3A120980EB75BF5A64E022303D3E717048E0E44F604AC0 ] E:\WINDOWS\system32\scesrv.dll

08:28:22.0531 0x0b78 E:\WINDOWS\system32\scesrv.dll - ok

08:28:22.0531 0x0b78 [ DD7BD97FB8BD800963789158A5E4B41D, 4C265CB9AC1B8C398E625C1775A5AADD8A030D158B557E24F90CA57C0253FF0D ] E:\WINDOWS\system32\mpr.dll

08:28:22.0531 0x0b78 E:\WINDOWS\system32\mpr.dll - ok

08:28:22.0531 0x0b78 [ EC4C0D9BFD9F7E33F8B395AD54E13063, 18E60FF334376604F213F3323FAB81F392493496C6CA809FAD66BB8B0EEB3396 ] E:\WINDOWS\system32\ntdsapi.dll

08:28:22.0531 0x0b78 E:\WINDOWS\system32\ntdsapi.dll - ok

08:28:22.0531 0x0b78 [ 2EDFC2A8893435723AD80481803C6D5C, CD547E4749EE6466FD4F50CF2EAD37AD993C6BC89068BD51726869D5ADB2AF8E ] E:\WINDOWS\system32\umpnpmgr.dll

08:28:22.0531 0x0b78 E:\WINDOWS\system32\umpnpmgr.dll - ok

08:28:22.0546 0x0b78 [ 389496118B3B03C2328024AF320132AC, 11F85CA49596CE12B1F80B5BC059B6F5549FC09A43E2C47841A688F2ACEBB8B8 ] E:\WINDOWS\system32\dnsapi.dll

08:28:22.0546 0x0b78 E:\WINDOWS\system32\dnsapi.dll - ok

08:28:22.0546 0x0b78 [ 1F03103598BD817B1078DAB1326DDE11, 0F0D19E67E25E9D2113920166B7326B46BACD22BA08476EC91D9C564AFC1FAF3 ] E:\WINDOWS\system32\shimeng.dll

08:28:22.0546 0x0b78 E:\WINDOWS\system32\shimeng.dll - ok

08:28:22.0546 0x0b78 [ EA9EE60B408878E5F2012F9C783836DB, 354A6660705759C0E767BCD7FB6F1B4371B74784A986431A626DF3793D0421EC ] E:\WINDOWS\AppPatch\acadproc.dll

08:28:22.0546 0x0b78 E:\WINDOWS\AppPatch\acadproc.dll - ok

08:28:22.0546 0x0b78 [ 0492CF5870F0E616B0C71695A433D162, 47C9FB64A4CF3DF54F664B2B31A834ACF75B504650007E6201546C2D0E44D9C2 ] E:\WINDOWS\system32\wldap32.dll

08:28:22.0546 0x0b78 E:\WINDOWS\system32\wldap32.dll - ok

08:28:22.0546 0x0b78 [ 8329A39D5A402A75A74301D6A62ECDA1, 1947B2B19F2D0C690EC880B5A92F88903D78C6BB6EE47261B3D744B5A863D562 ] E:\WINDOWS\system32\samlib.dll

08:28:22.0546 0x0b78 E:\WINDOWS\system32\samlib.dll - ok

08:28:22.0562 0x0b78 [ F05B8CDB7FE0E55DCCFB1D946CE80064, E59BC2F25EBFF5F0CF459C9B8DEE882ADE227323F4768EBACFCC6784861BF260 ] E:\WINDOWS\system32\samsrv.dll

08:28:22.0562 0x0b78 E:\WINDOWS\system32\samsrv.dll - ok

08:28:22.0562 0x0b78 [ 17A1D675C12BBF80CAAC54A4855C41D0, F6185E42180218E932ADFFD63EF78EE8324B816BD57EA217322A46D1D2F47928 ] E:\WINDOWS\system32\cryptdll.dll

08:28:22.0562 0x0b78 E:\WINDOWS\system32\cryptdll.dll - ok

08:28:22.0562 0x0b78 [ 310C15FD8358B2C4CD7A5B98A112883F, CA656F066373B164A138032F5BF7EF68603EBDB0D49BD4663C99061F47F29085 ] E:\WINDOWS\AppPatch\acgenral.dll

08:28:22.0562 0x0b78 E:\WINDOWS\AppPatch\acgenral.dll - ok

08:28:22.0562 0x0b78 [ 4A953F13942867BA8FB41F141EC1B80C, BAE05A8CEDA4411324E38DB8A2153A988C6A3FAC8AD7CB27EE14E18FE7C47569 ] E:\WINDOWS\system32\winmm.dll

08:28:22.0562 0x0b78 E:\WINDOWS\system32\winmm.dll - ok

08:28:22.0562 0x0b78 [ EFF03460E542EEA6B0ABDEC6BF19C897, C2A0DDE6E8B49B152C295E97CFC35557391DEEE5A3A0B1BB4E445C405C716C55 ] E:\WINDOWS\system32\oleaut32.dll

08:28:22.0562 0x0b78 E:\WINDOWS\system32\oleaut32.dll - ok

08:28:22.0562 0x0b78 [ 2098AB52BD5316E59AA36F3437B13BE6, C4C9F2CFCAFF91B4A6F68E28EFE12EED216B41F081F8D577597C0634ECE57018 ] E:\WINDOWS\system32\msacm32.dll

08:28:22.0562 0x0b78 E:\WINDOWS\system32\msacm32.dll - ok

08:28:22.0578 0x0b78 [ 7A2CC3719B255E6B5D74396183B7715B, 2C4A2D5B42CFFE42BE72A652D1B0EED43D7EECF7CA3416660A3E0C539AA2AC34 ] E:\WINDOWS\system32\uxtheme.dll

08:28:22.0578 0x0b78 E:\WINDOWS\system32\uxtheme.dll - ok

08:28:22.0578 0x0b78 [ F24B12786D60A17008319E3F2AEE7799, BF916F65D770C61612678171CC184A0BF259992CEC0BF607D26834CE2A234FB3 ] E:\WINDOWS\system32\msapsspc.dll

08:28:22.0578 0x0b78 E:\WINDOWS\system32\msapsspc.dll - ok

08:28:22.0578 0x0b78 [ 7A660EDC0757849DF5F8706FB6E9F740, CA3820507A92EE9AB4EE8E804736FE1795224AE02D396AADB5BFD53223D9B7E2 ] E:\WINDOWS\system32\msvcrt40.dll

08:28:22.0578 0x0b78 E:\WINDOWS\system32\msvcrt40.dll - ok

08:28:22.0578 0x0b78 [ 0F64207B49390C8063C36AE7CBF9C2DB, 52C4A7A38EE11CA247001EB0A3C67BFEB1A09E9AC406486132D5AC38BE3A6A6F ] E:\WINDOWS\system32\schannel.dll

08:28:22.0578 0x0b78 E:\WINDOWS\system32\schannel.dll - ok

08:28:22.0578 0x0b78 [ 3D76DD0CBC536E0F8C45D23ED230BEB2, F74F94525AB7CE1E269452C9E1DD08411A668CFDD94F069C90FC2EE33CB35A12 ] E:\WINDOWS\system32\digest.dll

08:28:22.0578 0x0b78 E:\WINDOWS\system32\digest.dll - ok

08:28:22.0578 0x0b78 [ A4388DF80E52695AE92EE5F3F61F1619, A4B7C6E10B92B5022CA6E8FD9094098614FD63178EA86A7B035EB89B373BF033 ] E:\WINDOWS\system32\msnsspc.dll

08:28:22.0578 0x0b78 E:\WINDOWS\system32\msnsspc.dll - ok

08:28:22.0593 0x0b78 [ 5733177BCF16EE78B99543C9B0AB81EA, 6504D3D665AC8AB27A44F863F9C1A23FF3B68EAC0512F418712CC0D56F739E24 ] E:\WINDOWS\system32\msctfime.ime

08:28:22.0593 0x0b78 E:\WINDOWS\system32\msctfime.ime - ok

08:28:22.0593 0x0b78 [ C6BB1D1500DB4A0E224CB65E6C7E8A80, 32099A486457D1DC3B1269DE9570EE922F118C3BD443FE78ED051DD764EF4DE3 ] E:\WINDOWS\system32\msprivs.dll

08:28:22.0593 0x0b78 E:\WINDOWS\system32\msprivs.dll - ok

08:28:22.0593 0x0b78 [ A525C96C51D55111FDF3BEA9FFFFC7AE, AA5B080E01573B96A37E67F871F97AE975E1E9519EDB16476472AA3FA2144643 ] E:\WINDOWS\system32\kerberos.dll

08:28:22.0593 0x0b78 E:\WINDOWS\system32\kerberos.dll - ok

08:28:22.0593 0x0b78 [ 318FAA70D9B0FB8DD168D4ED628E27B2, 2C407FFDA4A02D4A1CB9592C6FA4293BA31BE8852670436F1187A8107572ED41 ] E:\WINDOWS\system32\atmfd.dll

08:28:22.0593 0x0b78 E:\WINDOWS\system32\atmfd.dll - ok

08:28:22.0593 0x0b78 [ 517561A1113B04E51D936CD018DE1C1F, A5F572C3557705F28F7A465970F0432F55B616EFD208BA0CBDFFBF7A41F07C04 ] E:\WINDOWS\system32\msv1_0.dll

08:28:22.0593 0x0b78 E:\WINDOWS\system32\msv1_0.dll - ok

08:28:22.0609 0x0b78 [ AF07DC9B7CC455629E732340C7B15F3A, 4403503F24FB76AB55D347273319B98BC0955AB3E537FA5ADA498B9AED76484A ] E:\WINDOWS\system32\iphlpapi.dll

08:28:22.0609 0x0b78 E:\WINDOWS\system32\iphlpapi.dll - ok

08:28:22.0609 0x0b78 [ 1B7F071C51B77C272875C3A23E1E4550, 9D6EA6DF4F4A531E35B843CE11AB6BDBEF0C2716773C14660E98038C1F68B7C4 ] E:\WINDOWS\system32\netlogon.dll

08:28:22.0609 0x0b78 E:\WINDOWS\system32\netlogon.dll - ok

08:28:22.0609 0x0b78 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] E:\WINDOWS\system32\w32time.dll

08:28:22.0609 0x0b78 E:\WINDOWS\system32\w32time.dll - ok

08:28:22.0609 0x0b78 [ 3AAF9B35939FF9E58CCD18D41655C2FC, AF7358AB0A507D77569A8D38D2392C224BFBEFD1264C069BBC6C677BC20C6B8B ] E:\WINDOWS\system32\wdigest.dll

08:28:22.0609 0x0b78 E:\WINDOWS\system32\wdigest.dll - ok

08:28:22.0609 0x0b78 [ 54DAE3EA34802B4ED9AE1C6B1209FA56, EEB1FA90DB44C821B371D5F7C323B4F88E843107BBA16DA2ACB124D6A848B257 ] E:\WINDOWS\system32\rsaenh.dll

08:28:22.0609 0x0b78 E:\WINDOWS\system32\rsaenh.dll - ok

08:28:22.0609 0x0b78 [ 02988B904C386B500CD08639C4C20EEA, 66E96045957AABD7F5C364D64DE23A09D4C292C844FA00C45626A8D1EC21F206 ] E:\WINDOWS\system32\winscard.dll

08:28:22.0609 0x0b78 E:\WINDOWS\system32\winscard.dll - ok

08:28:22.0625 0x0b78 [ 0E2735281FBB9A764D5584C2A5DCBA59, B1EFF5D7BFDDFEC3A3E5B2F17A6A0F3F47C344A64AB57E6918B4DEC094FC9444 ] E:\WINDOWS\system32\wtsapi32.dll

08:28:22.0625 0x0b78 E:\WINDOWS\system32\wtsapi32.dll - ok

08:28:22.0625 0x0b78 [ A86BB5E61BF3E39B62AB4C7E7085A084, B88446E007153BB58C5AE867AC3FB4C46618BBAA5A152687201E0E81F881465A ] E:\WINDOWS\system32\scecli.dll

08:28:22.0625 0x0b78 E:\WINDOWS\system32\scecli.dll - ok

08:28:22.0625 0x0b78 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18, 2910EBC692D833D949BFD56059E8106D324A276D5F165F874F3FB1B6C613CDD5 ] E:\WINDOWS\system32\svchost.exe

08:28:22.0625 0x0b78 E:\WINDOWS\system32\svchost.exe - ok

08:28:22.0625 0x0b78 [ 549290DBC280C887681D7652978DBBE0, CA2CA8561F11CDD5FD5D23D9D88A96A7FFE4AF6DFE8CE783B0969B6ED3C4CBF8 ] E:\WINDOWS\system32\ntmarta.dll

08:28:22.0625 0x0b78 E:\WINDOWS\system32\ntmarta.dll - ok

08:28:22.0625 0x0b78 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] E:\WINDOWS\system32\rpcss.dll

08:28:22.0625 0x0b78 E:\WINDOWS\system32\rpcss.dll - ok

08:28:22.0640 0x0b78 [ 16403217AB6FC5C30C14C6B12098AD4B, DEA7C556BA9C91E056E6035E77A793A77E428D493518D1C6F796B003D4F07305 ] E:\WINDOWS\system32\xpsp2res.dll

08:28:22.0640 0x0b78 E:\WINDOWS\system32\xpsp2res.dll - ok

08:28:22.0640 0x0b78 [ 6D4FEB43EE538FC5428CC7F0565AA656, 4091D82537198562F0CA1D032B2D4BEC75101342B7BCA7778FDA2D515300BC36 ] E:\WINDOWS\system32\eventlog.dll

08:28:22.0640 0x0b78 E:\WINDOWS\system32\eventlog.dll - ok

08:28:22.0640 0x0b78 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23, 032B6D1F541F180A2FE619664EF180D3FD748AEF7E311BA925FCED74E7ED4713 ] E:\WINDOWS\system32\logonui.exe

08:28:22.0640 0x0b78 E:\WINDOWS\system32\logonui.exe - ok

08:28:22.0640 0x0b78 [ 3D41A9326F0376FC73AF961DD23B1FB1, 1242F3B57599675D1E0E26615E206CE3DB15FA6A23BC5D21EB630EE9858EBC7B ] E:\WINDOWS\system32\duser.dll

08:28:22.0640 0x0b78 E:\WINDOWS\system32\duser.dll - ok

08:28:22.0640 0x0b78 [ AFFC87E2501FCE8F09D4C10BA6421CCF, E63837B281C4AE90A7CBA8E072E07A9A5A2FDD5B15E7FB5C2D7562FE72BE5408 ] E:\WINDOWS\system32\msimg32.dll

08:28:22.0640 0x0b78 E:\WINDOWS\system32\msimg32.dll - ok

08:28:22.0640 0x0b78 [ 20200EE3CFE10E9F0C028D8653BE11C6, 3ACF2110D72509CBA3BF780C5D6D662BAFEEA6CA423BE8B0F97288B953127035 ] E:\WINDOWS\system32\oleacc.dll

08:28:22.0640 0x0b78 E:\WINDOWS\system32\oleacc.dll - ok

08:28:22.0656 0x0b78 [ F137A0CA70003DB20448D540651FA003, 4D3095FD8431D0839B6EE785A979D005A1035368A152CDC705804E85B7673198 ] E:\WINDOWS\system32\clbcatq.dll

08:28:22.0656 0x0b78 E:\WINDOWS\system32\clbcatq.dll - ok

08:28:22.0656 0x0b78 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] E:\WINDOWS\system32\mswsock.dll

08:28:22.0656 0x0b78 E:\WINDOWS\system32\mswsock.dll - ok

08:28:22.0656 0x0b78 [ 3CB32D3B8CBE79899D63280BB7A83CD9, F34DB3B3DD65F0135F1F7005703B824D2C9B17F7A43062F1FFBEC53B3B26EFC3 ] E:\WINDOWS\system32\hnetcfg.dll

08:28:22.0656 0x0b78 E:\WINDOWS\system32\hnetcfg.dll - ok

08:28:22.0656 0x0b78 [ 1280A158C722FA95A80FB7AEBE78FA7D, 9B6E8158E581500C5C417F6453A6414901020123D34FDBC04289750E8B072538 ] E:\WINDOWS\system32\comres.dll

08:28:22.0656 0x0b78 E:\WINDOWS\system32\comres.dll - ok

08:28:22.0656 0x0b78 [ 4E3D06D6E68EEDB52565080F55B460D3, A503BFC29D3936045488EDC1771914EC84BE80E422F772F53D7961F526D707E6 ] E:\WINDOWS\system32\wshtcpip.dll

08:28:22.0656 0x0b78 E:\WINDOWS\system32\wshtcpip.dll - ok

08:28:22.0671 0x0b78 [ D72B9EC3337B247A666F098F3D6B43DE, 4BC52AD1116078B0B313AB6555024302225D6CC03CA428151F78B7C48821489F ] E:\WINDOWS\system32\winrnr.dll

08:28:22.0671 0x0b78 E:\WINDOWS\system32\winrnr.dll - ok

08:28:22.0671 0x0b78 [ 1EE3643D1AA747222427F63353611AD7, 18465E375485DF4E980121449077D5BA87C25C5FA8D86F40DA3B7BE153306766 ] E:\Program Files\Microsoft Security Client\MsMpEng.exe

08:28:22.0671 0x0b78 E:\Program Files\Microsoft Security Client\MsMpEng.exe - ok

08:28:22.0671 0x0b78 [ 6F9BEF24C578D5D6740E080BEDD6A448, 72426D49BC31488261D226C7D0C98AD11192019E71654F53D1D17183C328CC7C ] E:\WINDOWS\system32\rasadhlp.dll

08:28:22.0671 0x0b78 E:\WINDOWS\system32\rasadhlp.dll - ok

08:28:22.0671 0x0b78 [ BD5857204803716E11D5164E935C1035, 9F0C192791892C0AEA24AD78738AC4BCAABA1FDC157093B9AF97FE20B6B253E3 ] E:\Program Files\Microsoft Security Client\MpSvc.dll

08:28:22.0671 0x0b78 E:\Program Files\Microsoft Security Client\MpSvc.dll - ok

08:28:22.0671 0x0b78 [ E5EDBD51476DB5001ABF5C82AE5C3DD1, 5C97ABF5802A7F886781788FE6107F9F06962F9D704A2A43A03062C9405F56C3 ] E:\WINDOWS\system32\shgina.dll

08:28:22.0671 0x0b78 E:\WINDOWS\system32\shgina.dll - ok

08:28:22.0671 0x0b78 [ 4C18D66766D639E3F8629511B3FDC7DD, 058BCE774CAABA9F1252F7EAF1EB6A1B284D3E9F6E95B429FE21431806AAA5AA ] E:\Program Files\Microsoft Security Client\MpClient.dll

08:28:22.0671 0x0b78 E:\Program Files\Microsoft Security Client\MpClient.dll - ok

08:28:22.0687 0x0b78 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] E:\WINDOWS\system32\drivers\ndisuio.sys

08:28:22.0687 0x0b78 E:\WINDOWS\system32\drivers\ndisuio.sys - ok

08:28:22.0687 0x0b78 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] E:\WINDOWS\system32\dhcpcsvc.dll

08:28:22.0687 0x0b78 E:\WINDOWS\system32\dhcpcsvc.dll - ok

08:28:22.0687 0x0b78 [ 515A7FAE2070C2B0242B2353443E2F11, 6121C5613784831F584B50E8DC91BBD7AC58BDB602FE4CDB4B237670B6BB4537 ] E:\WINDOWS\system32\cscdll.dll

08:28:22.0687 0x0b78 E:\WINDOWS\system32\cscdll.dll - ok

08:28:22.0687 0x0b78 [ E2092F0A1D7ABC243F9C2362483D150D, 50028400D6BA1C5B27BFC9AAC9D41539383F3EC723977CA937715E14094D846A ] E:\WINDOWS\system32\dimsntfy.dll

08:28:22.0687 0x0b78 E:\WINDOWS\system32\dimsntfy.dll - ok

08:28:22.0687 0x0b78 [ C4FD91F38B9223F1BC6F4A3341756518, F8B3A55018EC6BB6CD4DA253AC4BFAD57439060D411CE7CC846B4CE663A3781C ] E:\Program Files\Microsoft Security Client\MpCommu.dll

08:28:22.0687 0x0b78 E:\Program Files\Microsoft Security Client\MpCommu.dll - ok

08:28:22.0703 0x0b78 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] E:\WINDOWS\system32\dnsrslvr.dll

08:28:22.0703 0x0b78 E:\WINDOWS\system32\dnsrslvr.dll - ok

08:28:22.0703 0x0b78 [ 2CC34E8BB667EEF78899546E12649196, 5BA2604041BF7C1D580D4D2AEDC7708F9E9B0AF6E0928663E3D9C7297296D721 ] E:\WINDOWS\system32\wlnotify.dll

08:28:22.0703 0x0b78 E:\WINDOWS\system32\wlnotify.dll - ok

08:28:22.0703 0x0b78 [ BD83ABA61E8ACCC8D9FFB869F29418CE, 45ED22E825047A1BE07B017F95FBF965A90602C59E6B110D0C604FBE07DE1562 ] E:\WINDOWS\system32\winspool.drv

08:28:22.0703 0x0b78 E:\WINDOWS\system32\winspool.drv - ok

08:28:22.0703 0x0b78 [ 684559A03CBC1D05BA120A18B0D8BA5D, 7425F27C8EF8CEF26B071D7FD5FED538C74EF524AEF73E427B1781F3A3C16C42 ] E:\WINDOWS\system32\winhttp.dll

08:28:22.0703 0x0b78 E:\WINDOWS\system32\winhttp.dll - ok

08:28:22.0703 0x0b78 [ E7ABCEDB8BAC7935EC4A75DA80B2E77B, 6EFAD69C89FE1DDFEADB6439D7F1812353DB208C6654B8C0930CC8B41E4C5F7C ] E:\Program Files\Microsoft Security Client\MpRTP.dll

08:28:22.0703 0x0b78 E:\Program Files\Microsoft Security Client\MpRTP.dll - ok

08:28:22.0703 0x0b78 [ 5D43C9A33F18C707BA169AFDA88BDF30, 6796891360B4731B4F165300BD9FAC9A2A4C54E8CFF86DEC8036D3765AE4D9A3 ] E:\WINDOWS\system32\fltlib.dll

08:28:22.0703 0x0b78 E:\WINDOWS\system32\fltlib.dll - ok

08:28:22.0718 0x0b78 [ 04AB4AF054F9746F6E3C7377B02CF9C0, 34E73217CB6318FF451B652768E060A9F0B90BD3FDB447DE9B47685A7A344630 ] E:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AF79B53-438C-428C-84F4-F32EDE9A32C5}\mpengine.dll

08:28:22.0718 0x0b78 E:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AF79B53-438C-428C-84F4-F32EDE9A32C5}\mpengine.dll - ok

08:28:22.0718 0x0b78 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] E:\WINDOWS\system32\wzcsvc.dll

08:28:22.0718 0x0b78 E:\WINDOWS\system32\wzcsvc.dll - ok

08:28:22.0718 0x0b78 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] E:\WINDOWS\system32\lmhsvc.dll

08:28:22.0718 0x0b78 E:\WINDOWS\system32\lmhsvc.dll - ok

08:28:22.0718 0x0b78 [ 876CCF164E08D6B903CD14398E056DD2, 9AC7887F992F20E10EB3ED9B3AEF47B5C840172FA7895531F4EF86D6EA642D0F ] E:\WINDOWS\system32\rtutils.dll

08:28:22.0718 0x0b78 E:\WINDOWS\system32\rtutils.dll - ok

08:28:22.0718 0x0b78 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F, EC80729BDD250C161B29DA853D45C703CB4844DE185C5665DB0627D9568995AB ] E:\WINDOWS\system32\eapolqec.dll

08:28:22.0718 0x0b78 E:\WINDOWS\system32\eapolqec.dll - ok

08:28:22.0718 0x0b78 [ 7B0770526801F05D58C51A3DFB87B4BD, 7A2858DD3AE8C26DE88F8CC71E8DC9A8A50C363BA4FB34EE6EE2D81C18845A96 ] E:\WINDOWS\system32\wmi.dll

08:28:22.0718 0x0b78 E:\WINDOWS\system32\wmi.dll - ok

08:28:22.0734 0x0b78 [ 224FB925C641DA16CEB6D60F40CA4C75, 2DDB3B019D2A22B359C5974DC366EC9B95F4382DB1BF7F1958CFF0EC277895C7 ] E:\WINDOWS\system32\atl.dll

08:28:22.0734 0x0b78 E:\WINDOWS\system32\atl.dll - ok

08:28:22.0734 0x0b78 [ 8AE93AACC648921BAACB8602991AC4B3, 78292B1BAEE64C997C50B6D907FE623C2EDF937A62D3C3690FA24342180B7AB2 ] E:\WINDOWS\system32\qutil.dll

08:28:22.0734 0x0b78 E:\WINDOWS\system32\qutil.dll - ok

08:28:22.0734 0x0b78 [ 8E2CC37BA87D8F681066E0E9C8A19F73, 90536FD502D92AE4FECE0C250373742D2E8AC9E9BE314070BB28C4A2BEA15508 ] E:\WINDOWS\system32\dot3api.dll

08:28:22.0734 0x0b78 E:\WINDOWS\system32\dot3api.dll - ok

08:28:22.0734 0x0b78 [ F5B754CDEA20BBB3A31E16A776EDE6D6, C5D682FA9B86810C6E3D741E507EDA024C4554BEB5B6A1686F70E109EE9CD746 ] E:\WINDOWS\system32\esent.dll

08:28:22.0734 0x0b78 E:\WINDOWS\system32\esent.dll - ok

08:28:22.0734 0x0b78 [ A39BE37C9237DB5F1990D61B268EA555, ABAB9D73DF10D2AC78F00A6C5E5318C4DE166CDF70683408D83D218CB39B7449 ] E:\WINDOWS\system32\rastls.dll

08:28:22.0734 0x0b78 E:\WINDOWS\system32\rastls.dll - ok

08:28:22.0750 0x0b78 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3, 9085384DD71F983E7FD8B6C8F54A3097412DA3C802C813C8AAB1F30558C416D6 ] E:\WINDOWS\system32\cryptui.dll

08:28:22.0750 0x0b78 E:\WINDOWS\system32\cryptui.dll - ok

08:28:22.0750 0x0b78 [ 8AF91E4B4C1F5338EBE1548117304296, 493F46CB43496B8158924229094374D4531DA32E3C77FF4F86FCB86DEACFB79B ] E:\WINDOWS\system32\wininet.dll

08:28:22.0750 0x0b78 E:\WINDOWS\system32\wininet.dll - ok

08:28:22.0750 0x0b78 [ 10753A3ADC3E39A3B10CC3F08E98E6B4, 99C7B1B04CD593139917ED3D68BEC36C63BCE76663505CB5D026B62AF39BB383 ] E:\WINDOWS\system32\normaliz.dll

08:28:22.0750 0x0b78 E:\WINDOWS\system32\normaliz.dll - ok

08:28:22.0750 0x0b78 [ 1387AB5807E7A29D880699CC733F6AED, 0A3B777546E5F5EBC7914118D0BB32546279AEC726FED05519E0CF8F97DFA039 ] E:\WINDOWS\system32\urlmon.dll

08:28:22.0750 0x0b78 E:\WINDOWS\system32\urlmon.dll - ok

08:28:22.0750 0x0b78 [ 89A1EE0C4046375B4B9E0B010C90C802, 51D54DA31E30487E73B50F482F1A04F273BC812F3AB2C415D09CB44956097E11 ] E:\WINDOWS\system32\iertutil.dll

08:28:22.0750 0x0b78 E:\WINDOWS\system32\iertutil.dll - ok

08:28:22.0750 0x0b78 [ EA5B8BECA3F279C757578CD7F1E95855, 6FA42A9C8A114208BCB1D0A799C43CD07FB0F986495191D58C1BBD150B7B3A90 ] E:\WINDOWS\system32\mprapi.dll

08:28:22.0750 0x0b78 E:\WINDOWS\system32\mprapi.dll - ok

08:28:22.0765 0x0b78 [ 2CDAE321B8E878A278BA2D2FA013060B, 51A382D665EB4A8BD66A3EF9B518DC02D3637318768758AB6F1017E50826CC56 ] E:\WINDOWS\system32\activeds.dll

08:28:22.0765 0x0b78 E:\WINDOWS\system32\activeds.dll - ok

08:28:22.0765 0x0b78 [ 0D84657DBF93DB98673DEFDF2B29E25A, 22105E297D663790BFA1EAE5AC670B283E69FDF2428DEBC596F3EB920E53AFF9 ] E:\WINDOWS\system32\adsldpc.dll

08:28:22.0765 0x0b78 E:\WINDOWS\system32\adsldpc.dll - ok

08:28:22.0765 0x0b78 [ 92C4F48B62B0B876194584C3FF09CCB6, B24FF5E8D4F09B8200395B68A20A083E7ED9A29B9E9FB85F42E1A6BBB911D1C4 ] E:\WINDOWS\system32\rasapi32.dll

08:28:22.0765 0x0b78 E:\WINDOWS\system32\rasapi32.dll - ok

08:28:22.0765 0x0b78 [ 4DEF926F6A0545AE486A03C84F2EE482, 2D209061632634D7338C0BBEEE8056E8085BE22FA6974A2CC6BAEDC14CF6F6B1 ] E:\WINDOWS\system32\rasman.dll

08:28:22.0765 0x0b78 E:\WINDOWS\system32\rasman.dll - ok

08:28:22.0765 0x0b78 [ 00AABF131B4823785818DB99A075A313, FF0F24D35325EC246C758C7CF51FDDEF13757DFD7BE5F6F5D51E0DD7C6673686 ] E:\WINDOWS\system32\tapi32.dll

08:28:22.0765 0x0b78 E:\WINDOWS\system32\tapi32.dll - ok

08:28:22.0781 0x0b78 [ C1FAEA15E41F62D7BFA7FBC395C24BA6, 5DAA7F6E1EEA128AEDEDCAF04EB83AED4BCF856BC123BC134E9FA634DC569C0B ] E:\WINDOWS\system32\riched20.dll

08:28:22.0781 0x0b78 E:\WINDOWS\system32\riched20.dll - ok

08:28:22.0781 0x0b78 [ 56CE97FF94B7662A300D359CD6F4D601, D67A792E176AE3394CEB8FEF16F9E56DC614D7D4F58F6B9202E49EFD42BAE9E4 ] E:\WINDOWS\system32\raschap.dll

08:28:22.0781 0x0b78 E:\WINDOWS\system32\raschap.dll - ok

08:28:22.0781 0x0b78 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] E:\WINDOWS\system32\schedsvc.dll

08:28:22.0781 0x0b78 E:\WINDOWS\system32\schedsvc.dll - ok

08:28:22.0781 0x0b78 [ E47E364C96467FD54FA44D59F927C3AB, D48C377A7ACF805C413D4618A099A50BE6724E8996C151B00DEAFD27CA935183 ] E:\WINDOWS\system32\msidle.dll

08:28:22.0781 0x0b78 E:\WINDOWS\system32\msidle.dll - ok

08:28:22.0781 0x0b78 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] E:\WINDOWS\system32\spoolsv.exe

08:28:22.0781 0x0b78 E:\WINDOWS\system32\spoolsv.exe - ok

08:28:22.0781 0x0b78 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] E:\WINDOWS\system32\audiosrv.dll

08:28:22.0781 0x0b78 E:\WINDOWS\system32\audiosrv.dll - ok

08:28:22.0796 0x0b78 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] E:\WINDOWS\system32\wkssvc.dll

08:28:22.0796 0x0b78 E:\WINDOWS\system32\wkssvc.dll - ok

08:28:22.0796 0x0b78 [ 281A63CE95E031E28E3F8BCB6DEBBC21, E8269577396DA1E5D64D44C0EE9C5657D9344A24AA9095B76A9142DA5569C1C9 ] E:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AF79B53-438C-428C-84F4-F32EDE9A32C5}\offreg.dll

08:28:22.0796 0x0b78 E:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AF79B53-438C-428C-84F4-F32EDE9A32C5}\offreg.dll - ok

08:28:22.0796 0x0b78 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] E:\WINDOWS\system32\drivers\mrxdav.sys

08:28:22.0796 0x0b78 E:\WINDOWS\system32\drivers\mrxdav.sys - ok

08:28:22.0796 0x0b78 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] E:\WINDOWS\system32\webclnt.dll

08:28:22.0796 0x0b78 E:\WINDOWS\system32\webclnt.dll - ok

08:28:22.0796 0x0b78 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] E:\WINDOWS\system32\drivers\parvdm.sys

08:28:22.0796 0x0b78 E:\WINDOWS\system32\drivers\parvdm.sys - ok

08:28:22.0812 0x0b78 [ 72D6D8E2D4F82C6E829125C7EC2A88F9, F357CFC3D04EB3F8E1A504D531D099698C6E2B29EB6CEDF75C08BF8917C46573 ] E:\Program Files\SUPERAntiSpyware\SASCORE.EXE

08:28:22.0812 0x0b78 E:\Program Files\SUPERAntiSpyware\SASCORE.EXE - ok

08:28:22.0812 0x0b78 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] E:\WINDOWS\system32\cryptsvc.dll

08:28:22.0812 0x0b78 E:\WINDOWS\system32\cryptsvc.dll - ok

08:28:22.0812 0x0b78 [ 00709952D444EAE14DBBD30D36FBAE0F, A65B57C68F9119940133F6680AF3644866EEBDA5378F9B6AED441FB999B50526 ] E:\WINDOWS\system32\certcli.dll

08:28:22.0812 0x0b78 E:\WINDOWS\system32\certcli.dll - ok

08:28:22.0812 0x0b78 [ 9442228D256CE6C874CFB5DC39A20540, E8059F7D3579EB6CCC4E637EE92D49B9C23FC9162A236B55B8F25D9A44B7EB9A ] E:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe

08:28:22.0812 0x0b78 E:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe - ok

08:28:22.0812 0x0b78 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] E:\WINDOWS\system32\es.dll

08:28:22.0812 0x0b78 E:\WINDOWS\system32\es.dll - ok

08:28:22.0812 0x0b78 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] E:\WINDOWS\system32\ersvc.dll

08:28:22.0812 0x0b78 E:\WINDOWS\system32\ersvc.dll - ok

08:28:22.0828 0x0b78 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] E:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

08:28:22.0828 0x0b78 E:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll - ok

08:28:22.0828 0x0b78 [ 61BFFBF840EB7285F630B5B4F1CCBC08, 012D9BA08F04A52537939B698EB66106456FB218A7A5AAAB236BF8FC2BF0D9CE ] E:\WINDOWS\system32\HPSIsvc.exe

08:28:22.0828 0x0b78 E:\WINDOWS\system32\HPSIsvc.exe - ok

08:28:22.0828 0x0b78 [ 79E3A8C328E7E569C32B0998377D9742, F5854956E452AD663004679BBDF8B006695B69C8962534CD243193F04F294DF3 ] E:\WINDOWS\system32\spoolss.dll

08:28:22.0828 0x0b78 E:\WINDOWS\system32\spoolss.dll - ok

08:28:22.0828 0x0b78 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] E:\WINDOWS\system32\srvsvc.dll

08:28:22.0828 0x0b78 E:\WINDOWS\system32\srvsvc.dll - ok

08:28:22.0828 0x0b78 [ 5677DFE438EC1F009273FC84FEED6B10, 44B62CC4D138E13C22FC29E9751CB7ED0B0C6C8897A8E6469172F8642B0527BE ] E:\WINDOWS\system32\localspl.dll

08:28:22.0828 0x0b78 E:\WINDOWS\system32\localspl.dll - ok

08:28:22.0828 0x0b78 [ 332760FBA1655FCFD35BD6F4FD871300, 6C539FD14B9CF9423E305EAF60CB5C12CA0F7AEF571FB09BAF64E83F108B7F2D ] E:\WINDOWS\system32\ipsecsvc.dll

08:28:22.0828 0x0b78 E:\WINDOWS\system32\ipsecsvc.dll - ok

08:28:22.0843 0x0b78 [ 20FD44370267CCD0A64A1B31861C21D2, D98194A17D1C63434EC6449742C10033F1B94D80826B20464519B1DD4DE1DB5F ] E:\WINDOWS\system32\netmsg.dll

08:28:22.0843 0x0b78 E:\WINDOWS\system32\netmsg.dll - ok

08:28:22.0843 0x0b78 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] E:\WINDOWS\system32\drivers\srv.sys

08:28:22.0843 0x0b78 E:\WINDOWS\system32\drivers\srv.sys - ok

08:28:22.0843 0x0b78 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] E:\WINDOWS\system32\netman.dll

08:28:22.0843 0x0b78 E:\WINDOWS\system32\netman.dll - ok

08:28:22.0843 0x0b78 [ 584C4DA856450CB22EBBE7A68CC6250F, 56030767CFD2DAFDAE8CC767DC1EED39DD2E6E42152BFAE7904C2C8826B2C3E2 ] E:\WINDOWS\system32\oakley.dll

08:28:22.0843 0x0b78 E:\WINDOWS\system32\oakley.dll - ok

08:28:22.0843 0x0b78 [ 5D3D1AB0EF4EA55B731863050482C111, 8713DAA48DBC5FDF95BE993863BEE669BBB4026347DC575D72F520F423EE21BA ] E:\WINDOWS\system32\cnbjmon.dll

08:28:22.0843 0x0b78 E:\WINDOWS\system32\cnbjmon.dll - ok

08:28:22.0859 0x0b78 [ 2857C65EA4655A0D8B702572E18ECA8B, 03E4BF6C986888055545EA11452E1DE75B03F67EB58BB42A6D54BBE2432F792B ] E:\WINDOWS\system32\HPM1210LM.DLL

08:28:22.0859 0x0b78 E:\WINDOWS\system32\HPM1210LM.DLL - ok

08:28:22.0859 0x0b78 [ 062F837C1FBDB6A0A75F82EFC2EE8E74, 3C0BFA381CBC2C55B58A8942A7148A6C27E244D26313EFB4708DD5858C689E02 ] E:\WINDOWS\system32\netshell.dll

08:28:22.0859 0x0b78 E:\WINDOWS\system32\netshell.dll - ok

08:28:22.0859 0x0b78 [ 248712EA6BA17B9FF0C542A3828375DD, 03EFDE351860C4C49F42D6129C6A6F2B3FC859C20F14FE0652F9C4FBD81244B4 ] E:\WINDOWS\system32\winipsec.dll

08:28:22.0859 0x0b78 E:\WINDOWS\system32\winipsec.dll - ok

08:28:22.0859 0x0b78 [ 853D0D0C6F02D7BFDF1CF99DD7553732, AC761B4CA518B787CB2C18101606E5F64245049D140C72B6B1112556DEC86B2E ] E:\WINDOWS\system32\pstorsvc.dll

08:28:22.0859 0x0b78 E:\WINDOWS\system32\pstorsvc.dll - ok

08:28:22.0859 0x0b78 [ 322FD75A97DBA67FC8F97A9957F857F1, 52CC0FBBE9769C0C751F886E0ED58ED263FB9175F323C603E7BAB876AE60D196 ] E:\WINDOWS\system32\mdimon.dll

08:28:22.0859 0x0b78 E:\WINDOWS\system32\mdimon.dll - ok

08:28:22.0859 0x0b78 [ 22D89D84E8E081CDA529DBF8C0255A38, 26863A2D27BE257D99EF28A612FC1B514558B27002EF10B0F682BC15C6D1CD74 ] E:\WINDOWS\system32\psbase.dll

08:28:22.0859 0x0b78 E:\WINDOWS\system32\psbase.dll - ok

08:28:22.0875 0x0b78 [ D3F72D50DE53F9F1F55240115AF4D42E, F8831B6B33EE2EE49615AE45A81C8434E154331BEB1E64C491E64C1348314F3C ] E:\WINDOWS\system32\msi.dll

08:28:22.0875 0x0b78 E:\WINDOWS\system32\msi.dll - ok

08:28:22.0875 0x0b78 [ FEDE68BF80052BAD393AFD5C2E60DCB0, 6A40D89524317C554C5C33A35FB659147A3118F4C646AB36653A19A8811627CB ] E:\WINDOWS\system32\dssenh.dll

08:28:22.0875 0x0b78 E:\WINDOWS\system32\dssenh.dll - ok

08:28:22.0875 0x0b78 [ 235892E493845D64D890163CFEF90E97, 48FC98DD1E5F8F05DE6954FE26C0A448AA9838D7DC716518C715F35E3CFA227D ] E:\WINDOWS\system32\credui.dll

08:28:22.0875 0x0b78 E:\WINDOWS\system32\credui.dll - ok

08:28:22.0875 0x0b78 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C, 62E73A7D4C58F2E30670F6A72E734B618AF45F60A8CB2177A4D504283F829BE5 ] E:\WINDOWS\system32\dot3dlg.dll

08:28:22.0875 0x0b78 E:\WINDOWS\system32\dot3dlg.dll - ok

08:28:22.0875 0x0b78 [ CA04959077AFE36369D37B3504740C87, CBB90BC35A74EC03DC04CD60DAC966A9FA98DC9EEFB926089DBE7A47D3B710B1 ] E:\WINDOWS\system32\onex.dll

08:28:22.0875 0x0b78 E:\WINDOWS\system32\onex.dll - ok

08:28:22.0890 0x0b78 [ 5DB625E7D095604010CF84DE2D8ACFA6, DEED8055CD1F2E2D898C5C77283B56078414CC7D9FCA6FCF58BA0B66B565E826 ] E:\WINDOWS\system32\eappcfg.dll

08:28:22.0890 0x0b78 E:\WINDOWS\system32\eappcfg.dll - ok

08:28:22.0890 0x0b78 [ ABC4206543450C0666D152F4B65833B8, D78D5E719E7744805DF6DD1D9567E67E11223F4E3B13170E35F27D46FCB6C244 ] E:\WINDOWS\system32\eappprxy.dll

08:28:22.0890 0x0b78 E:\WINDOWS\system32\eappprxy.dll - ok

08:28:22.0890 0x0b78 [ 767FF54A552732CE772C2302025FA82F, 7761546C33B0E55B0A8214798FD035C2499D31D690CE03E25B0068C81EDECF3F ] E:\WINDOWS\system32\wzcsapi.dll

08:28:22.0890 0x0b78 E:\WINDOWS\system32\wzcsapi.dll - ok

08:28:22.0890 0x0b78 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] E:\WINDOWS\system32\sens.dll

08:28:22.0890 0x0b78 E:\WINDOWS\system32\sens.dll - ok

08:28:22.0890 0x0b78 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] E:\WINDOWS\system32\trkwks.dll

08:28:22.0890 0x0b78 E:\WINDOWS\system32\trkwks.dll - ok

08:28:22.0890 0x0b78 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] E:\WINDOWS\system32\wbem\wmisvc.dll

08:28:22.0890 0x0b78 E:\WINDOWS\system32\wbem\wmisvc.dll - ok

08:28:22.0906 0x0b78 [ ACACB8B14E66109B8ACD6644B5574B9A, 2373E67EB51F8045E7CD346F75B4BAD093E29CC609955BBC4C9FEF7A97A5FD86 ] E:\WINDOWS\system32\vssapi.dll

08:28:22.0906 0x0b78 E:\WINDOWS\system32\vssapi.dll - ok

08:28:22.0906 0x0b78 [ 222DE7F5EDB9DDBE628384A1A8BE59CE, 063AF8C6C251961ABC93A8E8A07DB9B9582CD1812CA3BB297FAFDF0AD3E5B4CC ] E:\WINDOWS\system32\pjlmon.dll

08:28:22.0906 0x0b78 E:\WINDOWS\system32\pjlmon.dll - ok

08:28:22.0906 0x0b78 [ AE0382AD9C73D343D85E1A50C80B7C20, 7477A5A33C0ACF80BE73F0169893A7D53AF8ABC514FCE190A6ACC677092E5A55 ] E:\WINDOWS\system32\tcpmon.dll

08:28:22.0906 0x0b78 E:\WINDOWS\system32\tcpmon.dll - ok

08:28:22.0906 0x0b78 [ F26385E8BA4549B5186B774EC0E45D86, 0BA8CA4C06918690EA68678CA5887F1B7E2B0976C99BDFAF99CC1C99F3E300A0 ] E:\WINDOWS\system32\usbmon.dll

08:28:22.0906 0x0b78 E:\WINDOWS\system32\usbmon.dll - ok

08:28:22.0906 0x0b78 [ C4AE3B4E2EC9FEB05C85905CBA5DAC08, 45C24D757B9869934D7F94AAE6A1DF6E6345AC0DB2584731AC2BB1ECB33D44D3 ] E:\WINDOWS\system32\spool\prtprocs\w32x86\HPM1210PP.dll

08:28:22.0906 0x0b78 E:\WINDOWS\system32\spool\prtprocs\w32x86\HPM1210PP.dll - ok

08:28:22.0921 0x0b78 [ EA8647A21BCB56C5F15712D4B7407501, E6479992B84BD336E672B0A724A3C9FB90AC28CEFD186FCC628006061C9927C0 ] E:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

08:28:22.0921 0x0b78 E:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok

08:28:22.0921 0x0b78 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] E:\WINDOWS\system32\wuaueng.dll

08:28:22.0921 0x0b78 E:\WINDOWS\system32\wuaueng.dll - ok

08:28:22.0921 0x0b78 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] E:\WINDOWS\system32\wuauserv.dll

08:28:22.0921 0x0b78 E:\WINDOWS\system32\wuauserv.dll - ok

08:28:22.0921 0x0b78 [ EEE7F12D9FF46F68FBC0DA059A359E9E, 1D0D5AC87ACDF3F041D9C31A92BFE7B1B81CBAD81F8F7CE8183FC3F61CAFF8CC ] E:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

08:28:22.0921 0x0b78 E:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok

08:28:22.0921 0x0b78 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C, 7123FC923BA4C3DD3EDFE9F8936442C4CCE7757D370AB799B0B5668223B965EE ] E:\WINDOWS\system32\win32spl.dll

08:28:22.0921 0x0b78 E:\WINDOWS\system32\win32spl.dll - ok

08:28:22.0921 0x0b78 [ B41D53899E37CC43DA85DA19998BEE81, CA92B8313338F0F8B1B630A0057B9C114E8D8BC10F09825C9008A5A824B91FDC ] E:\WINDOWS\system32\netrap.dll

08:28:22.0921 0x0b78 E:\WINDOWS\system32\netrap.dll - ok

08:28:22.0937 0x0b78 [ EE4C651A217B01D636B5364AC77DA892, E40C7DD39234673A3BA8FD87C189653C391E326ECB3E8011B5020BB9D78F56D0 ] E:\WINDOWS\system32\inetpp.dll

08:28:22.0937 0x0b78 E:\WINDOWS\system32\inetpp.dll - ok

08:28:22.0937 0x0b78 [ F9D3C78CFE15271D80790677C893CE45, 885425736648DF7B315E92680ED3BD058ACE97A86D388FEA80EB0C039ADF25D7 ] E:\WINDOWS\system32\cabinet.dll

08:28:22.0937 0x0b78 E:\WINDOWS\system32\cabinet.dll - ok

08:28:22.0937 0x0b78 [ B85E95679B5ADC12311BCD3F5385D623, 378D304CF408AE1928EF6290A5A9F2388920B55FD69382759B356B6A3FF94F3A ] E:\WINDOWS\system32\mspatcha.dll

08:28:22.0937 0x0b78 E:\WINDOWS\system32\mspatcha.dll - ok

08:28:22.0937 0x0b78 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] E:\WINDOWS\system32\srsvc.dll

08:28:22.0937 0x0b78 E:\WINDOWS\system32\srsvc.dll - ok

08:28:22.0937 0x0b78 [ 50A166237A0FA771261275A405646CC0, CFA9B2C8CDCDB56C27B89593A106AAE211E24D8EA433129A6E9BD2FBF39AB5BB ] E:\WINDOWS\system32\powrprof.dll

08:28:22.0937 0x0b78 E:\WINDOWS\system32\powrprof.dll - ok

08:28:22.0937 0x0b78 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] E:\WINDOWS\system32\seclogon.dll

08:28:22.0937 0x0b78 E:\WINDOWS\system32\seclogon.dll - ok

08:28:22.0953 0x0b78 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] E:\WINDOWS\system32\browser.dll

08:28:22.0953 0x0b78 E:\WINDOWS\system32\browser.dll - ok

08:28:22.0953 0x0b78 [ 3458EDA96E30FBD0477A2800D3FB1909, BDF84362E4D8A102E7FB5F352D950B84D1A8E1E7928521B68E7671D4176803C5 ] E:\WINDOWS\system32\wups.dll

08:28:22.0953 0x0b78 E:\WINDOWS\system32\wups.dll - ok

08:28:22.0953 0x0b78 [ BDC0C99E472176C8C2C853A68ADC5073, 9A0A0CEE321C9BAF5545D6CB0BE3E725228B694F331FFACCEB770350AAF2C8C3 ] E:\WINDOWS\system32\wups2.dll

08:28:22.0953 0x0b78 E:\WINDOWS\system32\wups2.dll - ok

08:28:22.0953 0x0b78 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] E:\WINDOWS\system32\ipnathlp.dll

08:28:22.0953 0x0b78 E:\WINDOWS\system32\ipnathlp.dll - ok

08:28:22.0953 0x0b78 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] E:\WINDOWS\system32\wscsvc.dll

08:28:22.0953 0x0b78 E:\WINDOWS\system32\wscsvc.dll - ok

08:28:22.0968 0x0b78 [ D95C71052E5EF63B55997FB31483D02F, 829A559050680C039CA7AFCFE3246745D465ED11722A603AA32253FD413894C3 ] E:\WINDOWS\system32\wbem\wbemcomn.dll

08:28:22.0968 0x0b78 E:\WINDOWS\system32\wbem\wbemcomn.dll - ok

08:28:22.0968 0x0b78 [ 205ADD80FF8099B1A8101EB490B933D1, 6B4D94F1683B1D30A1BB0019E2E3E0AE1AA85561D416708198EC2BDAB649E178 ] E:\WINDOWS\system32\wbem\wbemprox.dll

08:28:22.0968 0x0b78 E:\WINDOWS\system32\wbem\wbemprox.dll - ok

08:28:22.0968 0x0b78 [ ED0C0DF222209E43AD9AFBF3FE87DDE0, 927329F9244DA9F0074FA0D4C101EE793AFCF433155E58714C33444C5EF35014 ] E:\WINDOWS\system32\comsvcs.dll

08:28:22.0968 0x0b78 E:\WINDOWS\system32\comsvcs.dll - ok

08:28:22.0968 0x0b78 [ 690D97864735E8ECD87F55777E266690, 2098D2AADEF82C3EDD82FD6182C14568CDE1EF02205ED1EA4CB19252B74BB807 ] E:\WINDOWS\system32\colbact.dll

08:28:22.0968 0x0b78 E:\WINDOWS\system32\colbact.dll - ok

08:28:22.0968 0x0b78 [ 36795A645EAA47FE31D2A8F136A2C69B, D681D7DFC4A2A2F10658D76A93F009BDBFC6117E245E0883C509A286DC952EAD ] E:\WINDOWS\system32\mtxclu.dll

08:28:22.0968 0x0b78 E:\WINDOWS\system32\mtxclu.dll - ok

08:28:22.0968 0x0b78 [ 67156D5A9AC356DC99D7BCCB388E3316, 449A140065197779C0F8588E5C53014BBF54A9C74818D5CFDCB88CC7B36F44CF ] E:\WINDOWS\system32\wsock32.dll

08:28:22.0968 0x0b78 E:\WINDOWS\system32\wsock32.dll - ok

08:28:22.0984 0x0b78 [ DF82E222578DBE59FCBBD69A02E4C806, 0F0CD9DC739500536F252475F84F8EF378428CAC7DD9CFCDEC676862A20A0C46 ] E:\WINDOWS\system32\clusapi.dll

08:28:22.0984 0x0b78 E:\WINDOWS\system32\clusapi.dll - ok

08:28:22.0984 0x0b78 [ F51EBB6FC536A6B2D588FD668D3A8249, 6C22B5FBE3F721025879447B006EC5A343D482A87E23674B5A3BB43983AB328E ] E:\WINDOWS\system32\resutils.dll

08:28:22.0984 0x0b78 E:\WINDOWS\system32\resutils.dll - ok

08:28:22.0984 0x0b78 [ 2E0B0A051FFAA86E358465BB0880D453, 493CF6150DE95B269727631D50FE21405A41E449C4FF43E94F93D27559EA5624 ] E:\WINDOWS\system32\wuauclt.exe

08:28:22.0984 0x0b78 E:\WINDOWS\system32\wuauclt.exe - ok

08:28:22.0984 0x0b78 [ F0BF811622F2DD6C8E26EE4600D83731, 81CFC1118551E84F5BBD2A863419529AA32DA92E5834C71DA77D13854F6CF048 ] E:\WINDOWS\system32\wbem\wbemcore.dll

08:28:22.0984 0x0b78 E:\WINDOWS\system32\wbem\wbemcore.dll - ok

08:28:22.0984 0x0b78 [ E4616430709F440CF1809D88DC2366EA, C2CBC0A21A892FD8341E5A29E7164172340E07A75A5D54493036156D907AEAE7 ] E:\WINDOWS\system32\wbem\esscli.dll

08:28:22.0984 0x0b78 E:\WINDOWS\system32\wbem\esscli.dll - ok

08:28:23.0000 0x0b78 [ 378A0AEFB11D8B0DC8C27B9F7604B88D, D0D6863FCE412B75B9B5FC38EA923759201E7193ED40CFBAA674630E2DE56FD3 ] E:\WINDOWS\system32\wbem\fastprox.dll

08:28:23.0000 0x0b78 E:\WINDOWS\system32\wbem\fastprox.dll - ok

08:28:23.0000 0x0b78 [ 010472D0AE758227C6F6E6933549C219, 4082365231756E2889BD9A19EEFA27665B9902F8C8BC376C70DC3AA80AEA541B ] E:\WINDOWS\system32\wbem\wbemsvc.dll

08:28:23.0000 0x0b78 E:\WINDOWS\system32\wbem\wbemsvc.dll - ok

08:28:23.0000 0x0b78 [ 3273D1565BF30225C115B480A3BB2C9D, DF802F845EFEE506A0D3CA1EA9AEE1EDE73BCC02F2B64EDFACE0BBEFCF965455 ] E:\WINDOWS\system32\wbem\wmiutils.dll

08:28:23.0000 0x0b78 E:\WINDOWS\system32\wbem\wmiutils.dll - ok

08:28:23.0000 0x0b78 [ 942A17D2901A31EA68627CBFFCD268CC, C75E1C03929E16EDDBACFC37BD6C40E941F9D99E3E40ED3A07238343342685BD ] E:\WINDOWS\system32\wbem\repdrvfs.dll

08:28:23.0000 0x0b78 E:\WINDOWS\system32\wbem\repdrvfs.dll - ok

08:28:23.0000 0x0b78 [ 071143F687B4F887E21461CA6CC7EB29, 92C849517F985F19926E6425CD99E21029E1CA14FC92C9E40091DC79D4A723F2 ] E:\WINDOWS\system32\wbem\wmiprvsd.dll

08:28:23.0000 0x0b78 E:\WINDOWS\system32\wbem\wmiprvsd.dll - ok

08:28:23.0000 0x0b78 [ 26D881D27CBE51D3614E68D7313EA026, BC84CFD5F382F6D844815065118793950E922B8FB52944E337DAA62874C103A3 ] E:\WINDOWS\system32\wbem\wbemess.dll

08:28:23.0000 0x0b78 E:\WINDOWS\system32\wbem\wbemess.dll - ok

08:28:23.0015 0x0b78 [ 1A617835452EEE5060976C9B9F5FE635, DCCAAB049681BE876B73F0880EA32196CDA7EC954D452768A48D366096C5BD53 ] E:\WINDOWS\system32\wuapi.dll

08:28:23.0015 0x0b78 E:\WINDOWS\system32\wuapi.dll - ok

08:28:23.0015 0x0b78 [ D26451B540720A7313A9BCBE794DAF62, 255B3594876F9D9222760A53D1119E73D3BA4E4766C9DFAD63DCB180C5F33846 ] E:\WINDOWS\system32\wbem\ncprov.dll

08:28:23.0015 0x0b78 E:\WINDOWS\system32\wbem\ncprov.dll - ok

08:28:23.0015 0x0b78 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] E:\WINDOWS\system32\alg.exe

08:28:23.0015 0x0b78 E:\WINDOWS\system32\alg.exe - ok

08:28:23.0015 0x0b78 [ 37A62C6092AADD2EFDE0468DD8818E99, 2D01A2EEE0BE81B3252E1A3EAD21D3D91EA6DE826A1783B14948A0E0B475BAB1 ] E:\WINDOWS\system32\netcfgx.dll

08:28:23.0015 0x0b78 E:\WINDOWS\system32\netcfgx.dll - ok

08:28:23.0015 0x0b78 [ 085ED2E391A871C7BAE87E0228B546BA, 15C050965A7377CDE1178A0C28C3E05B16838A1D7DEB1DD190E3C5D58511F5AC ] E:\WINDOWS\system32\cscui.dll

08:28:23.0015 0x0b78 E:\WINDOWS\system32\cscui.dll - ok

08:28:23.0031 0x0b78 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] E:\WINDOWS\system32\termsrv.dll

08:28:23.0031 0x0b78 E:\WINDOWS\system32\termsrv.dll - ok

08:28:23.0031 0x0b78 [ DF6551E4C4C46655A0C76194F1FCEA5D, F3895AE4B36BC85C458EDC85FBD1F5AB5C33913CD91C60A65083DC0BDD037BF5 ] E:\WINDOWS\system32\icaapi.dll

08:28:23.0031 0x0b78 E:\WINDOWS\system32\icaapi.dll - ok

08:28:23.0031 0x0b78 [ 2D65D56C2F8B6CC5EBFF8E7200C30304, 10CD5FF00D110D1AE2313DBCBDB17C2B9DFF930F5DAD65C35C08FCF9C152C053 ] E:\WINDOWS\system32\mstlsapi.dll

08:28:23.0031 0x0b78 E:\WINDOWS\system32\mstlsapi.dll - ok

08:28:23.0031 0x0b78 [ 3E2F3E2F4A82B7FAE23BAB864FB0F837, 78FEB881B5F1C90AD13DD69BB8C95CDF60C84E127871916D1EE8A938849E6282 ] E:\WINDOWS\system32\dpcdll.dll

08:28:23.0031 0x0b78 E:\WINDOWS\system32\dpcdll.dll - ok

08:28:23.0031 0x0b78 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4, C095D8A3A1CEAD1D78B0EE17B982718CDF4B3FE1F86D9D273875B8C1893C981B ] E:\WINDOWS\system32\wdmaud.drv

08:28:23.0031 0x0b78 E:\WINDOWS\system32\wdmaud.drv - ok

08:28:23.0031 0x0b78 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] E:\WINDOWS\system32\drivers\wdmaud.sys

08:28:23.0031 0x0b78 E:\WINDOWS\system32\drivers\wdmaud.sys - ok

08:28:23.0046 0x0b78 [ 6404807ABC7AF52FA3792697AE638B50, 75FB44348CCC53A4EA2C3677F42098A12CE882F3E015E3D847A07972C1E4AEF5 ] E:\WINDOWS\system32\wbem\wbemcons.dll

08:28:23.0046 0x0b78 E:\WINDOWS\system32\wbem\wbemcons.dll - ok

08:28:23.0046 0x0b78 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] E:\WINDOWS\system32\drivers\sysaudio.sys

08:28:23.0046 0x0b78 E:\WINDOWS\system32\drivers\sysaudio.sys - ok

08:28:23.0046 0x0b78 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] E:\WINDOWS\system32\drivers\splitter.sys

08:28:23.0046 0x0b78 E:\WINDOWS\system32\drivers\splitter.sys - ok

08:28:23.0046 0x0b78 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] E:\WINDOWS\system32\drivers\aec.sys

08:28:23.0046 0x0b78 E:\WINDOWS\system32\drivers\aec.sys - ok

08:28:23.0046 0x0b78 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] E:\WINDOWS\system32\drivers\swmidi.sys

08:28:23.0046 0x0b78 E:\WINDOWS\system32\drivers\swmidi.sys - ok

08:28:23.0046 0x0b78 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] E:\WINDOWS\system32\drivers\DMusic.sys

08:28:23.0062 0x0b78 E:\WINDOWS\system32\drivers\DMusic.sys - ok

08:28:23.0062 0x0b78 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] E:\WINDOWS\system32\drivers\kmixer.sys

08:28:23.0062 0x0b78 E:\WINDOWS\system32\drivers\kmixer.sys - ok

08:28:23.0062 0x0b78 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] E:\WINDOWS\system32\drivers\drmkaud.sys

08:28:23.0062 0x0b78 E:\WINDOWS\system32\drivers\drmkaud.sys - ok

08:28:23.0062 0x0b78 [ 9A3BD5F55AADFF859539142F6328A66E, B8165F650F0E24D380601D54BC81A84C06D886A6CF995EA6CA63EABCFA75554A ] E:\WINDOWS\system32\msacm32.drv

08:28:23.0062 0x0b78 E:\WINDOWS\system32\msacm32.drv - ok

08:28:23.0062 0x0b78 [ 5C12660A97822F6E61576943B49AAAD6, 621BE8E009DC95A8901F701F529ED98BD8E6D62D272AE0E1FAF69889A4D5633B ] E:\WINDOWS\system32\midimap.dll

08:28:23.0062 0x0b78 E:\WINDOWS\system32\midimap.dll - ok

08:28:23.0062 0x0b78 [ A93AEE1928A9D7CE3E16D24EC7380F89, 944CD2135E171AF338352568AA7FE1B8004733A4281395AD6723E0CF43D5F53F ] E:\WINDOWS\system32\userinit.exe

08:28:23.0062 0x0b78 E:\WINDOWS\system32\userinit.exe - ok

08:28:23.0078 0x0b78 [ 12896823FB95BFB3DC9B46BCAEDC9923, 1E675CB7DF214172F7EB0497F7275556038A0D09C6E5A3E6862C5E26885EF455 ] E:\WINDOWS\explorer.exe

08:28:23.0078 0x0b78 E:\WINDOWS\explorer.exe - ok

08:28:23.0078 0x0b78 [ CCC2E42ADC9FFC3BB4E3C5CFFEF14DEB, 58715E540CE3A679BA308CA95A6694F4904EE63855C47D83A4D1A1DF3CB39475 ] E:\WINDOWS\system32\browseui.dll

08:28:23.0078 0x0b78 E:\WINDOWS\system32\browseui.dll - ok

08:28:23.0078 0x0b78 [ 58640348157CC93D094914B8BABF676B, DBF49709B64A2E7FCC77950F5EAD2D723D20766E447BA1DCC94345F860406DBC ] E:\WINDOWS\system32\shdocvw.dll

08:28:23.0078 0x0b78 E:\WINDOWS\system32\shdocvw.dll - ok

08:28:23.0078 0x0b78 [ F92E1076C42FCD6DB3D72D8CFE9816D5, 94135ACF2D9426BB78E4522429120B03D94B541422C277B9ACA31410874A464C ] E:\WINDOWS\system32\wscntfy.exe

08:28:23.0078 0x0b78 E:\WINDOWS\system32\wscntfy.exe - ok

08:28:23.0078 0x0b78 [ B4ED498E3BFEE64E952BC44FC6057DB8, 1FB5ABAE69103BF477F704189D75B0395F587234BFE94F9F79961D8FE2CE55AC ] E:\WINDOWS\system32\desk.cpl

08:28:23.0078 0x0b78 E:\WINDOWS\system32\desk.cpl - ok

08:28:23.0078 0x0b78 [ EE9710428FFB95FD3845D41E7148AC31, 5CFBE4B7BCCB136B958E21EACB965E09F7D6CC0CB29DEA9022047809582B1065 ] E:\WINDOWS\system32\themeui.dll

08:28:23.0078 0x0b78 E:\WINDOWS\system32\themeui.dll - ok

08:28:23.0093 0x0b78 [ 912B67BB8249925A5C972FC5839EAE09, 11F9F26C2D5EADD683F9FA4FDC8C25A1FB7EE9D6E3F4419C9DAB8C4E434F1857 ] E:\WINDOWS\system32\actxprxy.dll

08:28:23.0093 0x0b78 E:\WINDOWS\system32\actxprxy.dll - ok

08:28:23.0093 0x0b78 [ 2975C66459C426C20BC22D639DF6B611, 7E6C6F425996AAAD152CBE5B344D5F91A5A15F5D519D80E9B465CBFADD3A685F ] E:\Program Files\SUPERAntiSpyware\SASSEH.DLL

08:28:23.0093 0x0b78 E:\Program Files\SUPERAntiSpyware\SASSEH.DLL - ok

08:28:23.0093 0x0b78 [ F8A465B37D33A1D2A65608AD0C8C90E6, 50F162003376C5232E8A0D1DB7F5E30F3F00F722B3B556C796C5ECD07C2DD23D ] E:\Program Files\Qualcomm\Eudora\EuShlExt.dll

08:28:23.0093 0x0b78 E:\Program Files\Qualcomm\Eudora\EuShlExt.dll - ok

08:28:23.0093 0x0b78 [ 6D778E0F95447E6546553EEEA709D03C, 62ABED7D45040381BBCED97EA7B6C697B418448FD3322FD4BFB2BBFDB6155EB4 ] E:\WINDOWS\system32\cmd.exe

08:28:23.0093 0x0b78 E:\WINDOWS\system32\cmd.exe - ok

08:28:23.0093 0x0b78 [ FA4A79DBB0E3CA56E1F0B1FD372559A8, 87BBE8A70DB7C1E3F3A9F42112D5D3A81645FB23A4120DFB926AF7D089ACA462 ] E:\WINDOWS\system32\ieframe.dll

08:28:23.0093 0x0b78 E:\WINDOWS\system32\ieframe.dll - ok

08:28:23.0109 0x0b78 [ C14350FC0D47D806699C4F907FC6785B, A8862B47A74F5FB03C9916A42B986D9B352549ED486AD2B9DAD405A98B5564B3 ] E:\WINDOWS\system32\cryptnet.dll

08:28:23.0109 0x0b78 E:\WINDOWS\system32\cryptnet.dll - ok

08:28:23.0109 0x0b78 [ 3CBA2210FA39C6ED7895634842E930DD, 9AFC6A7E1F936ED3636F89FD49B5C944594F88A5BFB597348AF2FB83DA2E4E40 ] E:\WINDOWS\system32\sensapi.dll

08:28:23.0109 0x0b78 E:\WINDOWS\system32\sensapi.dll - ok

08:28:23.0109 0x0b78 [ 03A02D5A2D50198BDF6C62AF209438D0, 7A2577BB31B937436689EB8E3F415F71D3744209EFFC110C9B12C42025F36C88 ] E:\WINDOWS\system32\msxml3.dll

08:28:23.0109 0x0b78 E:\WINDOWS\system32\msxml3.dll - ok

08:28:23.0109 0x0b78 [ 798A9E6828997EEF4517ADA8A2259831, 64389FAD94D54E2D43A7292AD3C57CB16F90F2C80EA44099E02D11E19E390A5B ] E:\WINDOWS\system32\wbem\wmiprvse.exe

08:28:23.0109 0x0b78 E:\WINDOWS\system32\wbem\wmiprvse.exe - ok

08:28:23.0109 0x0b78 [ E837FDBB92E9873E538395B623F45462, E00D9F1471D9BDE7E53A5F8359B6F3B1606A432D4E94AB6B2A6898AB48E6751B ] E:\WINDOWS\system32\wbem\cimwin32.dll

08:28:23.0109 0x0b78 E:\WINDOWS\system32\wbem\cimwin32.dll - ok

08:28:23.0109 0x0b78 [ 4306FA2F1099D7C606139255FDB62B19, 75A0A99B9D8B0E2B39A8093F72DC283D5F2D56FB731C2BA193579DCE916030A0 ] E:\WINDOWS\system32\wbem\framedyn.dll

08:28:23.0109 0x0b78 E:\WINDOWS\system32\wbem\framedyn.dll - ok

08:28:23.0125 0x0b78 [ 8BCD11D38FCE43A519246A91CC40DE6A, 981EE4B29FDE6DB58FAA17BCCA66DB8143D693D91A00B7519F01ABBAE11AA580 ] E:\WINDOWS\system32\security.dll

08:28:23.0125 0x0b78 E:\WINDOWS\system32\security.dll - ok

08:28:23.0125 0x0b78 [ C730F70351D950DDA7388C9A9763CF54, 7A9D265E4D2F76EF131D01C2EE1CDC19A8E5FDCAF97649CC562E8114B92D411F ] E:\WINDOWS\system32\wbem\wmipcima.dll

08:28:23.0125 0x0b78 E:\WINDOWS\system32\wbem\wmipcima.dll - ok

08:28:23.0125 0x0b78 [ 5F0CE62E0831CF972EC6949FD3E37DA7, DFDD251D3FC6CDBD971F52EF0AECEC0344B57214615AA486AA9234D30A40AF60 ] E:\WINDOWS\system32\cfgmgr32.dll

08:28:23.0125 0x0b78 E:\WINDOWS\system32\cfgmgr32.dll - ok

08:28:23.0125 0x0b78 [ D40E7B5FBB8E0EAA7C5C294389AF95AB, 8EFD521DF1F335AF416DEC15D5C0C6538903803AA1A8ED93AA704B384A29876B ] E:\DOCUME~1\lavonne\LOCALS~1\Temp\{45CB4994-E0EE-477D-B21F-D69B7AA8A377}.exe

08:28:23.0125 0x0b78 E:\DOCUME~1\lavonne\LOCALS~1\Temp\{45CB4994-E0EE-477D-B21F-D69B7AA8A377}.exe - ok

08:28:23.0125 0x0b78 [ 2DC5A8019E2387987905F77C664E4BE2, 32FD8D0D3146A599CFB536955F9E93AA50467B2176A70E481133B61D4BD29AD9 ] E:\WINDOWS\system32\linkinfo.dll

08:28:23.0125 0x0b78 E:\WINDOWS\system32\linkinfo.dll - ok

08:28:23.0140 0x0b78 [ A70A2D85AD143D6BB823C246CEB699A5, D8ED98DC2964A2DAF448893718E6381FBABAB53DD7497266851E0F4221F1B01F ] E:\WINDOWS\system32\ntshrui.dll

08:28:23.0140 0x0b78 E:\WINDOWS\system32\ntshrui.dll - ok

08:28:23.0140 0x0b78 [ 91790D6749EBED90E2C40479C0A91879, 3C267950F13CCE412474C5228FC0E3D8D7F912E82464BD2CE6312A0326F84A80 ] E:\WINDOWS\system32\verclsid.exe

08:28:23.0140 0x0b78 E:\WINDOWS\system32\verclsid.exe - ok

08:28:23.0140 0x0b78 [ 651A48205B75EE36DBC492C48B0C02BA, 386B0C57EFABBF6A483394B8E9F42B3E62064C8832CCE91DD93BBD2D6AFF3999 ] E:\WINDOWS\system32\igfxtray.exe

08:28:23.0140 0x0b78 E:\WINDOWS\system32\igfxtray.exe - ok

08:28:23.0140 0x0b78 [ CCE7BB84A5F52D31148CDDAE2170603D, 6FDEB125BA9DA0D209FFC16BBACD1628ABD6C2D2B0B995A852BA0DB6468F5E64 ] E:\WINDOWS\system32\hkcmd.exe

08:28:23.0140 0x0b78 E:\WINDOWS\system32\hkcmd.exe - ok

08:28:23.0140 0x0b78 [ 93C088C2AEB2F23E720BDA7E32BD5117, 7ECFCAF8E057986501B42181E049E48063D940A34A3F3E425FF82D2183008E90 ] E:\WINDOWS\system32\upnp.dll

08:28:23.0140 0x0b78 E:\WINDOWS\system32\upnp.dll - ok

08:28:23.0140 0x0b78 [ BF51944F9E65B7338866E7F95128CF6A, 00B99876906C4864FD5A927559EB406CC00DCD4FF27A54D2650EE78CB7147EFA ] E:\WINDOWS\system32\igfxpers.exe

08:28:23.0140 0x0b78 E:\WINDOWS\system32\igfxpers.exe - ok

08:28:23.0156 0x0b78 [ 882B5B999A71F56D5DF294D93AE1E7D1, 690B93C4A3E476595808EBDBE5CF620FC4A86D41FCD66023DE0DA7972F8941E4 ] E:\Program Files\Microsoft Security Client\msseces.exe

08:28:23.0156 0x0b78 E:\Program Files\Microsoft Security Client\msseces.exe - ok

08:28:23.0156 0x0b78 [ 53AF9DE919E2E7D014B4734C752D8589, F5E55BB85ADF47A38342C32AF90F2FEB4D9B5F1A82807C31A93193880A8812EA ] E:\WINDOWS\RTHDCPL.EXE

08:28:23.0156 0x0b78 E:\WINDOWS\RTHDCPL.EXE - ok

08:28:23.0156 0x0b78 [ 3D075865DCC26931972F6476AD0497BE, E1FB17787F54D9A4E2A04DD699FA770C9CE100A427E6EFBF4E0CF24EAAD3A9BA ] E:\WINDOWS\system32\ssdpapi.dll

08:28:23.0156 0x0b78 E:\WINDOWS\system32\ssdpapi.dll - ok

08:28:23.0171 0x0b78 [ 2441CFB436FDAC9B0BB37D0474B1D3A6, C6D2612887DD82EDA077C7BCB913025184AF0464A3EEE0F68A3FBDF0A15FA0BC ] E:\WINDOWS\system32\hccutils.dll

08:28:23.0171 0x0b78 E:\WINDOWS\system32\hccutils.dll - ok

08:28:23.0171 0x0b78 [ EC5E163206D64F363B5D71EC1ECB4B71, 515FCFB345602A03635EA549A1BF9A2267349804465A6FDEA611EB002A969E04 ] E:\WINDOWS\system32\igfxsrvc.exe

08:28:23.0171 0x0b78 E:\WINDOWS\system32\igfxsrvc.exe - ok

08:28:23.0171 0x0b78 [ E468E50FBB7C623E1357F111BA62045B, 2D9BC1DCDF80D7B942A42AECA3E949D8E2A58A8C9CC39DCA4D35E1D085F8B401 ] E:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

08:28:23.0171 0x0b78 E:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE - ok

08:28:23.0171 0x0b78 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] E:\WINDOWS\system32\ctfmon.exe

08:28:23.0171 0x0b78 E:\WINDOWS\system32\ctfmon.exe - ok

08:28:23.0187 0x0b78 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] E:\WINDOWS\system32\drivers\http.sys

08:28:23.0187 0x0b78 E:\WINDOWS\system32\drivers\http.sys - ok

08:28:23.0187 0x0b78 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] E:\WINDOWS\system32\rasmans.dll

08:28:23.0187 0x0b78 E:\WINDOWS\system32\rasmans.dll - ok

08:28:23.0187 0x0b78 [ 3E930C641079443D4DE036167A69CAA2, DEBA83978850F17B33A3C4C06C5E707B9A3FACA30FE0DFC5A9425EF2CA592473 ] E:\Program Files\Messenger\msmsgs.exe

08:28:23.0187 0x0b78 E:\Program Files\Messenger\msmsgs.exe - ok

08:28:23.0187 0x0b78 [ 88BEEF09C654252F3E46B6167B7F4ECB, 94A78D2D709AEED74BA1C29D00CFD55EF68A95764C067B470E1C19C376F32478 ] E:\WINDOWS\system32\msisip.dll

08:28:23.0187 0x0b78 E:\WINDOWS\system32\msisip.dll - ok

08:28:23.0187 0x0b78 [ 3A6D465F379E5C815F4AD565391E654C, EE40580ED71282B1D5D95752DD843DCC30689196B22051AF8CDF6127B985411E ] E:\WINDOWS\system32\wshext.dll

08:28:23.0187 0x0b78 E:\WINDOWS\system32\wshext.dll - ok

08:28:23.0187 0x0b78 [ E40FCF943127DDC8FD60554B722D762B, 2E7A7C08B56E07D69CB32F335D93F6D2C748EFA2CF4C41102A18C7761A4E9CF0 ] E:\WINDOWS\system32\msctf.dll

08:28:23.0187 0x0b78 E:\WINDOWS\system32\msctf.dll - ok

08:28:23.0203 0x0b78 [ 40FA2F035ED88108850757CA51DAD942, C892EDD33F20FED5E8BFDFAC9DC58799B3DBE82BA1ED191929BEBEC3B626B6B0 ] E:\PROGRA~1\MICROS~3\OFFICE11\MCPS.DLL

08:28:23.0203 0x0b78 E:\PROGRA~1\MICROS~3\OFFICE11\MCPS.DLL - ok

08:28:23.0203 0x0b78 [ 133680E93969CBD56ADD5D084F2318CF, 5F2CC47605BEE849464B217E4CF2217CF2E18DFC808F8BCB550D80ED23B57512 ] E:\WINDOWS\system32\igfxsrvc.dll

08:28:23.0203 0x0b78 E:\WINDOWS\system32\igfxsrvc.dll - ok

08:28:23.0203 0x0b78 [ F9430E4169A0CEC0188FEBB9DB540261, 24E95AAA4DA062BE49C4AF181231CBDF2CDF33F2CA1D61522EF6F2AEE4C90CEA ] E:\WINDOWS\system32\igfxdev.dll

08:28:23.0203 0x0b78 E:\WINDOWS\system32\igfxdev.dll - ok

08:28:23.0203 0x0b78 [ 681B807E53BDADA337735C28C0E48A1B, A0BE52E7D076ED8E33A4B5AB309CD23AD0272570C7E87FE6E3444712AD467D62 ] E:\WINDOWS\system32\ntvdm.exe

08:28:23.0203 0x0b78 E:\WINDOWS\system32\ntvdm.exe - ok

08:28:23.0203 0x0b78 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] E:\WINDOWS\system32\ssdpsrv.dll

08:28:23.0203 0x0b78 E:\WINDOWS\system32\ssdpsrv.dll - ok

08:28:23.0203 0x0b78 [ 17AA58A54C00F1746B8654C050491F43, AADA0D527FB96852998073E58F93710C4B3A25D7D1414BA9F23A28DA3D06B4CD ] E:\WINDOWS\system32\msutb.dll

08:28:23.0203 0x0b78 E:\WINDOWS\system32\msutb.dll - ok

08:28:23.0218 0x0b78 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] E:\WINDOWS\system32\tapisrv.dll

08:28:23.0218 0x0b78 E:\WINDOWS\system32\tapisrv.dll - ok

08:28:23.0218 0x0b78 [ 9E8DFDF336912D0775C2BA7F03810292, 906300E35A9412EA96FDAAE0AC874C456C7950AD7606511768FA82C8E299AE7E ] E:\WINDOWS\system32\igfxrenu.lrc

08:28:23.0218 0x0b78 E:\WINDOWS\system32\igfxrenu.lrc - ok

08:28:23.0218 0x0b78 [ F6FAEC07446A78A9C5AF4558FF5BD118, 9291106F6666913DB6D18943D255D60F77CCDB5A46BD4C100A5E80D40D6927D9 ] E:\WINDOWS\ime\sptip.dll

08:28:23.0218 0x0b78 E:\WINDOWS\ime\sptip.dll - ok

08:28:23.0218 0x0b78 [ 5F7692CEC90E2E9AA32CD58321E234B8, 0F76BD005B6FC51EE8B2D167C5E792947F8A8FF1A4FBC7F9CB3572BEAFC12639 ] E:\WINDOWS\system32\rastapi.dll

08:28:23.0218 0x0b78 E:\WINDOWS\system32\rastapi.dll - ok

08:28:23.0218 0x0b78 [ AACE07FE34FADDDF973CE068A6424957, A14DC612762F56EE3CF9FBDF58E9476400F2CD9513319AD90E3818B2DB9F4580 ] E:\WINDOWS\system32\unimdm.tsp

08:28:23.0218 0x0b78 E:\WINDOWS\system32\unimdm.tsp - ok

08:28:23.0234 0x0b78 [ B7C38AFC4B3D6B67DD4981718BE177CE, 1993DC8B41EB51ED2206A91A78D26C2C156974EC91E58D176D4ECB1EDCB7436F ] E:\WINDOWS\system32\ntvdmd.dll

08:28:23.0234 0x0b78 E:\WINDOWS\system32\ntvdmd.dll - ok

08:28:23.0234 0x0b78 [ 29ECDA17BA5E6D98430F698587569ACC, 9C37D92CCBED1F9ED4E585F98E7FB17C6AD083712B078ABCB40476310BCDB7F8 ] E:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.23084_x-ww_f3f35550\GdiPlus.dll

08:28:23.0234 0x0b78 E:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.23084_x-ww_f3f35550\GdiPlus.dll - ok

08:28:23.0234 0x0b78 [ 995252FCC4692B5B97EE17D596C9386E, E0EC754ADC0976BCF88C4777E788A67844428DF0B828D8EE7B8A039C763DFFDD ] E:\WINDOWS\system32\uniplat.dll

08:28:23.0234 0x0b78 E:\WINDOWS\system32\uniplat.dll - ok

08:28:23.0234 0x0b78 [ CC8915DB4E33E8FB29CA0D2DBF75306E, 6319C0580FFDA989A2726814667C330F6A5C864D34B8C87645DD5A98E7A2C7FB ] E:\WINDOWS\system32\webcheck.dll

08:28:23.0234 0x0b78 E:\WINDOWS\system32\webcheck.dll - ok

08:28:23.0234 0x0b78 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] E:\WINDOWS\system32\imapi.exe

08:28:23.0234 0x0b78 E:\WINDOWS\system32\imapi.exe - ok

08:28:23.0234 0x0b78 [ B714735C12A70171DE28657948FD91F1, DF7BF2D1BEBB016A8CB739EEE2670CF9F44A5CC2319A532E5C3DE0F5AA3AA144 ] E:\WINDOWS\system32\mlang.dll

08:28:23.0234 0x0b78 E:\WINDOWS\system32\mlang.dll - ok

08:28:23.0250 0x0b78 [ 76EC97C5068D3D9FAA7774B0F659D31A, 4E2EF0DC0B05187A6154D4D672B7530E14103D7D1EDF1BDE960F9B988B5EC41F ] E:\WINDOWS\system32\kmddsp.tsp

08:28:23.0250 0x0b78 E:\WINDOWS\system32\kmddsp.tsp - ok

08:28:23.0250 0x0b78 [ 4589963D84F2984FA5949A72162BA4F4, BC927EC7D0EBDBD2B4780D892D41739840DD31B0FF8C79013014925F52860808 ] E:\WINDOWS\system32\ndptsp.tsp

08:28:23.0250 0x0b78 E:\WINDOWS\system32\ndptsp.tsp - ok

08:28:23.0250 0x0b78 [ 045DF7AE14CAAED71338916D6FB66812, A46B15CC7F59D8109B6299EBDB278BA34B1312D757D57BB4C9A708DFA9D34710 ] E:\WINDOWS\system32\wow32.dll

08:28:23.0250 0x0b78 E:\WINDOWS\system32\wow32.dll - ok

08:28:23.0250 0x0b78 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8, 7E3A0204FCDD5DFFB3B352451232DD86F8298F83918533D874C122A2EF29081B ] E:\WINDOWS\system32\ipconf.tsp

08:28:23.0250 0x0b78 E:\WINDOWS\system32\ipconf.tsp - ok

08:28:23.0250 0x0b78 [ 8BC2B02DC11C98D14CEE43B8E8393FF3, 1314C33E2E5F11B361CF1E88884B2A9862F8BAB1C498F48DC4C49ACDB28D4732 ] E:\WINDOWS\system32\h323.tsp

08:28:23.0250 0x0b78 E:\WINDOWS\system32\h323.tsp - ok

08:28:23.0265 0x0b78 [ D298960EFC98B61A7AD5E8699F141476, 67E3CF95C0061F09B05EEFEA13D4851EBE02186EA4AE12D809BED4CC509CCA97 ] E:\WINDOWS\system32\tsappcmp.dll

08:28:23.0265 0x0b78 E:\WINDOWS\system32\tsappcmp.dll - ok

08:28:23.0265 0x0b78 [ 4D83ED8BDDEC431FC8AD907B47CFB6E3, 4687B8DD40CA9B83AA5CE1268F62476EBA886C10CC8B7B5AB716E4C56AF1EEAF ] E:\WINDOWS\system32\dsound.dll

08:28:23.0265 0x0b78 E:\WINDOWS\system32\dsound.dll - ok

08:28:23.0265 0x0b78 [ 50512FC9B7878E3C2C147BC17326A7DB, 670006280CA98213C3A23B442615FD729C83953795619360F9D2988E56A602D7 ] E:\WINDOWS\system32\stobject.dll

08:28:23.0265 0x0b78 E:\WINDOWS\system32\stobject.dll - ok

08:28:23.0265 0x0b78 [ 6B552ED3BEE5AA3C4560478FF779BA98, 1778F0B7200F93EB255E1F215BB5FBEAA0DBF63BC60B286D76120F8A787995C4 ] E:\WINDOWS\system32\hidphone.tsp

08:28:23.0265 0x0b78 E:\WINDOWS\system32\hidphone.tsp - ok

08:28:23.0265 0x0b78 [ 7FACB452456EF5C053AF3EE4B228FE0D, D9624C7D20F91EEA2094BDCF3DDD0B855B6C56BAD8C17AA654266C3FB8A3149B ] E:\WINDOWS\system32\xpob2res.dll

08:28:23.0265 0x0b78 E:\WINDOWS\system32\xpob2res.dll - ok

08:28:23.0265 0x0b78 [ 8973122796E3B5D6B5900FC186E55FEA, 350120A20F8591C27E68A5903E3175DD3F4F85BA2FF1F8B6E1D3B3758B5B509D ] E:\WINDOWS\system32\hid.dll

08:28:23.0265 0x0b78 E:\WINDOWS\system32\hid.dll - ok

08:28:23.0281 0x0b78 [ D0545A010ED2259A740C8414899A938F, 5E6FD116C6F65241A075E4469C5AD1967B8D66DE11E223F7A3F00139FB0160C3 ] E:\WINDOWS\system32\rasppp.dll

08:28:23.0281 0x0b78 E:\WINDOWS\system32\rasppp.dll - ok

08:28:23.0281 0x0b78 [ 231A0B0E3BA7ABFE469A8262FAA1FD71, 76F8AE2680438B279081EDFC2728E3785736E82A5C6396AA705BFFFF5C361294 ] E:\WINDOWS\system32\batmeter.dll

08:28:23.0281 0x0b78 E:\WINDOWS\system32\batmeter.dll - ok

08:28:23.0281 0x0b78 [ 65C4DBE7A698085065C184B3C4749704, 731616020EFA30938E64253AC8EBCE23715583EDF5F10FD6DC694EA0AE11067B ] E:\Program Files\Microsoft Security Client\EppManifest.dll

08:28:23.0281 0x0b78 E:\Program Files\Microsoft Security Client\EppManifest.dll - ok

08:28:23.0281 0x0b78 [ 855F6333E3A4DFC6F3C8B0520C261FCD, AF3F5D77FE8AF0BE09E2DD3AFDE1B1167D851D437078025E5CF82D8D0C315B34 ] E:\WINDOWS\system32\msftedit.dll

08:28:23.0281 0x0b78 E:\WINDOWS\system32\msftedit.dll - ok

08:28:23.0281 0x0b78 [ B464BD425D5D09ABE4192234D1577B22, DF7333CAF299A18DEA43ACEF0A6D8C3F79918D1B3FCE437FDED6B54F95C106B9 ] E:\WINDOWS\system32\ntlsapi.dll

08:28:23.0281 0x0b78 E:\WINDOWS\system32\ntlsapi.dll - ok

08:28:23.0296 0x0b78 [ A655C88AA555BB8EF8957BD29408827F, 6CD48D32D1DFF68FEED5CC20D0DE12729101381EB8A6774408566C14E0B18FFB ] E:\WINDOWS\system32\rasqec.dll

08:28:23.0296 0x0b78 E:\WINDOWS\system32\rasqec.dll - ok

08:28:23.0296 0x0b78 [ 22D71D1DB6FC789A1CE8AC6963580259, DD5307A108936AAE840F973F7F718A6954E173D4E210A375C75DB644B2162CFD ] E:\WINDOWS\system32\hhctrl.ocx

08:28:23.0296 0x0b78 E:\WINDOWS\system32\hhctrl.ocx - ok

08:28:23.0296 0x0b78 [ 9DD06F00898AA5CA7E24186EFC8E5E25, 51141D0D07DBC955B63281351D3F17163ACE9A5B08628EA1C82F33FD2913970E ] E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{DC6FC256-7474-465A-AA6A-01A56F73A20E}.tmp

08:28:23.0296 0x0b78 E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{DC6FC256-7474-465A-AA6A-01A56F73A20E}.tmp - ok

08:28:23.0296 0x0b78 [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042, 8E9D77A216D8DD2BE2B304E60EDF85CE825309E67262FCFF1891AEDE63909599 ] E:\Program Files\Microsoft Security Client\SqmApi.dll

08:28:23.0296 0x0b78 E:\Program Files\Microsoft Security Client\SqmApi.dll - ok

08:28:23.0296 0x0b78 [ 401A8C0BE0BAA7D7A470F0942244152D, EC21ED13E526617697CD8E6D79FC706CBDA0AF36C02C05B39E8603B217E406BC ] E:\WINDOWS\system32\rasdlg.dll

08:28:23.0296 0x0b78 E:\WINDOWS\system32\rasdlg.dll - ok

08:28:23.0296 0x0b78 [ 91A7771934C0D9D2DA7699D25BB5B348, 154A6EB866AF22B38AEE8DB5A864653FEB15DED69DE26E5B602B7C5056CDDF72 ] E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{21072009-FE64-4E71-B2CE-8F8A59B30E08}.tmp

08:28:23.0296 0x0b78 E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{21072009-FE64-4E71-B2CE-8F8A59B30E08}.tmp - ok

08:28:23.0312 0x0b78 [ 80808656078CFCC32CF8BFEB0DD66279, 383F37599ABF16EEDEB2A60242DB7EDCC3D210A2A59DD61169047059F7041C5C ] E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{350293C7-DFA0-422B-A7EA-510BD25001DF}.tmp

08:28:23.0312 0x0b78 E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{350293C7-DFA0-422B-A7EA-510BD25001DF}.tmp - ok

08:28:23.0312 0x0b78 [ DF471F11CC78BE02FE6BA15F2D94F65B, 9AC230DE58CE40E78AE6872BCF4778B69EEBF17E0E41B1301FF364ABD4737A78 ] E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{6E6485A7-19A0-4DA0-BEF2-DA47A0B6D83D}.tmp

08:28:23.0312 0x0b78 E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{6E6485A7-19A0-4DA0-BEF2-DA47A0B6D83D}.tmp - ok

08:28:23.0312 0x0b78 [ 9B9F1C38D559047B8AC0DBA2D5FEBDE9, F64DEF5213CC6E96DD62125A3D44522200F66FF6A2CBA198096484F61D1C088B ] E:\WINDOWS\system32\ksuser.dll

08:28:23.0312 0x0b78 E:\WINDOWS\system32\ksuser.dll - ok

08:28:23.0312 0x0b78 [ 0FD19BDDD2513874FF6903F717367795, DFAF9C33F993BA26FC84EF66ABC7C483E62762F7E1FC763605A75ACC2E8AA4EE ] E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{41433402-4D54-4212-A7A5-F43F4421A43C}.tmp

08:28:23.0312 0x0b78 E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{41433402-4D54-4212-A7A5-F43F4421A43C}.tmp - ok

08:28:23.0312 0x0b78 [ DD88BBF87A43331A4E99E37F7BF59FDB, 872190F559FA0DD1F711E9FA101BA1AB6E6DE5ED0CCCE1AB7AFE45BC3B78A0F1 ] E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{591EDB22-F228-4270-B401-162902D85EAA}.tmp

08:28:23.0312 0x0b78 E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{591EDB22-F228-4270-B401-162902D85EAA}.tmp - ok

08:28:23.0328 0x0b78 [ 4261449C1CADA6B007E5C27522946D2B, 11E79D1C529E816CCCAC9266089C77A4DB44676CAEEE25C66D6DB420B18D3ACB ] E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{D17C681B-32D0-4997-8460-51E61E722DE7}.tmp

08:28:23.0328 0x0b78 E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{D17C681B-32D0-4997-8460-51E61E722DE7}.tmp - ok

08:28:23.0328 0x0b78 [ 6627AA675A5C1B0330487A02E23F0560, 256AE9BA4273D4247FFAD6099D5A4FC8E98EDB27293AC8CAF7A571EB3890FAA7 ] E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{AD18110F-69BA-4E19-9B0E-47C452F7E260}.tmp

08:28:23.0328 0x0b78 E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{AD18110F-69BA-4E19-9B0E-47C452F7E260}.tmp - ok

08:28:23.0328 0x0b78 [ 4044E880593FE1AC9942190FCE414BE7, 1EBD42F10592D57A2C8562C641461DE5288D9E900FE91A4A1800C9AB9034F2CD ] E:\WINDOWS\system32\mstask.dll

08:28:23.0328 0x0b78 E:\WINDOWS\system32\mstask.dll - ok

08:28:23.0328 0x0b78 [ 723B834A07F7DF7DE4CEB637D57ACEA3, B42867045DD3FB7682CDBD133970421010F0F14125E4992C73657CABA4659250 ] E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{21ECD8C7-6D1D-4E53-BF42-A566FFB7BAA3}.tmp

08:28:23.0328 0x0b78 E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{21ECD8C7-6D1D-4E53-BF42-A566FFB7BAA3}.tmp - ok

08:28:23.0328 0x0b78 [ C1DE893FAF6D7F6CFB479A1F61835482, AD5FA3CE73777704C67C933691F1F068E1A7FF545F728B97574F9C33AC4BBC01 ] E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{5EC24A4D-37C0-4CCA-B147-FD217EFA5E58}.tmp

08:28:23.0328 0x0b78 E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{5EC24A4D-37C0-4CCA-B147-FD217EFA5E58}.tmp - ok

08:28:23.0328 0x0b78 [ C98F35D0589DE4B56CCE5F25F957F38B, F19D8EEB59BCE2ED9152FFCA11B83E9B248EFDBB211E2D36EAE8A6BD6A63241A ] E:\Program Files\SUPERAntiSpyware\SSUPDATE.EXE

08:28:23.0328 0x0b78 E:\Program Files\SUPERAntiSpyware\SSUPDATE.EXE - ok

08:28:23.0343 0x0b78 [ 8FED1E0A491D4990853D23F21C59C730, 4BA6C93BFD43BAEB852B5CB9129522C97DDB542D7EF8EE34AECD8CDF1BF0FC38 ] E:\WINDOWS\system32\advpack.dll

08:28:23.0343 0x0b78 E:\WINDOWS\system32\advpack.dll - ok

08:28:23.0343 0x0b78 [ 2DE1190196EE9555DB548A57622022EB, 89DBC777BE06D008AABEDAC61AFC11B4FF7ABCA86C205109ED9D34D21C0B5146 ] E:\WINDOWS\system32\drprov.dll

08:28:23.0343 0x0b78 E:\WINDOWS\system32\drprov.dll - ok

08:28:23.0343 0x0b78 [ 36468087E22C57A83DF758B3F90DF73F, F6898D07CEE4F528A9F17A231CCB5E38F826A0C1926EFBF35ECCA06E0E8EE565 ] E:\WINDOWS\system32\ntlanman.dll

08:28:23.0343 0x0b78 E:\WINDOWS\system32\ntlanman.dll - ok

08:28:23.0343 0x0b78 [ AC5DF42FE314C1446B1DAD237BFCFFE0, FD53D9BCC619ED7AE4B7C29B7D457A2F61D6D340841A4E030329D7032C306AB6 ] E:\WINDOWS\system32\netui0.dll

08:28:23.0343 0x0b78 E:\WINDOWS\system32\netui0.dll - ok

08:28:23.0343 0x0b78 [ ED5A816D8E11E03F1937AC3C56826EE4, D01525B5BD9F9DDF149B78706C6C2F5AE26F5337F897C1B8763DBC67AB64F875 ] E:\WINDOWS\system32\netui1.dll

08:28:23.0343 0x0b78 E:\WINDOWS\system32\netui1.dll - ok

08:28:23.0343 0x0b78 [ FB8F8EEC8D9C2157789472DD61CDC78B, D5306081621FFEFF585FAD292E60207E1BCB4EA67367E12872AF73C464110C68 ] E:\WINDOWS\system32\davclnt.dll

08:28:23.0359 0x0b78 E:\WINDOWS\system32\davclnt.dll - ok

08:28:23.0359 0x0b78 ================ Scan generic autorun ======================

08:28:23.0421 0x0b78 [ 651A48205B75EE36DBC492C48B0C02BA, 386B0C57EFABBF6A483394B8E9F42B3E62064C8832CCE91DD93BBD2D6AFF3999 ] E:\WINDOWS\System32\igfxtray.exe

08:28:23.0437 0x0b78 IgfxTray - ok

08:28:23.0484 0x0b78 [ CCE7BB84A5F52D31148CDDAE2170603D, 6FDEB125BA9DA0D209FFC16BBACD1628ABD6C2D2B0B995A852BA0DB6468F5E64 ] E:\WINDOWS\System32\hkcmd.exe

08:28:23.0500 0x0b78 HotKeysCmds - ok

08:28:23.0546 0x0b78 [ BF51944F9E65B7338866E7F95128CF6A, 00B99876906C4864FD5A927559EB406CC00DCD4FF27A54D2650EE78CB7147EFA ] E:\WINDOWS\System32\igfxpers.exe

08:28:23.0546 0x0b78 Persistence - ok

08:28:23.0828 0x0b78 [ 882B5B999A71F56D5DF294D93AE1E7D1, 690B93C4A3E476595808EBDBE5CF620FC4A86D41FCD66023DE0DA7972F8941E4 ] e:\Program Files\Microsoft Security Client\msseces.exe

08:28:24.0062 0x0b78 MSC - ok

08:28:29.0281 0x0b78 [ 53AF9DE919E2E7D014B4734C752D8589, F5E55BB85ADF47A38342C32AF90F2FEB4D9B5F1A82807C31A93193880A8812EA ] E:\WINDOWS\RTHDCPL.EXE

08:28:35.0250 0x0b78 RTHDCPL - ok

08:28:35.0296 0x0b78 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] E:\WINDOWS\system32\ctfmon.exe

08:28:35.0359 0x0b78 ctfmon.exe - ok

08:28:37.0234 0x0b78 [ E468E50FBB7C623E1357F111BA62045B, 2D9BC1DCDF80D7B942A42AECA3E949D8E2A58A8C9CC39DCA4D35E1D085F8B401 ] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

08:28:39.0125 0x0b78 SUPERAntiSpyware - ok

08:28:39.0171 0x0b78 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] E:\WINDOWS\system32\ctfmon.exe

08:28:39.0218 0x0b78 ctfmon.exe - ok

08:28:39.0718 0x0b78 [ 3E930C641079443D4DE036167A69CAA2, DEBA83978850F17B33A3C4C06C5E707B9A3FACA30FE0DFC5A9425EF2CA592473 ] E:\Program Files\Messenger\msmsgs.exe

08:28:40.0265 0x0b78 MSMSGS - ok

08:28:40.0328 0x0b78 Ukiqxoinxaev - ok

08:28:40.0328 0x0b78 Waiting for KSN requests completion. In queue: 9

08:28:41.0328 0x0b78 Waiting for KSN requests completion. In queue: 9

08:28:42.0328 0x0b78 Waiting for KSN requests completion. In queue: 9

08:28:43.0328 0x0b78 Waiting for KSN requests completion. In queue: 5

08:28:44.0328 0x0b78 Waiting for KSN requests completion. In queue: 5

08:28:45.0328 0x0b78 Waiting for KSN requests completion. In queue: 5

08:28:46.0328 0x0b78 Waiting for KSN requests completion. In queue: 5

08:28:47.0328 0x0b78 Waiting for KSN requests completion. In queue: 5

08:28:48.0328 0x0b78 Waiting for KSN requests completion. In queue: 5

08:28:49.0328 0x0b78 Waiting for KSN requests completion. In queue: 5

08:28:50.0328 0x0b78 Waiting for KSN requests completion. In queue: 5

08:28:51.0328 0x0b78 Waiting for KSN requests completion. In queue: 5

08:28:52.0328 0x0b78 Waiting for KSN requests completion. In queue: 5

08:28:53.0328 0x0b78 Waiting for KSN requests completion. In queue: 2

08:28:54.0328 0x0b78 Waiting for KSN requests completion. In queue: 2

08:28:55.0328 0x0b78 Waiting for KSN requests completion. In queue: 2

08:28:56.0359 0x0b78 AV detected via SS1: Microsoft Security Essentials, 4.5.0216.0, disabled, updated

08:28:56.0359 0x0b78 Win FW state via NFM: enabled

08:29:16.0359 0x0b78 ============================================================

08:29:16.0359 0x0b78 Scan finished

08:29:16.0359 0x0b78 ============================================================

08:29:16.0359 0x0b70 Detected object count: 1

08:29:16.0359 0x0b70 Actual detected object count: 1

08:31:39.0359 0x0b70 HPM1210RcvFaxSrvc ( UnsignedFile.Multi.Generic ) - skipped by user

08:31:39.0359 0x0b70 HPM1210RcvFaxSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:31:45.0531 0x0330 Deinitialize success

Link to post
Share on other sites

Looks fine so far :)



51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!


Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
icon_idea.gif Don't forget to re-enable your previously switched-off protection software!

Link to post
Share on other sites

Combofix log:

ComboFix 14-09-18.01 - lavonne 09/20/2014 9:21.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3293.2537 [GMT -7:00]

Running from: e:\documents and settings\lavonne\My Documents\downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

e:\documents and settings\lavonne\WINDOWS

e:\windows\system32\dllcache\wmpvis.dll

.

.

((((((((((((((((((((((((( Files Created from 2014-08-20 to 2014-09-20 )))))))))))))))))))))))))))))))

.

.

2014-09-20 16:00 . 2014-09-09 01:24 8806800 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E60EEFC2-CC10-4E8A-882F-BF0BA67113BD}\mpengine.dll

2014-09-20 15:12 . 2014-09-20 15:12 -------- d-----w- E:\TDSSKiller_Quarantine

2014-09-20 03:33 . 2014-09-20 03:36 -------- d-----w- E:\FRST

2014-09-20 02:18 . 2008-04-14 07:09 14592 -c--a-w- e:\windows\system32\dllcache\kbdhid.sys

2014-09-20 02:18 . 2008-04-14 07:09 14592 ----a-w- e:\windows\system32\drivers\kbdhid.sys

2014-09-20 02:18 . 2001-08-17 20:48 12160 -c--a-w- e:\windows\system32\dllcache\mouhid.sys

2014-09-20 02:18 . 2001-08-17 20:48 12160 ----a-w- e:\windows\system32\drivers\mouhid.sys

2014-09-20 02:18 . 2008-04-14 07:15 10368 -c--a-w- e:\windows\system32\dllcache\hidusb.sys

2014-09-20 02:18 . 2008-04-14 07:15 10368 ----a-w- e:\windows\system32\drivers\hidusb.sys

2014-09-20 00:38 . 2014-09-20 01:07 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)

2014-09-19 23:32 . 2014-09-19 23:43 -------- d-----w- E:\AdwCleaner

2014-09-19 22:37 . 2014-09-09 01:24 8806800 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-09-19 18:54 . 2014-09-20 00:37 113880 ----a-w- e:\windows\system32\drivers\MBAMSwissArmy.sys

2014-09-19 18:53 . 2014-09-20 00:36 54232 ----a-w- e:\windows\system32\drivers\mbamchameleon.sys

2014-09-19 18:53 . 2014-09-19 18:53 -------- d-----w- e:\program files\Malwarebytes Anti-Malware

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-09-10 17:46 . 2012-10-28 00:48 701104 ----a-w- e:\windows\system32\FlashPlayerApp.exe

2014-09-10 17:46 . 2012-10-28 00:48 71344 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl

2014-09-10 17:45 . 2014-07-09 06:45 17903792 ----a-w- e:\windows\system32\FlashPlayerInstaller.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="e:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-09-19 6690072]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="e:\windows\System32\igfxtray.exe" [2009-10-26 141848]

"HotKeysCmds"="e:\windows\System32\hkcmd.exe" [2009-10-26 173592]

"Persistence"="e:\windows\System32\igfxpers.exe" [2009-10-26 144920]

"MSC"="e:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]

"RTHDCPL"="RTHDCPL.EXE" [2009-10-06 18750976]

.

e:\documents and settings\lavonne\Start Menu\Programs\Startup\

Billminder.lnk - e:\quickenw\BILLMIND.EXE [2012-5-22 10064]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "e:\program files\Qualcomm\Eudora\EuShlExt.dll" [2005-08-09 86016]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.

R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]

R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]

R2 !SASCORE;SAS Core Service;e:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 4:38 PM 142648]

R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;e:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [11/20/2009 2:14 PM 245760]

R2 HPSIService;HP SI Service;e:\windows\system32\HPSIsvc.exe [5/15/2012 4:54 PM 99896]

S1 asoufuqa;asoufuqa;\??\e:\windows\system32\drivers\asoufuqa.sys --> e:\windows\system32\drivers\asoufuqa.sys [?]

S1 basfwynk;basfwynk;\??\e:\windows\system32\drivers\basfwynk.sys --> e:\windows\system32\drivers\basfwynk.sys [?]

S1 bmrtexpn;bmrtexpn;\??\e:\windows\system32\drivers\bmrtexpn.sys --> e:\windows\system32\drivers\bmrtexpn.sys [?]

S1 fqjjbabe;fqjjbabe;\??\e:\windows\system32\drivers\fqjjbabe.sys --> e:\windows\system32\drivers\fqjjbabe.sys [?]

S1 fumhmkzp;fumhmkzp;\??\e:\windows\system32\drivers\fumhmkzp.sys --> e:\windows\system32\drivers\fumhmkzp.sys [?]

S1 gthyleim;gthyleim;\??\e:\windows\system32\drivers\gthyleim.sys --> e:\windows\system32\drivers\gthyleim.sys [?]

S1 gyevzyhq;gyevzyhq;\??\e:\windows\system32\drivers\gyevzyhq.sys --> e:\windows\system32\drivers\gyevzyhq.sys [?]

S1 mqmddadt;mqmddadt;\??\e:\windows\system32\drivers\mqmddadt.sys --> e:\windows\system32\drivers\mqmddadt.sys [?]

S1 navlzhjt;navlzhjt;\??\e:\windows\system32\drivers\navlzhjt.sys --> e:\windows\system32\drivers\navlzhjt.sys [?]

S1 qnmcfouq;qnmcfouq;\??\e:\windows\system32\drivers\qnmcfouq.sys --> e:\windows\system32\drivers\qnmcfouq.sys [?]

S1 vspqmgan;vspqmgan;\??\e:\windows\system32\drivers\vspqmgan.sys --> e:\windows\system32\drivers\vspqmgan.sys [?]

S1 wjhfgmuv;wjhfgmuv;\??\e:\windows\system32\drivers\wjhfgmuv.sys --> e:\windows\system32\drivers\wjhfgmuv.sys [?]

S1 yhvfpdrs;yhvfpdrs;\??\e:\windows\system32\drivers\yhvfpdrs.sys --> e:\windows\system32\drivers\yhvfpdrs.sys [?]

S1 zpandemo;zpandemo;\??\e:\windows\system32\drivers\zpandemo.sys --> e:\windows\system32\drivers\zpandemo.sys [?]

S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [5/15/2012 3:49 PM 1684736]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 35051618

*Deregistered* - 35051618

.

Contents of the 'Scheduled Tasks' folder

.

2014-09-20 e:\windows\Tasks\Adobe Flash Player Updater.job

- e:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-28 17:46]

.

2014-09-20 e:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job

- e:\windows\system32\xp_eos.exe [2014-03-07 01:59]

.

2014-09-14 e:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

- e:\windows\system32\xp_eos.exe [2014-03-07 01:59]

.

2014-09-20 e:\windows\Tasks\User_Feed_Synchronization-{60A9699E-D563-4A84-B463-336407475A7C}.job

- e:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 209.221.136.4 209.221.136.9

FF - ProfilePath - e:\documents and settings\lavonne\Application Data\Mozilla\Firefox\Profiles\wlk5ki5n.default\

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-Ukiqxoinxaev - e:\documents and settings\lavonne\Application Data\Keromaib\qoumg.exe

SafeBoot-35051618.sys

SafeBoot-61703292.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2014-09-20 10:07

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-796845957-1580436667-839522115-1005\Software\÷@*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(684)

e:\windows\system32\igfxdev.dll

.

Completion time: 2014-09-20 10:09:38

ComboFix-quarantined-files.txt 2014-09-20 17:09

.

Pre-Run: 415,577,120,768 bytes free

Post-Run: 418,631,647,232 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

.

- - End Of File - - 93057300AEF3671500EFD290ADE44622

8F558EB6672622401DA993E1E865C861

Link to post
Share on other sites

51a5bf3d99e8a-ComboFixlogo16.png Fix with ComboFix

Let's prepare a Script for ComboFix to mark some things for being deleted.

  • Press the WindowsKey.png + R on your keyboard at the same time.
  • A Run window should appear in the lower left corner. Type in notepad.exe and press Enter.
  • In the shown window paste in the following script:

    KillAll::Driver::asoufuqabasfwynkbmrtexpnfqjjbabefumhmkzpgthyleimgyevzyhqmqmddadtnavlzhjtqnmcfouqvspqmganwjhfgmuvyhvfpdrszpandemoFile::e:\windows\system32\drivers\asoufuqa.syse:\windows\system32\drivers\basfwynk.syse:\windows\system32\drivers\bmrtexpn.syse:\windows\system32\drivers\fqjjbabe.syse:\windows\system32\drivers\fumhmkzp.syse:\windows\system32\drivers\gthyleim.syse:\windows\system32\drivers\gyevzyhq.syse:\windows\system32\drivers\mqmddadt.syse:\windows\system32\drivers\navlzhjt.syse:\windows\system32\drivers\qnmcfouq.syse:\windows\system32\drivers\vspqmgan.sys e:\windows\system32\drivers\wjhfgmuv.syse:\windows\system32\drivers\yhvfpdrs.syse:\windows\system32\drivers\zpandemo.sys
  • Go to File menu and select Save as.
  • Make sure that the Save as type option is set to Text files (*.txt) and the place to save will be your desktop.
  • Name the file CFScript and select Save.

Your CFScript.txt file should appear on your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Now drag your CFScript file and drop it onto the 51a5bf3d99e8a-ComboFixlogo16.png icon:

    CFScript.gif

  • This will start ComboFix. Let it run uninterrupted!
  • A reboot may be needed during this run. Allow it.
  • When finished, it shall produce a log for you at C:\ComboFix.txt and display it.

Please include that log in your next reply.

icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.

icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

icon_idea.gif Do not forget to turn on your previously switched-off protection software!

Link to post
Share on other sites

ComboFix 14-09-18.01 - lavonne 09/20/2014  18:30:47.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3293.2702 [GMT -7:00]
Running from: e:\documents and settings\lavonne\Desktop\ComboFix.exe
Command switches used :: e:\documents and settings\lavonne\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"e:\windows\system32\drivers\asoufuqa.sys"
"e:\windows\system32\drivers\basfwynk.sys"
"e:\windows\system32\drivers\bmrtexpn.sys"
"e:\windows\system32\drivers\fqjjbabe.sys"
"e:\windows\system32\drivers\fumhmkzp.sys"
"e:\windows\system32\drivers\gthyleim.sys"
"e:\windows\system32\drivers\gyevzyhq.sys"
"e:\windows\system32\drivers\mqmddadt.sys"
"e:\windows\system32\drivers\navlzhjt.sys"
"e:\windows\system32\drivers\qnmcfouq.sys"
"e:\windows\system32\drivers\vspqmgan.sys"
"e:\windows\system32\drivers\wjhfgmuv.sys"
"e:\windows\system32\drivers\yhvfpdrs.sys"
"e:\windows\system32\drivers\zpandemo.sys"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_asoufuqa
-------\Service_basfwynk
-------\Service_bmrtexpn
-------\Service_fqjjbabe
-------\Service_fumhmkzp
-------\Service_gthyleim
-------\Service_gyevzyhq
-------\Service_mqmddadt
-------\Service_navlzhjt
-------\Service_qnmcfouq
-------\Service_vspqmgan
-------\Service_wjhfgmuv
-------\Service_yhvfpdrs
-------\Service_zpandemo
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-21 to 2014-09-21  )))))))))))))))))))))))))))))))
.
.
2014-09-21 01:40 . 2014-09-21 01:40    62576    ----a-w-    e:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B27C12C3-3E26-4D18-BB91-46C1F6A93009}\offreg.dll
2014-09-21 00:03 . 2014-09-09 01:24    8806800    ----a-w-    e:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B27C12C3-3E26-4D18-BB91-46C1F6A93009}\mpengine.dll
2014-09-20 15:12 . 2014-09-20 15:12    --------    d-----w-    E:\TDSSKiller_Quarantine
2014-09-20 03:33 . 2014-09-20 03:36    --------    d-----w-    E:\FRST
2014-09-20 02:18 . 2008-04-14 07:09    14592    -c--a-w-    e:\windows\system32\dllcache\kbdhid.sys
2014-09-20 02:18 . 2008-04-14 07:09    14592    ----a-w-    e:\windows\system32\drivers\kbdhid.sys
2014-09-20 02:18 . 2001-08-17 20:48    12160    -c--a-w-    e:\windows\system32\dllcache\mouhid.sys
2014-09-20 02:18 . 2001-08-17 20:48    12160    ----a-w-    e:\windows\system32\drivers\mouhid.sys
2014-09-20 02:18 . 2008-04-14 07:15    10368    -c--a-w-    e:\windows\system32\dllcache\hidusb.sys
2014-09-20 02:18 . 2008-04-14 07:15    10368    ----a-w-    e:\windows\system32\drivers\hidusb.sys
2014-09-20 00:38 . 2014-09-20 01:07    --------    d-----w-    e:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-09-19 23:32 . 2014-09-19 23:43    --------    d-----w-    E:\AdwCleaner
2014-09-19 22:37 . 2014-09-09 01:24    8806800    ----a-w-    e:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-19 18:54 . 2014-09-20 00:37    113880    ----a-w-    e:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-19 18:53 . 2014-09-20 00:36    54232    ----a-w-    e:\windows\system32\drivers\mbamchameleon.sys
2014-09-19 18:53 . 2014-09-19 18:53    --------    d-----w-    e:\program files\Malwarebytes Anti-Malware
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-10 17:46 . 2012-10-28 00:48    701104    ----a-w-    e:\windows\system32\FlashPlayerApp.exe
2014-09-10 17:46 . 2012-10-28 00:48    71344    ----a-w-    e:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 17:45 . 2014-07-09 06:45    17903792    ----a-w-    e:\windows\system32\FlashPlayerInstaller.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="e:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-09-19 6690072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="e:\windows\System32\igfxtray.exe" [2009-10-26 141848]
"HotKeysCmds"="e:\windows\System32\hkcmd.exe" [2009-10-26 173592]
"Persistence"="e:\windows\System32\igfxpers.exe" [2009-10-26 144920]
"MSC"="e:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"RTHDCPL"="RTHDCPL.EXE" [2009-10-06 18750976]
.
e:\documents and settings\lavonne\Start Menu\Programs\Startup\
Billminder.lnk - e:\quickenw\BILLMIND.EXE [2012-5-22 10064]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "e:\program files\Qualcomm\Eudora\EuShlExt.dll" [2005-08-09 86016]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 !SASCORE;SAS Core Service;e:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 4:38 PM 142648]
R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;e:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [11/20/2009 2:14 PM 245760]
R2 HPSIService;HP SI Service;e:\windows\system32\HPSIsvc.exe [5/15/2012 4:54 PM 99896]
S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [5/15/2012 3:49 PM 1684736]
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-21 e:\windows\Tasks\Adobe Flash Player Updater.job
- e:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-28 17:46]
.
2014-09-21 e:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- e:\windows\system32\xp_eos.exe [2014-03-07 01:59]
.
2014-09-14 e:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- e:\windows\system32\xp_eos.exe [2014-03-07 01:59]
.
2014-09-21 e:\windows\Tasks\User_Feed_Synchronization-{60A9699E-D563-4A84-B463-336407475A7C}.job
- e:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.221.136.4 209.221.136.9
FF - ProfilePath - e:\documents and settings\lavonne\Application Data\Mozilla\Firefox\Profiles\wlk5ki5n.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-09-20 18:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-796845957-1580436667-839522115-1005\Software\÷@*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3388)
e:\windows\system32\WININET.dll
e:\windows\system32\ieframe.dll
e:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
e:\program files\Microsoft Security Client\MsMpEng.exe
e:\windows\system32\wscntfy.exe
e:\windows\RTHDCPL.EXE
e:\windows\System32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2014-09-20  18:43:24 - machine was rebooted
ComboFix-quarantined-files.txt  2014-09-21 01:43
ComboFix2.txt  2014-09-20 17:09
.
Pre-Run: 418,678,239,232 bytes free
Post-Run: 418,631,450,624 bytes free
.
- - End Of File - - 9C4468D4781E1306AC6BFDF46691961A
8F558EB6672622401DA993E1E865C861
 

Link to post
Share on other sites

OK, looks much better.



FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

Link to post
Share on other sites

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by lavonne (administrator) on GUYHARDMAN on 20-09-2014 19:02:10
Running from E:\Documents and Settings\lavonne\My Documents\downloads
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) E:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) E:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Marvell) E:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
(HP) E:\WINDOWS\system32\HPSIsvc.exe
(Microsoft Corporation) E:\WINDOWS\system32\wscntfy.exe
(Intel Corporation) E:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) E:\WINDOWS\system32\igfxpers.exe
(Microsoft Corporation) E:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor Corp.) E:\WINDOWS\RTHDCPL.EXE
(SUPERAntiSpyware) E:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Intel Corporation) E:\WINDOWS\system32\igfxsrvc.exe
(Mozilla Corporation) E:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => e:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDCPL] => E:\WINDOWS\RTHDCPL.EXE [18750976 2009-10-06] (Realtek Semiconductor Corp.)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse]  <==== ATTENTION!
HKU\S-1-5-21-796845957-1580436667-839522115-1005\...\Run: [sUPERAntiSpyware] => E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6690072 2014-09-19] (SUPERAntiSpyware)
Startup: E:\Documents and Settings\lavonne\Start Menu\Programs\Startup\Billminder.lnk
ShortcutTarget: Billminder.lnk -> E:\QUICKENW\BILLMIND.EXE (Intuit)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - E:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - E:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
ShellExecuteHooks: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - E:\Program Files\Qualcomm\Eudora\EuShlExt.dll [86016 2005-08-09] (Qualcomm Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.221.136.4 209.221.136.9

FireFox:
========
FF ProfilePath: E:\Documents and Settings\lavonne\Application Data\Mozilla\Firefox\Profiles\wlk5ki5n.default
FF Plugin: @adobe.com/FlashPlayer -> E:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> E:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> E:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> E:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: E:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: E:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Extension: NoScript - E:\Documents and Settings\lavonne\Application Data\Mozilla\Firefox\Profiles\wlk5ki5n.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-05-20]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; E:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-12] (SUPERAntiSpyware.com)
R2 HPM1210RcvFaxSrvc; E:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [245760 2009-11-20] (Marvell) [File not signed]
R2 MsMpSvc; e:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; E:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
S3 Monfilt; E:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R0 MpFilter; E:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 SASDIFSV; E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 catchme; \??\E:\ComboFix\catchme.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; E:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
U3 mbr; \??\E:\DOCUME~1\lavonne\LOCALS~1\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-20 18:43 - 2014-09-20 19:02 - 00000000 ____D () E:\Documents and Settings\lavonne\Local Settings\temp
2014-09-20 18:43 - 2014-09-20 18:49 - 00000000 ____D () E:\Documents and Settings\NetworkService\Local Settings\temp
2014-09-20 18:43 - 2014-09-20 18:43 - 00008609 _____ () E:\ComboFix.txt
2014-09-20 18:43 - 2014-09-20 18:43 - 00000000 ____D () E:\Documents and Settings\LocalService\Local Settings\temp
2014-09-20 18:37 - 2014-09-20 18:37 - 00008192 ____H () E:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-09-20 18:37 - 2014-09-20 18:37 - 00000000 ____H () E:\WINDOWS\system32\config\system.tmp.LOG
2014-09-20 18:37 - 2014-09-20 18:37 - 00000000 ____H () E:\WINDOWS\system32\config\software.tmp.LOG
2014-09-20 18:37 - 2014-09-20 18:37 - 00000000 ____H () E:\WINDOWS\system32\config\SAM.tmp.LOG
2014-09-20 18:37 - 2014-09-20 18:37 - 00000000 ____H () E:\WINDOWS\system32\config\default.tmp.LOG
2014-09-20 09:14 - 2014-09-20 18:43 - 00000000 ____D () E:\Qoobox
2014-09-20 09:14 - 2014-09-20 18:36 - 00000000 ____D () E:\WINDOWS\erdnt
2014-09-20 09:14 - 2011-06-25 23:45 - 00256000 _____ () E:\WINDOWS\PEV.exe
2014-09-20 09:14 - 2010-11-07 10:20 - 00208896 _____ () E:\WINDOWS\MBR.exe
2014-09-20 09:14 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) E:\WINDOWS\NIRCMD.exe
2014-09-20 09:14 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) E:\WINDOWS\SWREG.exe
2014-09-20 09:14 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) E:\WINDOWS\SWSC.exe
2014-09-20 09:14 - 2000-08-30 17:00 - 00212480 _____ (SteelWerX) E:\WINDOWS\SWXCACLS.exe
2014-09-20 09:14 - 2000-08-30 17:00 - 00098816 _____ () E:\WINDOWS\sed.exe
2014-09-20 09:14 - 2000-08-30 17:00 - 00080412 _____ () E:\WINDOWS\grep.exe
2014-09-20 09:14 - 2000-08-30 17:00 - 00068096 _____ () E:\WINDOWS\zip.exe
2014-09-20 09:01 - 2014-09-20 09:04 - 05578824 ____R (Swearware) E:\Documents and Settings\lavonne\Desktop\ComboFix.exe
2014-09-20 08:12 - 2014-09-20 08:12 - 00000000 ____D () E:\TDSSKiller_Quarantine
2014-09-20 08:03 - 2014-09-20 08:03 - 00001374 _____ () E:\Documents and Settings\lavonne\Desktop\tdss.txt
2014-09-19 21:12 - 2014-09-19 21:12 - 00071968 _____ () E:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-09-19 20:33 - 2014-09-20 19:02 - 00000000 ____D () E:\FRST
2014-09-19 19:18 - 2008-04-14 00:15 - 00010368 ____C (Microsoft Corporation) E:\WINDOWS\system32\dllcache\hidusb.sys
2014-09-19 19:18 - 2008-04-14 00:15 - 00010368 _____ (Microsoft Corporation) E:\WINDOWS\system32\Drivers\hidusb.sys
2014-09-19 19:18 - 2008-04-14 00:09 - 00014592 ____C (Microsoft Corporation) E:\WINDOWS\system32\dllcache\kbdhid.sys
2014-09-19 19:18 - 2008-04-14 00:09 - 00014592 _____ (Microsoft Corporation) E:\WINDOWS\system32\Drivers\kbdhid.sys
2014-09-19 19:18 - 2001-08-17 13:48 - 00012160 ____C (Microsoft Corporation) E:\WINDOWS\system32\dllcache\mouhid.sys
2014-09-19 19:18 - 2001-08-17 13:48 - 00012160 _____ (Microsoft Corporation) E:\WINDOWS\system32\Drivers\mouhid.sys
2014-09-19 17:38 - 2014-09-19 18:07 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-09-19 17:36 - 2014-09-19 18:07 - 00000000 ____D () E:\Documents and Settings\lavonne\Desktop\mbar
2014-09-19 16:32 - 2014-09-19 16:43 - 00000000 ____D () E:\AdwCleaner
2014-09-19 11:54 - 2014-09-19 17:37 - 00113880 _____ (Malwarebytes Corporation) E:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 11:53 - 2014-09-19 17:36 - 00054232 _____ (Malwarebytes Corporation) E:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-19 11:53 - 2014-09-19 11:53 - 00000000 ____D () E:\Program Files\Malwarebytes Anti-Malware
2014-09-19 11:53 - 2014-09-19 11:53 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-19 11:50 - 2014-09-19 11:50 - 00000000 ____D () E:\Documents and Settings\guy\Application Data\Malwarebytes
2014-09-19 11:19 - 2014-09-15 16:49 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin20146.xls
2014-09-19 11:19 - 2014-09-15 16:31 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\codyevans5.xls
2014-09-19 11:19 - 2014-09-13 16:12 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoedinvoice3.xls
2014-09-19 11:19 - 2014-09-06 20:07 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoedinvoice2.xls
2014-09-19 11:19 - 2014-08-30 14:37 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoedinvoice.xls
2014-09-19 11:19 - 2014-08-27 07:21 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\petersoninvoice14.xls
2014-09-19 11:19 - 2014-08-13 09:32 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\codyevans4.xls
2014-09-19 11:19 - 2014-08-13 09:21 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\vin grou invoice14.xls
2014-09-19 11:19 - 2014-08-13 09:12 - 00266240 _____ () E:\Documents and Settings\guy\My Documents\martininvoice.xls
2014-09-19 11:19 - 2014-08-04 05:42 - 00265728 _____ () E:\Documents and Settings\guy\My Documents\martin.xls
2014-09-19 11:19 - 2014-08-02 19:22 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice201414.xls
2014-09-19 11:19 - 2014-07-26 18:33 - 00256512 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice201413.xls
2014-09-19 11:19 - 2014-07-18 22:10 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice201412.xls
2014-09-19 11:19 - 2014-07-13 09:34 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice201411.xls
2014-09-19 11:19 - 2014-07-08 18:38 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\schroederinvoice2.xls
2014-09-19 11:19 - 2014-07-05 09:08 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\huneryager.xls
2014-09-19 11:19 - 2014-07-05 08:42 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice201410.xls
2014-09-19 11:19 - 2014-07-05 08:30 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\lodmill3invoice.xls
2014-09-19 11:19 - 2014-06-29 08:55 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\codyevans3.xls
2014-09-19 11:19 - 2014-06-28 02:48 - 00266752 _____ () E:\Documents and Settings\guy\My Documents\Kohninvoice.xls
2014-09-19 11:19 - 2014-06-22 14:52 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\doctorbob.xls
2014-09-19 11:19 - 2014-06-22 14:31 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\codyevans2.xls
2014-09-19 11:19 - 2014-06-21 15:44 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20149.xls
2014-09-19 11:19 - 2014-06-14 21:39 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\schroederinvoice.xls
2014-09-19 11:19 - 2014-06-14 21:28 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\codyevans.xls
2014-09-19 11:19 - 2014-06-14 21:12 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\lindanancyinvoice2014.xls
2014-09-19 11:19 - 2014-06-14 21:01 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20148.xls
2014-09-19 11:19 - 2014-06-07 18:30 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20147.xls
2014-09-19 11:19 - 2014-06-05 07:34 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\lodmill2invoice.xls
2014-09-19 11:19 - 2014-05-31 09:14 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20146.xls
2014-09-19 11:19 - 2014-05-30 07:53 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\kentrhodesinvoice2.xls
2014-09-19 11:19 - 2014-05-26 21:02 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20145.xls
2014-09-19 11:19 - 2014-05-17 11:22 - 00256512 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20144.xls
2014-09-19 11:19 - 2014-05-10 17:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20143.xls
2014-09-19 11:19 - 2014-05-03 14:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20142.xls
2014-09-19 11:19 - 2014-05-03 14:18 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice2014.xls
2014-09-19 11:19 - 2014-05-03 14:13 - 00256000 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice2014-2.xls
2014-09-19 11:19 - 2014-04-24 07:20 - 00258048 _____ () E:\Documents and Settings\guy\My Documents\kentrhodesinvoice1.xls
2014-09-19 11:19 - 2014-04-18 08:58 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\lodmillinvoice.xls
2014-09-19 11:19 - 2014-04-15 18:27 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\behrmaninvoice2014.xls
2014-09-19 11:19 - 2014-03-27 07:58 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\petersoninvoice.xls
2014-09-19 11:19 - 2014-03-25 06:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\thamerinvoice.xls
2014-09-19 11:19 - 2014-03-16 16:18 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin20145.xls
2014-09-19 11:19 - 2014-02-22 10:34 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin20144.xls
2014-09-19 11:19 - 2014-02-22 09:49 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice2014.xls
2014-09-19 11:19 - 2014-02-06 09:23 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwinfloorrepair2014.xls
2014-09-19 11:19 - 2014-02-04 20:44 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\curtcarlson.xls
2014-09-19 11:19 - 2014-02-02 20:42 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice20132.xls
2014-09-19 11:19 - 2014-02-02 14:26 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin20143.xls
2014-09-19 11:19 - 2014-01-24 08:45 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin20142.xls
2014-09-19 11:19 - 2014-01-24 08:24 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin2014.xls
2014-09-19 11:19 - 2014-01-24 08:23 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\thamer.xls
2014-09-19 11:19 - 2013-12-23 07:06 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin3.xls
2014-09-19 11:19 - 2013-12-17 12:09 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin2.xls
2014-09-19 11:19 - 2013-12-06 16:08 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin.xls
2014-09-19 11:19 - 2013-12-04 16:15 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\johnbarry2.xls
2014-09-19 11:19 - 2013-11-22 09:50 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\lindanancyinvoice2013.xls
2014-09-19 11:19 - 2013-11-12 08:42 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\short2.xls
2014-09-19 11:19 - 2013-11-12 08:14 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\short.xls
2014-09-19 11:19 - 2013-10-25 14:03 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\lindanancyinvoice20133.xls
2014-09-19 11:19 - 2013-10-16 08:37 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\johnbarry.xls
2014-09-19 11:19 - 2013-10-14 17:17 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\johansoninvoice.xls
2014-09-19 11:19 - 2013-10-14 09:27 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\lindanancyinvoice20132.xls
2014-09-19 11:19 - 2013-10-03 10:21 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\cysewskiinvoice3.xls
2014-09-19 11:19 - 2013-10-03 10:06 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\kellygoodwininvoice13#2.xls
2014-09-19 11:19 - 2013-09-27 08:37 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\cysewskiinvoice2.xls
2014-09-19 11:19 - 2013-09-18 07:50 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\cysewskiinvoice.xls
2014-09-19 11:19 - 2013-09-12 07:05 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\clinganinvoice.xls
2014-09-19 11:19 - 2013-09-12 06:59 - 00255488 _____ () E:\Documents and Settings\guy\My Documents\clinganinvoice2013.xls1.xls
2014-09-19 11:19 - 2013-09-12 06:54 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\clothierinvoice2013.xls1.xls
2014-09-19 11:19 - 2013-09-08 17:11 - 00256512 _____ () E:\Documents and Settings\guy\My Documents\eusticeinvoice.xls
2014-09-19 11:19 - 2013-08-18 09:37 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\hawley2invoice.xls
2014-09-19 11:19 - 2013-08-15 09:00 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\behrmandoorknobinvoice.xls
2014-09-19 11:19 - 2013-08-15 08:42 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\kellygoodwininvoice13.xls
2014-09-19 11:19 - 2013-08-09 12:12 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\welchhenleyinvoice4.xls
2014-09-19 11:19 - 2013-08-07 08:38 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\stewartinvoice2013.xls
2014-09-19 11:19 - 2013-07-26 08:02 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\welchhenleyinvoice3.xls
2014-09-19 11:19 - 2013-07-26 07:56 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\walshhenleyinvoice3.xls
2014-09-19 11:19 - 2013-07-10 18:58 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\walshhenleyinvoice2.xls
2014-09-19 11:19 - 2013-07-10 18:23 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\walshhenleyinvoice.xls
2014-09-19 11:19 - 2013-06-28 14:10 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\hawleyinvoice.xls
2014-09-19 11:19 - 2013-06-28 13:24 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\walshhenleycontract.xls
2014-09-19 11:19 - 2013-06-18 14:47 - 00240640 _____ () E:\Documents and Settings\guy\My Documents\armstronginvoice.xls
2014-09-19 11:19 - 2013-06-12 07:49 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\glendaleinvoice.2013xls.xls
2014-09-19 11:19 - 2013-05-28 20:00 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\fultonmats.3xls.xls
2014-09-19 11:19 - 2013-05-28 19:49 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice.xls3.xls
2014-09-19 11:19 - 2013-05-21 08:51 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\behrmaninvoice9.xls
2014-09-19 11:19 - 2013-05-21 08:49 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\berhman 9.xls
2014-09-19 11:19 - 2013-05-21 08:39 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\behrmaninvoice3.xls
2014-09-19 11:19 - 2013-05-21 08:39 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\behrmaninvoice2.xls
2014-09-19 11:19 - 2013-05-07 18:16 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\geraldhoefer2013.xls
2014-09-19 11:19 - 2013-04-21 11:38 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\behrmanmaterials.xls
2014-09-19 11:19 - 2013-04-21 11:37 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\dullabhmats.xls
2014-09-19 11:19 - 2013-04-21 11:12 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\behrmaninvoice.xls
2014-09-19 11:19 - 2013-04-03 08:30 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\vinagroup2013.xls
2014-09-19 11:19 - 2013-04-03 08:00 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\vin grou invoice13.xls
2014-09-19 11:19 - 2013-03-22 07:27 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\oyabeinvoice.xls
2014-09-19 11:19 - 2013-03-08 15:19 - 00240640 _____ () E:\Documents and Settings\guy\My Documents\olyinvoice.xls
2014-09-19 11:19 - 2013-03-01 19:01 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\torresinvoice.xls2013.xls
2014-09-19 11:19 - 2013-03-01 19:00 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\torresinvoice.xls2011.xls
2014-09-19 11:19 - 2013-02-28 06:47 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\hernandezinvoice.xls
2014-09-19 11:19 - 2013-02-08 10:06 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\kelligoodwininvoice2.xls
2014-09-19 11:19 - 2013-02-03 22:00 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\torresmats2013.xls
2014-09-19 11:19 - 2013-01-12 15:58 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\kellygoodwininvoice.xls
2014-09-19 11:19 - 2012-11-30 12:50 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\vinagroupinv.xls
2014-09-19 11:19 - 2012-11-30 12:27 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\kitanoinv1012.xls
2014-09-19 11:19 - 2012-11-22 10:55 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\bradleyinvoice.xls
2014-09-19 11:19 - 2012-11-22 10:35 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice2.xls
2014-09-19 11:19 - 2012-11-20 12:56 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\collierinv2.xls
2014-09-19 11:19 - 2012-11-20 12:47 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\paullmantelinv.xls
2014-09-19 11:19 - 2012-11-20 12:28 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\libertyinvoice.xls
2014-09-19 11:19 - 2012-11-09 11:45 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\paullshowerinv..xls
2014-09-19 11:19 - 2012-11-09 10:59 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\fulton2inv..xls
2014-09-19 11:19 - 2012-11-09 10:58 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\collierinvoice.xls
2014-09-19 11:19 - 2012-11-09 10:57 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\fultoninv..xls
2014-09-19 11:19 - 2012-11-09 10:56 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\collierinv..xls
2014-09-19 11:19 - 2012-10-29 10:07 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\vina group invoice 21.xls2.xls3.xls
2014-09-19 11:19 - 2012-10-27 19:04 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\geraldhoeferdentalinv..xls
2014-09-19 11:19 - 2012-10-24 06:15 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\paulbeaconinvoicePaullinvoice.xls
2014-09-19 11:19 - 2012-10-20 11:59 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\zionislandinv..xls
2014-09-19 11:19 - 2012-09-10 13:26 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\ronjohnsoninvoice.xls
2014-09-19 11:19 - 2012-09-05 09:47 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\hoeferginvoice.xls
2014-09-19 11:19 - 2012-08-22 20:13 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\herman3.xls
2014-09-19 11:19 - 2012-08-22 20:12 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\hermanllc.xls
2014-09-19 11:19 - 2012-08-20 20:35 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice.xls2.xls
2014-09-19 11:19 - 2012-08-20 20:12 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\cenciinvoice2.xls
2014-09-19 11:19 - 2012-07-12 12:05 - 00256000 _____ () E:\Documents and Settings\guy\My Documents\besharainvoice.xls
2014-09-19 11:19 - 2012-07-02 17:41 - 00265728 _____ () E:\Documents and Settings\guy\My Documents\Kohnmats.xls
2014-09-19 11:19 - 2012-06-30 14:53 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\zioninvoice.xls
2014-09-19 11:19 - 2012-06-20 09:53 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\hermaninvoice2.xls
2014-09-19 11:19 - 2012-06-12 17:54 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\houstoninvoice.xls
2014-09-19 11:19 - 2012-05-31 09:28 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\hoeferinvoice2.xls
2014-09-19 11:19 - 2012-05-31 09:27 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\ryanmcquadeivoice.xls
2014-09-19 11:19 - 2012-05-27 10:37 - 00256512 _____ () E:\Documents and Settings\guy\My Documents\cenciinvoice.xls
2014-09-19 11:19 - 2012-05-26 11:06 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\haerman2.xls
2014-09-19 11:19 - 2012-04-22 18:24 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\cristinewaldman.xls
2014-09-19 11:19 - 2012-04-06 15:01 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\clothierinvoice2012.xls1.xls
2014-09-19 11:19 - 2012-03-27 17:05 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\Harperinvoice.xls
2014-09-19 11:19 - 2012-03-27 17:02 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\torresinvoice.xls
2014-09-19 11:19 - 2012-03-21 08:37 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\tovarinvoice.xls
2014-09-19 11:19 - 2012-02-29 11:58 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\DamborgDan.xls
2014-09-19 11:19 - 2012-01-12 14:23 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\annemooreandmel2012.xls
2014-09-19 11:19 - 2011-12-14 13:02 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\lawinvoice.xls
2014-09-19 11:19 - 2011-12-14 12:50 - 00256000 _____ () E:\Documents and Settings\guy\My Documents\lawmats.xls
2014-09-19 11:19 - 2011-12-14 12:40 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\glendale invoice 2.xls
2014-09-19 11:19 - 2011-11-11 16:59 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\lydenmats.xls
2014-09-19 11:19 - 2011-11-11 16:52 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\lydeninvoice.xls
2014-09-19 11:19 - 2011-11-01 17:26 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\juanandhazelmaterials.xls
2014-09-19 11:19 - 2011-11-01 17:23 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\juanandhazelinvoice.xls
2014-09-19 11:19 - 2011-11-01 15:55 - 00256000 _____ () E:\Documents and Settings\guy\My Documents\clothierinvoice.xls
2014-09-19 11:19 - 2011-10-21 15:05 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\Waltoninvoice.xls
2014-09-19 11:19 - 2011-10-19 08:16 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\hermaninvoice.xls
2014-09-19 11:19 - 2011-10-09 15:35 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\taylorinvoice.xls
2014-09-19 11:19 - 2011-10-01 11:11 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\Randy and Robinnormany park.xls
2014-09-19 11:19 - 2011-09-30 09:28 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\lindanancyinvoice.xls
2014-09-19 11:19 - 2011-09-30 09:19 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\nancymats.xls
2014-09-19 11:19 - 2011-09-14 18:16 - 00259584 _____ () E:\Documents and Settings\guy\My Documents\bennettmats.xls
2014-09-19 11:19 - 2011-09-14 18:08 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\bennettinvoice.xls
2014-09-19 11:19 - 2011-09-05 15:15 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\vina group invoice 21.xls
2014-09-19 11:19 - 2011-07-31 10:27 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\lindanancycabinets.xls
2014-09-19 11:19 - 2011-07-31 10:13 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\lindanancyinvoice.xlsdp.xls
2014-09-19 11:19 - 2011-06-27 14:18 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\martyandlenayschneider.xls
2014-09-19 11:19 - 2011-06-21 13:02 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\Randy and Robin2 2011.xls2.xls
2014-09-19 11:19 - 2011-05-22 11:34 - 00261632 _____ () E:\Documents and Settings\guy\My Documents\nancyinvoice.xls
2014-09-19 11:19 - 2011-05-22 11:10 - 00260096 _____ () E:\Documents and Settings\guy\My Documents\nancylinda.xls
2014-09-19 11:19 - 2011-04-29 06:52 - 00261632 _____ () E:\Documents and Settings\guy\My Documents\lindanancy.xls
2014-09-19 11:19 - 2011-04-14 08:31 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice3.xls
2014-09-19 11:19 - 2011-04-02 10:23 - 00266240 _____ () E:\Documents and Settings\guy\My Documents\Randy and Robin2 2011.xls
2014-09-19 11:19 - 2011-03-29 07:08 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\torresinvoice.xls2011.xls2.1.xls
2014-09-19 11:19 - 2011-03-28 18:46 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\Hall.xls
2014-09-19 11:19 - 2011-03-20 11:15 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\Bettyinvoice.xls
2014-09-19 11:19 - 2011-02-18 19:15 - 00255488 _____ () E:\Documents and Settings\guy\My Documents\torresinvoice.xls2011.xls2.xls
2014-09-19 11:19 - 2011-02-18 17:12 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\Randy and Robin 2011.xls
2014-09-19 11:19 - 2011-02-08 19:11 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\glendaleinvoice.xls2011.xls
2014-09-19 11:19 - 2011-01-28 18:48 - 00265728 _____ () E:\Documents and Settings\guy\My Documents\anne moore 2011 xls.xls
2014-09-19 11:19 - 2011-01-28 18:43 - 00266240 _____ () E:\Documents and Settings\guy\My Documents\anne moore 2010.xls2.xls
2014-09-19 11:19 - 2011-01-28 18:42 - 00265728 _____ () E:\Documents and Settings\guy\My Documents\anne moore 2010.xls
2014-09-19 11:19 - 2011-01-01 11:00 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\Darren Williams.xls
2014-09-19 11:19 - 2010-12-08 09:19 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\pittaway invoice.xls
2014-09-19 11:19 - 2010-12-03 14:35 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\hartz.xls
2014-09-19 11:19 - 2010-12-01 10:02 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\GCDInvoice.xls4.xls5.xls
2014-09-19 11:19 - 2010-12-01 09:47 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\GCDInvoice.xls4.xls
2014-09-19 11:19 - 2010-11-02 10:09 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\vinagroup.xls 1.xls
2014-09-19 11:19 - 2010-11-02 10:09 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\vinagroup.xls
2014-09-19 11:19 - 2010-11-02 10:08 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\vina group invoice 21.xls2.xls
2014-09-19 11:19 - 2010-10-04 10:54 - 00266240 _____ () E:\Documents and Settings\guy\My Documents\GCDInvoice.xls3.xls1.xls
2014-09-19 11:19 - 2010-10-04 10:44 - 00265728 _____ () E:\Documents and Settings\guy\My Documents\GCDInvoice.xls3.xls
2014-09-19 11:19 - 2010-10-04 10:37 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\glendaleinvoice.xls
2014-09-19 11:19 - 2010-10-04 10:27 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\fultonmats.xls
2014-09-19 11:19 - 2010-10-04 10:21 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice.xls
2014-09-19 11:19 - 2010-09-17 11:35 - 00265728 _____ () E:\Documents and Settings\guy\My Documents\GCDInvoice.xls
2014-09-19 11:19 - 2010-07-28 04:23 - 00237056 _____ () E:\Documents and Settings\guy\My Documents\greghoefer.xls
2014-09-19 11:19 - 2010-07-13 07:45 - 00253952 _____ () E:\Documents and Settings\guy\My Documents\Paullinvoice.xls
2014-09-19 11:19 - 2010-07-13 07:26 - 00242176 _____ () E:\Documents and Settings\guy\My Documents\paullmats.xls
2014-09-19 11:19 - 2010-06-13 04:11 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\clothierinvoice.xls1.xls
2014-09-19 11:19 - 2010-06-08 07:36 - 00245760 _____ () E:\Documents and Settings\guy\My Documents\vinagroupmats.xls
2014-09-19 11:19 - 2010-04-20 06:40 - 00237056 _____ () E:\Documents and Settings\guy\My Documents\glendalemats.xls 2.xls
2014-09-19 11:19 - 2010-02-28 04:24 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\nelsonmaterials.xls
2014-09-19 11:19 - 2010-02-28 04:07 - 00237056 _____ () E:\Documents and Settings\guy\My Documents\glendalemats.xls
2014-09-19 11:19 - 2010-02-21 03:30 - 00243200 _____ () E:\Documents and Settings\guy\My Documents\nelsoninvoice.xls
2014-09-19 11:19 - 2010-01-29 02:57 - 00241152 _____ () E:\Documents and Settings\guy\My Documents\torresmats.xls
2014-09-19 11:19 - 2010-01-24 13:53 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\nelsonmats.xls
2014-09-19 11:19 - 2010-01-24 13:13 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\apgarmats.xls
2014-09-19 11:19 - 2009-12-28 13:48 - 00250368 _____ () E:\Documents and Settings\guy\My Documents\greghoefermats.xls
2014-09-19 11:19 - 2009-11-06 00:49 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\hoefersubs.xls
2014-09-19 11:19 - 2009-10-05 06:55 - 00242688 _____ () E:\Documents and Settings\guy\My Documents\hoeferinvoice.xls
2014-09-19 11:19 - 2009-08-27 03:02 - 00281088 _____ () E:\Documents and Settings\guy\My Documents\Spencerinvoice.xls
2014-09-19 11:19 - 2009-08-21 00:51 - 00261632 _____ () E:\Documents and Settings\guy\My Documents\rigosinvoice.xls
2014-09-19 11:19 - 2009-07-13 06:23 - 00241152 _____ () E:\Documents and Settings\guy\My Documents\hoefermats.xls
2014-09-19 11:19 - 2009-06-29 10:10 - 00237056 _____ () E:\Documents and Settings\guy\My Documents\ghoefermats.xls
2014-09-19 11:19 - 2009-05-26 13:10 - 00242176 _____ () E:\Documents and Settings\guy\My Documents\krohinvoice.xls
2014-09-19 11:19 - 2009-05-26 00:10 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\kohnmats.xls hours.xls
2014-09-19 11:19 - 2009-04-07 12:30 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\shorettmats.xls
2014-09-19 11:19 - 2009-04-07 11:57 - 00238080 _____ () E:\Documents and Settings\guy\My Documents\shorettinvooice.xls
2014-09-19 11:19 - 2009-03-08 11:50 - 00261632 _____ () E:\Documents and Settings\guy\My Documents\nancy and linda.xls
2014-09-19 11:19 - 2009-03-08 11:50 - 00247296 _____ () E:\Documents and Settings\guy\My Documents\schroeterinvoice.xls
2014-09-19 11:19 - 2009-01-25 02:20 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\jenkinsonmats.xls
2014-09-19 11:19 - 2009-01-25 02:04 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\beaneinvoice.xls
2014-09-19 11:19 - 2008-12-14 03:47 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\eusticehours.xls
2014-09-19 11:19 - 2008-12-14 03:43 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\eusticemats.xls
2014-09-19 11:19 - 2008-11-23 04:12 - 00012762 _____ () E:\Documents and Settings\guy\My Documents\Shunning-A Part of the Faith of Jehovahs Witnesses.htm
2014-09-19 11:19 - 2008-11-22 13:26 - 00177664 _____ () E:\Documents and Settings\guy\My Documents\CF 11.6.08 - 11.21.08.xls
2014-09-19 11:19 - 2008-10-31 06:24 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\stewartinvoice.xls
2014-09-19 11:19 - 2008-08-06 09:27 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\Harperhours.xls
2014-09-19 11:19 - 2008-08-06 09:22 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\Harpermats.xls
2014-09-19 11:19 - 2008-06-16 11:07 - 00242176 _____ () E:\Documents and Settings\guy\My Documents\wattshours.xls
2014-09-19 11:19 - 2008-06-16 08:20 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\wattsmats.xls
2014-09-19 11:19 - 2008-06-16 08:09 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\wattsinvoice.xls
2014-09-19 11:19 - 2008-04-24 09:58 - 00238592 _____ () E:\Documents and Settings\guy\My Documents\dullabhinvoice.xls
2014-09-19 11:19 - 2008-04-07 10:28 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\schroetermats.xls
2014-09-19 11:19 - 2008-01-07 05:26 - 00238080 _____ () E:\Documents and Settings\guy\My Documents\clayinvoice.xls
2014-09-19 11:19 - 2007-11-07 02:50 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\derryinvoice.xls
2014-09-19 11:19 - 2007-11-02 07:12 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\Meyersinvoice.xls
2014-09-19 11:19 - 2007-10-19 02:38 - 00242688 _____ () E:\Documents and Settings\guy\My Documents\wheatinvoice.xls
2014-09-19 11:19 - 2007-09-07 01:11 - 00242176 _____ () E:\Documents and Settings\guy\My Documents\meyersmats.xls
2014-09-19 11:19 - 2007-08-07 03:47 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\glendalehours.xls
2014-09-19 11:19 - 2007-06-04 10:58 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\stewartmats.xls
2014-09-19 11:19 - 2007-05-23 08:46 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\clinganmats.xls
2014-09-19 11:19 - 2007-05-17 11:37 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\tblummats.xls
2014-09-19 11:19 - 2007-05-17 11:36 - 00242688 _____ () E:\Documents and Settings\guy\My Documents\tbluminvoice.xls
2014-09-19 11:19 - 2007-02-13 07:08 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\bloomenthalinvoice1.xls
2014-09-19 11:19 - 2007-02-02 07:32 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\derrymats.xls
2014-09-19 11:19 - 2007-01-18 03:23 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\piovesaninovoice.xls
2014-09-19 11:19 - 2006-12-06 07:47 - 00242176 _____ () E:\Documents and Settings\guy\My Documents\olymats.xls
2014-09-19 11:19 - 2006-10-14 03:47 - 00242176 _____ () E:\Documents and Settings\guy\My Documents\shorettinvoice.xls
2014-09-19 11:19 - 2006-08-11 01:34 - 00238080 _____ () E:\Documents and Settings\guy\My Documents\apgarinvoice.xls
2014-09-19 11:19 - 2006-07-27 03:43 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\helmmats.xls
2014-09-19 11:19 - 2006-07-27 03:32 - 00242688 _____ () E:\Documents and Settings\guy\My Documents\helminvoice.xls
2014-09-19 11:19 - 2006-07-19 04:08 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\Blumenthalmats.xls
2014-09-19 11:19 - 2006-07-19 04:05 - 00238080 _____ () E:\Documents and Settings\guy\My Documents\blumenthallinvoice.xls
2014-09-19 11:19 - 2006-03-07 04:17 - 00237056 _____ () E:\Documents and Settings\guy\My Documents\wintersmats.xls
2014-09-19 11:19 - 2006-03-07 03:59 - 00242688 _____ () E:\Documents and Settings\guy\My Documents\wintersinvoice.xls
2014-09-19 11:19 - 2005-10-23 02:49 - 00248320 _____ () E:\Documents and Settings\guy\My Documents\jenkinsoninvoice1.xls
2014-09-19 11:19 - 2005-08-01 10:46 - 00242688 _____ () E:\Documents and Settings\guy\My Documents\remediesinvoice.xls
2014-09-19 11:19 - 2005-05-02 05:52 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\Higginsmats.xls
2014-09-19 11:19 - 2005-05-02 05:49 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\higginsinvoice.xls
2014-09-19 11:19 - 2005-03-03 02:00 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\zionmats.xls
2014-09-18 13:57 - 2014-09-18 13:59 - 00000000 ____D () E:\Program Files\Mozilla Firefox
2014-09-15 16:33 - 2014-09-15 16:49 - 00257536 _____ () E:\Documents and Settings\lavonne\My Documents\tracigoodwin20146.xls
2014-09-15 16:31 - 2014-09-15 16:31 - 00252416 _____ () E:\Documents and Settings\lavonne\My Documents\codyevans5.xls
2014-09-13 15:51 - 2014-09-13 16:12 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\todoedinvoice3.xls
2014-09-06 20:03 - 2014-09-06 20:07 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\todoedinvoice2.xls
2014-08-30 14:32 - 2014-08-30 14:36 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\todoedinvoice.xls
2014-08-27 05:51 - 2014-08-27 07:20 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\petersoninvoice14.xls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-20 19:02 - 2014-09-20 18:43 - 00000000 ____D () E:\Documents and Settings\lavonne\Local Settings\temp
2014-09-20 19:02 - 2014-09-19 20:33 - 00000000 ____D () E:\FRST
2014-09-20 18:49 - 2014-09-20 18:43 - 00000000 ____D () E:\Documents and Settings\NetworkService\Local Settings\temp
2014-09-20 18:45 - 2012-10-27 17:48 - 00000830 _____ () E:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-20 18:43 - 2014-09-20 18:43 - 00008609 _____ () E:\ComboFix.txt
2014-09-20 18:43 - 2014-09-20 18:43 - 00000000 ____D () E:\Documents and Settings\LocalService\Local Settings\temp
2014-09-20 18:43 - 2014-09-20 09:14 - 00000000 ____D () E:\Qoobox
2014-09-20 18:41 - 2014-03-09 10:00 - 00000218 _____ () E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-09-20 18:41 - 2012-05-15 15:11 - 00000000 ____D () E:\Program Files\SUPERAntiSpyware
2014-09-20 18:41 - 2003-03-31 05:00 - 00000227 _____ () E:\WINDOWS\system.ini
2014-09-20 18:40 - 2012-05-15 14:38 - 01518343 _____ () E:\WINDOWS\WindowsUpdate.log
2014-09-20 18:39 - 2012-05-15 13:57 - 00000006 ____H () E:\WINDOWS\Tasks\SA.DAT
2014-09-20 18:37 - 2014-09-20 18:37 - 00008192 ____H () E:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-09-20 18:37 - 2014-09-20 18:37 - 00000000 ____H () E:\WINDOWS\system32\config\system.tmp.LOG
2014-09-20 18:37 - 2014-09-20 18:37 - 00000000 ____H () E:\WINDOWS\system32\config\software.tmp.LOG
2014-09-20 18:37 - 2014-09-20 18:37 - 00000000 ____H () E:\WINDOWS\system32\config\SAM.tmp.LOG
2014-09-20 18:37 - 2014-09-20 18:37 - 00000000 ____H () E:\WINDOWS\system32\config\default.tmp.LOG
2014-09-20 18:37 - 2012-05-15 21:26 - 00262144 _____ () E:\WINDOWS\system32\config\SECURITY.bak
2014-09-20 18:37 - 2012-05-15 21:26 - 00262144 _____ () E:\WINDOWS\system32\config\SAM.bak
2014-09-20 18:37 - 2012-05-15 21:25 - 20185088 _____ () E:\WINDOWS\system32\config\software.bak
2014-09-20 18:37 - 2012-05-15 21:25 - 04980736 _____ () E:\WINDOWS\system32\config\system.bak
2014-09-20 18:37 - 2012-05-15 21:25 - 00524288 _____ () E:\WINDOWS\system32\config\default.bak
2014-09-20 18:37 - 2012-05-15 14:05 - 00000178 ___SH () E:\Documents and Settings\lavonne\ntuser.ini
2014-09-20 18:36 - 2014-09-20 09:14 - 00000000 ____D () E:\WINDOWS\erdnt
2014-09-20 18:30 - 2012-05-15 14:04 - 00032526 _____ () E:\WINDOWS\SchedLgU.Txt
2014-09-20 17:06 - 2014-03-29 08:55 - 00000426 ____H () E:\WINDOWS\Tasks\User_Feed_Synchronization-{60A9699E-D563-4A84-B463-336407475A7C}.job
2014-09-20 17:02 - 2012-05-15 21:26 - 00701826 _____ () E:\WINDOWS\setupapi.log
2014-09-20 17:02 - 2012-05-15 21:26 - 00172735 _____ () E:\WINDOWS\setupact.log
2014-09-20 09:26 - 2012-05-15 14:05 - 00000000 ____D () E:\Documents and Settings\lavonne
2014-09-20 09:04 - 2014-09-20 09:01 - 05578824 ____R (Swearware) E:\Documents and Settings\lavonne\Desktop\ComboFix.exe
2014-09-20 08:12 - 2014-09-20 08:12 - 00000000 ____D () E:\TDSSKiller_Quarantine
2014-09-20 08:03 - 2014-09-20 08:03 - 00001374 _____ () E:\Documents and Settings\lavonne\Desktop\tdss.txt
2014-09-19 21:12 - 2014-09-19 21:12 - 00071968 _____ () E:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-09-19 18:07 - 2014-09-19 17:38 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-09-19 18:07 - 2014-09-19 17:36 - 00000000 ____D () E:\Documents and Settings\lavonne\Desktop\mbar
2014-09-19 17:37 - 2014-09-19 11:54 - 00113880 _____ (Malwarebytes Corporation) E:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 17:36 - 2014-09-19 11:53 - 00054232 _____ (Malwarebytes Corporation) E:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-19 16:43 - 2014-09-19 16:32 - 00000000 ____D () E:\AdwCleaner
2014-09-19 15:24 - 2012-05-15 22:58 - 00000000 ____D () E:\Documents and Settings\guy\Local Settings\Temp
2014-09-19 15:17 - 2012-05-15 22:58 - 00000178 ___SH () E:\Documents and Settings\guy\ntuser.ini
2014-09-19 11:53 - 2014-09-19 11:53 - 00000000 ____D () E:\Program Files\Malwarebytes Anti-Malware
2014-09-19 11:53 - 2014-09-19 11:53 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-19 11:53 - 2012-05-15 15:15 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-09-19 11:50 - 2014-09-19 11:50 - 00000000 ____D () E:\Documents and Settings\guy\Application Data\Malwarebytes
2014-09-18 16:41 - 2012-05-15 14:31 - 00000000 ____D () E:\Program Files\Mozilla Maintenance Service
2014-09-18 13:59 - 2014-09-18 13:57 - 00000000 ____D () E:\Program Files\Mozilla Firefox
2014-09-15 16:49 - 2014-09-19 11:19 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin20146.xls
2014-09-15 16:49 - 2014-09-15 16:33 - 00257536 _____ () E:\Documents and Settings\lavonne\My Documents\tracigoodwin20146.xls
2014-09-15 16:31 - 2014-09-19 11:19 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\codyevans5.xls
2014-09-15 16:31 - 2014-09-15 16:31 - 00252416 _____ () E:\Documents and Settings\lavonne\My Documents\codyevans5.xls
2014-09-14 14:35 - 2014-03-09 10:00 - 00000212 _____ () E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-09-13 18:17 - 2003-03-31 05:00 - 00013646 _____ () E:\WINDOWS\system32\wpa.dbl
2014-09-13 16:12 - 2014-09-19 11:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoedinvoice3.xls
2014-09-13 16:12 - 2014-09-13 15:51 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\todoedinvoice3.xls
2014-09-10 10:46 - 2012-10-27 17:48 - 00701104 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-10 10:46 - 2012-10-27 17:48 - 00071344 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-10 10:45 - 2014-07-08 23:45 - 17903792 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-09-10 03:05 - 2013-08-15 03:03 - 00000000 ____D () E:\WINDOWS\system32\MRT
2014-09-10 03:01 - 2012-05-15 15:24 - 98758480 _____ (Microsoft Corporation) E:\WINDOWS\system32\MRT.exe
2014-09-06 20:07 - 2014-09-19 11:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoedinvoice2.xls
2014-09-06 20:07 - 2014-09-06 20:03 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\todoedinvoice2.xls
2014-08-30 14:37 - 2014-09-19 11:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoedinvoice.xls
2014-08-30 14:36 - 2014-08-30 14:32 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\todoedinvoice.xls
2014-08-27 07:21 - 2014-09-19 11:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\petersoninvoice14.xls
2014-08-27 07:20 - 2014-08-27 05:51 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\petersoninvoice14.xls
2014-08-21 23:32 - 2012-05-15 15:43 - 00000376 _____ () E:\WINDOWS\ODBC.INI

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

E:\WINDOWS\explorer.exe => File is digitally signed
E:\WINDOWS\system32\winlogon.exe => File is digitally signed
E:\WINDOWS\system32\svchost.exe => File is digitally signed
E:\WINDOWS\system32\services.exe => File is digitally signed
E:\WINDOWS\system32\User32.dll => File is digitally signed
E:\WINDOWS\system32\userinit.exe => File is digitally signed
E:\WINDOWS\system32\rpcss.dll => File is digitally signed
E:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Link to post
Share on other sites

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by lavonne at 2014-09-20 19:02:47
Running from E:\Documents and Settings\lavonne\My Documents\downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Eudora (HKLM\...\{FA2FADB1-909D-415D-9726-C9F536AEF132}) (Version: 7.0 - )
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version:  - )
HP LaserJet Professional M1210 MFP Series Fax Installer (HKLM\...\{FA3AFC80-05A5-45A6-BD6E-92641BF93129}) (Version: 1.1.0 - HP)
HP LaserJet Professional M1210 MFP Series Toolbox (HKLM\...\{33FA361C-6545-4490-945C-1B869370489D}) (Version: 1.0.12 - Hewlett-Packard)
HP LaserJet Toolbox (HKLM\...\{1FA6376A-3120-45DA-8686-96DEFC8A0513}) (Version: 2.0.0 - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5160 - Intel Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.201.0 - Tracker Software Products Ltd)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - Realtek Semiconductor Corp.)
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 1.0.1 - HP)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1148 - SUPERAntiSpyware.com)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

23-06-2014 08:58:01 Software Distribution Service 3.0
24-06-2014 08:59:11 Software Distribution Service 3.0
25-06-2014 09:03:58 System Checkpoint
26-06-2014 08:58:06 Software Distribution Service 3.0
27-06-2014 09:46:43 System Checkpoint
27-06-2014 14:55:42 Software Distribution Service 3.0
28-06-2014 14:55:33 Software Distribution Service 3.0
29-06-2014 09:01:10 Software Distribution Service 3.0
29-06-2014 14:57:28 Software Distribution Service 3.0
30-06-2014 14:57:42 Software Distribution Service 3.0
01-07-2014 14:54:56 Software Distribution Service 3.0
02-07-2014 14:56:45 Software Distribution Service 3.0
03-07-2014 14:55:26 Software Distribution Service 3.0
04-07-2014 14:55:09 Software Distribution Service 3.0
05-07-2014 14:55:21 Software Distribution Service 3.0
06-07-2014 09:00:39 Software Distribution Service 3.0
06-07-2014 14:55:14 Software Distribution Service 3.0
07-07-2014 14:55:13 Software Distribution Service 3.0
08-07-2014 14:55:38 Software Distribution Service 3.0
09-07-2014 10:00:35 Software Distribution Service 3.0
09-07-2014 14:58:39 Software Distribution Service 3.0
10-07-2014 14:55:12 Software Distribution Service 3.0
11-07-2014 14:54:48 Software Distribution Service 3.0
12-07-2014 14:54:53 Software Distribution Service 3.0
13-07-2014 09:00:23 Software Distribution Service 3.0
13-07-2014 14:55:23 Software Distribution Service 3.0
14-07-2014 14:53:41 Software Distribution Service 3.0
15-07-2014 14:54:59 Software Distribution Service 3.0
16-07-2014 14:54:57 Software Distribution Service 3.0
17-07-2014 14:54:59 Software Distribution Service 3.0
18-07-2014 14:54:55 Software Distribution Service 3.0
19-07-2014 14:55:03 Software Distribution Service 3.0
20-07-2014 08:59:47 Software Distribution Service 3.0
20-07-2014 14:54:49 Software Distribution Service 3.0
21-07-2014 14:54:54 Software Distribution Service 3.0
22-07-2014 14:55:07 Software Distribution Service 3.0
23-07-2014 14:54:59 Software Distribution Service 3.0
24-07-2014 15:14:16 System Checkpoint
25-07-2014 14:32:42 Software Distribution Service 3.0
26-07-2014 14:32:37 Software Distribution Service 3.0
27-07-2014 08:58:09 Software Distribution Service 3.0
28-07-2014 09:32:17 System Checkpoint
28-07-2014 14:33:21 Software Distribution Service 3.0
29-07-2014 14:31:26 Software Distribution Service 3.0
30-07-2014 14:33:47 Software Distribution Service 3.0
31-07-2014 14:32:29 Software Distribution Service 3.0
01-08-2014 14:32:29 Software Distribution Service 3.0
02-08-2014 14:32:27 Software Distribution Service 3.0
03-08-2014 08:58:28 Software Distribution Service 3.0
03-08-2014 14:32:28 Software Distribution Service 3.0
04-08-2014 14:32:37 Software Distribution Service 3.0
05-08-2014 14:32:34 Software Distribution Service 3.0
06-08-2014 14:32:40 Software Distribution Service 3.0
07-08-2014 14:32:41 Software Distribution Service 3.0
08-08-2014 14:32:41 Software Distribution Service 3.0
09-08-2014 14:32:42 Software Distribution Service 3.0
10-08-2014 08:57:56 Software Distribution Service 3.0
10-08-2014 14:35:49 Software Distribution Service 3.0
11-08-2014 14:32:50 Software Distribution Service 3.0
12-08-2014 14:32:29 Software Distribution Service 3.0
13-08-2014 16:02:01 Software Distribution Service 3.0
14-08-2014 16:07:08 System Checkpoint
15-08-2014 15:05:53 Software Distribution Service 3.0
16-08-2014 10:00:24 Software Distribution Service 3.0
16-08-2014 15:06:14 Software Distribution Service 3.0
17-08-2014 08:58:27 Software Distribution Service 3.0
18-08-2014 05:18:18 Software Distribution Service 3.0
19-08-2014 05:16:31 Software Distribution Service 3.0
20-08-2014 05:15:33 Software Distribution Service 3.0
21-08-2014 05:15:31 Software Distribution Service 3.0
22-08-2014 05:15:38 Software Distribution Service 3.0
23-08-2014 05:16:05 Software Distribution Service 3.0
24-08-2014 05:15:55 Software Distribution Service 3.0
24-08-2014 08:57:44 Software Distribution Service 3.0
25-08-2014 05:15:36 Software Distribution Service 3.0
26-08-2014 05:21:33 Software Distribution Service 3.0
27-08-2014 05:16:00 Software Distribution Service 3.0
28-08-2014 05:16:52 Software Distribution Service 3.0
29-08-2014 05:16:09 Software Distribution Service 3.0
30-08-2014 05:16:01 Software Distribution Service 3.0
31-08-2014 05:16:09 Software Distribution Service 3.0
31-08-2014 08:56:46 Software Distribution Service 3.0
01-09-2014 09:18:07 System Checkpoint
01-09-2014 17:26:30 Software Distribution Service 3.0
02-09-2014 17:26:16 Software Distribution Service 3.0
03-09-2014 17:26:18 Software Distribution Service 3.0
04-09-2014 17:26:20 Software Distribution Service 3.0
05-09-2014 17:26:29 Software Distribution Service 3.0
06-09-2014 17:26:27 Software Distribution Service 3.0
07-09-2014 08:47:02 Software Distribution Service 3.0
07-09-2014 17:25:39 Software Distribution Service 3.0
08-09-2014 17:25:43 Software Distribution Service 3.0
09-09-2014 17:25:51 Software Distribution Service 3.0
10-09-2014 10:00:23 Software Distribution Service 3.0
10-09-2014 17:28:24 Software Distribution Service 3.0
11-09-2014 17:25:51 Software Distribution Service 3.0
12-09-2014 17:25:57 Software Distribution Service 3.0
13-09-2014 17:26:39 Software Distribution Service 3.0
14-09-2014 08:47:43 Software Distribution Service 3.0
14-09-2014 17:27:25 Software Distribution Service 3.0
15-09-2014 18:20:49 System Checkpoint
15-09-2014 21:32:25 Software Distribution Service 3.0
16-09-2014 21:29:29 Software Distribution Service 3.0
17-09-2014 21:30:16 Software Distribution Service 3.0
18-09-2014 21:30:20 Software Distribution Service 3.0
19-09-2014 22:05:22 System Checkpoint
19-09-2014 22:36:44 Software Distribution Service 3.0
20-09-2014 16:00:33 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2003-03-31 05:00 - 2014-09-20 18:41 - 00000027 ____A E:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: E:\WINDOWS\Tasks\Adobe Flash Player Updater.job => E:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => E:\WINDOWS\system32\xp_eos.exe
Task: E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => E:\WINDOWS\system32\xp_eos.exe
Task: E:\WINDOWS\Tasks\User_Feed_Synchronization-{60A9699E-D563-4A84-B463-336407475A7C}.job => E:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2012-05-15 16:57 - 2009-11-20 13:42 - 00163840 _____ () E:\WINDOWS\system32\HPM1210LM.DLL
2012-05-15 16:57 - 2009-11-20 13:42 - 00069632 _____ () E:\WINDOWS\System32\spool\PRTPROCS\W32X86\HPM1210PP.dll
2014-09-18 13:57 - 2014-09-18 13:58 - 03734640 _____ () E:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/19/2014 08:34:54 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (09/19/2014 08:34:54 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (09/19/2014 07:42:53 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (09/19/2014 07:42:53 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (09/19/2014 11:54:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam-setup.tmp, version 51.52.0.0, faulting module mbamsrv.dll, version 1.1.0.0, fault address 0x00048e54.
Processing media-specific event for [mbam-setup.tmp!ws!]

Error: (09/15/2014 04:05:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000673be.
Processing media-specific event for [explorer.exe!ws!]

Error: (09/10/2014 06:14:03 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.10904.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (09/07/2014 06:03:36 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.10904.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (09/01/2014 08:23:26 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.10904.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (08/31/2014 07:41:55 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.10904.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.


System errors:
=============
Error: (09/20/2014 06:49:58 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (09/20/2014 06:40:05 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (09/20/2014 06:31:30 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (09/20/2014 06:30:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (09/20/2014 06:30:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/20/2014 06:30:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/20/2014 06:30:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (09/20/2014 06:30:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP LaserJet Professional M1210 MFP Series Receive Fax Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/20/2014 06:30:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP SI Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (09/20/2014 05:11:57 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.


Microsoft Office Sessions:
=========================
Error: (09/19/2014 08:34:54 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (09/19/2014 08:34:54 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (09/19/2014 07:42:53 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (09/19/2014 07:42:53 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (09/19/2014 11:54:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam-setup.tmp51.52.0.0mbamsrv.dll1.1.0.000048e54

Error: (09/15/2014 04:05:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5512ntdll.dll5.1.2600.6055000673be

Error: (09/10/2014 06:14:03 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.10904.0mpengine0unspecifiedNILNILNIL

Error: (09/07/2014 06:03:36 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.10904.0mpengine0unspecifiedNILNILNIL

Error: (09/01/2014 08:23:26 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.10904.0mpengine0unspecifiedNILNILNIL

Error: (08/31/2014 07:41:55 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.10904.0mpengine0unspecifiedNILNILNIL


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 18%
Total physical RAM: 3293.17 MB
Available physical RAM: 2688.38 MB
Total Pagefile: 5177.59 MB
Available Pagefile: 4721.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1931.02 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:58.59 GB) (Free:58.52 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (Hard Drive) (Fixed) (Total:407.16 GB) (Free:389.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 3C263C26)
Partition 1: (Active) - (Size=58.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=407.2 GB) - (Type=OF Extended)

==================== End Of Log ============================

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:

    startcloseprocesses:HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse]  <==== ATTENTION!ProxyServer: :0R3 catchme; \??\E:\ComboFix\catchme.sys [X]S4 IntelIde; No ImagePathU3 TlntSvr; No ImagePathU3 mbr; \??\E:\DOCUME~1\lavonne\LOCALS~1\Temp\mbr.sys [X]EmptyTemp:end
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by lavonne at 2014-09-21 10:09:40 Run:1
Running from E:\Documents and Settings\lavonne\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
closeprocesses:
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse]  <==== ATTENTION!
ProxyServer: :0
R3 catchme; \??\E:\ComboFix\catchme.sys [X]
S4 IntelIde; No ImagePath
U3 TlntSvr; No ImagePath
U3 mbr; \??\E:\DOCUME~1\lavonne\LOCALS~1\Temp\mbr.sys [X]
EmptyTemp:
end
*****************

Processes closed successfully.
HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\\Default => Value was restored successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
catchme => Service deleted successfully.
IntelIde => Service deleted successfully.
TlntSvr => Service deleted successfully.
mbr => Service not found.
EmptyTemp: => Removed 846.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Link to post
Share on other sites

OK, what other issues remain?



FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

Link to post
Share on other sites