goode Posted September 20, 2014 ID:880984 Share Posted September 20, 2014 Hi, Somewhat recently noticed XP slowing down, sometimes displaying IE instances on the system tray (no text displayed on the tabs)(we use FF exclusively), when open they look like a wannabe disney or yahoo sites, sometimes accessing website pages is agonizingly slow, for ex. starting this thread took 15-20 mins. MSE reports cleared or quarantined or removed ROVNIX.W, PANGIMOP.V, Kryperade.a virus/exploit but they keep returning. Updated & ran MB. Here are the FRST logs: FRST,txtScan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014Ran by lavonne (administrator) on GUYHARDMAN on 19-09-2014 20:34:20Running from E:\Documents and Settings\lavonne\My Documents\downloadsPlatform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)Internet Explorer Version 8Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Microsoft Corporation) E:\Program Files\Microsoft Security Client\MsMpEng.exe(SUPERAntiSpyware.com) E:\Program Files\SUPERAntiSpyware\SASCORE.EXE(Marvell) E:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe(HP) E:\WINDOWS\system32\HPSIsvc.exe(Intel Corporation) E:\WINDOWS\system32\hkcmd.exe(Intel Corporation) E:\WINDOWS\system32\igfxpers.exe(Microsoft Corporation) E:\Program Files\Microsoft Security Client\msseces.exe(Realtek Semiconductor Corp.) E:\WINDOWS\RTHDCPL.EXE(Intel Corporation) E:\WINDOWS\system32\igfxsrvc.exe(SUPERAntiSpyware) E:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE(Microsoft Corporation) E:\Program Files\Messenger\msmsgs.exe(Mozilla Corporation) E:\Program Files\Mozilla Firefox\firefox.exe(Mozilla Corporation) E:\Program Files\Mozilla Firefox\plugin-container.exe(Microsoft Corporation) E:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) E:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) E:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) E:\Program Files\Internet Explorer\iexplore.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [MSC] => e:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)HKLM\...\Run: [RTHDCPL] => E:\WINDOWS\RTHDCPL.EXE [18750976 2009-10-06] (Realtek Semiconductor Corp.)HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!HKU\S-1-5-21-796845957-1580436667-839522115-1005\...\Run: [sUPERAntiSpyware] => E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6690072 2014-09-19] (SUPERAntiSpyware)HKU\S-1-5-21-796845957-1580436667-839522115-1005\...\Run: [MSMSGS] => E:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)HKU\S-1-5-21-796845957-1580436667-839522115-1005\...\Run: [ukiqxoinxaev] => "E:\Documents and Settings\lavonne\Application Data\Keromaib\qoumg.exe"Startup: E:\Documents and Settings\lavonne\Start Menu\Programs\Startup\Billminder.lnkShortcutTarget: Billminder.lnk -> E:\QUICKENW\BILLMIND.EXE (Intuit)AlternateShell:==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)ProxyServer: :0HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchToolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - E:\WINDOWS\System32\browseui.dll (Microsoft Corporation)Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - E:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)ShellExecuteHooks: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - E:\Program Files\Qualcomm\Eudora\EuShlExt.dll [86016 2005-08-09] (Qualcomm Inc.)Tcpip\Parameters: [DhcpNameServer] 209.221.136.4 209.221.136.9FireFox:========FF ProfilePath: E:\Documents and Settings\lavonne\Application Data\Mozilla\Firefox\Profiles\wlk5ki5n.defaultFF Plugin: @adobe.com/FlashPlayer -> E:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> E:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)FF Plugin: @microsoft.com/WPF,version=3.5 -> e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> E:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> E:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)FF Plugin ProgramFiles/Appdata: E:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: E:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)FF Extension: No Name - E:\Documents and Settings\lavonne\Application Data\Mozilla\Firefox\Profiles\wlk5ki5n.default\Extensions\staged [2014-09-19]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-05-20]Chrome:================================= Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 !SASCORE; E:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-12] (SUPERAntiSpyware.com)R2 HPM1210RcvFaxSrvc; E:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [245760 2009-11-20] (Marvell) [File not signed]R2 MsMpSvc; e:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)S3 Ambfilt; E:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)S3 Monfilt; E:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)R0 MpFilter; E:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)R1 SASDIFSV; E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S1 asoufuqa; \??\E:\WINDOWS\system32\drivers\asoufuqa.sys [X]S1 basfwynk; \??\E:\WINDOWS\system32\drivers\basfwynk.sys [X]S1 bmrtexpn; \??\E:\WINDOWS\system32\drivers\bmrtexpn.sys [X]S1 fqjjbabe; \??\E:\WINDOWS\system32\drivers\fqjjbabe.sys [X]S1 fumhmkzp; \??\E:\WINDOWS\system32\drivers\fumhmkzp.sys [X]S1 gthyleim; \??\E:\WINDOWS\system32\drivers\gthyleim.sys [X]S1 gyevzyhq; \??\E:\WINDOWS\system32\drivers\gyevzyhq.sys [X]S4 IntelIde; No ImagePathS1 mqmddadt; \??\E:\WINDOWS\system32\drivers\mqmddadt.sys [X]S1 navlzhjt; \??\E:\WINDOWS\system32\drivers\navlzhjt.sys [X]S1 qnmcfouq; \??\E:\WINDOWS\system32\drivers\qnmcfouq.sys [X]U5 ScsiPort; E:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)S1 vspqmgan; \??\E:\WINDOWS\system32\drivers\vspqmgan.sys [X]S1 wjhfgmuv; \??\E:\WINDOWS\system32\drivers\wjhfgmuv.sys [X]S1 yhvfpdrs; \??\E:\WINDOWS\system32\drivers\yhvfpdrs.sys [X]S1 zpandemo; \??\E:\WINDOWS\system32\drivers\zpandemo.sys [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2014-09-19 20:33 - 2014-09-19 20:34 - 00000000 ____D () E:\FRST2014-09-19 19:18 - 2008-04-14 00:15 - 00010368 ____C (Microsoft Corporation) E:\WINDOWS\system32\dllcache\hidusb.sys2014-09-19 19:18 - 2008-04-14 00:15 - 00010368 _____ (Microsoft Corporation) E:\WINDOWS\system32\Drivers\hidusb.sys2014-09-19 19:18 - 2008-04-14 00:09 - 00014592 ____C (Microsoft Corporation) E:\WINDOWS\system32\dllcache\kbdhid.sys2014-09-19 19:18 - 2008-04-14 00:09 - 00014592 _____ (Microsoft Corporation) E:\WINDOWS\system32\Drivers\kbdhid.sys2014-09-19 19:18 - 2001-08-17 13:48 - 00012160 ____C (Microsoft Corporation) E:\WINDOWS\system32\dllcache\mouhid.sys2014-09-19 19:18 - 2001-08-17 13:48 - 00012160 _____ (Microsoft Corporation) E:\WINDOWS\system32\Drivers\mouhid.sys2014-09-19 17:38 - 2014-09-19 18:07 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)2014-09-19 17:36 - 2014-09-19 18:07 - 00000000 ____D () E:\Documents and Settings\lavonne\Desktop\mbar2014-09-19 16:32 - 2014-09-19 16:43 - 00000000 ____D () E:\AdwCleaner2014-09-19 11:54 - 2014-09-19 17:37 - 00113880 _____ (Malwarebytes Corporation) E:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-09-19 11:53 - 2014-09-19 17:36 - 00054232 _____ (Malwarebytes Corporation) E:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-09-19 11:53 - 2014-09-19 11:53 - 00000000 ____D () E:\Program Files\Malwarebytes Anti-Malware2014-09-19 11:53 - 2014-09-19 11:53 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware2014-09-19 11:50 - 2014-09-19 11:50 - 00000000 ____D () E:\Documents and Settings\guy\Application Data\Malwarebytes2014-09-19 11:19 - 2014-09-15 16:49 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin20146.xls2014-09-19 11:19 - 2014-09-15 16:31 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\codyevans5.xls2014-09-19 11:19 - 2014-09-13 16:12 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoedinvoice3.xls2014-09-19 11:19 - 2014-09-06 20:07 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoedinvoice2.xls2014-09-19 11:19 - 2014-08-30 14:37 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoedinvoice.xls2014-09-19 11:19 - 2014-08-27 07:21 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\petersoninvoice14.xls2014-09-19 11:19 - 2014-08-13 09:32 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\codyevans4.xls2014-09-19 11:19 - 2014-08-13 09:21 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\vin grou invoice14.xls2014-09-19 11:19 - 2014-08-13 09:12 - 00266240 _____ () E:\Documents and Settings\guy\My Documents\martininvoice.xls2014-09-19 11:19 - 2014-08-04 05:42 - 00265728 _____ () E:\Documents and Settings\guy\My Documents\martin.xls2014-09-19 11:19 - 2014-08-02 19:22 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice201414.xls2014-09-19 11:19 - 2014-07-26 18:33 - 00256512 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice201413.xls2014-09-19 11:19 - 2014-07-18 22:10 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice201412.xls2014-09-19 11:19 - 2014-07-13 09:34 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice201411.xls2014-09-19 11:19 - 2014-07-08 18:38 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\schroederinvoice2.xls2014-09-19 11:19 - 2014-07-05 09:08 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\huneryager.xls2014-09-19 11:19 - 2014-07-05 08:42 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice201410.xls2014-09-19 11:19 - 2014-07-05 08:30 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\lodmill3invoice.xls2014-09-19 11:19 - 2014-06-29 08:55 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\codyevans3.xls2014-09-19 11:19 - 2014-06-28 02:48 - 00266752 _____ () E:\Documents and Settings\guy\My Documents\Kohninvoice.xls2014-09-19 11:19 - 2014-06-22 14:52 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\doctorbob.xls2014-09-19 11:19 - 2014-06-22 14:31 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\codyevans2.xls2014-09-19 11:19 - 2014-06-21 15:44 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20149.xls2014-09-19 11:19 - 2014-06-14 21:39 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\schroederinvoice.xls2014-09-19 11:19 - 2014-06-14 21:28 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\codyevans.xls2014-09-19 11:19 - 2014-06-14 21:12 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\lindanancyinvoice2014.xls2014-09-19 11:19 - 2014-06-14 21:01 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20148.xls2014-09-19 11:19 - 2014-06-07 18:30 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20147.xls2014-09-19 11:19 - 2014-06-05 07:34 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\lodmill2invoice.xls2014-09-19 11:19 - 2014-05-31 09:14 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20146.xls2014-09-19 11:19 - 2014-05-30 07:53 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\kentrhodesinvoice2.xls2014-09-19 11:19 - 2014-05-26 21:02 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20145.xls2014-09-19 11:19 - 2014-05-17 11:22 - 00256512 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20144.xls2014-09-19 11:19 - 2014-05-10 17:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20143.xls2014-09-19 11:19 - 2014-05-03 14:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20142.xls2014-09-19 11:19 - 2014-05-03 14:18 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice2014.xls2014-09-19 11:19 - 2014-05-03 14:13 - 00256000 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice2014-2.xls2014-09-19 11:19 - 2014-04-24 07:20 - 00258048 _____ () E:\Documents and Settings\guy\My Documents\kentrhodesinvoice1.xls2014-09-19 11:19 - 2014-04-18 08:58 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\lodmillinvoice.xls2014-09-19 11:19 - 2014-04-15 18:27 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\behrmaninvoice2014.xls2014-09-19 11:19 - 2014-03-27 07:58 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\petersoninvoice.xls2014-09-19 11:19 - 2014-03-25 06:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\thamerinvoice.xls2014-09-19 11:19 - 2014-03-16 16:18 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin20145.xls2014-09-19 11:19 - 2014-02-22 10:34 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin20144.xls2014-09-19 11:19 - 2014-02-22 09:49 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice2014.xls2014-09-19 11:19 - 2014-02-06 09:23 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwinfloorrepair2014.xls2014-09-19 11:19 - 2014-02-04 20:44 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\curtcarlson.xls2014-09-19 11:19 - 2014-02-02 20:42 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice20132.xls2014-09-19 11:19 - 2014-02-02 14:26 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin20143.xls2014-09-19 11:19 - 2014-01-24 08:45 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin20142.xls2014-09-19 11:19 - 2014-01-24 08:24 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin2014.xls2014-09-19 11:19 - 2014-01-24 08:23 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\thamer.xls2014-09-19 11:19 - 2013-12-23 07:06 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin3.xls2014-09-19 11:19 - 2013-12-17 12:09 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin2.xls2014-09-19 11:19 - 2013-12-06 16:08 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin.xls2014-09-19 11:19 - 2013-12-04 16:15 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\johnbarry2.xls2014-09-19 11:19 - 2013-11-22 09:50 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\lindanancyinvoice2013.xls2014-09-19 11:19 - 2013-11-12 08:42 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\short2.xls2014-09-19 11:19 - 2013-11-12 08:14 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\short.xls2014-09-19 11:19 - 2013-10-25 14:03 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\lindanancyinvoice20133.xls2014-09-19 11:19 - 2013-10-16 08:37 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\johnbarry.xls2014-09-19 11:19 - 2013-10-14 17:17 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\johansoninvoice.xls2014-09-19 11:19 - 2013-10-14 09:27 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\lindanancyinvoice20132.xls2014-09-19 11:19 - 2013-10-03 10:21 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\cysewskiinvoice3.xls2014-09-19 11:19 - 2013-10-03 10:06 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\kellygoodwininvoice13#2.xls2014-09-19 11:19 - 2013-09-27 08:37 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\cysewskiinvoice2.xls2014-09-19 11:19 - 2013-09-18 07:50 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\cysewskiinvoice.xls2014-09-19 11:19 - 2013-09-12 07:05 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\clinganinvoice.xls2014-09-19 11:19 - 2013-09-12 06:59 - 00255488 _____ () E:\Documents and Settings\guy\My Documents\clinganinvoice2013.xls1.xls2014-09-19 11:19 - 2013-09-12 06:54 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\clothierinvoice2013.xls1.xls2014-09-19 11:19 - 2013-09-08 17:11 - 00256512 _____ () E:\Documents and Settings\guy\My Documents\eusticeinvoice.xls2014-09-19 11:19 - 2013-08-18 09:37 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\hawley2invoice.xls2014-09-19 11:19 - 2013-08-15 09:00 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\behrmandoorknobinvoice.xls2014-09-19 11:19 - 2013-08-15 08:42 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\kellygoodwininvoice13.xls2014-09-19 11:19 - 2013-08-09 12:12 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\welchhenleyinvoice4.xls2014-09-19 11:19 - 2013-08-07 08:38 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\stewartinvoice2013.xls2014-09-19 11:19 - 2013-07-26 08:02 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\welchhenleyinvoice3.xls2014-09-19 11:19 - 2013-07-26 07:56 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\walshhenleyinvoice3.xls2014-09-19 11:19 - 2013-07-10 18:58 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\walshhenleyinvoice2.xls2014-09-19 11:19 - 2013-07-10 18:23 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\walshhenleyinvoice.xls2014-09-19 11:19 - 2013-06-28 14:10 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\hawleyinvoice.xls2014-09-19 11:19 - 2013-06-28 13:24 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\walshhenleycontract.xls2014-09-19 11:19 - 2013-06-18 14:47 - 00240640 _____ () E:\Documents and Settings\guy\My Documents\armstronginvoice.xls2014-09-19 11:19 - 2013-06-12 07:49 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\glendaleinvoice.2013xls.xls2014-09-19 11:19 - 2013-05-28 20:00 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\fultonmats.3xls.xls2014-09-19 11:19 - 2013-05-28 19:49 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice.xls3.xls2014-09-19 11:19 - 2013-05-21 08:51 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\behrmaninvoice9.xls2014-09-19 11:19 - 2013-05-21 08:49 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\berhman 9.xls2014-09-19 11:19 - 2013-05-21 08:39 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\behrmaninvoice3.xls2014-09-19 11:19 - 2013-05-21 08:39 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\behrmaninvoice2.xls2014-09-19 11:19 - 2013-05-07 18:16 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\geraldhoefer2013.xls2014-09-19 11:19 - 2013-04-21 11:38 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\behrmanmaterials.xls2014-09-19 11:19 - 2013-04-21 11:37 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\dullabhmats.xls2014-09-19 11:19 - 2013-04-21 11:12 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\behrmaninvoice.xls2014-09-19 11:19 - 2013-04-03 08:30 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\vinagroup2013.xls2014-09-19 11:19 - 2013-04-03 08:00 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\vin grou invoice13.xls2014-09-19 11:19 - 2013-03-22 07:27 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\oyabeinvoice.xls2014-09-19 11:19 - 2013-03-08 15:19 - 00240640 _____ () E:\Documents and Settings\guy\My Documents\olyinvoice.xls2014-09-19 11:19 - 2013-03-01 19:01 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\torresinvoice.xls2013.xls2014-09-19 11:19 - 2013-03-01 19:00 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\torresinvoice.xls2011.xls2014-09-19 11:19 - 2013-02-28 06:47 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\hernandezinvoice.xls2014-09-19 11:19 - 2013-02-08 10:06 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\kelligoodwininvoice2.xls2014-09-19 11:19 - 2013-02-03 22:00 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\torresmats2013.xls2014-09-19 11:19 - 2013-01-12 15:58 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\kellygoodwininvoice.xls2014-09-19 11:19 - 2012-11-30 12:50 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\vinagroupinv.xls2014-09-19 11:19 - 2012-11-30 12:27 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\kitanoinv1012.xls2014-09-19 11:19 - 2012-11-22 10:55 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\bradleyinvoice.xls2014-09-19 11:19 - 2012-11-22 10:35 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice2.xls2014-09-19 11:19 - 2012-11-20 12:56 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\collierinv2.xls2014-09-19 11:19 - 2012-11-20 12:47 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\paullmantelinv.xls2014-09-19 11:19 - 2012-11-20 12:28 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\libertyinvoice.xls2014-09-19 11:19 - 2012-11-09 11:45 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\paullshowerinv..xls2014-09-19 11:19 - 2012-11-09 10:59 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\fulton2inv..xls2014-09-19 11:19 - 2012-11-09 10:58 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\collierinvoice.xls2014-09-19 11:19 - 2012-11-09 10:57 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\fultoninv..xls2014-09-19 11:19 - 2012-11-09 10:56 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\collierinv..xls2014-09-19 11:19 - 2012-10-29 10:07 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\vina group invoice 21.xls2.xls3.xls2014-09-19 11:19 - 2012-10-27 19:04 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\geraldhoeferdentalinv..xls2014-09-19 11:19 - 2012-10-24 06:15 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\paulbeaconinvoicePaullinvoice.xls2014-09-19 11:19 - 2012-10-20 11:59 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\zionislandinv..xls2014-09-19 11:19 - 2012-09-10 13:26 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\ronjohnsoninvoice.xls2014-09-19 11:19 - 2012-09-05 09:47 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\hoeferginvoice.xls2014-09-19 11:19 - 2012-08-22 20:13 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\herman3.xls2014-09-19 11:19 - 2012-08-22 20:12 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\hermanllc.xls2014-09-19 11:19 - 2012-08-20 20:35 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice.xls2.xls2014-09-19 11:19 - 2012-08-20 20:12 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\cenciinvoice2.xls2014-09-19 11:19 - 2012-07-12 12:05 - 00256000 _____ () E:\Documents and Settings\guy\My Documents\besharainvoice.xls2014-09-19 11:19 - 2012-07-02 17:41 - 00265728 _____ () E:\Documents and Settings\guy\My Documents\Kohnmats.xls2014-09-19 11:19 - 2012-06-30 14:53 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\zioninvoice.xls2014-09-19 11:19 - 2012-06-20 09:53 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\hermaninvoice2.xls2014-09-19 11:19 - 2012-06-12 17:54 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\houstoninvoice.xls2014-09-19 11:19 - 2012-05-31 09:28 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\hoeferinvoice2.xls2014-09-19 11:19 - 2012-05-31 09:27 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\ryanmcquadeivoice.xls2014-09-19 11:19 - 2012-05-27 10:37 - 00256512 _____ () E:\Documents and Settings\guy\My Documents\cenciinvoice.xls2014-09-19 11:19 - 2012-05-26 11:06 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\haerman2.xls2014-09-19 11:19 - 2012-04-22 18:24 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\cristinewaldman.xls2014-09-19 11:19 - 2012-04-06 15:01 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\clothierinvoice2012.xls1.xls2014-09-19 11:19 - 2012-03-27 17:05 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\Harperinvoice.xls2014-09-19 11:19 - 2012-03-27 17:02 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\torresinvoice.xls2014-09-19 11:19 - 2012-03-21 08:37 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\tovarinvoice.xls2014-09-19 11:19 - 2012-02-29 11:58 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\DamborgDan.xls2014-09-19 11:19 - 2012-01-12 14:23 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\annemooreandmel2012.xls2014-09-19 11:19 - 2011-12-14 13:02 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\lawinvoice.xls2014-09-19 11:19 - 2011-12-14 12:50 - 00256000 _____ () E:\Documents and Settings\guy\My Documents\lawmats.xls2014-09-19 11:19 - 2011-12-14 12:40 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\glendale invoice 2.xls2014-09-19 11:19 - 2011-11-11 16:59 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\lydenmats.xls2014-09-19 11:19 - 2011-11-11 16:52 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\lydeninvoice.xls2014-09-19 11:19 - 2011-11-01 17:26 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\juanandhazelmaterials.xls2014-09-19 11:19 - 2011-11-01 17:23 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\juanandhazelinvoice.xls2014-09-19 11:19 - 2011-11-01 15:55 - 00256000 _____ () E:\Documents and Settings\guy\My Documents\clothierinvoice.xls2014-09-19 11:19 - 2011-10-21 15:05 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\Waltoninvoice.xls2014-09-19 11:19 - 2011-10-19 08:16 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\hermaninvoice.xls2014-09-19 11:19 - 2011-10-09 15:35 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\taylorinvoice.xls2014-09-19 11:19 - 2011-10-01 11:11 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\Randy and Robinnormany park.xls2014-09-19 11:19 - 2011-09-30 09:28 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\lindanancyinvoice.xls2014-09-19 11:19 - 2011-09-30 09:19 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\nancymats.xls2014-09-19 11:19 - 2011-09-14 18:16 - 00259584 _____ () E:\Documents and Settings\guy\My Documents\bennettmats.xls2014-09-19 11:19 - 2011-09-14 18:08 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\bennettinvoice.xls2014-09-19 11:19 - 2011-09-05 15:15 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\vina group invoice 21.xls2014-09-19 11:19 - 2011-07-31 10:27 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\lindanancycabinets.xls2014-09-19 11:19 - 2011-07-31 10:13 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\lindanancyinvoice.xlsdp.xls2014-09-19 11:19 - 2011-06-27 14:18 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\martyandlenayschneider.xls2014-09-19 11:19 - 2011-06-21 13:02 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\Randy and Robin2 2011.xls2.xls2014-09-19 11:19 - 2011-05-22 11:34 - 00261632 _____ () E:\Documents and Settings\guy\My Documents\nancyinvoice.xls2014-09-19 11:19 - 2011-05-22 11:10 - 00260096 _____ () E:\Documents and Settings\guy\My Documents\nancylinda.xls2014-09-19 11:19 - 2011-04-29 06:52 - 00261632 _____ () E:\Documents and Settings\guy\My Documents\lindanancy.xls2014-09-19 11:19 - 2011-04-14 08:31 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice3.xls2014-09-19 11:19 - 2011-04-02 10:23 - 00266240 _____ () E:\Documents and Settings\guy\My Documents\Randy and Robin2 2011.xls2014-09-19 11:19 - 2011-03-29 07:08 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\torresinvoice.xls2011.xls2.1.xls2014-09-19 11:19 - 2011-03-28 18:46 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\Hall.xls2014-09-19 11:19 - 2011-03-20 11:15 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\Bettyinvoice.xls2014-09-19 11:19 - 2011-02-18 19:15 - 00255488 _____ () E:\Documents and Settings\guy\My Documents\torresinvoice.xls2011.xls2.xls2014-09-19 11:19 - 2011-02-18 17:12 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\Randy and Robin 2011.xls2014-09-19 11:19 - 2011-02-08 19:11 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\glendaleinvoice.xls2011.xls2014-09-19 11:19 - 2011-01-28 18:48 - 00265728 _____ () E:\Documents and Settings\guy\My Documents\anne moore 2011 xls.xls2014-09-19 11:19 - 2011-01-28 18:43 - 00266240 _____ () E:\Documents and Settings\guy\My Documents\anne moore 2010.xls2.xls2014-09-19 11:19 - 2011-01-28 18:42 - 00265728 _____ () E:\Documents and Settings\guy\My Documents\anne moore 2010.xls2014-09-19 11:19 - 2011-01-01 11:00 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\Darren Williams.xls2014-09-19 11:19 - 2010-12-08 09:19 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\pittaway invoice.xls2014-09-19 11:19 - 2010-12-03 14:35 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\hartz.xls2014-09-19 11:19 - 2010-12-01 10:02 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\GCDInvoice.xls4.xls5.xls2014-09-19 11:19 - 2010-12-01 09:47 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\GCDInvoice.xls4.xls2014-09-19 11:19 - 2010-11-02 10:09 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\vinagroup.xls 1.xls2014-09-19 11:19 - 2010-11-02 10:09 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\vinagroup.xls2014-09-19 11:19 - 2010-11-02 10:08 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\vina group invoice 21.xls2.xls2014-09-19 11:19 - 2010-10-04 10:54 - 00266240 _____ () E:\Documents and Settings\guy\My Documents\GCDInvoice.xls3.xls1.xls2014-09-19 11:19 - 2010-10-04 10:44 - 00265728 _____ () E:\Documents and Settings\guy\My Documents\GCDInvoice.xls3.xls2014-09-19 11:19 - 2010-10-04 10:37 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\glendaleinvoice.xls2014-09-19 11:19 - 2010-10-04 10:27 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\fultonmats.xls2014-09-19 11:19 - 2010-10-04 10:21 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice.xls2014-09-19 11:19 - 2010-09-17 11:35 - 00265728 _____ () E:\Documents and Settings\guy\My Documents\GCDInvoice.xls2014-09-19 11:19 - 2010-07-28 04:23 - 00237056 _____ () E:\Documents and Settings\guy\My Documents\greghoefer.xls2014-09-19 11:19 - 2010-07-13 07:45 - 00253952 _____ () E:\Documents and Settings\guy\My Documents\Paullinvoice.xls2014-09-19 11:19 - 2010-07-13 07:26 - 00242176 _____ () E:\Documents and Settings\guy\My Documents\paullmats.xls2014-09-19 11:19 - 2010-06-13 04:11 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\clothierinvoice.xls1.xls2014-09-19 11:19 - 2010-06-08 07:36 - 00245760 _____ () E:\Documents and Settings\guy\My Documents\vinagroupmats.xls2014-09-19 11:19 - 2010-04-20 06:40 - 00237056 _____ () E:\Documents and Settings\guy\My Documents\glendalemats.xls 2.xls2014-09-19 11:19 - 2010-02-28 04:24 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\nelsonmaterials.xls2014-09-19 11:19 - 2010-02-28 04:07 - 00237056 _____ () E:\Documents and Settings\guy\My Documents\glendalemats.xls2014-09-19 11:19 - 2010-02-21 03:30 - 00243200 _____ () E:\Documents and Settings\guy\My Documents\nelsoninvoice.xls2014-09-19 11:19 - 2010-01-29 02:57 - 00241152 _____ () E:\Documents and Settings\guy\My Documents\torresmats.xls2014-09-19 11:19 - 2010-01-24 13:53 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\nelsonmats.xls2014-09-19 11:19 - 2010-01-24 13:13 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\apgarmats.xls2014-09-19 11:19 - 2009-12-28 13:48 - 00250368 _____ () E:\Documents and Settings\guy\My Documents\greghoefermats.xls2014-09-19 11:19 - 2009-11-06 00:49 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\hoefersubs.xls2014-09-19 11:19 - 2009-10-05 06:55 - 00242688 _____ () E:\Documents and Settings\guy\My Documents\hoeferinvoice.xls2014-09-19 11:19 - 2009-08-27 03:02 - 00281088 _____ () E:\Documents and Settings\guy\My Documents\Spencerinvoice.xls2014-09-19 11:19 - 2009-08-21 00:51 - 00261632 _____ () E:\Documents and Settings\guy\My Documents\rigosinvoice.xls2014-09-19 11:19 - 2009-07-13 06:23 - 00241152 _____ () E:\Documents and Settings\guy\My Documents\hoefermats.xls2014-09-19 11:19 - 2009-06-29 10:10 - 00237056 _____ () E:\Documents and Settings\guy\My Documents\ghoefermats.xls2014-09-19 11:19 - 2009-05-26 13:10 - 00242176 _____ () E:\Documents and Settings\guy\My Documents\krohinvoice.xls2014-09-19 11:19 - 2009-05-26 00:10 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\kohnmats.xls hours.xls2014-09-19 11:19 - 2009-04-07 12:30 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\shorettmats.xls2014-09-19 11:19 - 2009-04-07 11:57 - 00238080 _____ () E:\Documents and Settings\guy\My Documents\shorettinvooice.xls2014-09-19 11:19 - 2009-03-08 11:50 - 00261632 _____ () E:\Documents and Settings\guy\My Documents\nancy and linda.xls2014-09-19 11:19 - 2009-03-08 11:50 - 00247296 _____ () E:\Documents and Settings\guy\My Documents\schroeterinvoice.xls2014-09-19 11:19 - 2009-01-25 02:20 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\jenkinsonmats.xls2014-09-19 11:19 - 2009-01-25 02:04 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\beaneinvoice.xls2014-09-19 11:19 - 2008-12-14 03:47 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\eusticehours.xls2014-09-19 11:19 - 2008-12-14 03:43 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\eusticemats.xls2014-09-19 11:19 - 2008-11-23 04:12 - 00012762 _____ () E:\Documents and Settings\guy\My Documents\Shunning-A Part of the Faith of Jehovahs Witnesses.htm2014-09-19 11:19 - 2008-11-22 13:26 - 00177664 _____ () E:\Documents and Settings\guy\My Documents\CF 11.6.08 - 11.21.08.xls2014-09-19 11:19 - 2008-10-31 06:24 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\stewartinvoice.xls2014-09-19 11:19 - 2008-08-06 09:27 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\Harperhours.xls2014-09-19 11:19 - 2008-08-06 09:22 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\Harpermats.xls2014-09-19 11:19 - 2008-06-16 11:07 - 00242176 _____ () E:\Documents and Settings\guy\My Documents\wattshours.xls2014-09-19 11:19 - 2008-06-16 08:20 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\wattsmats.xls2014-09-19 11:19 - 2008-06-16 08:09 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\wattsinvoice.xls2014-09-19 11:19 - 2008-04-24 09:58 - 00238592 _____ () E:\Documents and Settings\guy\My Documents\dullabhinvoice.xls2014-09-19 11:19 - 2008-04-07 10:28 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\schroetermats.xls2014-09-19 11:19 - 2008-01-07 05:26 - 00238080 _____ () E:\Documents and Settings\guy\My Documents\clayinvoice.xls2014-09-19 11:19 - 2007-11-07 02:50 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\derryinvoice.xls2014-09-19 11:19 - 2007-11-02 07:12 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\Meyersinvoice.xls2014-09-19 11:19 - 2007-10-19 02:38 - 00242688 _____ () E:\Documents and Settings\guy\My Documents\wheatinvoice.xls2014-09-19 11:19 - 2007-09-07 01:11 - 00242176 _____ () E:\Documents and Settings\guy\My Documents\meyersmats.xls2014-09-19 11:19 - 2007-08-07 03:47 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\glendalehours.xls2014-09-19 11:19 - 2007-06-04 10:58 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\stewartmats.xls2014-09-19 11:19 - 2007-05-23 08:46 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\clinganmats.xls2014-09-19 11:19 - 2007-05-17 11:37 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\tblummats.xls2014-09-19 11:19 - 2007-05-17 11:36 - 00242688 _____ () E:\Documents and Settings\guy\My Documents\tbluminvoice.xls2014-09-19 11:19 - 2007-02-13 07:08 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\bloomenthalinvoice1.xls2014-09-19 11:19 - 2007-02-02 07:32 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\derrymats.xls2014-09-19 11:19 - 2007-01-18 03:23 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\piovesaninovoice.xls2014-09-19 11:19 - 2006-12-06 07:47 - 00242176 _____ () E:\Documents and Settings\guy\My Documents\olymats.xls2014-09-19 11:19 - 2006-10-14 03:47 - 00242176 _____ () E:\Documents and Settings\guy\My Documents\shorettinvoice.xls2014-09-19 11:19 - 2006-08-11 01:34 - 00238080 _____ () E:\Documents and Settings\guy\My Documents\apgarinvoice.xls2014-09-19 11:19 - 2006-07-27 03:43 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\helmmats.xls2014-09-19 11:19 - 2006-07-27 03:32 - 00242688 _____ () E:\Documents and Settings\guy\My Documents\helminvoice.xls2014-09-19 11:19 - 2006-07-19 04:08 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\Blumenthalmats.xls2014-09-19 11:19 - 2006-07-19 04:05 - 00238080 _____ () E:\Documents and Settings\guy\My Documents\blumenthallinvoice.xls2014-09-19 11:19 - 2006-03-07 04:17 - 00237056 _____ () E:\Documents and Settings\guy\My Documents\wintersmats.xls2014-09-19 11:19 - 2006-03-07 03:59 - 00242688 _____ () E:\Documents and Settings\guy\My Documents\wintersinvoice.xls2014-09-19 11:19 - 2005-10-23 02:49 - 00248320 _____ () E:\Documents and Settings\guy\My Documents\jenkinsoninvoice1.xls2014-09-19 11:19 - 2005-08-01 10:46 - 00242688 _____ () E:\Documents and Settings\guy\My Documents\remediesinvoice.xls2014-09-19 11:19 - 2005-05-02 05:52 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\Higginsmats.xls2014-09-19 11:19 - 2005-05-02 05:49 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\higginsinvoice.xls2014-09-19 11:19 - 2005-03-03 02:00 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\zionmats.xls2014-09-18 13:57 - 2014-09-18 13:59 - 00000000 ____D () E:\Program Files\Mozilla Firefox2014-09-15 16:33 - 2014-09-15 16:49 - 00257536 _____ () E:\Documents and Settings\lavonne\My Documents\tracigoodwin20146.xls2014-09-15 16:31 - 2014-09-15 16:31 - 00252416 _____ () E:\Documents and Settings\lavonne\My Documents\codyevans5.xls2014-09-13 15:51 - 2014-09-13 16:12 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\todoedinvoice3.xls2014-09-06 20:03 - 2014-09-06 20:07 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\todoedinvoice2.xls2014-08-30 14:32 - 2014-08-30 14:36 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\todoedinvoice.xls2014-08-27 05:51 - 2014-08-27 07:20 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\petersoninvoice14.xls==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2014-09-19 20:34 - 2014-09-19 20:33 - 00000000 ____D () E:\FRST2014-09-19 20:34 - 2012-05-15 14:05 - 00000000 ____D () E:\Documents and Settings\lavonne\Local Settings\Temp2014-09-19 19:45 - 2012-10-27 17:48 - 00000830 _____ () E:\WINDOWS\Tasks\Adobe Flash Player Updater.job2014-09-19 19:28 - 2014-03-28 03:10 - 00000384 ____H () E:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job2014-09-19 19:18 - 2014-03-09 10:00 - 00000218 _____ () E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job2014-09-19 19:18 - 2012-05-15 21:26 - 00693179 _____ () E:\WINDOWS\setupapi.log2014-09-19 19:18 - 2012-05-15 21:26 - 00172619 _____ () E:\WINDOWS\setupact.log2014-09-19 19:18 - 2012-05-15 14:38 - 01466237 _____ () E:\WINDOWS\WindowsUpdate.log2014-09-19 19:17 - 2012-05-15 13:57 - 00000006 ____H () E:\WINDOWS\Tasks\SA.DAT2014-09-19 18:09 - 2012-05-15 14:05 - 00000178 ___SH () E:\Documents and Settings\lavonne\ntuser.ini2014-09-19 18:09 - 2012-05-15 14:04 - 00032526 _____ () E:\WINDOWS\SchedLgU.Txt2014-09-19 18:07 - 2014-09-19 17:38 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)2014-09-19 18:07 - 2014-09-19 17:36 - 00000000 ____D () E:\Documents and Settings\lavonne\Desktop\mbar2014-09-19 17:41 - 2014-03-29 08:55 - 00000426 ____H () E:\WINDOWS\Tasks\User_Feed_Synchronization-{60A9699E-D563-4A84-B463-336407475A7C}.job2014-09-19 17:37 - 2014-09-19 11:54 - 00113880 _____ (Malwarebytes Corporation) E:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-09-19 17:36 - 2014-09-19 11:53 - 00054232 _____ (Malwarebytes Corporation) E:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-09-19 16:47 - 2012-05-15 15:11 - 00000000 ____D () E:\Program Files\SUPERAntiSpyware2014-09-19 16:43 - 2014-09-19 16:32 - 00000000 ____D () E:\AdwCleaner2014-09-19 15:34 - 2012-05-15 14:04 - 00000000 ____D () E:\Documents and Settings\NetworkService\Local Settings\Temp2014-09-19 15:24 - 2012-05-15 22:58 - 00000000 ____D () E:\Documents and Settings\guy\Local Settings\Temp2014-09-19 15:17 - 2012-05-15 22:58 - 00000178 ___SH () E:\Documents and Settings\guy\ntuser.ini2014-09-19 15:17 - 2012-05-15 14:05 - 00000000 ____D () E:\Documents and Settings\lavonne2014-09-19 11:53 - 2014-09-19 11:53 - 00000000 ____D () E:\Program Files\Malwarebytes Anti-Malware2014-09-19 11:53 - 2014-09-19 11:53 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware2014-09-19 11:53 - 2012-05-15 15:15 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\Malwarebytes2014-09-19 11:50 - 2014-09-19 11:50 - 00000000 ____D () E:\Documents and Settings\guy\Application Data\Malwarebytes2014-09-18 16:41 - 2012-05-15 14:31 - 00000000 ____D () E:\Program Files\Mozilla Maintenance Service2014-09-18 13:59 - 2014-09-18 13:57 - 00000000 ____D () E:\Program Files\Mozilla Firefox2014-09-15 16:49 - 2014-09-19 11:19 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin20146.xls2014-09-15 16:49 - 2014-09-15 16:33 - 00257536 _____ () E:\Documents and Settings\lavonne\My Documents\tracigoodwin20146.xls2014-09-15 16:31 - 2014-09-19 11:19 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\codyevans5.xls2014-09-15 16:31 - 2014-09-15 16:31 - 00252416 _____ () E:\Documents and Settings\lavonne\My Documents\codyevans5.xls2014-09-14 14:35 - 2014-03-09 10:00 - 00000212 _____ () E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job2014-09-13 18:17 - 2003-03-31 05:00 - 00013646 _____ () E:\WINDOWS\system32\wpa.dbl2014-09-13 16:12 - 2014-09-19 11:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoedinvoice3.xls2014-09-13 16:12 - 2014-09-13 15:51 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\todoedinvoice3.xls2014-09-10 10:46 - 2012-10-27 17:48 - 00701104 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerApp.exe2014-09-10 10:46 - 2012-10-27 17:48 - 00071344 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerCPLApp.cpl2014-09-10 10:45 - 2014-07-08 23:45 - 17903792 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerInstaller.exe2014-09-10 03:05 - 2013-08-15 03:03 - 00000000 ____D () E:\WINDOWS\system32\MRT2014-09-10 03:01 - 2012-05-15 15:24 - 98758480 _____ (Microsoft Corporation) E:\WINDOWS\system32\MRT.exe2014-09-06 20:07 - 2014-09-19 11:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoedinvoice2.xls2014-09-06 20:07 - 2014-09-06 20:03 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\todoedinvoice2.xls2014-08-30 14:37 - 2014-09-19 11:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoedinvoice.xls2014-08-30 14:36 - 2014-08-30 14:32 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\todoedinvoice.xls2014-08-27 07:21 - 2014-09-19 11:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\petersoninvoice14.xls2014-08-27 07:20 - 2014-08-27 05:51 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\petersoninvoice14.xls2014-08-21 23:32 - 2012-05-15 15:43 - 00000376 _____ () E:\WINDOWS\ODBC.INISome content of TEMP:====================E:\Documents and Settings\lavonne\Local Settings\Temp\AskSLib.dllE:\Documents and Settings\lavonne\Local Settings\Temp\Quarantine.exeE:\Documents and Settings\lavonne\Local Settings\Temp\siinst.exeE:\Documents and Settings\lavonne\Local Settings\Temp\strings.dllE:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8bb3478b.exe==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)E:\WINDOWS\explorer.exe => File is digitally signedE:\WINDOWS\system32\winlogon.exe => File is digitally signedE:\WINDOWS\system32\svchost.exe => File is digitally signedE:\WINDOWS\system32\services.exe => File is digitally signedE:\WINDOWS\system32\User32.dll => File is digitally signedE:\WINDOWS\system32\userinit.exe => File is digitally signedE:\WINDOWS\system32\rpcss.dll => File is digitally signedE:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed==================== End Of Log ============================ Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014Ran by lavonne at 2014-09-19 20:36:05Running from E:\Documents and Settings\lavonne\My Documents\downloadsBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)Eudora (HKLM\...\{FA2FADB1-909D-415D-9726-C9F536AEF132}) (Version: 7.0 - )HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version: - )HP LaserJet Professional M1210 MFP Series Fax Installer (HKLM\...\{FA3AFC80-05A5-45A6-BD6E-92641BF93129}) (Version: 1.1.0 - HP)HP LaserJet Professional M1210 MFP Series Toolbox (HKLM\...\{33FA361C-6545-4490-945C-1B869370489D}) (Version: 1.0.12 - Hewlett-Packard)HP LaserJet Toolbox (HKLM\...\{1FA6376A-3120-45DA-8686-96DEFC8A0513}) (Version: 2.0.0 - Hewlett-Packard)Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5160 - Intel Corporation)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) HiddenMicrosoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Mozilla Firefox 32.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.201.0 - Tracker Software Products Ltd)Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 1.0.1 - HP)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1148 - SUPERAntiSpyware.com)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) HiddenUpdate for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) HiddenWindows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)==================== Restore Points =========================22-06-2014 08:57:58 Software Distribution Service 3.023-06-2014 08:58:01 Software Distribution Service 3.024-06-2014 08:59:11 Software Distribution Service 3.025-06-2014 09:03:58 System Checkpoint26-06-2014 08:58:06 Software Distribution Service 3.027-06-2014 09:46:43 System Checkpoint27-06-2014 14:55:42 Software Distribution Service 3.028-06-2014 14:55:33 Software Distribution Service 3.029-06-2014 09:01:10 Software Distribution Service 3.029-06-2014 14:57:28 Software Distribution Service 3.030-06-2014 14:57:42 Software Distribution Service 3.001-07-2014 14:54:56 Software Distribution Service 3.002-07-2014 14:56:45 Software Distribution Service 3.003-07-2014 14:55:26 Software Distribution Service 3.004-07-2014 14:55:09 Software Distribution Service 3.005-07-2014 14:55:21 Software Distribution Service 3.006-07-2014 09:00:39 Software Distribution Service 3.006-07-2014 14:55:14 Software Distribution Service 3.007-07-2014 14:55:13 Software Distribution Service 3.008-07-2014 14:55:38 Software Distribution Service 3.009-07-2014 10:00:35 Software Distribution Service 3.009-07-2014 14:58:39 Software Distribution Service 3.010-07-2014 14:55:12 Software Distribution Service 3.011-07-2014 14:54:48 Software Distribution Service 3.012-07-2014 14:54:53 Software Distribution Service 3.013-07-2014 09:00:23 Software Distribution Service 3.013-07-2014 14:55:23 Software Distribution Service 3.014-07-2014 14:53:41 Software Distribution Service 3.015-07-2014 14:54:59 Software Distribution Service 3.016-07-2014 14:54:57 Software Distribution Service 3.017-07-2014 14:54:59 Software Distribution Service 3.018-07-2014 14:54:55 Software Distribution Service 3.019-07-2014 14:55:03 Software Distribution Service 3.020-07-2014 08:59:47 Software Distribution Service 3.020-07-2014 14:54:49 Software Distribution Service 3.021-07-2014 14:54:54 Software Distribution Service 3.022-07-2014 14:55:07 Software Distribution Service 3.023-07-2014 14:54:59 Software Distribution Service 3.024-07-2014 15:14:16 System Checkpoint25-07-2014 14:32:42 Software Distribution Service 3.026-07-2014 14:32:37 Software Distribution Service 3.027-07-2014 08:58:09 Software Distribution Service 3.028-07-2014 09:32:17 System Checkpoint28-07-2014 14:33:21 Software Distribution Service 3.029-07-2014 14:31:26 Software Distribution Service 3.030-07-2014 14:33:47 Software Distribution Service 3.031-07-2014 14:32:29 Software Distribution Service 3.001-08-2014 14:32:29 Software Distribution Service 3.002-08-2014 14:32:27 Software Distribution Service 3.003-08-2014 08:58:28 Software Distribution Service 3.003-08-2014 14:32:28 Software Distribution Service 3.004-08-2014 14:32:37 Software Distribution Service 3.005-08-2014 14:32:34 Software Distribution Service 3.006-08-2014 14:32:40 Software Distribution Service 3.007-08-2014 14:32:41 Software Distribution Service 3.008-08-2014 14:32:41 Software Distribution Service 3.009-08-2014 14:32:42 Software Distribution Service 3.010-08-2014 08:57:56 Software Distribution Service 3.010-08-2014 14:35:49 Software Distribution Service 3.011-08-2014 14:32:50 Software Distribution Service 3.012-08-2014 14:32:29 Software Distribution Service 3.013-08-2014 16:02:01 Software Distribution Service 3.014-08-2014 16:07:08 System Checkpoint15-08-2014 15:05:53 Software Distribution Service 3.016-08-2014 10:00:24 Software Distribution Service 3.016-08-2014 15:06:14 Software Distribution Service 3.017-08-2014 08:58:27 Software Distribution Service 3.018-08-2014 05:18:18 Software Distribution Service 3.019-08-2014 05:16:31 Software Distribution Service 3.020-08-2014 05:15:33 Software Distribution Service 3.021-08-2014 05:15:31 Software Distribution Service 3.022-08-2014 05:15:38 Software Distribution Service 3.023-08-2014 05:16:05 Software Distribution Service 3.024-08-2014 05:15:55 Software Distribution Service 3.024-08-2014 08:57:44 Software Distribution Service 3.025-08-2014 05:15:36 Software Distribution Service 3.026-08-2014 05:21:33 Software Distribution Service 3.027-08-2014 05:16:00 Software Distribution Service 3.028-08-2014 05:16:52 Software Distribution Service 3.029-08-2014 05:16:09 Software Distribution Service 3.030-08-2014 05:16:01 Software Distribution Service 3.031-08-2014 05:16:09 Software Distribution Service 3.031-08-2014 08:56:46 Software Distribution Service 3.001-09-2014 09:18:07 System Checkpoint01-09-2014 17:26:30 Software Distribution Service 3.002-09-2014 17:26:16 Software Distribution Service 3.003-09-2014 17:26:18 Software Distribution Service 3.004-09-2014 17:26:20 Software Distribution Service 3.005-09-2014 17:26:29 Software Distribution Service 3.006-09-2014 17:26:27 Software Distribution Service 3.007-09-2014 08:47:02 Software Distribution Service 3.007-09-2014 17:25:39 Software Distribution Service 3.008-09-2014 17:25:43 Software Distribution Service 3.009-09-2014 17:25:51 Software Distribution Service 3.010-09-2014 10:00:23 Software Distribution Service 3.010-09-2014 17:28:24 Software Distribution Service 3.011-09-2014 17:25:51 Software Distribution Service 3.012-09-2014 17:25:57 Software Distribution Service 3.013-09-2014 17:26:39 Software Distribution Service 3.014-09-2014 08:47:43 Software Distribution Service 3.014-09-2014 17:27:25 Software Distribution Service 3.015-09-2014 18:20:49 System Checkpoint15-09-2014 21:32:25 Software Distribution Service 3.016-09-2014 21:29:29 Software Distribution Service 3.017-09-2014 21:30:16 Software Distribution Service 3.018-09-2014 21:30:20 Software Distribution Service 3.019-09-2014 22:05:22 System Checkpoint19-09-2014 22:36:44 Software Distribution Service 3.0==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2003-03-31 05:00 - 2003-03-31 05:00 - 00000734 ____A E:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 localhost==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: E:\WINDOWS\Tasks\Adobe Flash Player Updater.job => E:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: E:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => e:\Program Files\Microsoft Security Client\MpCmdRun.exeTask: E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => E:\WINDOWS\system32\xp_eos.exeTask: E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => E:\WINDOWS\system32\xp_eos.exeTask: E:\WINDOWS\Tasks\User_Feed_Synchronization-{60A9699E-D563-4A84-B463-336407475A7C}.job => E:\WINDOWS\system32\msfeedssync.exe==================== Loaded Modules (whitelisted) =============2012-05-15 16:57 - 2009-11-20 13:42 - 00163840 _____ () E:\WINDOWS\system32\HPM1210LM.DLL2012-05-15 16:57 - 2009-11-20 13:42 - 00069632 _____ () E:\WINDOWS\System32\spool\PRTPROCS\W32X86\HPM1210PP.dll2014-09-18 13:57 - 2014-09-18 13:58 - 03734640 _____ () E:\Program Files\Mozilla Firefox\mozjs.dll2014-09-10 10:46 - 2014-09-10 10:46 - 16825520 _____ () E:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""==================== EXE Association (whitelisted) =============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== MSCONFIG/TASK MANAGER disabled items =========(Currently there is no automatic fix for this section.)==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (09/19/2014 08:34:54 PM) (Source: crypt32) (EventID: 8) (User: )Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error: (09/19/2014 08:34:54 PM) (Source: crypt32) (EventID: 8) (User: )Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error: (09/19/2014 07:42:53 PM) (Source: crypt32) (EventID: 8) (User: )Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error: (09/19/2014 07:42:53 PM) (Source: crypt32) (EventID: 8) (User: )Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error: (09/19/2014 11:54:11 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application mbam-setup.tmp, version 51.52.0.0, faulting module mbamsrv.dll, version 1.1.0.0, fault address 0x00048e54.Processing media-specific event for [mbam-setup.tmp!ws!]Error: (09/15/2014 04:05:36 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000673be.Processing media-specific event for [explorer.exe!ws!]Error: (09/10/2014 06:14:03 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.10904.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.Error: (09/07/2014 06:03:36 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.10904.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.Error: (09/01/2014 08:23:26 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.10904.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.Error: (08/31/2014 07:41:55 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.10904.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.System errors:=============Error: (09/19/2014 08:14:41 PM) (Source: 0) (EventID: 9) (User: )Description: \Device\Ide\IdePort3Error: (09/19/2014 07:28:00 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.Error: (09/19/2014 07:19:33 PM) (Source: Dhcp) (EventID: 1002) (User: )Description: The IP address lease 10.0.0.2 for the Network Card with network address D02788AD876C has beendenied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).Error: (09/19/2014 07:18:24 PM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )Description: %Virus:DOS/Rovnix.W60 has encountered a critical error when taking action on malware or other potentially unwanted software.For more information please see the following:%Virus:DOS/Rovnix.W603 Name: Virus:DOS/Rovnix.W ID: 2147684242 Severity: %Virus:DOS/Rovnix.W600 Category: %Virus:DOS/Rovnix.W602 Path: 4.5.0216.02 Detection Origin: 4.5.0216.04 Detection Type: 4.5.0216.08 Detection Source: %Virus:DOS/Rovnix.W608 User: {8BE2F00A-FA36-4E3F-B045-148FB8978EE8}9 Process Name: %Virus:DOS/Rovnix.W609 Action: {8BE2F00A-FA36-4E3F-B045-148FB8978EE8}1 Action Status: {8BE2F00A-FA36-4E3F-B045-148FB8978EE8}8 Error Code: {8BE2F00A-FA36-4E3F-B045-148FB8978EE8}3 Error description: {8BE2F00A-FA36-4E3F-B045-148FB8978EE8}4 Signature Version: 2014-09-20T02:18:10.359Z1 Engine Version: 2014-09-20T02:18:10.359Z2Error: (09/19/2014 07:18:24 PM) (Source: 0) (EventID: 11) (User: )Description: \Device\Harddisk0\DError: (09/19/2014 07:18:23 PM) (Source: 0) (EventID: 11) (User: )Description: \Device\Harddisk0\DError: (09/19/2014 07:18:23 PM) (Source: 0) (EventID: 11) (User: )Description: \Device\Harddisk0\DError: (09/19/2014 07:18:22 PM) (Source: 0) (EventID: 11) (User: )Description: \Device\Harddisk0\DError: (09/19/2014 07:18:22 PM) (Source: 0) (EventID: 11) (User: )Description: \Device\Harddisk0\DError: (09/19/2014 07:18:10 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.Microsoft Office Sessions:=========================Error: (09/19/2014 08:34:54 PM) (Source: crypt32) (EventID: 8) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist. Error: (09/19/2014 08:34:54 PM) (Source: crypt32) (EventID: 8) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired. Error: (09/19/2014 07:42:53 PM) (Source: crypt32) (EventID: 8) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist. Error: (09/19/2014 07:42:53 PM) (Source: crypt32) (EventID: 8) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired. Error: (09/19/2014 11:54:11 AM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam-setup.tmp51.52.0.0mbamsrv.dll1.1.0.000048e54Error: (09/15/2014 04:05:36 PM) (Source: Application Error) (EventID: 1000) (User: )Description: explorer.exe6.0.2900.5512ntdll.dll5.1.2600.6055000673beError: (09/10/2014 06:14:03 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.10904.0mpengine0unspecifiedNILNILNILError: (09/07/2014 06:03:36 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.10904.0mpengine0unspecifiedNILNILNILError: (09/01/2014 08:23:26 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.10904.0mpengine0unspecifiedNILNILNILError: (08/31/2014 07:41:55 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.10904.0mpengine0unspecifiedNILNILNIL==================== Memory info ===========================Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHzPercentage of memory in use: 36%Total physical RAM: 3293.07 MBAvailable physical RAM: 2105.98 MBTotal Pagefile: 5177.44 MBAvailable Pagefile: 4071.72 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1912.01 MB==================== Drives ================================Drive c: (System) (Fixed) (Total:58.59 GB) (Free:58.53 GB) NTFS ==>[Drive with boot components (Windows XP)]Drive e: (Hard Drive) (Fixed) (Total:407.16 GB) (Free:387.17 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 3C263C26)Partition 1: (Active) - (Size=58.6 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=407.2 GB) - (Type=OF Extended)==================== End Of Log ============================ Thank You! Link to post Share on other sites More sharing options...
Naathim Posted September 20, 2014 ID:881089 Share Posted September 20, 2014 My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat Before we start please note the following:Analysis and research take some time, also sometimes real life gets in the way, please be patient.Limit your internet access to posting here, some infections just wait to steal typed-in passwords.Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.Paste the logs in your posts, attachments make my work harder and more complicated.Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.Note that we may live in totally different time zones, what may cause some delays between answers.I can't foresee everything, so if anything unexpected happens, please stop and inform me!There are no silly questions. Never be afraid to ask if in doubt!Let's start and enjoy the fight! Rules and policiesWe won't support any piracy. That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!Failure to follow these guidelines will result with closing your topic and withdrawning any assistance. Scan with TDSSKillerPlease download TDSSKiller by Kaspersky and save it to your desktop.Right-click on icon and select Run as Administrator to start the tool.Click on Change parameters and put a checkmark beside Loaded modules. A reboot will be needed to apply the changes, allow it to do so.Your machine may appear very slow and unusable after that - it's normal.TDSSKiller will run automaticaly. Click on Change parameters and click OK.Make sure that Verify driver digital signatures & Detect TDLFS File System are marked and click OK.Click the Start Scan button and wait patiently.If anything will be found follow this guidelines:If a suspicious object is detected, the default action will be Skip, click on Continue.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.> Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.> If Cure is not available, please choose Skip instead.Do not choose Delete unless instructed!A report will be created in your root directory, (usually C:\ drive) in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt. Please include the contents of that file in your next post. Link to post Share on other sites More sharing options...
goode Posted September 20, 2014 Author ID:881164 Share Posted September 20, 2014 Thank you for helping Naathim.Sorry I ran TDSS twice. First time started before I realized had to Verify driver digital signatures & Detect TDLFS File System are marked, so I cancelled, marked them and ran again. The first log is below:08:10:08.0953 0x07b4 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:5808:10:10.0000 0x07b4 ============================================================08:10:10.0000 0x07b4 Current date / time: 2014/09/20 08:10:10.000008:10:10.0000 0x07b4 SystemInfo:08:10:10.0000 0x07b4 08:10:10.0000 0x07b4 OS Version: 5.1.2600 ServicePack: 3.008:10:10.0000 0x07b4 Product type: Workstation08:10:10.0796 0x07b4 ComputerName: GUYHARDMAN08:10:10.0796 0x07b4 UserName: lavonne08:10:10.0796 0x07b4 Windows directory: E:\WINDOWS08:10:10.0796 0x07b4 System windows directory: E:\WINDOWS08:10:10.0796 0x07b4 Processor architecture: Intel x8608:10:10.0796 0x07b4 Number of processors: 208:10:10.0796 0x07b4 Page size: 0x100008:10:10.0796 0x07b4 Boot type: Normal boot08:10:10.0796 0x07b4 ============================================================08:10:10.0796 0x07b4 BG loaded08:10:14.0296 0x07b4 System UUID: {F68E6038-3880-B109-2D86-F551B1DE875E}08:10:18.0796 0x07b4 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004408:10:18.0843 0x07b4 ============================================================08:10:18.0843 0x07b4 \Device\Harddisk0\DR0:08:10:18.0875 0x07b4 MBR partitions:08:10:18.0875 0x07b4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x753046208:10:18.0890 0x07b4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x75304E0, BlocksNum 0x32E508A008:10:18.0890 0x07b4 ============================================================08:10:19.0015 0x07b4 C: <-> \Device\Harddisk0\DR0\Partition108:10:19.0250 0x07b4 E: <-> \Device\Harddisk0\DR0\Partition208:10:19.0250 0x07b4 ============================================================08:10:19.0250 0x07b4 Initialize success08:10:19.0250 0x07b4 ============================================================08:10:40.0781 0x0a8c ============================================================08:10:40.0781 0x0a8c Scan started08:10:40.0781 0x0a8c Mode: Manual; 08:10:40.0781 0x0a8c ============================================================08:10:40.0781 0x0a8c KSN ping started08:11:07.0156 0x0a8c KSN ping finished: true08:11:07.0750 0x0a8c ================ Scan system memory ========================08:11:07.0765 0x0a8c System memory - ok08:11:07.0765 0x0a8c ================ Scan services =============================08:11:07.0843 0x0a8c [ 72D6D8E2D4F82C6E829125C7EC2A88F9, F357CFC3D04EB3F8E1A504D531D099698C6E2B29EB6CEDF75C08BF8917C46573 ] !SASCORE E:\Program Files\SUPERAntiSpyware\SASCORE.EXE08:11:07.0843 0x0a8c !SASCORE - ok08:11:08.0281 0x0a8c Abiosdsk - ok08:11:08.0296 0x0a8c abp480n5 - ok08:11:08.0375 0x0a8c [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI E:\WINDOWS\system32\DRIVERS\ACPI.sys08:11:08.0421 0x0a8c ACPI - ok08:11:08.0468 0x0a8c [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC E:\WINDOWS\system32\drivers\ACPIEC.sys08:11:08.0468 0x0a8c ACPIEC - ok08:11:08.0578 0x0a8c [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc E:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe08:11:08.0640 0x0a8c AdobeFlashPlayerUpdateSvc - ok08:11:08.0656 0x0a8c adpu160m - ok08:11:08.0734 0x0a8c [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec E:\WINDOWS\system32\drivers\aec.sys08:11:08.0734 0x0a8c aec - ok08:11:08.0812 0x0a8c [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD E:\WINDOWS\System32\drivers\afd.sys08:11:08.0812 0x0a8c AFD - ok08:11:08.0812 0x0a8c Aha154x - ok08:11:08.0812 0x0a8c aic78u2 - ok08:11:08.0828 0x0a8c aic78xx - ok08:11:08.0859 0x0a8c [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter E:\WINDOWS\system32\alrsvc.dll08:11:08.0875 0x0a8c Alerter - ok08:11:08.0906 0x0a8c [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG E:\WINDOWS\System32\alg.exe08:11:08.0906 0x0a8c ALG - ok08:11:08.0906 0x0a8c AliIde - ok08:11:09.0375 0x0a8c [ F6AF59D6EEE5E1C304F7F73706AD11D8, F5D39EF40CDB5102A84C8594CFC54DDBD5060E193E6D07421A9003D2ABC63E30 ] Ambfilt E:\WINDOWS\system32\drivers\Ambfilt.sys08:11:09.0828 0x0a8c Ambfilt - ok08:11:09.0843 0x0a8c amsint - ok08:11:09.0843 0x0a8c AppMgmt - ok08:11:09.0843 0x0a8c asc - ok08:11:09.0843 0x0a8c asc3350p - ok08:11:09.0859 0x0a8c asc3550 - ok08:11:09.0859 0x0a8c asoufuqa - ok08:11:09.0984 0x0a8c [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe08:11:10.0062 0x0a8c aspnet_state - ok08:11:10.0109 0x0a8c [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac E:\WINDOWS\system32\DRIVERS\asyncmac.sys08:11:10.0125 0x0a8c AsyncMac - ok08:11:10.0140 0x0a8c [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi E:\WINDOWS\system32\DRIVERS\atapi.sys08:11:10.0156 0x0a8c atapi - ok08:11:10.0156 0x0a8c Atdisk - ok08:11:10.0187 0x0a8c [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc E:\WINDOWS\system32\DRIVERS\atmarpc.sys08:11:10.0203 0x0a8c Atmarpc - ok08:11:10.0234 0x0a8c [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv E:\WINDOWS\System32\audiosrv.dll08:11:10.0234 0x0a8c AudioSrv - ok08:11:10.0281 0x0a8c [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub E:\WINDOWS\system32\DRIVERS\audstub.sys08:11:10.0281 0x0a8c audstub - ok08:11:10.0281 0x0a8c basfwynk - ok08:11:10.0312 0x0a8c [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep E:\WINDOWS\system32\drivers\Beep.sys08:11:10.0312 0x0a8c Beep - ok08:11:10.0437 0x0a8c [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS E:\WINDOWS\system32\qmgr.dll08:11:10.0578 0x0a8c BITS - ok08:11:10.0578 0x0a8c bmrtexpn - ok08:11:10.0625 0x0a8c [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser E:\WINDOWS\System32\browser.dll08:11:10.0625 0x0a8c Browser - ok08:11:10.0656 0x0a8c [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k E:\WINDOWS\system32\drivers\cbidf2k.sys08:11:10.0656 0x0a8c cbidf2k - ok08:11:10.0656 0x0a8c cd20xrnt - ok08:11:10.0687 0x0a8c [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio E:\WINDOWS\system32\drivers\Cdaudio.sys08:11:10.0687 0x0a8c Cdaudio - ok08:11:10.0703 0x0a8c [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs E:\WINDOWS\system32\drivers\Cdfs.sys08:11:10.0703 0x0a8c Cdfs - ok08:11:10.0734 0x0a8c [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom E:\WINDOWS\system32\DRIVERS\cdrom.sys08:11:10.0734 0x0a8c Cdrom - ok08:11:10.0734 0x0a8c Changer - ok08:11:10.0765 0x0a8c [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc E:\WINDOWS\system32\cisvc.exe08:11:10.0765 0x0a8c CiSvc - ok08:11:10.0796 0x0a8c [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv E:\WINDOWS\system32\clipsrv.exe08:11:10.0812 0x0a8c ClipSrv - ok08:11:10.0859 0x0a8c [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe08:11:10.0921 0x0a8c clr_optimization_v2.0.50727_32 - ok08:11:10.0921 0x0a8c CmdIde - ok08:11:10.0921 0x0a8c COMSysApp - ok08:11:10.0937 0x0a8c Cpqarray - ok08:11:10.0968 0x0a8c [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc E:\WINDOWS\System32\cryptsvc.dll08:11:10.0968 0x0a8c CryptSvc - ok08:11:10.0968 0x0a8c dac2w2k - ok08:11:10.0984 0x0a8c dac960nt - ok08:11:11.0125 0x0a8c [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch E:\WINDOWS\system32\rpcss.dll08:11:11.0125 0x0a8c DcomLaunch - ok08:11:11.0171 0x0a8c [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp E:\WINDOWS\System32\dhcpcsvc.dll08:11:11.0171 0x0a8c Dhcp - ok08:11:11.0187 0x0a8c [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk E:\WINDOWS\system32\DRIVERS\disk.sys08:11:11.0203 0x0a8c Disk - ok08:11:11.0203 0x0a8c dmadmin - ok08:11:11.0437 0x0a8c [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot E:\WINDOWS\system32\drivers\dmboot.sys08:11:11.0656 0x0a8c dmboot - ok08:11:11.0718 0x0a8c [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio E:\WINDOWS\system32\drivers\dmio.sys08:11:11.0750 0x0a8c dmio - ok08:11:11.0781 0x0a8c [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload E:\WINDOWS\system32\drivers\dmload.sys08:11:11.0781 0x0a8c dmload - ok08:11:11.0796 0x0a8c [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver E:\WINDOWS\System32\dmserver.dll08:11:11.0812 0x0a8c dmserver - ok08:11:11.0843 0x0a8c [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic E:\WINDOWS\system32\drivers\DMusic.sys08:11:11.0843 0x0a8c DMusic - ok08:11:11.0890 0x0a8c [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache E:\WINDOWS\System32\dnsrslvr.dll08:11:11.0906 0x0a8c Dnscache - ok08:11:11.0968 0x0a8c [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc E:\WINDOWS\System32\dot3svc.dll08:11:12.0000 0x0a8c Dot3svc - ok08:11:12.0015 0x0a8c dpti2o - ok08:11:12.0062 0x0a8c [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud E:\WINDOWS\system32\drivers\drmkaud.sys08:11:12.0062 0x0a8c drmkaud - ok08:11:12.0093 0x0a8c [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost E:\WINDOWS\System32\eapsvc.dll08:11:12.0109 0x0a8c EapHost - ok08:11:12.0125 0x0a8c [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc E:\WINDOWS\System32\ersvc.dll08:11:12.0125 0x0a8c ERSvc - ok08:11:12.0187 0x0a8c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog E:\WINDOWS\system32\services.exe08:11:12.0203 0x0a8c Eventlog - ok08:11:12.0296 0x0a8c [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem E:\WINDOWS\System32\es.dll08:11:12.0296 0x0a8c EventSystem - ok08:11:12.0359 0x0a8c [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat E:\WINDOWS\system32\drivers\Fastfat.sys08:11:12.0406 0x0a8c Fastfat - ok08:11:12.0468 0x0a8c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility E:\WINDOWS\System32\shsvcs.dll08:11:12.0468 0x0a8c FastUserSwitchingCompatibility - ok08:11:12.0500 0x0a8c [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc E:\WINDOWS\system32\DRIVERS\fdc.sys08:11:12.0500 0x0a8c Fdc - ok08:11:12.0515 0x0a8c [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips E:\WINDOWS\system32\drivers\Fips.sys08:11:12.0515 0x0a8c Fips - ok08:11:12.0531 0x0a8c [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk E:\WINDOWS\system32\DRIVERS\flpydisk.sys08:11:12.0531 0x0a8c Flpydisk - ok08:11:12.0593 0x0a8c [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr E:\WINDOWS\system32\drivers\fltmgr.sys08:11:12.0625 0x0a8c FltMgr - ok08:11:12.0671 0x0a8c [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 e:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe08:11:12.0687 0x0a8c FontCache3.0.0.0 - ok08:11:12.0703 0x0a8c fqjjbabe - ok08:11:12.0703 0x0a8c [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec E:\WINDOWS\system32\drivers\Fs_Rec.sys08:11:12.0703 0x0a8c Fs_Rec - ok08:11:12.0734 0x0a8c [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk E:\WINDOWS\system32\DRIVERS\ftdisk.sys08:11:12.0765 0x0a8c Ftdisk - ok08:11:12.0781 0x0a8c fumhmkzp - ok08:11:12.0796 0x0a8c [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc E:\WINDOWS\system32\DRIVERS\msgpc.sys08:11:12.0796 0x0a8c Gpc - ok08:11:12.0812 0x0a8c gthyleim - ok08:11:12.0812 0x0a8c gyevzyhq - ok08:11:12.0859 0x0a8c [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus E:\WINDOWS\system32\DRIVERS\HDAudBus.sys08:11:12.0859 0x0a8c HDAudBus - ok08:11:12.0921 0x0a8c [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc E:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll08:11:12.0921 0x0a8c helpsvc - ok08:11:12.0921 0x0a8c HidServ - ok08:11:12.0937 0x0a8c [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb E:\WINDOWS\system32\DRIVERS\hidusb.sys08:11:12.0937 0x0a8c HidUsb - ok08:11:12.0984 0x0a8c [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc E:\WINDOWS\System32\kmsvc.dll08:11:13.0000 0x0a8c hkmsvc - ok08:11:13.0109 0x0a8c [ 9442228D256CE6C874CFB5DC39A20540, E8059F7D3579EB6CCC4E637EE92D49B9C23FC9162A236B55B8F25D9A44B7EB9A ] HPM1210RcvFaxSrvc E:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe08:11:13.0125 0x0a8c HPM1210RcvFaxSrvc - ok08:11:13.0125 0x0a8c hpn - ok08:11:13.0156 0x0a8c [ 61BFFBF840EB7285F630B5B4F1CCBC08, 012D9BA08F04A52537939B698EB66106456FB218A7A5AAAB236BF8FC2BF0D9CE ] HPSIService E:\WINDOWS\system32\HPSIsvc.exe08:11:13.0156 0x0a8c HPSIService - ok08:11:13.0265 0x0a8c [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP E:\WINDOWS\system32\Drivers\HTTP.sys08:11:13.0265 0x0a8c HTTP - ok08:11:13.0281 0x0a8c [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter E:\WINDOWS\System32\w3ssl.dll08:11:13.0296 0x0a8c HTTPFilter - ok08:11:13.0296 0x0a8c i2omgmt - ok08:11:13.0296 0x0a8c i2omp - ok08:11:13.0343 0x0a8c [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt E:\WINDOWS\system32\DRIVERS\i8042prt.sys08:11:13.0343 0x0a8c i8042prt - ok08:11:15.0125 0x0a8c [ 96F0E87376BC8CCA259EAA7F3259F244, 7A5898CAD54F46C133F7BE4551B635364A50938361185454C92BCF82425E0F25 ] ialm E:\WINDOWS\system32\DRIVERS\igxpmp32.sys08:11:15.0218 0x0a8c ialm - ok08:11:15.0531 0x0a8c [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe08:11:15.0781 0x0a8c idsvc - ok08:11:15.0796 0x0a8c [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi E:\WINDOWS\system32\DRIVERS\imapi.sys08:11:15.0796 0x0a8c Imapi - ok08:11:15.0859 0x0a8c [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService E:\WINDOWS\System32\imapi.exe08:11:15.0859 0x0a8c ImapiService - ok08:11:15.0859 0x0a8c ini910u - ok08:11:17.0859 0x0a8c [ 691DDA8C43BD8E33A2567B694643C3F5, AAF39228AEA669AE2E3F489978E583404639E54B8618C0AE5D775BEDBB441A91 ] IntcAzAudAddService E:\WINDOWS\system32\drivers\RtkHDAud.sys08:11:17.0937 0x0a8c IntcAzAudAddService - ok08:11:17.0953 0x0a8c IntelIde - ok08:11:18.0000 0x0a8c [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm E:\WINDOWS\system32\DRIVERS\intelppm.sys08:11:18.0000 0x0a8c intelppm - ok08:11:18.0031 0x0a8c [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw E:\WINDOWS\system32\drivers\ip6fw.sys08:11:18.0031 0x0a8c ip6fw - ok08:11:18.0078 0x0a8c [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys08:11:18.0093 0x0a8c IpFilterDriver - ok08:11:18.0109 0x0a8c [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp E:\WINDOWS\system32\DRIVERS\ipinip.sys08:11:18.0109 0x0a8c IpInIp - ok08:11:18.0171 0x0a8c [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat E:\WINDOWS\system32\DRIVERS\ipnat.sys08:11:18.0171 0x0a8c IpNat - ok08:11:18.0203 0x0a8c [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec E:\WINDOWS\system32\DRIVERS\ipsec.sys08:11:18.0218 0x0a8c IPSec - ok08:11:18.0234 0x0a8c [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM E:\WINDOWS\system32\DRIVERS\irenum.sys08:11:18.0250 0x0a8c IRENUM - ok08:11:18.0312 0x0a8c [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp E:\WINDOWS\system32\DRIVERS\isapnp.sys08:11:18.0328 0x0a8c isapnp - ok08:11:18.0328 0x0a8c [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass E:\WINDOWS\system32\DRIVERS\kbdclass.sys08:11:18.0328 0x0a8c Kbdclass - ok08:11:18.0359 0x0a8c [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid E:\WINDOWS\system32\DRIVERS\kbdhid.sys08:11:18.0375 0x0a8c kbdhid - ok08:11:18.0421 0x0a8c [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer E:\WINDOWS\system32\drivers\kmixer.sys08:11:18.0437 0x0a8c kmixer - ok08:11:18.0468 0x0a8c [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD E:\WINDOWS\system32\drivers\KSecDD.sys08:11:18.0500 0x0a8c KSecDD - ok08:11:18.0546 0x0a8c [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver E:\WINDOWS\System32\srvsvc.dll08:11:18.0546 0x0a8c lanmanserver - ok08:11:18.0609 0x0a8c [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation E:\WINDOWS\System32\wkssvc.dll08:11:18.0609 0x0a8c lanmanworkstation - ok08:11:18.0609 0x0a8c lbrtfdc - ok08:11:18.0625 0x0a8c [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts E:\WINDOWS\System32\lmhsvc.dll08:11:18.0625 0x0a8c LmHosts - ok08:11:18.0656 0x0a8c [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger E:\WINDOWS\System32\msgsvc.dll08:11:18.0656 0x0a8c Messenger - ok08:11:18.0703 0x0a8c [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd E:\WINDOWS\system32\drivers\mnmdd.sys08:11:18.0703 0x0a8c mnmdd - ok08:11:18.0734 0x0a8c [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc E:\WINDOWS\System32\mnmsrvc.exe08:11:18.0734 0x0a8c mnmsrvc - ok08:11:18.0750 0x0a8c [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem E:\WINDOWS\system32\drivers\Modem.sys08:11:18.0765 0x0a8c Modem - ok08:11:19.0140 0x0a8c [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5, 2AC3875B2E7D9B0692253A9867B940CF214DE03574808B42C3702843BC1D5696 ] Monfilt E:\WINDOWS\system32\drivers\Monfilt.sys08:11:19.0515 0x0a8c Monfilt - ok08:11:19.0531 0x0a8c [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass E:\WINDOWS\system32\DRIVERS\mouclass.sys08:11:19.0531 0x0a8c Mouclass - ok08:11:19.0546 0x0a8c [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid E:\WINDOWS\system32\DRIVERS\mouhid.sys08:11:19.0546 0x0a8c mouhid - ok08:11:19.0578 0x0a8c [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr E:\WINDOWS\system32\drivers\MountMgr.sys08:11:19.0593 0x0a8c MountMgr - ok08:11:19.0671 0x0a8c [ FD5E45969B82B83E33CB05B5C9B0E3F2, A6C21F7A0A97683DA50FC102131618CC1BE5CA0C3625D2FDAF5861B9B6523E45 ] MozillaMaintenance E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe08:11:19.0703 0x0a8c MozillaMaintenance - ok08:11:19.0765 0x0a8c [ 8072A7BB35D92CC621AC2605EEF79BC4, 68F61BE84A5032CEC24F04C90DACA1AE78F3744016389BE2345256B26E44E09A ] MpFilter E:\WINDOWS\system32\DRIVERS\MpFilter.sys08:11:19.0828 0x0a8c MpFilter - ok08:11:19.0828 0x0a8c mqmddadt - ok08:11:19.0843 0x0a8c mraid35x - ok08:11:19.0890 0x0a8c [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV E:\WINDOWS\system32\DRIVERS\mrxdav.sys08:11:19.0890 0x0a8c MRxDAV - ok08:11:20.0031 0x0a8c [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb E:\WINDOWS\system32\DRIVERS\mrxsmb.sys08:11:20.0031 0x0a8c MRxSmb - ok08:11:20.0078 0x0a8c [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC E:\WINDOWS\System32\msdtc.exe08:11:20.0093 0x0a8c MSDTC - ok08:11:20.0093 0x0a8c [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs E:\WINDOWS\system32\drivers\Msfs.sys08:11:20.0093 0x0a8c Msfs - ok08:11:20.0109 0x0a8c MSIServer - ok08:11:20.0125 0x0a8c [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV E:\WINDOWS\system32\drivers\MSKSSRV.sys08:11:20.0140 0x0a8c MSKSSRV - ok08:11:20.0171 0x0a8c [ 1EE3643D1AA747222427F63353611AD7, 18465E375485DF4E980121449077D5BA87C25C5FA8D86F40DA3B7BE153306766 ] MsMpSvc e:\Program Files\Microsoft Security Client\MsMpEng.exe08:11:20.0171 0x0a8c MsMpSvc - ok08:11:20.0203 0x0a8c [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK E:\WINDOWS\system32\drivers\MSPCLOCK.sys08:11:20.0218 0x0a8c MSPCLOCK - ok08:11:20.0218 0x0a8c [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM E:\WINDOWS\system32\drivers\MSPQM.sys08:11:20.0218 0x0a8c MSPQM - ok08:11:20.0250 0x0a8c [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios E:\WINDOWS\system32\DRIVERS\mssmbios.sys08:11:20.0250 0x0a8c mssmbios - ok08:11:20.0296 0x0a8c [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup E:\WINDOWS\system32\drivers\Mup.sys08:11:20.0328 0x0a8c Mup - ok08:11:20.0421 0x0a8c [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent E:\WINDOWS\System32\qagentrt.dll08:11:20.0500 0x0a8c napagent - ok08:11:20.0515 0x0a8c navlzhjt - ok08:11:20.0562 0x0a8c [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS E:\WINDOWS\system32\drivers\NDIS.sys08:11:20.0609 0x0a8c NDIS - ok08:11:20.0625 0x0a8c [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi E:\WINDOWS\system32\DRIVERS\ndistapi.sys08:11:20.0625 0x0a8c NdisTapi - ok08:11:20.0656 0x0a8c [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio E:\WINDOWS\system32\DRIVERS\ndisuio.sys08:11:20.0656 0x0a8c Ndisuio - ok08:11:20.0687 0x0a8c [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan E:\WINDOWS\system32\DRIVERS\ndiswan.sys08:11:20.0687 0x0a8c NdisWan - ok08:11:20.0718 0x0a8c [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy E:\WINDOWS\system32\drivers\NDProxy.sys08:11:20.0718 0x0a8c NDProxy - ok08:11:20.0734 0x0a8c [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS E:\WINDOWS\system32\DRIVERS\netbios.sys08:11:20.0734 0x0a8c NetBIOS - ok08:11:20.0781 0x0a8c [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT E:\WINDOWS\system32\DRIVERS\netbt.sys08:11:20.0781 0x0a8c NetBT - ok08:11:20.0828 0x0a8c [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE E:\WINDOWS\system32\netdde.exe08:11:20.0859 0x0a8c NetDDE - ok08:11:20.0890 0x0a8c [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm E:\WINDOWS\system32\netdde.exe08:11:20.0890 0x0a8c NetDDEdsdm - ok08:11:20.0937 0x0a8c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon E:\WINDOWS\System32\lsass.exe08:11:20.0937 0x0a8c Netlogon - ok08:11:21.0000 0x0a8c [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman E:\WINDOWS\System32\netman.dll08:11:21.0015 0x0a8c Netman - ok08:11:21.0078 0x0a8c [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe08:11:21.0109 0x0a8c NetTcpPortSharing - ok08:11:21.0203 0x0a8c [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla E:\WINDOWS\System32\mswsock.dll08:11:21.0203 0x0a8c Nla - ok08:11:21.0218 0x0a8c [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs E:\WINDOWS\system32\drivers\Npfs.sys08:11:21.0218 0x0a8c Npfs - ok08:11:21.0390 0x0a8c [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs E:\WINDOWS\system32\drivers\Ntfs.sys08:11:21.0546 0x0a8c Ntfs - ok08:11:21.0546 0x0a8c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp E:\WINDOWS\System32\lsass.exe08:11:21.0546 0x0a8c NtLmSsp - ok08:11:21.0718 0x0a8c [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc E:\WINDOWS\system32\ntmssvc.dll08:11:21.0843 0x0a8c NtmsSvc - ok08:11:21.0875 0x0a8c [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null E:\WINDOWS\system32\drivers\Null.sys08:11:21.0875 0x0a8c Null - ok08:11:21.0921 0x0a8c [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys08:11:21.0937 0x0a8c NwlnkFlt - ok08:11:21.0953 0x0a8c [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys08:11:21.0968 0x0a8c NwlnkFwd - ok08:11:22.0125 0x0a8c [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE08:11:22.0171 0x0a8c ose - ok08:11:22.0250 0x0a8c [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport E:\WINDOWS\system32\DRIVERS\parport.sys08:11:22.0250 0x0a8c Parport - ok08:11:22.0281 0x0a8c [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr E:\WINDOWS\system32\drivers\PartMgr.sys08:11:22.0296 0x0a8c PartMgr - ok08:11:22.0375 0x0a8c [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm E:\WINDOWS\system32\drivers\ParVdm.sys08:11:22.0375 0x0a8c ParVdm - ok08:11:22.0421 0x0a8c [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI E:\WINDOWS\system32\DRIVERS\pci.sys08:11:22.0453 0x0a8c PCI - ok08:11:22.0453 0x0a8c PCIDump - ok08:11:22.0484 0x0a8c [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde E:\WINDOWS\system32\DRIVERS\pciide.sys08:11:22.0484 0x0a8c PCIIde - ok08:11:22.0562 0x0a8c [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia E:\WINDOWS\system32\drivers\Pcmcia.sys08:11:22.0593 0x0a8c Pcmcia - ok08:11:22.0609 0x0a8c PDCOMP - ok08:11:22.0609 0x0a8c PDFRAME - ok08:11:22.0609 0x0a8c PDRELI - ok08:11:22.0609 0x0a8c PDRFRAME - ok08:11:22.0625 0x0a8c perc2 - ok08:11:22.0625 0x0a8c perc2hib - ok08:11:22.0687 0x0a8c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay E:\WINDOWS\system32\services.exe08:11:22.0687 0x0a8c PlugPlay - ok08:11:22.0718 0x0a8c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent E:\WINDOWS\System32\lsass.exe08:11:22.0718 0x0a8c PolicyAgent - ok08:11:22.0734 0x0a8c [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport E:\WINDOWS\system32\DRIVERS\raspptp.sys08:11:22.0734 0x0a8c PptpMiniport - ok08:11:22.0765 0x0a8c [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor E:\WINDOWS\system32\DRIVERS\processr.sys08:11:22.0765 0x0a8c Processor - ok08:11:22.0765 0x0a8c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage E:\WINDOWS\system32\lsass.exe08:11:22.0765 0x0a8c ProtectedStorage - ok08:11:22.0796 0x0a8c [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched E:\WINDOWS\system32\DRIVERS\psched.sys08:11:22.0796 0x0a8c PSched - ok08:11:22.0812 0x0a8c [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink E:\WINDOWS\system32\DRIVERS\ptilink.sys08:11:22.0812 0x0a8c Ptilink - ok08:11:22.0812 0x0a8c ql1080 - ok08:11:22.0812 0x0a8c Ql10wnt - ok08:11:22.0812 0x0a8c ql12160 - ok08:11:22.0828 0x0a8c ql1240 - ok08:11:22.0828 0x0a8c ql1280 - ok08:11:22.0828 0x0a8c qnmcfouq - ok08:11:22.0843 0x0a8c [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd E:\WINDOWS\system32\DRIVERS\rasacd.sys08:11:22.0843 0x0a8c RasAcd - ok08:11:22.0906 0x0a8c [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto E:\WINDOWS\System32\rasauto.dll08:11:22.0937 0x0a8c RasAuto - ok08:11:22.0953 0x0a8c [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp E:\WINDOWS\system32\DRIVERS\rasl2tp.sys08:11:22.0953 0x0a8c Rasl2tp - ok08:11:23.0031 0x0a8c [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan E:\WINDOWS\System32\rasmans.dll08:11:23.0046 0x0a8c RasMan - ok08:11:23.0062 0x0a8c [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe E:\WINDOWS\system32\DRIVERS\raspppoe.sys08:11:23.0062 0x0a8c RasPppoe - ok08:11:23.0062 0x0a8c [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti E:\WINDOWS\system32\DRIVERS\raspti.sys08:11:23.0062 0x0a8c Raspti - ok08:11:23.0109 0x0a8c [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss E:\WINDOWS\system32\DRIVERS\rdbss.sys08:11:23.0125 0x0a8c Rdbss - ok08:11:23.0125 0x0a8c [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD E:\WINDOWS\system32\DRIVERS\RDPCDD.sys08:11:23.0125 0x0a8c RDPCDD - ok08:11:23.0187 0x0a8c [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD E:\WINDOWS\system32\drivers\RDPWD.sys08:11:23.0234 0x0a8c RDPWD - ok08:11:23.0265 0x0a8c [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr E:\WINDOWS\system32\sessmgr.exe08:11:23.0312 0x0a8c RDSessMgr - ok08:11:23.0328 0x0a8c [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook E:\WINDOWS\system32\DRIVERS\redbook.sys08:11:23.0328 0x0a8c redbook - ok08:11:23.0375 0x0a8c [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess E:\WINDOWS\System32\mprdim.dll08:11:23.0390 0x0a8c RemoteAccess - ok08:11:23.0421 0x0a8c [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator E:\WINDOWS\System32\locator.exe08:11:23.0437 0x0a8c RpcLocator - ok08:11:23.0562 0x0a8c [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs E:\WINDOWS\system32\rpcss.dll08:11:23.0578 0x0a8c RpcSs - ok08:11:23.0625 0x0a8c [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP E:\WINDOWS\System32\rsvp.exe08:11:23.0671 0x0a8c RSVP - ok08:11:23.0750 0x0a8c [ CB9310A5A910648D359C99A857E22A54, 7E24EF1577FC6AEE5B6102DB4126F8EC5B5A1F1D9C46E5B09203B30F3F979C9E ] RTLE8023xp E:\WINDOWS\system32\DRIVERS\Rtenicxp.sys08:11:23.0750 0x0a8c RTLE8023xp - ok08:11:23.0765 0x0a8c [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs E:\WINDOWS\system32\lsass.exe08:11:23.0765 0x0a8c SamSs - ok08:11:23.0781 0x0a8c [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS08:11:23.0781 0x0a8c SASDIFSV - ok08:11:23.0812 0x0a8c [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS08:11:23.0812 0x0a8c SASKUTIL - ok08:11:23.0843 0x0a8c [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr E:\WINDOWS\System32\SCardSvr.exe08:11:23.0875 0x0a8c SCardSvr - ok08:11:23.0937 0x0a8c [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule E:\WINDOWS\system32\schedsvc.dll08:11:23.0953 0x0a8c Schedule - ok08:11:23.0968 0x0a8c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv E:\WINDOWS\system32\DRIVERS\secdrv.sys08:11:23.0968 0x0a8c Secdrv - ok08:11:24.0000 0x0a8c [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon E:\WINDOWS\System32\seclogon.dll08:11:24.0000 0x0a8c seclogon - ok08:11:24.0015 0x0a8c [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS E:\WINDOWS\system32\sens.dll08:11:24.0015 0x0a8c SENS - ok08:11:24.0015 0x0a8c [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum E:\WINDOWS\system32\DRIVERS\serenum.sys08:11:24.0015 0x0a8c serenum - ok08:11:24.0046 0x0a8c [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial E:\WINDOWS\system32\DRIVERS\serial.sys08:11:24.0046 0x0a8c Serial - ok08:11:24.0062 0x0a8c [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy E:\WINDOWS\system32\drivers\Sfloppy.sys08:11:24.0062 0x0a8c Sfloppy - ok08:11:24.0187 0x0a8c [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess E:\WINDOWS\System32\ipnathlp.dll08:11:24.0187 0x0a8c SharedAccess - ok08:11:24.0265 0x0a8c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection E:\WINDOWS\System32\shsvcs.dll08:11:24.0265 0x0a8c ShellHWDetection - ok08:11:24.0265 0x0a8c Simbad - ok08:11:24.0265 0x0a8c Sparrow - ok08:11:24.0312 0x0a8c [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter E:\WINDOWS\system32\drivers\splitter.sys08:11:24.0312 0x0a8c splitter - ok08:11:24.0375 0x0a8c [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler E:\WINDOWS\system32\spoolsv.exe08:11:24.0375 0x0a8c Spooler - ok08:11:24.0390 0x0a8c [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr E:\WINDOWS\system32\DRIVERS\sr.sys08:11:24.0406 0x0a8c sr - ok08:11:24.0468 0x0a8c [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice E:\WINDOWS\System32\srsvc.dll08:11:24.0484 0x0a8c srservice - ok08:11:24.0578 0x0a8c [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv E:\WINDOWS\system32\DRIVERS\srv.sys08:11:24.0593 0x0a8c Srv - ok08:11:24.0625 0x0a8c [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV E:\WINDOWS\System32\ssdpsrv.dll08:11:24.0625 0x0a8c SSDPSRV - ok08:11:24.0765 0x0a8c [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc E:\WINDOWS\system32\wiaservc.dll08:11:24.0859 0x0a8c stisvc - ok08:11:24.0859 0x0a8c [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum E:\WINDOWS\system32\DRIVERS\swenum.sys08:11:24.0859 0x0a8c swenum - ok08:11:24.0875 0x0a8c [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi E:\WINDOWS\system32\drivers\swmidi.sys08:11:24.0875 0x0a8c swmidi - ok08:11:24.0890 0x0a8c SwPrv - ok08:11:24.0890 0x0a8c symc810 - ok08:11:24.0890 0x0a8c symc8xx - ok08:11:24.0890 0x0a8c sym_hi - ok08:11:24.0906 0x0a8c sym_u3 - ok08:11:24.0937 0x0a8c [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio E:\WINDOWS\system32\drivers\sysaudio.sys08:11:24.0937 0x0a8c sysaudio - ok08:11:24.0968 0x0a8c [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog E:\WINDOWS\system32\smlogsvc.exe08:11:25.0000 0x0a8c SysmonLog - ok08:11:25.0062 0x0a8c [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv E:\WINDOWS\System32\tapisrv.dll08:11:25.0062 0x0a8c TapiSrv - ok08:11:25.0171 0x0a8c [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip E:\WINDOWS\system32\DRIVERS\tcpip.sys08:11:25.0187 0x0a8c Tcpip - ok08:11:25.0234 0x0a8c [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE E:\WINDOWS\system32\drivers\TDPIPE.sys08:11:25.0234 0x0a8c TDPIPE - ok08:11:25.0250 0x0a8c [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP E:\WINDOWS\system32\drivers\TDTCP.sys08:11:25.0250 0x0a8c TDTCP - ok08:11:25.0265 0x0a8c [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD E:\WINDOWS\system32\DRIVERS\termdd.sys08:11:25.0265 0x0a8c TermDD - ok08:11:25.0375 0x0a8c [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService E:\WINDOWS\System32\termsrv.dll08:11:25.0375 0x0a8c TermService - ok08:11:25.0421 0x0a8c [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes E:\WINDOWS\System32\shsvcs.dll08:11:25.0421 0x0a8c Themes - ok08:11:25.0421 0x0a8c TosIde - ok08:11:25.0453 0x0a8c [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks E:\WINDOWS\system32\trkwks.dll08:11:25.0453 0x0a8c TrkWks - ok08:11:25.0500 0x0a8c [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs E:\WINDOWS\system32\drivers\Udfs.sys08:11:25.0515 0x0a8c Udfs - ok08:11:25.0515 0x0a8c ultra - ok08:11:25.0625 0x0a8c [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update E:\WINDOWS\system32\DRIVERS\update.sys08:11:25.0625 0x0a8c Update - ok08:11:25.0703 0x0a8c [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost E:\WINDOWS\System32\upnphost.dll08:11:25.0750 0x0a8c upnphost - ok08:11:25.0765 0x0a8c [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS E:\WINDOWS\System32\ups.exe08:11:25.0765 0x0a8c UPS - ok08:11:25.0796 0x0a8c [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp E:\WINDOWS\system32\DRIVERS\usbccgp.sys08:11:25.0812 0x0a8c usbccgp - ok08:11:25.0812 0x0a8c [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci E:\WINDOWS\system32\DRIVERS\usbehci.sys08:11:25.0812 0x0a8c usbehci - ok08:11:25.0843 0x0a8c [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub E:\WINDOWS\system32\DRIVERS\usbhub.sys08:11:25.0843 0x0a8c usbhub - ok08:11:25.0859 0x0a8c [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint E:\WINDOWS\system32\DRIVERS\usbprint.sys08:11:25.0875 0x0a8c usbprint - ok08:11:25.0890 0x0a8c [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS08:11:25.0906 0x0a8c USBSTOR - ok08:11:25.0906 0x0a8c [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci E:\WINDOWS\system32\DRIVERS\usbuhci.sys08:11:25.0906 0x0a8c usbuhci - ok08:11:25.0921 0x0a8c [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave E:\WINDOWS\System32\drivers\vga.sys08:11:25.0921 0x0a8c VgaSave - ok08:11:25.0921 0x0a8c ViaIde - ok08:11:25.0953 0x0a8c [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap E:\WINDOWS\system32\drivers\VolSnap.sys08:11:25.0968 0x0a8c VolSnap - ok08:11:25.0968 0x0a8c vspqmgan - ok08:11:26.0062 0x0a8c [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS E:\WINDOWS\System32\vssvc.exe08:11:26.0140 0x0a8c VSS - ok08:11:26.0203 0x0a8c [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time E:\WINDOWS\System32\w32time.dll08:11:26.0234 0x0a8c W32Time - ok08:11:26.0281 0x0a8c [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp E:\WINDOWS\system32\DRIVERS\wanarp.sys08:11:26.0281 0x0a8c Wanarp - ok08:11:26.0281 0x0a8c WDICA - ok08:11:26.0312 0x0a8c [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud E:\WINDOWS\system32\drivers\wdmaud.sys08:11:26.0312 0x0a8c wdmaud - ok08:11:26.0343 0x0a8c [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient E:\WINDOWS\System32\webclnt.dll08:11:26.0343 0x0a8c WebClient - ok08:11:26.0437 0x0a8c [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt E:\WINDOWS\system32\wbem\WMIsvc.dll08:11:26.0437 0x0a8c winmgmt - ok08:11:26.0453 0x0a8c wjhfgmuv - ok08:11:26.0484 0x0a8c [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN E:\WINDOWS\system32\mspmsnsv.dll08:11:26.0500 0x0a8c WmdmPmSN - ok08:11:26.0546 0x0a8c [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv E:\WINDOWS\System32\wbem\wmiapsrv.exe08:11:26.0687 0x0a8c WmiApSrv - ok08:11:26.0781 0x0a8c [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc E:\WINDOWS\system32\wscsvc.dll08:11:26.0781 0x0a8c wscsvc - ok08:11:26.0796 0x0a8c [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv E:\WINDOWS\system32\wuauserv.dll08:11:26.0796 0x0a8c wuauserv - ok08:11:26.0953 0x0a8c [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC E:\WINDOWS\System32\wzcsvc.dll08:11:26.0953 0x0a8c WZCSVC - ok08:11:27.0015 0x0a8c [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov E:\WINDOWS\System32\xmlprov.dll08:11:27.0046 0x0a8c xmlprov - ok08:11:27.0046 0x0a8c yhvfpdrs - ok08:11:27.0062 0x0a8c zpandemo - ok08:11:27.0062 0x0a8c ================ Scan global ===============================08:11:27.0093 0x0a8c [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] E:\WINDOWS\system32\basesrv.dll08:11:27.0218 0x0a8c [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] E:\WINDOWS\system32\winsrv.dll08:11:27.0296 0x0a8c [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] E:\WINDOWS\system32\winsrv.dll08:11:27.0359 0x0a8c [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] E:\WINDOWS\system32\services.exe08:11:27.0359 0x0a8c [ Global ] - ok08:11:27.0359 0x0a8c ================ Scan MBR ==================================08:11:27.0375 0x0a8c [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR008:11:27.0640 0x0a8c \Device\Harddisk0\DR0 - ok08:11:27.0640 0x0a8c ================ Scan VBR ==================================08:11:27.0640 0x0a8c [ 5BC7D6CA91EC777398556972D40F4B2F ] \Device\Harddisk0\DR0\Partition108:11:27.0703 0x0a8c \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )08:11:27.0703 0x0a8c \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected08:11:43.0218 0x0a8c Scan was interrupted by user!08:11:43.0218 0x0a8c Waiting for KSN requests completion. In queue: 908:11:44.0218 0x0a8c Waiting for KSN requests completion. In queue: 908:11:45.0218 0x0a8c Waiting for KSN requests completion. In queue: 908:11:46.0250 0x0a8c AV detected via SS1: Microsoft Security Essentials, 4.5.0216.0, disabled, updated08:11:46.0250 0x0a8c Win FW state via NFM: enabled08:12:01.0625 0x0a8c ============================================================08:12:01.0625 0x0a8c Scan finished08:12:01.0625 0x0a8c ============================================================08:12:01.0625 0x0a84 Detected object count: 108:12:01.0625 0x0a84 Actual detected object count: 108:12:05.0046 0x0a84 \Device\Harddisk0\DR0\Partition1 - copied to quarantine08:12:05.0062 0x0a84 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot08:12:05.0062 0x0a84 \Device\Harddisk0\DR0\Partition1 - ok08:12:05.0062 0x0a84 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure 08:12:06.0250 0x0a84 KLMD registered as E:\WINDOWS\system32\drivers\99020568.sys08:12:11.0859 0x05e4 Deinitialize success Link to post Share on other sites More sharing options...
Naathim Posted September 20, 2014 ID:881167 Share Posted September 20, 2014 Fine. Did the alerts cease? Run TDSSKiller again, using same instructions and post the logfile. Link to post Share on other sites More sharing options...
goode Posted September 20, 2014 Author ID:881171 Share Posted September 20, 2014 Second TDSS log follows:08:25:37.0968 0x0864 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:5808:25:39.0796 0x0864 ============================================================08:25:39.0796 0x0864 Current date / time: 2014/09/20 08:25:39.079608:25:39.0796 0x0864 SystemInfo:08:25:39.0796 0x0864 08:25:39.0796 0x0864 OS Version: 5.1.2600 ServicePack: 3.008:25:39.0796 0x0864 Product type: Workstation08:25:40.0906 0x0864 ComputerName: GUYHARDMAN08:25:40.0906 0x0864 UserName: lavonne08:25:40.0906 0x0864 Windows directory: E:\WINDOWS08:25:40.0906 0x0864 System windows directory: E:\WINDOWS08:25:40.0906 0x0864 Processor architecture: Intel x8608:25:40.0906 0x0864 Number of processors: 208:25:40.0906 0x0864 Page size: 0x100008:25:40.0906 0x0864 Boot type: Normal boot08:25:40.0906 0x0864 ============================================================08:25:40.0921 0x0864 BG loaded08:25:45.0703 0x0864 System UUID: {F68E6038-3880-B109-2D86-F551B1DE875E}08:25:58.0140 0x0864 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004408:25:58.0421 0x0864 ============================================================08:25:58.0421 0x0864 \Device\Harddisk0\DR0:08:25:58.0703 0x0864 MBR partitions:08:25:58.0703 0x0864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x753046208:25:58.0765 0x0864 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x75304E0, BlocksNum 0x32E508A008:25:58.0765 0x0864 ============================================================08:26:04.0546 0x0864 C: <-> \Device\Harddisk0\DR0\Partition108:26:04.0671 0x0864 E: <-> \Device\Harddisk0\DR0\Partition208:26:04.0671 0x0864 ============================================================08:26:04.0671 0x0864 Initialize success08:26:04.0671 0x0864 ============================================================08:26:15.0390 0x0b78 ============================================================08:26:15.0390 0x0b78 Scan started08:26:15.0390 0x0b78 Mode: Manual; SigCheck; TDLFS; 08:26:15.0390 0x0b78 ============================================================08:26:15.0390 0x0b78 KSN ping started08:26:42.0109 0x0b78 KSN ping finished: true08:26:42.0890 0x0b78 ================ Scan system memory ========================08:26:42.0890 0x0b78 System memory - ok08:26:42.0906 0x0b78 ================ Scan services =============================08:26:43.0109 0x0b78 [ 72D6D8E2D4F82C6E829125C7EC2A88F9, F357CFC3D04EB3F8E1A504D531D099698C6E2B29EB6CEDF75C08BF8917C46573 ] !SASCORE E:\Program Files\SUPERAntiSpyware\SASCORE.EXE08:26:43.0234 0x0b78 !SASCORE - ok08:26:45.0078 0x0b78 Abiosdsk - ok08:26:45.0093 0x0b78 abp480n5 - ok08:26:45.0234 0x0b78 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI E:\WINDOWS\system32\DRIVERS\ACPI.sys08:26:51.0500 0x0b78 ACPI - ok08:26:51.0546 0x0b78 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC E:\WINDOWS\system32\drivers\ACPIEC.sys08:26:51.0718 0x0b78 ACPIEC - ok08:26:51.0937 0x0b78 [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc E:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe08:26:52.0109 0x0b78 AdobeFlashPlayerUpdateSvc - ok08:26:52.0109 0x0b78 adpu160m - ok08:26:52.0250 0x0b78 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec E:\WINDOWS\system32\drivers\aec.sys08:26:52.0390 0x0b78 aec - ok08:26:52.0515 0x0b78 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD E:\WINDOWS\System32\drivers\afd.sys08:26:52.0656 0x0b78 AFD - ok08:26:52.0671 0x0b78 Aha154x - ok08:26:52.0671 0x0b78 aic78u2 - ok08:26:52.0671 0x0b78 aic78xx - ok08:26:52.0734 0x0b78 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter E:\WINDOWS\system32\alrsvc.dll08:26:52.0875 0x0b78 Alerter - ok08:26:52.0921 0x0b78 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG E:\WINDOWS\System32\alg.exe08:26:53.0078 0x0b78 ALG - ok08:26:53.0078 0x0b78 AliIde - ok08:26:53.0703 0x0b78 [ F6AF59D6EEE5E1C304F7F73706AD11D8, F5D39EF40CDB5102A84C8594CFC54DDBD5060E193E6D07421A9003D2ABC63E30 ] Ambfilt E:\WINDOWS\system32\drivers\Ambfilt.sys08:26:55.0515 0x0b78 Ambfilt - ok08:26:55.0531 0x0b78 amsint - ok08:26:55.0531 0x0b78 AppMgmt - ok08:26:55.0531 0x0b78 asc - ok08:26:55.0546 0x0b78 asc3350p - ok08:26:55.0546 0x0b78 asc3550 - ok08:26:55.0562 0x0b78 asoufuqa - ok08:26:55.0875 0x0b78 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe08:26:56.0062 0x0b78 aspnet_state - ok08:26:56.0109 0x0b78 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac E:\WINDOWS\system32\DRIVERS\asyncmac.sys08:26:56.0265 0x0b78 AsyncMac - ok08:26:56.0312 0x0b78 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi E:\WINDOWS\system32\DRIVERS\atapi.sys08:26:56.0500 0x0b78 atapi - ok08:26:56.0531 0x0b78 Atdisk - ok08:26:56.0578 0x0b78 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc E:\WINDOWS\system32\DRIVERS\atmarpc.sys08:26:56.0765 0x0b78 Atmarpc - ok08:26:56.0828 0x0b78 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv E:\WINDOWS\System32\audiosrv.dll08:26:56.0937 0x0b78 AudioSrv - ok08:26:57.0000 0x0b78 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub E:\WINDOWS\system32\DRIVERS\audstub.sys08:26:57.0125 0x0b78 audstub - ok08:26:57.0125 0x0b78 basfwynk - ok08:26:57.0265 0x0b78 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep E:\WINDOWS\system32\drivers\Beep.sys08:26:57.0437 0x0b78 Beep - ok08:26:57.0625 0x0b78 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS E:\WINDOWS\system32\qmgr.dll08:26:58.0203 0x0b78 BITS - ok08:26:58.0218 0x0b78 bmrtexpn - ok08:26:58.0328 0x0b78 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser E:\WINDOWS\System32\browser.dll08:26:58.0421 0x0b78 Browser - ok08:26:58.0515 0x0b78 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k E:\WINDOWS\system32\drivers\cbidf2k.sys08:26:58.0687 0x0b78 cbidf2k - ok08:26:58.0687 0x0b78 cd20xrnt - ok08:26:58.0734 0x0b78 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio E:\WINDOWS\system32\drivers\Cdaudio.sys08:26:58.0859 0x0b78 Cdaudio - ok08:26:58.0906 0x0b78 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs E:\WINDOWS\system32\drivers\Cdfs.sys08:26:59.0062 0x0b78 Cdfs - ok08:26:59.0109 0x0b78 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom E:\WINDOWS\system32\DRIVERS\cdrom.sys08:26:59.0218 0x0b78 Cdrom - ok08:26:59.0234 0x0b78 Changer - ok08:26:59.0296 0x0b78 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc E:\WINDOWS\system32\cisvc.exe08:26:59.0437 0x0b78 CiSvc - ok08:26:59.0468 0x0b78 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv E:\WINDOWS\system32\clipsrv.exe08:26:59.0609 0x0b78 ClipSrv - ok08:26:59.0703 0x0b78 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe08:26:59.0968 0x0b78 clr_optimization_v2.0.50727_32 - ok08:26:59.0984 0x0b78 CmdIde - ok08:26:59.0984 0x0b78 COMSysApp - ok08:26:59.0984 0x0b78 Cpqarray - ok08:27:00.0062 0x0b78 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc E:\WINDOWS\System32\cryptsvc.dll08:27:00.0187 0x0b78 CryptSvc - ok08:27:00.0187 0x0b78 dac2w2k - ok08:27:00.0203 0x0b78 dac960nt - ok08:27:00.0406 0x0b78 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch E:\WINDOWS\system32\rpcss.dll08:27:00.0625 0x0b78 DcomLaunch - ok08:27:00.0703 0x0b78 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp E:\WINDOWS\System32\dhcpcsvc.dll08:27:00.0828 0x0b78 Dhcp - ok08:27:00.0859 0x0b78 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk E:\WINDOWS\system32\DRIVERS\disk.sys08:27:01.0015 0x0b78 Disk - ok08:27:01.0015 0x0b78 dmadmin - ok08:27:01.0296 0x0b78 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot E:\WINDOWS\system32\drivers\dmboot.sys08:27:01.0953 0x0b78 dmboot - ok08:27:02.0015 0x0b78 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio E:\WINDOWS\system32\drivers\dmio.sys08:27:02.0203 0x0b78 dmio - ok08:27:02.0265 0x0b78 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload E:\WINDOWS\system32\drivers\dmload.sys08:27:02.0437 0x0b78 dmload - ok08:27:02.0531 0x0b78 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver E:\WINDOWS\System32\dmserver.dll08:27:02.0625 0x0b78 dmserver - ok08:27:02.0687 0x0b78 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic E:\WINDOWS\system32\drivers\DMusic.sys08:27:02.0812 0x0b78 DMusic - ok08:27:02.0890 0x0b78 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache E:\WINDOWS\System32\dnsrslvr.dll08:27:03.0015 0x0b78 Dnscache - ok08:27:03.0093 0x0b78 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc E:\WINDOWS\System32\dot3svc.dll08:27:03.0281 0x0b78 Dot3svc - ok08:27:03.0296 0x0b78 dpti2o - ok08:27:03.0312 0x0b78 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud E:\WINDOWS\system32\drivers\drmkaud.sys08:27:03.0406 0x0b78 drmkaud - ok08:27:03.0453 0x0b78 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost E:\WINDOWS\System32\eapsvc.dll08:27:03.0578 0x0b78 EapHost - ok08:27:03.0640 0x0b78 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc E:\WINDOWS\System32\ersvc.dll08:27:03.0750 0x0b78 ERSvc - ok08:27:03.0812 0x0b78 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog E:\WINDOWS\system32\services.exe08:27:03.0875 0x0b78 Eventlog - ok08:27:03.0968 0x0b78 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem E:\WINDOWS\System32\es.dll08:27:04.0062 0x0b78 EventSystem - ok08:27:04.0265 0x0b78 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat E:\WINDOWS\system32\drivers\Fastfat.sys08:27:04.0437 0x0b78 Fastfat - ok08:27:04.0515 0x0b78 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility E:\WINDOWS\System32\shsvcs.dll08:27:04.0656 0x0b78 FastUserSwitchingCompatibility - ok08:27:04.0671 0x0b78 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc E:\WINDOWS\system32\DRIVERS\fdc.sys08:27:04.0781 0x0b78 Fdc - ok08:27:04.0812 0x0b78 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips E:\WINDOWS\system32\drivers\Fips.sys08:27:04.0937 0x0b78 Fips - ok08:27:04.0984 0x0b78 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk E:\WINDOWS\system32\DRIVERS\flpydisk.sys08:27:05.0109 0x0b78 Flpydisk - ok08:27:05.0218 0x0b78 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr E:\WINDOWS\system32\drivers\fltmgr.sys08:27:05.0359 0x0b78 FltMgr - ok08:27:05.0500 0x0b78 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 e:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe08:27:05.0578 0x0b78 FontCache3.0.0.0 - ok08:27:05.0578 0x0b78 fqjjbabe - ok08:27:05.0593 0x0b78 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec E:\WINDOWS\system32\drivers\Fs_Rec.sys08:27:05.0734 0x0b78 Fs_Rec - ok08:27:05.0765 0x0b78 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk E:\WINDOWS\system32\DRIVERS\ftdisk.sys08:27:05.0937 0x0b78 Ftdisk - ok08:27:05.0937 0x0b78 fumhmkzp - ok08:27:06.0000 0x0b78 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc E:\WINDOWS\system32\DRIVERS\msgpc.sys08:27:06.0109 0x0b78 Gpc - ok08:27:06.0109 0x0b78 gthyleim - ok08:27:06.0125 0x0b78 gyevzyhq - ok08:27:06.0187 0x0b78 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus E:\WINDOWS\system32\DRIVERS\HDAudBus.sys08:27:06.0296 0x0b78 HDAudBus - ok08:27:06.0406 0x0b78 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc E:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll08:27:06.0531 0x0b78 helpsvc - ok08:27:06.0546 0x0b78 HidServ - ok08:27:06.0625 0x0b78 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb E:\WINDOWS\system32\DRIVERS\hidusb.sys08:27:06.0750 0x0b78 HidUsb - ok08:27:06.0812 0x0b78 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc E:\WINDOWS\System32\kmsvc.dll08:27:06.0953 0x0b78 hkmsvc - ok08:27:07.0156 0x0b78 [ 9442228D256CE6C874CFB5DC39A20540, E8059F7D3579EB6CCC4E637EE92D49B9C23FC9162A236B55B8F25D9A44B7EB9A ] HPM1210RcvFaxSrvc E:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe08:27:07.0203 0x0b78 HPM1210RcvFaxSrvc - detected UnsignedFile.Multi.Generic ( 1 )08:27:17.0500 0x0b78 HPM1210RcvFaxSrvc ( UnsignedFile.Multi.Generic ) - warning08:27:32.0890 0x0b78 hpn - ok08:27:32.0984 0x0b78 [ 61BFFBF840EB7285F630B5B4F1CCBC08, 012D9BA08F04A52537939B698EB66106456FB218A7A5AAAB236BF8FC2BF0D9CE ] HPSIService E:\WINDOWS\system32\HPSIsvc.exe08:27:33.0265 0x0b78 HPSIService - ok08:27:33.0812 0x0b78 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP E:\WINDOWS\system32\Drivers\HTTP.sys08:27:33.0875 0x0b78 HTTP - ok08:27:33.0968 0x0b78 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter E:\WINDOWS\System32\w3ssl.dll08:27:34.0093 0x0b78 HTTPFilter - ok08:27:34.0109 0x0b78 i2omgmt - ok08:27:34.0109 0x0b78 i2omp - ok08:27:34.0203 0x0b78 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt E:\WINDOWS\system32\DRIVERS\i8042prt.sys08:27:34.0312 0x0b78 i8042prt - ok08:27:37.0421 0x0b78 [ 96F0E87376BC8CCA259EAA7F3259F244, 7A5898CAD54F46C133F7BE4551B635364A50938361185454C92BCF82425E0F25 ] ialm E:\WINDOWS\system32\DRIVERS\igxpmp32.sys08:27:41.0265 0x0b78 ialm - ok08:27:42.0265 0x0b78 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe08:27:42.0937 0x0b78 idsvc - ok08:27:43.0125 0x0b78 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi E:\WINDOWS\system32\DRIVERS\imapi.sys08:27:43.0218 0x0b78 Imapi - ok08:27:43.0343 0x0b78 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService E:\WINDOWS\System32\imapi.exe08:27:43.0468 0x0b78 ImapiService - ok08:27:43.0484 0x0b78 ini910u - ok08:27:46.0453 0x0b78 [ 691DDA8C43BD8E33A2567B694643C3F5, AAF39228AEA669AE2E3F489978E583404639E54B8618C0AE5D775BEDBB441A91 ] IntcAzAudAddService E:\WINDOWS\system32\drivers\RtkHDAud.sys08:27:50.0000 0x0b78 IntcAzAudAddService - ok08:27:50.0015 0x0b78 IntelIde - ok08:27:50.0140 0x0b78 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm E:\WINDOWS\system32\DRIVERS\intelppm.sys08:27:50.0234 0x0b78 intelppm - ok08:27:50.0296 0x0b78 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw E:\WINDOWS\system32\drivers\ip6fw.sys08:27:50.0437 0x0b78 ip6fw - ok08:27:50.0531 0x0b78 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys08:27:50.0671 0x0b78 IpFilterDriver - ok08:27:50.0796 0x0b78 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp E:\WINDOWS\system32\DRIVERS\ipinip.sys08:27:50.0921 0x0b78 IpInIp - ok08:27:51.0015 0x0b78 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat E:\WINDOWS\system32\DRIVERS\ipnat.sys08:27:51.0312 0x0b78 IpNat - ok08:27:51.0578 0x0b78 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec E:\WINDOWS\system32\DRIVERS\ipsec.sys08:27:51.0718 0x0b78 IPSec - ok08:27:51.0875 0x0b78 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM E:\WINDOWS\system32\DRIVERS\irenum.sys08:27:52.0250 0x0b78 IRENUM - ok08:27:52.0437 0x0b78 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp E:\WINDOWS\system32\DRIVERS\isapnp.sys08:27:52.0625 0x0b78 isapnp - ok08:27:52.0656 0x0b78 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass E:\WINDOWS\system32\DRIVERS\kbdclass.sys08:27:52.0796 0x0b78 Kbdclass - ok08:27:53.0031 0x0b78 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid E:\WINDOWS\system32\DRIVERS\kbdhid.sys08:27:53.0140 0x0b78 kbdhid - ok08:27:53.0265 0x0b78 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer E:\WINDOWS\system32\drivers\kmixer.sys08:27:54.0671 0x0b78 kmixer - ok08:27:54.0734 0x0b78 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD E:\WINDOWS\system32\drivers\KSecDD.sys08:27:54.0984 0x0b78 KSecDD - ok08:27:55.0062 0x0b78 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver E:\WINDOWS\System32\srvsvc.dll08:27:55.0218 0x0b78 lanmanserver - ok08:27:55.0328 0x0b78 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation E:\WINDOWS\System32\wkssvc.dll08:27:55.0421 0x0b78 lanmanworkstation - ok08:27:55.0421 0x0b78 lbrtfdc - ok08:27:55.0484 0x0b78 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts E:\WINDOWS\System32\lmhsvc.dll08:27:55.0593 0x0b78 LmHosts - ok08:27:55.0671 0x0b78 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger E:\WINDOWS\System32\msgsvc.dll08:27:55.0796 0x0b78 Messenger - ok08:27:55.0890 0x0b78 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd E:\WINDOWS\system32\drivers\mnmdd.sys08:27:56.0046 0x0b78 mnmdd - ok08:27:56.0093 0x0b78 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc E:\WINDOWS\System32\mnmsrvc.exe08:27:56.0234 0x0b78 mnmsrvc - ok08:27:56.0265 0x0b78 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem E:\WINDOWS\system32\drivers\Modem.sys08:27:56.0406 0x0b78 Modem - ok08:27:56.0953 0x0b78 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5, 2AC3875B2E7D9B0692253A9867B940CF214DE03574808B42C3702843BC1D5696 ] Monfilt E:\WINDOWS\system32\drivers\Monfilt.sys08:27:58.0000 0x0b78 Monfilt - ok08:27:58.0062 0x0b78 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass E:\WINDOWS\system32\DRIVERS\mouclass.sys08:27:58.0406 0x0b78 Mouclass - ok08:27:58.0531 0x0b78 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid E:\WINDOWS\system32\DRIVERS\mouhid.sys08:27:58.0640 0x0b78 mouhid - ok08:27:58.0781 0x0b78 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr E:\WINDOWS\system32\drivers\MountMgr.sys08:27:59.0015 0x0b78 MountMgr - ok08:27:59.0515 0x0b78 [ FD5E45969B82B83E33CB05B5C9B0E3F2, A6C21F7A0A97683DA50FC102131618CC1BE5CA0C3625D2FDAF5861B9B6523E45 ] MozillaMaintenance E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe08:27:59.0562 0x0b78 MozillaMaintenance - ok08:27:59.0687 0x0b78 [ 8072A7BB35D92CC621AC2605EEF79BC4, 68F61BE84A5032CEC24F04C90DACA1AE78F3744016389BE2345256B26E44E09A ] MpFilter E:\WINDOWS\system32\DRIVERS\MpFilter.sys08:27:59.0796 0x0b78 MpFilter - ok08:27:59.0812 0x0b78 mqmddadt - ok08:27:59.0812 0x0b78 mraid35x - ok08:28:00.0187 0x0b78 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV E:\WINDOWS\system32\DRIVERS\mrxdav.sys08:28:00.0359 0x0b78 MRxDAV - ok08:28:00.0828 0x0b78 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb E:\WINDOWS\system32\DRIVERS\mrxsmb.sys08:28:01.0062 0x0b78 MRxSmb - ok08:28:01.0109 0x0b78 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC E:\WINDOWS\System32\msdtc.exe08:28:01.0218 0x0b78 MSDTC - ok08:28:01.0250 0x0b78 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs E:\WINDOWS\system32\drivers\Msfs.sys08:28:01.0406 0x0b78 Msfs - ok08:28:01.0406 0x0b78 MSIServer - ok08:28:01.0453 0x0b78 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV E:\WINDOWS\system32\drivers\MSKSSRV.sys08:28:01.0578 0x0b78 MSKSSRV - ok08:28:01.0890 0x0b78 [ 1EE3643D1AA747222427F63353611AD7, 18465E375485DF4E980121449077D5BA87C25C5FA8D86F40DA3B7BE153306766 ] MsMpSvc e:\Program Files\Microsoft Security Client\MsMpEng.exe08:28:01.0906 0x0b78 MsMpSvc - ok08:28:02.0000 0x0b78 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK E:\WINDOWS\system32\drivers\MSPCLOCK.sys08:28:02.0328 0x0b78 MSPCLOCK - ok08:28:02.0375 0x0b78 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM E:\WINDOWS\system32\drivers\MSPQM.sys08:28:02.0531 0x0b78 MSPQM - ok08:28:02.0718 0x0b78 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios E:\WINDOWS\system32\DRIVERS\mssmbios.sys08:28:02.0796 0x0b78 mssmbios - ok08:28:03.0031 0x0b78 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup E:\WINDOWS\system32\drivers\Mup.sys08:28:03.0234 0x0b78 Mup - ok08:28:03.0437 0x0b78 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent E:\WINDOWS\System32\qagentrt.dll08:28:04.0140 0x0b78 napagent - ok08:28:04.0140 0x0b78 navlzhjt - ok08:28:04.0500 0x0b78 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS E:\WINDOWS\system32\drivers\NDIS.sys08:28:04.0781 0x0b78 NDIS - ok08:28:04.0906 0x0b78 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi E:\WINDOWS\system32\DRIVERS\ndistapi.sys08:28:04.0984 0x0b78 NdisTapi - ok08:28:05.0031 0x0b78 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio E:\WINDOWS\system32\DRIVERS\ndisuio.sys08:28:05.0359 0x0b78 Ndisuio - ok08:28:05.0406 0x0b78 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan E:\WINDOWS\system32\DRIVERS\ndiswan.sys08:28:05.0500 0x0b78 NdisWan - ok08:28:05.0562 0x0b78 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy E:\WINDOWS\system32\drivers\NDProxy.sys08:28:05.0687 0x0b78 NDProxy - ok08:28:05.0718 0x0b78 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS E:\WINDOWS\system32\DRIVERS\netbios.sys08:28:05.0843 0x0b78 NetBIOS - ok08:28:06.0000 0x0b78 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT E:\WINDOWS\system32\DRIVERS\netbt.sys08:28:06.0109 0x0b78 NetBT - ok08:28:06.0171 0x0b78 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE E:\WINDOWS\system32\netdde.exe08:28:06.0375 0x0b78 NetDDE - ok08:28:06.0437 0x0b78 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm E:\WINDOWS\system32\netdde.exe08:28:06.0578 0x0b78 NetDDEdsdm - ok08:28:06.0640 0x0b78 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon E:\WINDOWS\System32\lsass.exe08:28:06.0765 0x0b78 Netlogon - ok08:28:06.0984 0x0b78 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman E:\WINDOWS\System32\netman.dll08:28:07.0109 0x0b78 Netman - ok08:28:07.0281 0x0b78 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe08:28:07.0375 0x0b78 NetTcpPortSharing - ok08:28:07.0484 0x0b78 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla E:\WINDOWS\System32\mswsock.dll08:28:07.0515 0x0b78 Nla - ok08:28:07.0531 0x0b78 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs E:\WINDOWS\system32\drivers\Npfs.sys08:28:07.0640 0x0b78 Npfs - ok08:28:07.0843 0x0b78 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs E:\WINDOWS\system32\drivers\Ntfs.sys08:28:08.0281 0x0b78 Ntfs - ok08:28:08.0343 0x0b78 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp E:\WINDOWS\System32\lsass.exe08:28:08.0421 0x0b78 NtLmSsp - ok08:28:08.0656 0x0b78 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc E:\WINDOWS\system32\ntmssvc.dll08:28:08.0937 0x0b78 NtmsSvc - ok08:28:08.0968 0x0b78 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null E:\WINDOWS\system32\drivers\Null.sys08:28:09.0046 0x0b78 Null - ok08:28:09.0093 0x0b78 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys08:28:09.0203 0x0b78 NwlnkFlt - ok08:28:09.0234 0x0b78 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys08:28:09.0328 0x0b78 NwlnkFwd - ok08:28:09.0421 0x0b78 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE08:28:09.0468 0x0b78 ose - ok08:28:09.0515 0x0b78 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport E:\WINDOWS\system32\DRIVERS\parport.sys08:28:09.0625 0x0b78 Parport - ok08:28:09.0656 0x0b78 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr E:\WINDOWS\system32\drivers\PartMgr.sys08:28:09.0765 0x0b78 PartMgr - ok08:28:09.0812 0x0b78 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm E:\WINDOWS\system32\drivers\ParVdm.sys08:28:09.0906 0x0b78 ParVdm - ok08:28:09.0937 0x0b78 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI E:\WINDOWS\system32\DRIVERS\pci.sys08:28:10.0046 0x0b78 PCI - ok08:28:10.0046 0x0b78 PCIDump - ok08:28:10.0062 0x0b78 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde E:\WINDOWS\system32\DRIVERS\pciide.sys08:28:10.0171 0x0b78 PCIIde - ok08:28:10.0265 0x0b78 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia E:\WINDOWS\system32\drivers\Pcmcia.sys08:28:10.0468 0x0b78 Pcmcia - ok08:28:10.0468 0x0b78 PDCOMP - ok08:28:10.0484 0x0b78 PDFRAME - ok08:28:10.0484 0x0b78 PDRELI - ok08:28:10.0500 0x0b78 PDRFRAME - ok08:28:10.0500 0x0b78 perc2 - ok08:28:10.0500 0x0b78 perc2hib - ok08:28:10.0578 0x0b78 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay E:\WINDOWS\system32\services.exe08:28:10.0609 0x0b78 PlugPlay - ok08:28:10.0640 0x0b78 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent E:\WINDOWS\System32\lsass.exe08:28:10.0734 0x0b78 PolicyAgent - ok08:28:10.0750 0x0b78 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport E:\WINDOWS\system32\DRIVERS\raspptp.sys08:28:10.0859 0x0b78 PptpMiniport - ok08:28:10.0890 0x0b78 [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor E:\WINDOWS\system32\DRIVERS\processr.sys08:28:11.0000 0x0b78 Processor - ok08:28:11.0000 0x0b78 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage E:\WINDOWS\system32\lsass.exe08:28:11.0062 0x0b78 ProtectedStorage - ok08:28:11.0109 0x0b78 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched E:\WINDOWS\system32\DRIVERS\psched.sys08:28:11.0234 0x0b78 PSched - ok08:28:11.0265 0x0b78 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink E:\WINDOWS\system32\DRIVERS\ptilink.sys08:28:11.0406 0x0b78 Ptilink - ok08:28:11.0406 0x0b78 ql1080 - ok08:28:11.0421 0x0b78 Ql10wnt - ok08:28:11.0421 0x0b78 ql12160 - ok08:28:11.0421 0x0b78 ql1240 - ok08:28:11.0437 0x0b78 ql1280 - ok08:28:11.0437 0x0b78 qnmcfouq - ok08:28:11.0468 0x0b78 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd E:\WINDOWS\system32\DRIVERS\rasacd.sys08:28:11.0546 0x0b78 RasAcd - ok08:28:11.0593 0x0b78 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto E:\WINDOWS\System32\rasauto.dll08:28:11.0703 0x0b78 RasAuto - ok08:28:11.0734 0x0b78 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp E:\WINDOWS\system32\DRIVERS\rasl2tp.sys08:28:11.0812 0x0b78 Rasl2tp - ok08:28:11.0890 0x0b78 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan E:\WINDOWS\System32\rasmans.dll08:28:11.0968 0x0b78 RasMan - ok08:28:11.0984 0x0b78 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe E:\WINDOWS\system32\DRIVERS\raspppoe.sys08:28:12.0046 0x0b78 RasPppoe - ok08:28:12.0046 0x0b78 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti E:\WINDOWS\system32\DRIVERS\raspti.sys08:28:12.0109 0x0b78 Raspti - ok08:28:12.0171 0x0b78 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss E:\WINDOWS\system32\DRIVERS\rdbss.sys08:28:12.0234 0x0b78 Rdbss - ok08:28:12.0250 0x0b78 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD E:\WINDOWS\system32\DRIVERS\RDPCDD.sys08:28:12.0328 0x0b78 RDPCDD - ok08:28:12.0390 0x0b78 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD E:\WINDOWS\system32\drivers\RDPWD.sys08:28:12.0453 0x0b78 RDPWD - ok08:28:12.0515 0x0b78 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr E:\WINDOWS\system32\sessmgr.exe08:28:12.0609 0x0b78 RDSessMgr - ok08:28:12.0625 0x0b78 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook E:\WINDOWS\system32\DRIVERS\redbook.sys08:28:12.0703 0x0b78 redbook - ok08:28:12.0750 0x0b78 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess E:\WINDOWS\System32\mprdim.dll08:28:12.0828 0x0b78 RemoteAccess - ok08:28:12.0843 0x0b78 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator E:\WINDOWS\System32\locator.exe08:28:12.0921 0x0b78 RpcLocator - ok08:28:13.0046 0x0b78 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs E:\WINDOWS\system32\rpcss.dll08:28:13.0156 0x0b78 RpcSs - ok08:28:13.0218 0x0b78 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP E:\WINDOWS\System32\rsvp.exe08:28:13.0312 0x0b78 RSVP - ok08:28:13.0390 0x0b78 [ CB9310A5A910648D359C99A857E22A54, 7E24EF1577FC6AEE5B6102DB4126F8EC5B5A1F1D9C46E5B09203B30F3F979C9E ] RTLE8023xp E:\WINDOWS\system32\DRIVERS\Rtenicxp.sys08:28:13.0484 0x0b78 RTLE8023xp - ok08:28:13.0484 0x0b78 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs E:\WINDOWS\system32\lsass.exe08:28:13.0546 0x0b78 SamSs - ok08:28:13.0578 0x0b78 [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS08:28:13.0609 0x0b78 SASDIFSV - ok08:28:13.0625 0x0b78 [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS08:28:13.0640 0x0b78 SASKUTIL - ok08:28:13.0671 0x0b78 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr E:\WINDOWS\System32\SCardSvr.exe08:28:13.0765 0x0b78 SCardSvr - ok08:28:13.0843 0x0b78 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule E:\WINDOWS\system32\schedsvc.dll08:28:13.0921 0x0b78 Schedule - ok08:28:13.0937 0x0b78 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv E:\WINDOWS\system32\DRIVERS\secdrv.sys08:28:14.0000 0x0b78 Secdrv - ok08:28:14.0046 0x0b78 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon E:\WINDOWS\System32\seclogon.dll08:28:14.0109 0x0b78 seclogon - ok08:28:14.0140 0x0b78 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS E:\WINDOWS\system32\sens.dll08:28:14.0218 0x0b78 SENS - ok08:28:14.0234 0x0b78 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum E:\WINDOWS\system32\DRIVERS\serenum.sys08:28:14.0296 0x0b78 serenum - ok08:28:14.0312 0x0b78 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial E:\WINDOWS\system32\DRIVERS\serial.sys08:28:14.0375 0x0b78 Serial - ok08:28:14.0390 0x0b78 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy E:\WINDOWS\system32\drivers\Sfloppy.sys08:28:14.0468 0x0b78 Sfloppy - ok08:28:14.0578 0x0b78 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess E:\WINDOWS\System32\ipnathlp.dll08:28:14.0718 0x0b78 SharedAccess - ok08:28:14.0781 0x0b78 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection E:\WINDOWS\System32\shsvcs.dll08:28:14.0796 0x0b78 ShellHWDetection - ok08:28:14.0796 0x0b78 Simbad - ok08:28:14.0796 0x0b78 Sparrow - ok08:28:14.0828 0x0b78 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter E:\WINDOWS\system32\drivers\splitter.sys08:28:14.0890 0x0b78 splitter - ok08:28:14.0937 0x0b78 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler E:\WINDOWS\system32\spoolsv.exe08:28:15.0000 0x0b78 Spooler - ok08:28:15.0046 0x0b78 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr E:\WINDOWS\system32\DRIVERS\sr.sys08:28:15.0125 0x0b78 sr - ok08:28:15.0171 0x0b78 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice E:\WINDOWS\System32\srsvc.dll08:28:15.0234 0x0b78 srservice - ok08:28:15.0359 0x0b78 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv E:\WINDOWS\system32\DRIVERS\srv.sys08:28:15.0453 0x0b78 Srv - ok08:28:15.0515 0x0b78 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV E:\WINDOWS\System32\ssdpsrv.dll08:28:15.0578 0x0b78 SSDPSRV - ok08:28:15.0703 0x0b78 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc E:\WINDOWS\system32\wiaservc.dll08:28:15.0921 0x0b78 stisvc - ok08:28:15.0937 0x0b78 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum E:\WINDOWS\system32\DRIVERS\swenum.sys08:28:15.0984 0x0b78 swenum - ok08:28:16.0000 0x0b78 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi E:\WINDOWS\system32\drivers\swmidi.sys08:28:16.0062 0x0b78 swmidi - ok08:28:16.0062 0x0b78 SwPrv - ok08:28:16.0078 0x0b78 symc810 - ok08:28:16.0078 0x0b78 symc8xx - ok08:28:16.0078 0x0b78 sym_hi - ok08:28:16.0078 0x0b78 sym_u3 - ok08:28:16.0109 0x0b78 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio E:\WINDOWS\system32\drivers\sysaudio.sys08:28:16.0203 0x0b78 sysaudio - ok08:28:16.0265 0x0b78 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog E:\WINDOWS\system32\smlogsvc.exe08:28:16.0359 0x0b78 SysmonLog - ok08:28:16.0437 0x0b78 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv E:\WINDOWS\System32\tapisrv.dll08:28:16.0500 0x0b78 TapiSrv - ok08:28:16.0609 0x0b78 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip E:\WINDOWS\system32\DRIVERS\tcpip.sys08:28:16.0937 0x0b78 Tcpip - ok08:28:16.0953 0x0b78 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE E:\WINDOWS\system32\drivers\TDPIPE.sys08:28:17.0000 0x0b78 TDPIPE - ok08:28:17.0015 0x0b78 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP E:\WINDOWS\system32\drivers\TDTCP.sys08:28:17.0078 0x0b78 TDTCP - ok08:28:17.0093 0x0b78 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD E:\WINDOWS\system32\DRIVERS\termdd.sys08:28:17.0171 0x0b78 TermDD - ok08:28:17.0281 0x0b78 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService E:\WINDOWS\System32\termsrv.dll08:28:17.0343 0x0b78 TermService - ok08:28:17.0390 0x0b78 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes E:\WINDOWS\System32\shsvcs.dll08:28:17.0390 0x0b78 Themes - ok08:28:17.0406 0x0b78 TosIde - ok08:28:17.0421 0x0b78 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks E:\WINDOWS\system32\trkwks.dll08:28:17.0484 0x0b78 TrkWks - ok08:28:17.0515 0x0b78 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs E:\WINDOWS\system32\drivers\Udfs.sys08:28:17.0578 0x0b78 Udfs - ok08:28:17.0593 0x0b78 ultra - ok08:28:17.0703 0x0b78 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update E:\WINDOWS\system32\DRIVERS\update.sys08:28:17.0843 0x0b78 Update - ok08:28:17.0906 0x0b78 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost E:\WINDOWS\System32\upnphost.dll08:28:18.0015 0x0b78 upnphost - ok08:28:18.0031 0x0b78 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS E:\WINDOWS\System32\ups.exe08:28:18.0093 0x0b78 UPS - ok08:28:18.0125 0x0b78 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp E:\WINDOWS\system32\DRIVERS\usbccgp.sys08:28:18.0171 0x0b78 usbccgp - ok08:28:18.0187 0x0b78 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci E:\WINDOWS\system32\DRIVERS\usbehci.sys08:28:18.0203 0x0b78 usbehci - ok08:28:18.0281 0x0b78 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub E:\WINDOWS\system32\DRIVERS\usbhub.sys08:28:18.0328 0x0b78 usbhub - ok08:28:18.0343 0x0b78 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint E:\WINDOWS\system32\DRIVERS\usbprint.sys08:28:18.0421 0x0b78 usbprint - ok08:28:18.0453 0x0b78 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS08:28:18.0531 0x0b78 USBSTOR - ok08:28:18.0546 0x0b78 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci E:\WINDOWS\system32\DRIVERS\usbuhci.sys08:28:18.0593 0x0b78 usbuhci - ok08:28:18.0609 0x0b78 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave E:\WINDOWS\System32\drivers\vga.sys08:28:18.0687 0x0b78 VgaSave - ok08:28:18.0687 0x0b78 ViaIde - ok08:28:18.0703 0x0b78 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap E:\WINDOWS\system32\drivers\VolSnap.sys08:28:18.0781 0x0b78 VolSnap - ok08:28:18.0781 0x0b78 vspqmgan - ok08:28:18.0875 0x0b78 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS E:\WINDOWS\System32\vssvc.exe08:28:19.0015 0x0b78 VSS - ok08:28:19.0078 0x0b78 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time E:\WINDOWS\System32\w32time.dll08:28:19.0140 0x0b78 W32Time - ok08:28:19.0171 0x0b78 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp E:\WINDOWS\system32\DRIVERS\wanarp.sys08:28:19.0218 0x0b78 Wanarp - ok08:28:19.0218 0x0b78 WDICA - ok08:28:19.0250 0x0b78 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud E:\WINDOWS\system32\drivers\wdmaud.sys08:28:19.0312 0x0b78 wdmaud - ok08:28:19.0328 0x0b78 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient E:\WINDOWS\System32\webclnt.dll08:28:19.0390 0x0b78 WebClient - ok08:28:19.0500 0x0b78 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt E:\WINDOWS\system32\wbem\WMIsvc.dll08:28:19.0562 0x0b78 winmgmt - ok08:28:19.0562 0x0b78 wjhfgmuv - ok08:28:19.0609 0x0b78 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN E:\WINDOWS\system32\mspmsnsv.dll08:28:19.0687 0x0b78 WmdmPmSN - ok08:28:19.0718 0x0b78 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv E:\WINDOWS\System32\wbem\wmiapsrv.exe08:28:19.0812 0x0b78 WmiApSrv - ok08:28:19.0859 0x0b78 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc E:\WINDOWS\system32\wscsvc.dll08:28:19.0921 0x0b78 wscsvc - ok08:28:19.0921 0x0b78 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv E:\WINDOWS\system32\wuauserv.dll08:28:19.0984 0x0b78 wuauserv - ok08:28:20.0125 0x0b78 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC E:\WINDOWS\System32\wzcsvc.dll08:28:20.0265 0x0b78 WZCSVC - ok08:28:20.0328 0x0b78 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov E:\WINDOWS\System32\xmlprov.dll08:28:20.0421 0x0b78 xmlprov - ok08:28:20.0421 0x0b78 yhvfpdrs - ok08:28:20.0437 0x0b78 zpandemo - ok08:28:20.0437 0x0b78 ================ Scan global ===============================08:28:20.0468 0x0b78 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] E:\WINDOWS\system32\basesrv.dll08:28:20.0578 0x0b78 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] E:\WINDOWS\system32\winsrv.dll08:28:20.0656 0x0b78 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] E:\WINDOWS\system32\winsrv.dll08:28:20.0703 0x0b78 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] E:\WINDOWS\system32\services.exe08:28:20.0703 0x0b78 [ Global ] - ok08:28:20.0703 0x0b78 ================ Scan MBR ==================================08:28:20.0734 0x0b78 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR008:28:21.0968 0x0b78 \Device\Harddisk0\DR0 - ok08:28:21.0968 0x0b78 ================ Scan VBR ==================================08:28:21.0968 0x0b78 [ CEF4EF42F67035415D958A98C3CD360B ] \Device\Harddisk0\DR0\Partition108:28:22.0078 0x0b78 \Device\Harddisk0\DR0\Partition1 - ok08:28:22.0078 0x0b78 [ 925A44594BD639BEE18FE56E56D78361 ] \Device\Harddisk0\DR0\Partition208:28:22.0140 0x0b78 \Device\Harddisk0\DR0\Partition2 - ok08:28:22.0140 0x0b78 ================ Scan active images ========================08:28:22.0140 0x0b78 [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] E:\WINDOWS\system32\drivers\intelppm.sys08:28:22.0140 0x0b78 E:\WINDOWS\system32\drivers\intelppm.sys - ok08:28:22.0156 0x0b78 [ E28726B72C46821A28830E077D39A55B, 66BE8A1055544C8CEBB7125726C1C306A026F3A1764589FCDDF3792076AF891F ] E:\WINDOWS\system32\drivers\videoprt.sys08:28:22.0156 0x0b78 E:\WINDOWS\system32\drivers\videoprt.sys - ok08:28:22.0156 0x0b78 [ 96F0E87376BC8CCA259EAA7F3259F244, 7A5898CAD54F46C133F7BE4551B635364A50938361185454C92BCF82425E0F25 ] E:\WINDOWS\system32\drivers\igxpmp32.sys08:28:22.0156 0x0b78 E:\WINDOWS\system32\drivers\igxpmp32.sys - ok08:28:22.0156 0x0b78 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] E:\WINDOWS\system32\drivers\hdaudbus.sys08:28:22.0156 0x0b78 E:\WINDOWS\system32\drivers\hdaudbus.sys - ok08:28:22.0156 0x0b78 [ CB9310A5A910648D359C99A857E22A54, 7E24EF1577FC6AEE5B6102DB4126F8EC5B5A1F1D9C46E5B09203B30F3F979C9E ] E:\WINDOWS\system32\drivers\Rtenicxp.sys08:28:22.0156 0x0b78 E:\WINDOWS\system32\drivers\Rtenicxp.sys - ok08:28:22.0156 0x0b78 [ 6DF35CA139C3BC15CC74390ABB114EFE, 5401724E49243625C43B3F9032E592EF43605C2510E809C1D318A7792AB9FBBA ] E:\WINDOWS\system32\drivers\usbport.sys08:28:22.0156 0x0b78 E:\WINDOWS\system32\drivers\usbport.sys - ok08:28:22.0171 0x0b78 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] E:\WINDOWS\system32\drivers\usbuhci.sys08:28:22.0171 0x0b78 E:\WINDOWS\system32\drivers\usbuhci.sys - ok08:28:22.0171 0x0b78 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] E:\WINDOWS\system32\drivers\usbehci.sys08:28:22.0171 0x0b78 E:\WINDOWS\system32\drivers\usbehci.sys - ok08:28:22.0171 0x0b78 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] E:\WINDOWS\system32\drivers\serial.sys08:28:22.0171 0x0b78 E:\WINDOWS\system32\drivers\serial.sys - ok08:28:22.0171 0x0b78 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] E:\WINDOWS\system32\drivers\serenum.sys08:28:22.0171 0x0b78 E:\WINDOWS\system32\drivers\serenum.sys - ok08:28:22.0171 0x0b78 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] E:\WINDOWS\system32\drivers\fdc.sys08:28:22.0171 0x0b78 E:\WINDOWS\system32\drivers\fdc.sys - ok08:28:22.0171 0x0b78 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] E:\WINDOWS\system32\drivers\parport.sys08:28:22.0171 0x0b78 E:\WINDOWS\system32\drivers\parport.sys - ok08:28:22.0187 0x0b78 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] E:\WINDOWS\system32\drivers\imapi.sys08:28:22.0187 0x0b78 E:\WINDOWS\system32\drivers\imapi.sys - ok08:28:22.0187 0x0b78 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] E:\WINDOWS\system32\drivers\cdrom.sys08:28:22.0187 0x0b78 E:\WINDOWS\system32\drivers\cdrom.sys - ok08:28:22.0187 0x0b78 [ 0753515F78DF7F271A5E61C20BCD36A1, A8D600CD0C592DFB875DE2D4F1AEDB207B80A43CF724051B6552BB6E539E9AFC ] E:\WINDOWS\system32\drivers\ks.sys08:28:22.0187 0x0b78 E:\WINDOWS\system32\drivers\ks.sys - ok08:28:22.0187 0x0b78 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] E:\WINDOWS\system32\drivers\redbook.sys08:28:22.0187 0x0b78 E:\WINDOWS\system32\drivers\redbook.sys - ok08:28:22.0187 0x0b78 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] E:\WINDOWS\system32\drivers\audstub.sys08:28:22.0187 0x0b78 E:\WINDOWS\system32\drivers\audstub.sys - ok08:28:22.0187 0x0b78 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] E:\WINDOWS\system32\drivers\rasl2tp.sys08:28:22.0187 0x0b78 E:\WINDOWS\system32\drivers\rasl2tp.sys - ok08:28:22.0203 0x0b78 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] E:\WINDOWS\system32\drivers\ndistapi.sys08:28:22.0203 0x0b78 E:\WINDOWS\system32\drivers\ndistapi.sys - ok08:28:22.0203 0x0b78 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] E:\WINDOWS\system32\drivers\ndiswan.sys08:28:22.0203 0x0b78 E:\WINDOWS\system32\drivers\ndiswan.sys - ok08:28:22.0203 0x0b78 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] E:\WINDOWS\system32\drivers\raspppoe.sys08:28:22.0203 0x0b78 E:\WINDOWS\system32\drivers\raspppoe.sys - ok08:28:22.0203 0x0b78 [ 0539D5E53587F82D1B4FD74C5BE205CF, 9C578FC46AC3B8260258B83C89A33C3D7990B365D7708AEF2296CD235C7D301A ] E:\WINDOWS\system32\drivers\tdi.sys08:28:22.0203 0x0b78 E:\WINDOWS\system32\drivers\tdi.sys - ok08:28:22.0203 0x0b78 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] E:\WINDOWS\system32\drivers\raspptp.sys08:28:22.0203 0x0b78 E:\WINDOWS\system32\drivers\raspptp.sys - ok08:28:22.0218 0x0b78 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] E:\WINDOWS\system32\drivers\psched.sys08:28:22.0218 0x0b78 E:\WINDOWS\system32\drivers\psched.sys - ok08:28:22.0218 0x0b78 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] E:\WINDOWS\system32\drivers\msgpc.sys08:28:22.0218 0x0b78 E:\WINDOWS\system32\drivers\msgpc.sys - ok08:28:22.0218 0x0b78 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] E:\WINDOWS\system32\drivers\ptilink.sys08:28:22.0218 0x0b78 E:\WINDOWS\system32\drivers\ptilink.sys - ok08:28:22.0218 0x0b78 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] E:\WINDOWS\system32\drivers\raspti.sys08:28:22.0218 0x0b78 E:\WINDOWS\system32\drivers\raspti.sys - ok08:28:22.0218 0x0b78 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] E:\WINDOWS\system32\drivers\termdd.sys08:28:22.0218 0x0b78 E:\WINDOWS\system32\drivers\termdd.sys - ok08:28:22.0218 0x0b78 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] E:\WINDOWS\system32\drivers\kbdclass.sys08:28:22.0218 0x0b78 E:\WINDOWS\system32\drivers\kbdclass.sys - ok08:28:22.0234 0x0b78 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] E:\WINDOWS\system32\drivers\mouclass.sys08:28:22.0234 0x0b78 E:\WINDOWS\system32\drivers\mouclass.sys - ok08:28:22.0234 0x0b78 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] E:\WINDOWS\system32\drivers\swenum.sys08:28:22.0234 0x0b78 E:\WINDOWS\system32\drivers\swenum.sys - ok08:28:22.0234 0x0b78 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] E:\WINDOWS\system32\drivers\update.sys08:28:22.0234 0x0b78 E:\WINDOWS\system32\drivers\update.sys - ok08:28:22.0234 0x0b78 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] E:\WINDOWS\system32\drivers\mssmbios.sys08:28:22.0234 0x0b78 E:\WINDOWS\system32\drivers\mssmbios.sys - ok08:28:22.0234 0x0b78 [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] E:\WINDOWS\system32\drivers\ndproxy.sys08:28:22.0234 0x0b78 E:\WINDOWS\system32\drivers\ndproxy.sys - ok08:28:22.0250 0x0b78 [ 6CB08593487F5701D2D2254E693EAFCE, 0518A1FC540C036E6864DA8C01CADE043D4F897D7FCF8C61352865131DEB7414 ] E:\WINDOWS\system32\drivers\drmk.sys08:28:22.0250 0x0b78 E:\WINDOWS\system32\drivers\drmk.sys - ok08:28:22.0250 0x0b78 [ E82A496C3961EFC6828B508C310CE98F, E142A0809525B34A376B3063B07B8822930056BBCB886B7CF1D7585BCEC371A0 ] E:\WINDOWS\system32\drivers\portcls.sys08:28:22.0250 0x0b78 E:\WINDOWS\system32\drivers\portcls.sys - ok08:28:22.0250 0x0b78 [ 691DDA8C43BD8E33A2567B694643C3F5, AAF39228AEA669AE2E3F489978E583404639E54B8618C0AE5D775BEDBB441A91 ] E:\WINDOWS\system32\drivers\RtkHDAud.sys08:28:22.0250 0x0b78 E:\WINDOWS\system32\drivers\RtkHDAud.sys - ok08:28:22.0250 0x0b78 [ 04FE5EF6ED4818EC4839EA5C611A6310, 666479AF6789FC5DF2EA8D4B6216FDA9A4998D252F95BD003619D9376B1DC9E7 ] E:\WINDOWS\system32\drivers\usbd.sys08:28:22.0250 0x0b78 E:\WINDOWS\system32\drivers\usbd.sys - ok08:28:22.0250 0x0b78 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] E:\WINDOWS\system32\drivers\usbhub.sys08:28:22.0250 0x0b78 E:\WINDOWS\system32\drivers\usbhub.sys - ok08:28:22.0250 0x0b78 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] E:\WINDOWS\system32\drivers\flpydisk.sys08:28:22.0250 0x0b78 E:\WINDOWS\system32\drivers\flpydisk.sys - ok08:28:22.0265 0x0b78 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] E:\WINDOWS\system32\drivers\sfloppy.sys08:28:22.0265 0x0b78 E:\WINDOWS\system32\drivers\sfloppy.sys - ok08:28:22.0265 0x0b78 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] E:\WINDOWS\system32\drivers\cdaudio.sys08:28:22.0265 0x0b78 E:\WINDOWS\system32\drivers\cdaudio.sys - ok08:28:22.0265 0x0b78 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] E:\WINDOWS\system32\drivers\fs_rec.sys08:28:22.0265 0x0b78 E:\WINDOWS\system32\drivers\fs_rec.sys - ok08:28:22.0265 0x0b78 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] E:\WINDOWS\system32\drivers\null.sys08:28:22.0265 0x0b78 E:\WINDOWS\system32\drivers\null.sys - ok08:28:22.0265 0x0b78 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] E:\WINDOWS\system32\drivers\beep.sys08:28:22.0265 0x0b78 E:\WINDOWS\system32\drivers\beep.sys - ok08:28:22.0281 0x0b78 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] E:\WINDOWS\system32\drivers\i8042prt.sys08:28:22.0281 0x0b78 E:\WINDOWS\system32\drivers\i8042prt.sys - ok08:28:22.0281 0x0b78 [ C569EF030B11F896E123A30AC92678DB, F851E99B968BBAB82E3B0D1D2F985AEE1EAD10C3BBACDD02BAB2ACEE57CB048A ] E:\WINDOWS\system32\drivers\hidparse.sys08:28:22.0281 0x0b78 E:\WINDOWS\system32\drivers\hidparse.sys - ok08:28:22.0281 0x0b78 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] E:\WINDOWS\system32\drivers\kbdhid.sys08:28:22.0281 0x0b78 E:\WINDOWS\system32\drivers\kbdhid.sys - ok08:28:22.0281 0x0b78 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] E:\WINDOWS\system32\drivers\vga.sys08:28:22.0281 0x0b78 E:\WINDOWS\system32\drivers\vga.sys - ok08:28:22.0281 0x0b78 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] E:\WINDOWS\system32\drivers\mnmdd.sys08:28:22.0281 0x0b78 E:\WINDOWS\system32\drivers\mnmdd.sys - ok08:28:22.0281 0x0b78 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] E:\WINDOWS\system32\drivers\msfs.sys08:28:22.0281 0x0b78 E:\WINDOWS\system32\drivers\msfs.sys - ok08:28:22.0296 0x0b78 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] E:\WINDOWS\system32\drivers\rdpcdd.sys08:28:22.0296 0x0b78 E:\WINDOWS\system32\drivers\rdpcdd.sys - ok08:28:22.0296 0x0b78 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] E:\WINDOWS\system32\drivers\npfs.sys08:28:22.0296 0x0b78 E:\WINDOWS\system32\drivers\npfs.sys - ok08:28:22.0296 0x0b78 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] E:\WINDOWS\system32\drivers\rasacd.sys08:28:22.0296 0x0b78 E:\WINDOWS\system32\drivers\rasacd.sys - ok08:28:22.0296 0x0b78 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] E:\WINDOWS\system32\drivers\ipsec.sys08:28:22.0296 0x0b78 E:\WINDOWS\system32\drivers\ipsec.sys - ok08:28:22.0296 0x0b78 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] E:\WINDOWS\system32\drivers\tcpip.sys08:28:22.0296 0x0b78 E:\WINDOWS\system32\drivers\tcpip.sys - ok08:28:22.0312 0x0b78 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] E:\WINDOWS\system32\drivers\ipnat.sys08:28:22.0312 0x0b78 E:\WINDOWS\system32\drivers\ipnat.sys - ok08:28:22.0312 0x0b78 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] E:\WINDOWS\system32\drivers\netbt.sys08:28:22.0312 0x0b78 E:\WINDOWS\system32\drivers\netbt.sys - ok08:28:22.0312 0x0b78 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] E:\WINDOWS\system32\drivers\wanarp.sys08:28:22.0312 0x0b78 E:\WINDOWS\system32\drivers\wanarp.sys - ok08:28:22.0312 0x0b78 [ 1AF592532532A402ED7C060F6954004F, 84A55432A7FBBD1B84FF8DD1BD84266747E4A88297BDAA84AAD12F13B848BFF2 ] E:\WINDOWS\system32\drivers\hidclass.sys08:28:22.0312 0x0b78 E:\WINDOWS\system32\drivers\hidclass.sys - ok08:28:22.0312 0x0b78 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] E:\WINDOWS\system32\drivers\afd.sys08:28:22.0312 0x0b78 E:\WINDOWS\system32\drivers\afd.sys - ok08:28:22.0312 0x0b78 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] E:\WINDOWS\system32\drivers\hidusb.sys08:28:22.0312 0x0b78 E:\WINDOWS\system32\drivers\hidusb.sys - ok08:28:22.0328 0x0b78 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] E:\WINDOWS\system32\drivers\netbios.sys08:28:22.0328 0x0b78 E:\WINDOWS\system32\drivers\netbios.sys - ok08:28:22.0328 0x0b78 [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] E:\WINDOWS\system32\drivers\processr.sys08:28:22.0328 0x0b78 E:\WINDOWS\system32\drivers\processr.sys - ok08:28:22.0328 0x0b78 [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] E:\Program Files\SUPERAntiSpyware\sasdifsv.sys08:28:22.0328 0x0b78 E:\Program Files\SUPERAntiSpyware\sasdifsv.sys - ok08:28:22.0328 0x0b78 [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS08:28:22.0328 0x0b78 E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS - ok08:28:22.0328 0x0b78 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] E:\WINDOWS\system32\drivers\rdbss.sys08:28:22.0328 0x0b78 E:\WINDOWS\system32\drivers\rdbss.sys - ok08:28:22.0343 0x0b78 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] E:\WINDOWS\system32\drivers\mouhid.sys08:28:22.0343 0x0b78 E:\WINDOWS\system32\drivers\mouhid.sys - ok08:28:22.0343 0x0b78 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] E:\WINDOWS\system32\drivers\mrxsmb.sys08:28:22.0343 0x0b78 E:\WINDOWS\system32\drivers\mrxsmb.sys - ok08:28:22.0343 0x0b78 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] E:\WINDOWS\system32\drivers\fips.sys08:28:22.0343 0x0b78 E:\WINDOWS\system32\drivers\fips.sys - ok08:28:22.0343 0x0b78 [ 5F816C1F539266D2D4C78694239DA0B5, 10BFCCF4EFFC3813A563D528DC5464827BEF10AE21D6B9C1138930228E7047D1 ] E:\WINDOWS\system32\smss.exe08:28:22.0343 0x0b78 E:\WINDOWS\system32\smss.exe - ok08:28:22.0343 0x0b78 [ F8F0D25CA553E39DDE485D8FC7FCCE89, 54DF909101AAEC63234A5C33B51D6689FEF58B943942BFFA9606864F43EC1085 ] E:\WINDOWS\system32\ntdll.dll08:28:22.0343 0x0b78 E:\WINDOWS\system32\ntdll.dll - ok08:28:22.0343 0x0b78 [ 23043C91A0F9DFB4B9E9F87B680863B4, 318A6F6DB4A1EDE7D3758E324350EA852449ABD2A7BB77004FBC403CF9FFB08B ] E:\WINDOWS\system32\autochk.exe08:28:22.0343 0x0b78 E:\WINDOWS\system32\autochk.exe - ok08:28:22.0359 0x0b78 [ 9DD07AF82244867CA36681EA2D29CE79, 84926A50CB38C322D1CDFD4C0D5F8FFE3B2EF3080B3401F5D5AE8CBD0A719685 ] E:\WINDOWS\system32\sfcfiles.dll08:28:22.0359 0x0b78 E:\WINDOWS\system32\sfcfiles.dll - ok08:28:22.0359 0x0b78 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] E:\WINDOWS\system32\drivers\cdfs.sys08:28:22.0359 0x0b78 E:\WINDOWS\system32\drivers\cdfs.sys - ok08:28:22.0359 0x0b78 [ 2F31B7F954BED437F2C75026C65CAF7B, 1F8D6CBB01AD403BC89D1E987012E2F63CDFD9C49F402F358B64B31C13E4DD14 ] E:\WINDOWS\system32\drivers\wmilib.sys08:28:22.0359 0x0b78 E:\WINDOWS\system32\drivers\wmilib.sys - ok08:28:22.0359 0x0b78 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] E:\WINDOWS\system32\drivers\atapi.sys08:28:22.0359 0x0b78 E:\WINDOWS\system32\drivers\atapi.sys - ok08:28:22.0359 0x0b78 [ FE97D0343ACFDEBDD578FC67CC91FA87, FE26FBA13079189EF96A1C994036EA472A4BF34FA14C163C693AD481BF31E676 ] E:\WINDOWS\system32\drivers\dxapi.sys08:28:22.0359 0x0b78 E:\WINDOWS\system32\drivers\dxapi.sys - ok08:28:22.0359 0x0b78 [ 9A10AACBFDC4922715375FB4065EC930, E407953587C04F75DDB163420A5121FF520D31F74753D452E316042C42D360CF ] E:\WINDOWS\system32\watchdog.sys08:28:22.0359 0x0b78 E:\WINDOWS\system32\watchdog.sys - ok08:28:22.0375 0x0b78 [ 80AAA73D56272FD54DC6DE8643D10E9F, 0DC91699D5AF322C78AF7783CF3D55A1F561219EE32DC8DA186F2255704D52FC ] E:\WINDOWS\system32\win32k.sys08:28:22.0375 0x0b78 E:\WINDOWS\system32\win32k.sys - ok08:28:22.0375 0x0b78 [ 44F275C64738EA2056E3D9580C23B60F, 5D4B7306E71A44440E7F0B32A373AEC120C01B69F87756589E39EB85C40CD742 ] E:\WINDOWS\system32\csrss.exe08:28:22.0375 0x0b78 E:\WINDOWS\system32\csrss.exe - ok08:28:22.0375 0x0b78 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] E:\WINDOWS\system32\basesrv.dll08:28:22.0375 0x0b78 E:\WINDOWS\system32\basesrv.dll - ok08:28:22.0375 0x0b78 [ DD40363ABAD230A84C5E2178B11EFA88, E4B406C0B10686CF245EC0053A03424CE1FB8AC7FB3545525F13BB3BC5086FF1 ] E:\WINDOWS\system32\csrsrv.dll08:28:22.0375 0x0b78 E:\WINDOWS\system32\csrsrv.dll - ok08:28:22.0375 0x0b78 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] E:\WINDOWS\system32\winsrv.dll08:28:22.0375 0x0b78 E:\WINDOWS\system32\winsrv.dll - ok08:28:22.0390 0x0b78 [ AFFE0B7126A86603D3F49A19A5B7DC46, 63C91B4726F583C1DC1B3F26CC8DC39C519401CF0005F223EE17A363BDBEA22F ] E:\WINDOWS\system32\gdi32.dll08:28:22.0390 0x0b78 E:\WINDOWS\system32\gdi32.dll - ok08:28:22.0390 0x0b78 [ 4A45B692D2BAA74124DF57472D5EA2F1, DFC6B595BBADFEF4930CCCF48E9FE55551CF0891571257E3E0A0DE328077A89B ] E:\WINDOWS\system32\kernel32.dll08:28:22.0390 0x0b78 E:\WINDOWS\system32\kernel32.dll - ok08:28:22.0390 0x0b78 [ B26B135FF1B9F60C9388B4A7D16F600B, ACD0AE7B4D5F871E148276C6CC4AE3A216E33F67FC78D827C16986E1F945438C ] E:\WINDOWS\system32\user32.dll08:28:22.0390 0x0b78 E:\WINDOWS\system32\user32.dll - ok08:28:22.0390 0x0b78 [ AC7280566A7BB85CB3291F04DDC1198E, 7640BC4C28B5D5167A10C4B0DA0FC8C7A255334D4BA11FD3E28A697A5B58583C ] E:\WINDOWS\system32\drivers\dxg.sys08:28:22.0390 0x0b78 E:\WINDOWS\system32\drivers\dxg.sys - ok08:28:22.0390 0x0b78 [ A73F5D6705B1D820C19B18782E176EFD, C36486504C3A596FDCA487143F6D3B43C0BEE01321F6F1F3071976556533C419 ] E:\WINDOWS\system32\drivers\dxgthk.sys08:28:22.0390 0x0b78 E:\WINDOWS\system32\drivers\dxgthk.sys - ok08:28:22.0390 0x0b78 [ 565137452A4D8F9D48BF61E338E1B128, AA70F2602D979AFBF12EDB906556341A6A6997A7F2FD839CCD863AA957AC6CD7 ] E:\WINDOWS\system32\igxpgd32.dll08:28:22.0390 0x0b78 E:\WINDOWS\system32\igxpgd32.dll - ok08:28:22.0406 0x0b78 [ 479D024F92A0AB5D7291D42A95D0A708, AD494BF9DA797AB157E64EB2697BD62E076EC2121CE838A41C277FD625264264 ] E:\WINDOWS\system32\igxprd32.dll08:28:22.0406 0x0b78 E:\WINDOWS\system32\igxprd32.dll - ok08:28:22.0406 0x0b78 [ ECB7591870F8BFB1A4C17B718AD5A4AA, 67E8D218F107F78F9C62999F560E47AEC799E4B4DC4AB3EBC0DC61670BFE3E3D ] E:\WINDOWS\system32\vga.dll08:28:22.0406 0x0b78 E:\WINDOWS\system32\vga.dll - ok08:28:22.0406 0x0b78 [ BF7718892EF3700F029E0536483B1973, F12E3EC2716ADE36CEF02ADCE317A4AB70AC253F71A9093A71D06023BB3AB023 ] E:\WINDOWS\system32\igxpdv32.dll08:28:22.0406 0x0b78 E:\WINDOWS\system32\igxpdv32.dll - ok08:28:22.0406 0x0b78 [ FE710ABB37D8A23C98B567887F7D5641, B90B6F027514F07D1B3E8F686CFB0F7949461D487D78FD6BE889302ACA90EC7B ] E:\WINDOWS\system32\igxpdx32.dll08:28:22.0406 0x0b78 E:\WINDOWS\system32\igxpdx32.dll - ok08:28:22.0406 0x0b78 [ ED0EF0A136DEC83DF69F04118870003E, 45377CB8E9F0120F836FC8261C711F7DBF7199117AFB3652EBF100D5F0429B1E ] E:\WINDOWS\system32\winlogon.exe08:28:22.0406 0x0b78 E:\WINDOWS\system32\winlogon.exe - ok08:28:22.0421 0x0b78 [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] E:\WINDOWS\system32\advapi32.dll08:28:22.0421 0x0b78 E:\WINDOWS\system32\advapi32.dll - ok08:28:22.0421 0x0b78 [ 44C164B34A72F29087ECA32411F2ED44, 112761CCEFE8F4B936AC58FF1F13589C0DBA3BE1AC348584D874B65DAB1EDED6 ] E:\WINDOWS\system32\rpcrt4.dll08:28:22.0421 0x0b78 E:\WINDOWS\system32\rpcrt4.dll - ok08:28:22.0421 0x0b78 [ 5357826C8A8DD6A07F17C48BB45BE46E, E081B04F8C8A31951A0ADEC889E6CA4DEED5FF738446D5A5614B11B113000BCA ] E:\WINDOWS\system32\secur32.dll08:28:22.0421 0x0b78 E:\WINDOWS\system32\secur32.dll - ok08:28:22.0421 0x0b78 [ 714705F29A917993536A6AB2DEDB0B7F, 5C3EA97044A7AF8027000DFA40901C0097EC935A7149C0A46AA2C6A2F9FD6CC1 ] E:\WINDOWS\system32\authz.dll08:28:22.0421 0x0b78 E:\WINDOWS\system32\authz.dll - ok08:28:22.0421 0x0b78 [ 355EDBB4D412B01F1740C17E3F50FA00, 8619D345C864CD8EA704EFAA0A391F5F31AA56BB6D30F62FC60F465873CC1BF9 ] E:\WINDOWS\system32\msvcrt.dll08:28:22.0421 0x0b78 E:\WINDOWS\system32\msvcrt.dll - ok08:28:22.0421 0x0b78 [ 636DF3FF20A1B69B3F9D21325E7115C7, 6B38CF96E92273995F40B6D7029D20B4041342D6EDD5B6CA73967A401823D4F5 ] E:\WINDOWS\system32\crypt32.dll08:28:22.0421 0x0b78 E:\WINDOWS\system32\crypt32.dll - ok08:28:22.0437 0x0b78 [ 04D898830DF96A17A20FD35D7590F87E, 09C75D1D434FF6BBE9B3F5E0A8E63944ACB34E364C4A89676DED2204DBD1AEF5 ] E:\WINDOWS\system32\msasn1.dll08:28:22.0437 0x0b78 E:\WINDOWS\system32\msasn1.dll - ok08:28:22.0437 0x0b78 [ 013C1148C1EC025596896E093F60F608, E19D20E0852372ED7DA66939E995F8F7ECC52ED5B650E8B833944788C0A34F61 ] E:\WINDOWS\system32\nddeapi.dll08:28:22.0437 0x0b78 E:\WINDOWS\system32\nddeapi.dll - ok08:28:22.0437 0x0b78 [ FCFA1C55971CC229D353B3A15ACCD995, 6C21D6EAD676AF8C100666261CE7AA5AA86671883B78092AD61008234C96BBBA ] E:\WINDOWS\system32\profmap.dll08:28:22.0437 0x0b78 E:\WINDOWS\system32\profmap.dll - ok08:28:22.0437 0x0b78 [ CAC752BF84DB4666ED3CE0948E6EA937, C84F9D57C076DE6ACC1720B66147D0CA963C65714593FAFD7FB1FE1F01CC464B ] E:\WINDOWS\system32\netapi32.dll08:28:22.0437 0x0b78 E:\WINDOWS\system32\netapi32.dll - ok08:28:22.0437 0x0b78 [ 43D13C80EBEC0135A3611E0F616F179B, 9C5409ECBD2C3B89C80F0A59B96220178E790A7D78967C6281D56EB1965E9ECD ] E:\WINDOWS\system32\userenv.dll08:28:22.0437 0x0b78 E:\WINDOWS\system32\userenv.dll - ok08:28:22.0437 0x0b78 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31, CC0A76B55B38183B8C6141C290D1858A9D118333C804784AB305FE76A0FCE775 ] E:\WINDOWS\system32\psapi.dll08:28:22.0437 0x0b78 E:\WINDOWS\system32\psapi.dll - ok Link to post Share on other sites More sharing options...
goode Posted September 20, 2014 Author ID:881175 Share Posted September 20, 2014 Rest of second TDSS log:08:28:22.0453 0x0b78 [ AF11C591F2F4AFF4A6CF699D376F618B, B61C0D1944D5D8F536AB5422017C99773BD89EA59784969E4F8F269BF9EF57C3 ] E:\WINDOWS\system32\regapi.dll08:28:22.0453 0x0b78 E:\WINDOWS\system32\regapi.dll - ok08:28:22.0453 0x0b78 [ 24192246760E0E64435522E246B1D6C2, B1C5A16A73250DEA900FF6ECE71F604E2411B4FDFD497564BEB7D867A75640BF ] E:\WINDOWS\system32\setupapi.dll08:28:22.0453 0x0b78 E:\WINDOWS\system32\setupapi.dll - ok08:28:22.0453 0x0b78 [ C7CE131408739B0B3A318BE2D0032719, CAEEED45F6BAB22F611B2200DC91E68426F169F5646247893CF3AC7EFDDD07B8 ] E:\WINDOWS\system32\version.dll08:28:22.0453 0x0b78 E:\WINDOWS\system32\version.dll - ok08:28:22.0453 0x0b78 [ 430CEB794F6E6EF8AC86958C242366D6, 48066566EDC18654095EAD7F4449CD42B44AD758465A6B36A42B489F32C7E64B ] E:\WINDOWS\system32\winsta.dll08:28:22.0453 0x0b78 E:\WINDOWS\system32\winsta.dll - ok08:28:22.0453 0x0b78 [ D458B738B4C2CE33174CFB2CE12412DB, C8FCA4B1BE8358B1F14BB25F39899A18804133544701DFCF40E8782C2487C912 ] E:\WINDOWS\system32\wintrust.dll08:28:22.0453 0x0b78 E:\WINDOWS\system32\wintrust.dll - ok08:28:22.0468 0x0b78 [ 16E916243BDDBAF44D98E623B2D0CEAD, A1C56AC378EDA9ACBE73342BEE0897E028BDD368288552108FC77A7AA1478690 ] E:\WINDOWS\system32\imagehlp.dll08:28:22.0468 0x0b78 E:\WINDOWS\system32\imagehlp.dll - ok08:28:22.0468 0x0b78 [ 2CCC474EB85CEAA3E1FA1726580A3E5A, 6E99D2FB4997E54E8B1B7D769CF2C0FAE296A6441DC39984850EA26BFEB7E500 ] E:\WINDOWS\system32\ws2_32.dll08:28:22.0468 0x0b78 E:\WINDOWS\system32\ws2_32.dll - ok08:28:22.0468 0x0b78 [ 0DA85218E92526972A821587E6A8BF8F, 9377F61D4B10974D5962E03F54BB89C8F804883245D61C670E51228AFE4559EB ] E:\WINDOWS\system32\imm32.dll08:28:22.0468 0x0b78 E:\WINDOWS\system32\imm32.dll - ok08:28:22.0468 0x0b78 [ 9789E95E1D88EEB4B922BF3EA7779C28, 2D17FD78E71BDB5D51B69DE6B36D7481A7AA3C61EA7636CD71638AF501883A91 ] E:\WINDOWS\system32\ws2help.dll08:28:22.0468 0x0b78 E:\WINDOWS\system32\ws2help.dll - ok08:28:22.0468 0x0b78 [ 56C5B179FE3308B655EB6208C3256FEC, C70BCE54E5DF47D37C835804EAAEC7C06C1A226EFA2003226BE290D1D552126F ] E:\WINDOWS\system32\kbdus.dll08:28:22.0468 0x0b78 E:\WINDOWS\system32\kbdus.dll - ok08:28:22.0468 0x0b78 [ D7B7A57C0E57C836F18CF12A4C62A1CA, 651B16027B4F4B0ED2F827E32B7E66188CDB023DB8C7B1A9A1A44063FB35B9DE ] E:\WINDOWS\system32\msgina.dll08:28:22.0468 0x0b78 E:\WINDOWS\system32\msgina.dll - ok08:28:22.0484 0x0b78 [ 93AFB83FBC1F9443CAC722FCA63D73BF, 853C4A03A153F232E5CAF219F7FD732CB82CB62171F077DE737B32169F7832AB ] E:\WINDOWS\system32\comctl32.dll08:28:22.0484 0x0b78 E:\WINDOWS\system32\comctl32.dll - ok08:28:22.0484 0x0b78 [ 40B0F98BAD16AD5DEF894E88C3EF8014, 916B7BFC23BB5A3F757160BCF2013A8260D9382EFDE6AADAFC4D297828C71003 ] E:\WINDOWS\system32\odbc32.dll08:28:22.0484 0x0b78 E:\WINDOWS\system32\odbc32.dll - ok08:28:22.0484 0x0b78 [ 86987A5000DFA3EBE2275C0456BCF2FE, 31B699E8FD11DD59ADBAE56650C1B7AE80484091B3B6D9015A95F590E2C3EB05 ] E:\WINDOWS\system32\comdlg32.dll08:28:22.0484 0x0b78 E:\WINDOWS\system32\comdlg32.dll - ok08:28:22.0484 0x0b78 [ 6843D54BC4A40CC8C5741AF750233D10, D998B54B7D23A986DD14D8BC56169A10EE43267F4F1914FBDD55B6B028993FAC ] E:\WINDOWS\system32\shell32.dll08:28:22.0484 0x0b78 E:\WINDOWS\system32\shell32.dll - ok08:28:22.0484 0x0b78 [ C448A248B743F5FB935C787A5D97268B, 26E88FF449F938B218FAED6D8F3F095577216A29D656D17ACEA7F6C16E638BED ] E:\WINDOWS\system32\shlwapi.dll08:28:22.0484 0x0b78 E:\WINDOWS\system32\shlwapi.dll - ok08:28:22.0500 0x0b78 [ 694503348B586E99D56C0E30AB5B3EF8, 53A0C2604574058F1520D8F0805F1247B15BB0E00A5B5BAFE027C702D55E5076 ] E:\WINDOWS\system32\sxs.dll08:28:22.0500 0x0b78 E:\WINDOWS\system32\sxs.dll - ok08:28:22.0500 0x0b78 [ 736B12B725AEB2B07F0241A9F680CB10, 9EF1406CAEE256117DA8C8904BCB20FB8F9421F02F812B4DC2CE1F16D2B315F2 ] E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll08:28:22.0500 0x0b78 E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok08:28:22.0500 0x0b78 [ 6B7C6B32F8E84D56C6260D684019FEA2, A10B4D413452D95B6B4087838F2FCE0B9F42D8C0CBE7A91DC080AE1163FB6D1A ] E:\WINDOWS\system32\odbcint.dll08:28:22.0500 0x0b78 E:\WINDOWS\system32\odbcint.dll - ok08:28:22.0500 0x0b78 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] E:\WINDOWS\system32\shsvcs.dll08:28:22.0500 0x0b78 E:\WINDOWS\system32\shsvcs.dll - ok08:28:22.0500 0x0b78 [ 96E1C926F22EE1BFBAE82901A35F6BF3, 95568F138216FFADCFC4BAE8A12825FFE53F2EA04C5CAC2AD10F65FC0C4E3CDB ] E:\WINDOWS\system32\sfc.dll08:28:22.0500 0x0b78 E:\WINDOWS\system32\sfc.dll - ok08:28:22.0500 0x0b78 [ 6B5DB6789177A4FD0DEBC248041D0739, 3E3239C3613CCBB9EE2539D78BC745ED19134E1D3BED88C3D5273796FA2507DA ] E:\WINDOWS\system32\sfc_os.dll08:28:22.0500 0x0b78 E:\WINDOWS\system32\sfc_os.dll - ok08:28:22.0515 0x0b78 [ 59B408E5B8489B0B36A0D783D150EDCC, CB234B25502B0CE0C1E6CFA883FDDF64DAB7A6E50A6AD36CAB3B30A7C872B403 ] E:\WINDOWS\system32\ole32.dll08:28:22.0515 0x0b78 E:\WINDOWS\system32\ole32.dll - ok08:28:22.0515 0x0b78 [ CF492D7E9AF1C628B3536D20EF6F5CC7, 3D7A5A5D6B804C0A3F3E7256B3AC19397567700271CABCD7C4C8B51565958BC8 ] E:\WINDOWS\system32\apphelp.dll08:28:22.0515 0x0b78 E:\WINDOWS\system32\apphelp.dll - ok08:28:22.0515 0x0b78 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] E:\WINDOWS\system32\lsass.exe08:28:22.0515 0x0b78 E:\WINDOWS\system32\lsass.exe - ok08:28:22.0515 0x0b78 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] E:\WINDOWS\system32\services.exe08:28:22.0515 0x0b78 E:\WINDOWS\system32\services.exe - ok08:28:22.0515 0x0b78 [ BD31DC6DBE9333C4FBD4BDF0899F2160, 545D83178CCD74C68B72C607201EF9E1C8A5FC26A08288F8D3A77106964D1034 ] E:\WINDOWS\system32\lsasrv.dll08:28:22.0515 0x0b78 E:\WINDOWS\system32\lsasrv.dll - ok08:28:22.0531 0x0b78 [ EC29A79F1E76DC509E24D401F29D0678, 2CECCD7CE806152F6DD1A6812C7DAEC46FB197E63D14414808D713C829EE4260 ] E:\WINDOWS\system32\ncobjapi.dll08:28:22.0531 0x0b78 E:\WINDOWS\system32\ncobjapi.dll - ok08:28:22.0531 0x0b78 [ F404830F3CD9BF8F2515E489C0CDA297, 4FFFBBDD04B82623983B8B51E52E113EBF0E32E8328BFD3754B7A299E5673569 ] E:\WINDOWS\system32\msvcp60.dll08:28:22.0531 0x0b78 E:\WINDOWS\system32\msvcp60.dll - ok08:28:22.0531 0x0b78 [ B24A42A413E694AD73FDFB7FBD492C31, 52411B5C714ED7FCFF3A120980EB75BF5A64E022303D3E717048E0E44F604AC0 ] E:\WINDOWS\system32\scesrv.dll08:28:22.0531 0x0b78 E:\WINDOWS\system32\scesrv.dll - ok08:28:22.0531 0x0b78 [ DD7BD97FB8BD800963789158A5E4B41D, 4C265CB9AC1B8C398E625C1775A5AADD8A030D158B557E24F90CA57C0253FF0D ] E:\WINDOWS\system32\mpr.dll08:28:22.0531 0x0b78 E:\WINDOWS\system32\mpr.dll - ok08:28:22.0531 0x0b78 [ EC4C0D9BFD9F7E33F8B395AD54E13063, 18E60FF334376604F213F3323FAB81F392493496C6CA809FAD66BB8B0EEB3396 ] E:\WINDOWS\system32\ntdsapi.dll08:28:22.0531 0x0b78 E:\WINDOWS\system32\ntdsapi.dll - ok08:28:22.0531 0x0b78 [ 2EDFC2A8893435723AD80481803C6D5C, CD547E4749EE6466FD4F50CF2EAD37AD993C6BC89068BD51726869D5ADB2AF8E ] E:\WINDOWS\system32\umpnpmgr.dll08:28:22.0531 0x0b78 E:\WINDOWS\system32\umpnpmgr.dll - ok08:28:22.0546 0x0b78 [ 389496118B3B03C2328024AF320132AC, 11F85CA49596CE12B1F80B5BC059B6F5549FC09A43E2C47841A688F2ACEBB8B8 ] E:\WINDOWS\system32\dnsapi.dll08:28:22.0546 0x0b78 E:\WINDOWS\system32\dnsapi.dll - ok08:28:22.0546 0x0b78 [ 1F03103598BD817B1078DAB1326DDE11, 0F0D19E67E25E9D2113920166B7326B46BACD22BA08476EC91D9C564AFC1FAF3 ] E:\WINDOWS\system32\shimeng.dll08:28:22.0546 0x0b78 E:\WINDOWS\system32\shimeng.dll - ok08:28:22.0546 0x0b78 [ EA9EE60B408878E5F2012F9C783836DB, 354A6660705759C0E767BCD7FB6F1B4371B74784A986431A626DF3793D0421EC ] E:\WINDOWS\AppPatch\acadproc.dll08:28:22.0546 0x0b78 E:\WINDOWS\AppPatch\acadproc.dll - ok08:28:22.0546 0x0b78 [ 0492CF5870F0E616B0C71695A433D162, 47C9FB64A4CF3DF54F664B2B31A834ACF75B504650007E6201546C2D0E44D9C2 ] E:\WINDOWS\system32\wldap32.dll08:28:22.0546 0x0b78 E:\WINDOWS\system32\wldap32.dll - ok08:28:22.0546 0x0b78 [ 8329A39D5A402A75A74301D6A62ECDA1, 1947B2B19F2D0C690EC880B5A92F88903D78C6BB6EE47261B3D744B5A863D562 ] E:\WINDOWS\system32\samlib.dll08:28:22.0546 0x0b78 E:\WINDOWS\system32\samlib.dll - ok08:28:22.0562 0x0b78 [ F05B8CDB7FE0E55DCCFB1D946CE80064, E59BC2F25EBFF5F0CF459C9B8DEE882ADE227323F4768EBACFCC6784861BF260 ] E:\WINDOWS\system32\samsrv.dll08:28:22.0562 0x0b78 E:\WINDOWS\system32\samsrv.dll - ok08:28:22.0562 0x0b78 [ 17A1D675C12BBF80CAAC54A4855C41D0, F6185E42180218E932ADFFD63EF78EE8324B816BD57EA217322A46D1D2F47928 ] E:\WINDOWS\system32\cryptdll.dll08:28:22.0562 0x0b78 E:\WINDOWS\system32\cryptdll.dll - ok08:28:22.0562 0x0b78 [ 310C15FD8358B2C4CD7A5B98A112883F, CA656F066373B164A138032F5BF7EF68603EBDB0D49BD4663C99061F47F29085 ] E:\WINDOWS\AppPatch\acgenral.dll08:28:22.0562 0x0b78 E:\WINDOWS\AppPatch\acgenral.dll - ok08:28:22.0562 0x0b78 [ 4A953F13942867BA8FB41F141EC1B80C, BAE05A8CEDA4411324E38DB8A2153A988C6A3FAC8AD7CB27EE14E18FE7C47569 ] E:\WINDOWS\system32\winmm.dll08:28:22.0562 0x0b78 E:\WINDOWS\system32\winmm.dll - ok08:28:22.0562 0x0b78 [ EFF03460E542EEA6B0ABDEC6BF19C897, C2A0DDE6E8B49B152C295E97CFC35557391DEEE5A3A0B1BB4E445C405C716C55 ] E:\WINDOWS\system32\oleaut32.dll08:28:22.0562 0x0b78 E:\WINDOWS\system32\oleaut32.dll - ok08:28:22.0562 0x0b78 [ 2098AB52BD5316E59AA36F3437B13BE6, C4C9F2CFCAFF91B4A6F68E28EFE12EED216B41F081F8D577597C0634ECE57018 ] E:\WINDOWS\system32\msacm32.dll08:28:22.0562 0x0b78 E:\WINDOWS\system32\msacm32.dll - ok08:28:22.0578 0x0b78 [ 7A2CC3719B255E6B5D74396183B7715B, 2C4A2D5B42CFFE42BE72A652D1B0EED43D7EECF7CA3416660A3E0C539AA2AC34 ] E:\WINDOWS\system32\uxtheme.dll08:28:22.0578 0x0b78 E:\WINDOWS\system32\uxtheme.dll - ok08:28:22.0578 0x0b78 [ F24B12786D60A17008319E3F2AEE7799, BF916F65D770C61612678171CC184A0BF259992CEC0BF607D26834CE2A234FB3 ] E:\WINDOWS\system32\msapsspc.dll08:28:22.0578 0x0b78 E:\WINDOWS\system32\msapsspc.dll - ok08:28:22.0578 0x0b78 [ 7A660EDC0757849DF5F8706FB6E9F740, CA3820507A92EE9AB4EE8E804736FE1795224AE02D396AADB5BFD53223D9B7E2 ] E:\WINDOWS\system32\msvcrt40.dll08:28:22.0578 0x0b78 E:\WINDOWS\system32\msvcrt40.dll - ok08:28:22.0578 0x0b78 [ 0F64207B49390C8063C36AE7CBF9C2DB, 52C4A7A38EE11CA247001EB0A3C67BFEB1A09E9AC406486132D5AC38BE3A6A6F ] E:\WINDOWS\system32\schannel.dll08:28:22.0578 0x0b78 E:\WINDOWS\system32\schannel.dll - ok08:28:22.0578 0x0b78 [ 3D76DD0CBC536E0F8C45D23ED230BEB2, F74F94525AB7CE1E269452C9E1DD08411A668CFDD94F069C90FC2EE33CB35A12 ] E:\WINDOWS\system32\digest.dll08:28:22.0578 0x0b78 E:\WINDOWS\system32\digest.dll - ok08:28:22.0578 0x0b78 [ A4388DF80E52695AE92EE5F3F61F1619, A4B7C6E10B92B5022CA6E8FD9094098614FD63178EA86A7B035EB89B373BF033 ] E:\WINDOWS\system32\msnsspc.dll08:28:22.0578 0x0b78 E:\WINDOWS\system32\msnsspc.dll - ok08:28:22.0593 0x0b78 [ 5733177BCF16EE78B99543C9B0AB81EA, 6504D3D665AC8AB27A44F863F9C1A23FF3B68EAC0512F418712CC0D56F739E24 ] E:\WINDOWS\system32\msctfime.ime08:28:22.0593 0x0b78 E:\WINDOWS\system32\msctfime.ime - ok08:28:22.0593 0x0b78 [ C6BB1D1500DB4A0E224CB65E6C7E8A80, 32099A486457D1DC3B1269DE9570EE922F118C3BD443FE78ED051DD764EF4DE3 ] E:\WINDOWS\system32\msprivs.dll08:28:22.0593 0x0b78 E:\WINDOWS\system32\msprivs.dll - ok08:28:22.0593 0x0b78 [ A525C96C51D55111FDF3BEA9FFFFC7AE, AA5B080E01573B96A37E67F871F97AE975E1E9519EDB16476472AA3FA2144643 ] E:\WINDOWS\system32\kerberos.dll08:28:22.0593 0x0b78 E:\WINDOWS\system32\kerberos.dll - ok08:28:22.0593 0x0b78 [ 318FAA70D9B0FB8DD168D4ED628E27B2, 2C407FFDA4A02D4A1CB9592C6FA4293BA31BE8852670436F1187A8107572ED41 ] E:\WINDOWS\system32\atmfd.dll08:28:22.0593 0x0b78 E:\WINDOWS\system32\atmfd.dll - ok08:28:22.0593 0x0b78 [ 517561A1113B04E51D936CD018DE1C1F, A5F572C3557705F28F7A465970F0432F55B616EFD208BA0CBDFFBF7A41F07C04 ] E:\WINDOWS\system32\msv1_0.dll08:28:22.0593 0x0b78 E:\WINDOWS\system32\msv1_0.dll - ok08:28:22.0609 0x0b78 [ AF07DC9B7CC455629E732340C7B15F3A, 4403503F24FB76AB55D347273319B98BC0955AB3E537FA5ADA498B9AED76484A ] E:\WINDOWS\system32\iphlpapi.dll08:28:22.0609 0x0b78 E:\WINDOWS\system32\iphlpapi.dll - ok08:28:22.0609 0x0b78 [ 1B7F071C51B77C272875C3A23E1E4550, 9D6EA6DF4F4A531E35B843CE11AB6BDBEF0C2716773C14660E98038C1F68B7C4 ] E:\WINDOWS\system32\netlogon.dll08:28:22.0609 0x0b78 E:\WINDOWS\system32\netlogon.dll - ok08:28:22.0609 0x0b78 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] E:\WINDOWS\system32\w32time.dll08:28:22.0609 0x0b78 E:\WINDOWS\system32\w32time.dll - ok08:28:22.0609 0x0b78 [ 3AAF9B35939FF9E58CCD18D41655C2FC, AF7358AB0A507D77569A8D38D2392C224BFBEFD1264C069BBC6C677BC20C6B8B ] E:\WINDOWS\system32\wdigest.dll08:28:22.0609 0x0b78 E:\WINDOWS\system32\wdigest.dll - ok08:28:22.0609 0x0b78 [ 54DAE3EA34802B4ED9AE1C6B1209FA56, EEB1FA90DB44C821B371D5F7C323B4F88E843107BBA16DA2ACB124D6A848B257 ] E:\WINDOWS\system32\rsaenh.dll08:28:22.0609 0x0b78 E:\WINDOWS\system32\rsaenh.dll - ok08:28:22.0609 0x0b78 [ 02988B904C386B500CD08639C4C20EEA, 66E96045957AABD7F5C364D64DE23A09D4C292C844FA00C45626A8D1EC21F206 ] E:\WINDOWS\system32\winscard.dll08:28:22.0609 0x0b78 E:\WINDOWS\system32\winscard.dll - ok08:28:22.0625 0x0b78 [ 0E2735281FBB9A764D5584C2A5DCBA59, B1EFF5D7BFDDFEC3A3E5B2F17A6A0F3F47C344A64AB57E6918B4DEC094FC9444 ] E:\WINDOWS\system32\wtsapi32.dll08:28:22.0625 0x0b78 E:\WINDOWS\system32\wtsapi32.dll - ok08:28:22.0625 0x0b78 [ A86BB5E61BF3E39B62AB4C7E7085A084, B88446E007153BB58C5AE867AC3FB4C46618BBAA5A152687201E0E81F881465A ] E:\WINDOWS\system32\scecli.dll08:28:22.0625 0x0b78 E:\WINDOWS\system32\scecli.dll - ok08:28:22.0625 0x0b78 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18, 2910EBC692D833D949BFD56059E8106D324A276D5F165F874F3FB1B6C613CDD5 ] E:\WINDOWS\system32\svchost.exe08:28:22.0625 0x0b78 E:\WINDOWS\system32\svchost.exe - ok08:28:22.0625 0x0b78 [ 549290DBC280C887681D7652978DBBE0, CA2CA8561F11CDD5FD5D23D9D88A96A7FFE4AF6DFE8CE783B0969B6ED3C4CBF8 ] E:\WINDOWS\system32\ntmarta.dll08:28:22.0625 0x0b78 E:\WINDOWS\system32\ntmarta.dll - ok08:28:22.0625 0x0b78 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] E:\WINDOWS\system32\rpcss.dll08:28:22.0625 0x0b78 E:\WINDOWS\system32\rpcss.dll - ok08:28:22.0640 0x0b78 [ 16403217AB6FC5C30C14C6B12098AD4B, DEA7C556BA9C91E056E6035E77A793A77E428D493518D1C6F796B003D4F07305 ] E:\WINDOWS\system32\xpsp2res.dll08:28:22.0640 0x0b78 E:\WINDOWS\system32\xpsp2res.dll - ok08:28:22.0640 0x0b78 [ 6D4FEB43EE538FC5428CC7F0565AA656, 4091D82537198562F0CA1D032B2D4BEC75101342B7BCA7778FDA2D515300BC36 ] E:\WINDOWS\system32\eventlog.dll08:28:22.0640 0x0b78 E:\WINDOWS\system32\eventlog.dll - ok08:28:22.0640 0x0b78 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23, 032B6D1F541F180A2FE619664EF180D3FD748AEF7E311BA925FCED74E7ED4713 ] E:\WINDOWS\system32\logonui.exe08:28:22.0640 0x0b78 E:\WINDOWS\system32\logonui.exe - ok08:28:22.0640 0x0b78 [ 3D41A9326F0376FC73AF961DD23B1FB1, 1242F3B57599675D1E0E26615E206CE3DB15FA6A23BC5D21EB630EE9858EBC7B ] E:\WINDOWS\system32\duser.dll08:28:22.0640 0x0b78 E:\WINDOWS\system32\duser.dll - ok08:28:22.0640 0x0b78 [ AFFC87E2501FCE8F09D4C10BA6421CCF, E63837B281C4AE90A7CBA8E072E07A9A5A2FDD5B15E7FB5C2D7562FE72BE5408 ] E:\WINDOWS\system32\msimg32.dll08:28:22.0640 0x0b78 E:\WINDOWS\system32\msimg32.dll - ok08:28:22.0640 0x0b78 [ 20200EE3CFE10E9F0C028D8653BE11C6, 3ACF2110D72509CBA3BF780C5D6D662BAFEEA6CA423BE8B0F97288B953127035 ] E:\WINDOWS\system32\oleacc.dll08:28:22.0640 0x0b78 E:\WINDOWS\system32\oleacc.dll - ok08:28:22.0656 0x0b78 [ F137A0CA70003DB20448D540651FA003, 4D3095FD8431D0839B6EE785A979D005A1035368A152CDC705804E85B7673198 ] E:\WINDOWS\system32\clbcatq.dll08:28:22.0656 0x0b78 E:\WINDOWS\system32\clbcatq.dll - ok08:28:22.0656 0x0b78 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] E:\WINDOWS\system32\mswsock.dll08:28:22.0656 0x0b78 E:\WINDOWS\system32\mswsock.dll - ok08:28:22.0656 0x0b78 [ 3CB32D3B8CBE79899D63280BB7A83CD9, F34DB3B3DD65F0135F1F7005703B824D2C9B17F7A43062F1FFBEC53B3B26EFC3 ] E:\WINDOWS\system32\hnetcfg.dll08:28:22.0656 0x0b78 E:\WINDOWS\system32\hnetcfg.dll - ok08:28:22.0656 0x0b78 [ 1280A158C722FA95A80FB7AEBE78FA7D, 9B6E8158E581500C5C417F6453A6414901020123D34FDBC04289750E8B072538 ] E:\WINDOWS\system32\comres.dll08:28:22.0656 0x0b78 E:\WINDOWS\system32\comres.dll - ok08:28:22.0656 0x0b78 [ 4E3D06D6E68EEDB52565080F55B460D3, A503BFC29D3936045488EDC1771914EC84BE80E422F772F53D7961F526D707E6 ] E:\WINDOWS\system32\wshtcpip.dll08:28:22.0656 0x0b78 E:\WINDOWS\system32\wshtcpip.dll - ok08:28:22.0671 0x0b78 [ D72B9EC3337B247A666F098F3D6B43DE, 4BC52AD1116078B0B313AB6555024302225D6CC03CA428151F78B7C48821489F ] E:\WINDOWS\system32\winrnr.dll08:28:22.0671 0x0b78 E:\WINDOWS\system32\winrnr.dll - ok08:28:22.0671 0x0b78 [ 1EE3643D1AA747222427F63353611AD7, 18465E375485DF4E980121449077D5BA87C25C5FA8D86F40DA3B7BE153306766 ] E:\Program Files\Microsoft Security Client\MsMpEng.exe08:28:22.0671 0x0b78 E:\Program Files\Microsoft Security Client\MsMpEng.exe - ok08:28:22.0671 0x0b78 [ 6F9BEF24C578D5D6740E080BEDD6A448, 72426D49BC31488261D226C7D0C98AD11192019E71654F53D1D17183C328CC7C ] E:\WINDOWS\system32\rasadhlp.dll08:28:22.0671 0x0b78 E:\WINDOWS\system32\rasadhlp.dll - ok08:28:22.0671 0x0b78 [ BD5857204803716E11D5164E935C1035, 9F0C192791892C0AEA24AD78738AC4BCAABA1FDC157093B9AF97FE20B6B253E3 ] E:\Program Files\Microsoft Security Client\MpSvc.dll08:28:22.0671 0x0b78 E:\Program Files\Microsoft Security Client\MpSvc.dll - ok08:28:22.0671 0x0b78 [ E5EDBD51476DB5001ABF5C82AE5C3DD1, 5C97ABF5802A7F886781788FE6107F9F06962F9D704A2A43A03062C9405F56C3 ] E:\WINDOWS\system32\shgina.dll08:28:22.0671 0x0b78 E:\WINDOWS\system32\shgina.dll - ok08:28:22.0671 0x0b78 [ 4C18D66766D639E3F8629511B3FDC7DD, 058BCE774CAABA9F1252F7EAF1EB6A1B284D3E9F6E95B429FE21431806AAA5AA ] E:\Program Files\Microsoft Security Client\MpClient.dll08:28:22.0671 0x0b78 E:\Program Files\Microsoft Security Client\MpClient.dll - ok08:28:22.0687 0x0b78 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] E:\WINDOWS\system32\drivers\ndisuio.sys08:28:22.0687 0x0b78 E:\WINDOWS\system32\drivers\ndisuio.sys - ok08:28:22.0687 0x0b78 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] E:\WINDOWS\system32\dhcpcsvc.dll08:28:22.0687 0x0b78 E:\WINDOWS\system32\dhcpcsvc.dll - ok08:28:22.0687 0x0b78 [ 515A7FAE2070C2B0242B2353443E2F11, 6121C5613784831F584B50E8DC91BBD7AC58BDB602FE4CDB4B237670B6BB4537 ] E:\WINDOWS\system32\cscdll.dll08:28:22.0687 0x0b78 E:\WINDOWS\system32\cscdll.dll - ok08:28:22.0687 0x0b78 [ E2092F0A1D7ABC243F9C2362483D150D, 50028400D6BA1C5B27BFC9AAC9D41539383F3EC723977CA937715E14094D846A ] E:\WINDOWS\system32\dimsntfy.dll08:28:22.0687 0x0b78 E:\WINDOWS\system32\dimsntfy.dll - ok08:28:22.0687 0x0b78 [ C4FD91F38B9223F1BC6F4A3341756518, F8B3A55018EC6BB6CD4DA253AC4BFAD57439060D411CE7CC846B4CE663A3781C ] E:\Program Files\Microsoft Security Client\MpCommu.dll08:28:22.0687 0x0b78 E:\Program Files\Microsoft Security Client\MpCommu.dll - ok08:28:22.0703 0x0b78 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] E:\WINDOWS\system32\dnsrslvr.dll08:28:22.0703 0x0b78 E:\WINDOWS\system32\dnsrslvr.dll - ok08:28:22.0703 0x0b78 [ 2CC34E8BB667EEF78899546E12649196, 5BA2604041BF7C1D580D4D2AEDC7708F9E9B0AF6E0928663E3D9C7297296D721 ] E:\WINDOWS\system32\wlnotify.dll08:28:22.0703 0x0b78 E:\WINDOWS\system32\wlnotify.dll - ok08:28:22.0703 0x0b78 [ BD83ABA61E8ACCC8D9FFB869F29418CE, 45ED22E825047A1BE07B017F95FBF965A90602C59E6B110D0C604FBE07DE1562 ] E:\WINDOWS\system32\winspool.drv08:28:22.0703 0x0b78 E:\WINDOWS\system32\winspool.drv - ok08:28:22.0703 0x0b78 [ 684559A03CBC1D05BA120A18B0D8BA5D, 7425F27C8EF8CEF26B071D7FD5FED538C74EF524AEF73E427B1781F3A3C16C42 ] E:\WINDOWS\system32\winhttp.dll08:28:22.0703 0x0b78 E:\WINDOWS\system32\winhttp.dll - ok08:28:22.0703 0x0b78 [ E7ABCEDB8BAC7935EC4A75DA80B2E77B, 6EFAD69C89FE1DDFEADB6439D7F1812353DB208C6654B8C0930CC8B41E4C5F7C ] E:\Program Files\Microsoft Security Client\MpRTP.dll08:28:22.0703 0x0b78 E:\Program Files\Microsoft Security Client\MpRTP.dll - ok08:28:22.0703 0x0b78 [ 5D43C9A33F18C707BA169AFDA88BDF30, 6796891360B4731B4F165300BD9FAC9A2A4C54E8CFF86DEC8036D3765AE4D9A3 ] E:\WINDOWS\system32\fltlib.dll08:28:22.0703 0x0b78 E:\WINDOWS\system32\fltlib.dll - ok08:28:22.0718 0x0b78 [ 04AB4AF054F9746F6E3C7377B02CF9C0, 34E73217CB6318FF451B652768E060A9F0B90BD3FDB447DE9B47685A7A344630 ] E:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AF79B53-438C-428C-84F4-F32EDE9A32C5}\mpengine.dll08:28:22.0718 0x0b78 E:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AF79B53-438C-428C-84F4-F32EDE9A32C5}\mpengine.dll - ok08:28:22.0718 0x0b78 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] E:\WINDOWS\system32\wzcsvc.dll08:28:22.0718 0x0b78 E:\WINDOWS\system32\wzcsvc.dll - ok08:28:22.0718 0x0b78 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] E:\WINDOWS\system32\lmhsvc.dll08:28:22.0718 0x0b78 E:\WINDOWS\system32\lmhsvc.dll - ok08:28:22.0718 0x0b78 [ 876CCF164E08D6B903CD14398E056DD2, 9AC7887F992F20E10EB3ED9B3AEF47B5C840172FA7895531F4EF86D6EA642D0F ] E:\WINDOWS\system32\rtutils.dll08:28:22.0718 0x0b78 E:\WINDOWS\system32\rtutils.dll - ok08:28:22.0718 0x0b78 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F, EC80729BDD250C161B29DA853D45C703CB4844DE185C5665DB0627D9568995AB ] E:\WINDOWS\system32\eapolqec.dll08:28:22.0718 0x0b78 E:\WINDOWS\system32\eapolqec.dll - ok08:28:22.0718 0x0b78 [ 7B0770526801F05D58C51A3DFB87B4BD, 7A2858DD3AE8C26DE88F8CC71E8DC9A8A50C363BA4FB34EE6EE2D81C18845A96 ] E:\WINDOWS\system32\wmi.dll08:28:22.0718 0x0b78 E:\WINDOWS\system32\wmi.dll - ok08:28:22.0734 0x0b78 [ 224FB925C641DA16CEB6D60F40CA4C75, 2DDB3B019D2A22B359C5974DC366EC9B95F4382DB1BF7F1958CFF0EC277895C7 ] E:\WINDOWS\system32\atl.dll08:28:22.0734 0x0b78 E:\WINDOWS\system32\atl.dll - ok08:28:22.0734 0x0b78 [ 8AE93AACC648921BAACB8602991AC4B3, 78292B1BAEE64C997C50B6D907FE623C2EDF937A62D3C3690FA24342180B7AB2 ] E:\WINDOWS\system32\qutil.dll08:28:22.0734 0x0b78 E:\WINDOWS\system32\qutil.dll - ok08:28:22.0734 0x0b78 [ 8E2CC37BA87D8F681066E0E9C8A19F73, 90536FD502D92AE4FECE0C250373742D2E8AC9E9BE314070BB28C4A2BEA15508 ] E:\WINDOWS\system32\dot3api.dll08:28:22.0734 0x0b78 E:\WINDOWS\system32\dot3api.dll - ok08:28:22.0734 0x0b78 [ F5B754CDEA20BBB3A31E16A776EDE6D6, C5D682FA9B86810C6E3D741E507EDA024C4554BEB5B6A1686F70E109EE9CD746 ] E:\WINDOWS\system32\esent.dll08:28:22.0734 0x0b78 E:\WINDOWS\system32\esent.dll - ok08:28:22.0734 0x0b78 [ A39BE37C9237DB5F1990D61B268EA555, ABAB9D73DF10D2AC78F00A6C5E5318C4DE166CDF70683408D83D218CB39B7449 ] E:\WINDOWS\system32\rastls.dll08:28:22.0734 0x0b78 E:\WINDOWS\system32\rastls.dll - ok08:28:22.0750 0x0b78 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3, 9085384DD71F983E7FD8B6C8F54A3097412DA3C802C813C8AAB1F30558C416D6 ] E:\WINDOWS\system32\cryptui.dll08:28:22.0750 0x0b78 E:\WINDOWS\system32\cryptui.dll - ok08:28:22.0750 0x0b78 [ 8AF91E4B4C1F5338EBE1548117304296, 493F46CB43496B8158924229094374D4531DA32E3C77FF4F86FCB86DEACFB79B ] E:\WINDOWS\system32\wininet.dll08:28:22.0750 0x0b78 E:\WINDOWS\system32\wininet.dll - ok08:28:22.0750 0x0b78 [ 10753A3ADC3E39A3B10CC3F08E98E6B4, 99C7B1B04CD593139917ED3D68BEC36C63BCE76663505CB5D026B62AF39BB383 ] E:\WINDOWS\system32\normaliz.dll08:28:22.0750 0x0b78 E:\WINDOWS\system32\normaliz.dll - ok08:28:22.0750 0x0b78 [ 1387AB5807E7A29D880699CC733F6AED, 0A3B777546E5F5EBC7914118D0BB32546279AEC726FED05519E0CF8F97DFA039 ] E:\WINDOWS\system32\urlmon.dll08:28:22.0750 0x0b78 E:\WINDOWS\system32\urlmon.dll - ok08:28:22.0750 0x0b78 [ 89A1EE0C4046375B4B9E0B010C90C802, 51D54DA31E30487E73B50F482F1A04F273BC812F3AB2C415D09CB44956097E11 ] E:\WINDOWS\system32\iertutil.dll08:28:22.0750 0x0b78 E:\WINDOWS\system32\iertutil.dll - ok08:28:22.0750 0x0b78 [ EA5B8BECA3F279C757578CD7F1E95855, 6FA42A9C8A114208BCB1D0A799C43CD07FB0F986495191D58C1BBD150B7B3A90 ] E:\WINDOWS\system32\mprapi.dll08:28:22.0750 0x0b78 E:\WINDOWS\system32\mprapi.dll - ok08:28:22.0765 0x0b78 [ 2CDAE321B8E878A278BA2D2FA013060B, 51A382D665EB4A8BD66A3EF9B518DC02D3637318768758AB6F1017E50826CC56 ] E:\WINDOWS\system32\activeds.dll08:28:22.0765 0x0b78 E:\WINDOWS\system32\activeds.dll - ok08:28:22.0765 0x0b78 [ 0D84657DBF93DB98673DEFDF2B29E25A, 22105E297D663790BFA1EAE5AC670B283E69FDF2428DEBC596F3EB920E53AFF9 ] E:\WINDOWS\system32\adsldpc.dll08:28:22.0765 0x0b78 E:\WINDOWS\system32\adsldpc.dll - ok08:28:22.0765 0x0b78 [ 92C4F48B62B0B876194584C3FF09CCB6, B24FF5E8D4F09B8200395B68A20A083E7ED9A29B9E9FB85F42E1A6BBB911D1C4 ] E:\WINDOWS\system32\rasapi32.dll08:28:22.0765 0x0b78 E:\WINDOWS\system32\rasapi32.dll - ok08:28:22.0765 0x0b78 [ 4DEF926F6A0545AE486A03C84F2EE482, 2D209061632634D7338C0BBEEE8056E8085BE22FA6974A2CC6BAEDC14CF6F6B1 ] E:\WINDOWS\system32\rasman.dll08:28:22.0765 0x0b78 E:\WINDOWS\system32\rasman.dll - ok08:28:22.0765 0x0b78 [ 00AABF131B4823785818DB99A075A313, FF0F24D35325EC246C758C7CF51FDDEF13757DFD7BE5F6F5D51E0DD7C6673686 ] E:\WINDOWS\system32\tapi32.dll08:28:22.0765 0x0b78 E:\WINDOWS\system32\tapi32.dll - ok08:28:22.0781 0x0b78 [ C1FAEA15E41F62D7BFA7FBC395C24BA6, 5DAA7F6E1EEA128AEDEDCAF04EB83AED4BCF856BC123BC134E9FA634DC569C0B ] E:\WINDOWS\system32\riched20.dll08:28:22.0781 0x0b78 E:\WINDOWS\system32\riched20.dll - ok08:28:22.0781 0x0b78 [ 56CE97FF94B7662A300D359CD6F4D601, D67A792E176AE3394CEB8FEF16F9E56DC614D7D4F58F6B9202E49EFD42BAE9E4 ] E:\WINDOWS\system32\raschap.dll08:28:22.0781 0x0b78 E:\WINDOWS\system32\raschap.dll - ok08:28:22.0781 0x0b78 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] E:\WINDOWS\system32\schedsvc.dll08:28:22.0781 0x0b78 E:\WINDOWS\system32\schedsvc.dll - ok08:28:22.0781 0x0b78 [ E47E364C96467FD54FA44D59F927C3AB, D48C377A7ACF805C413D4618A099A50BE6724E8996C151B00DEAFD27CA935183 ] E:\WINDOWS\system32\msidle.dll08:28:22.0781 0x0b78 E:\WINDOWS\system32\msidle.dll - ok08:28:22.0781 0x0b78 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] E:\WINDOWS\system32\spoolsv.exe08:28:22.0781 0x0b78 E:\WINDOWS\system32\spoolsv.exe - ok08:28:22.0781 0x0b78 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] E:\WINDOWS\system32\audiosrv.dll08:28:22.0781 0x0b78 E:\WINDOWS\system32\audiosrv.dll - ok08:28:22.0796 0x0b78 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] E:\WINDOWS\system32\wkssvc.dll08:28:22.0796 0x0b78 E:\WINDOWS\system32\wkssvc.dll - ok08:28:22.0796 0x0b78 [ 281A63CE95E031E28E3F8BCB6DEBBC21, E8269577396DA1E5D64D44C0EE9C5657D9344A24AA9095B76A9142DA5569C1C9 ] E:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AF79B53-438C-428C-84F4-F32EDE9A32C5}\offreg.dll08:28:22.0796 0x0b78 E:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AF79B53-438C-428C-84F4-F32EDE9A32C5}\offreg.dll - ok08:28:22.0796 0x0b78 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] E:\WINDOWS\system32\drivers\mrxdav.sys08:28:22.0796 0x0b78 E:\WINDOWS\system32\drivers\mrxdav.sys - ok08:28:22.0796 0x0b78 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] E:\WINDOWS\system32\webclnt.dll08:28:22.0796 0x0b78 E:\WINDOWS\system32\webclnt.dll - ok08:28:22.0796 0x0b78 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] E:\WINDOWS\system32\drivers\parvdm.sys08:28:22.0796 0x0b78 E:\WINDOWS\system32\drivers\parvdm.sys - ok08:28:22.0812 0x0b78 [ 72D6D8E2D4F82C6E829125C7EC2A88F9, F357CFC3D04EB3F8E1A504D531D099698C6E2B29EB6CEDF75C08BF8917C46573 ] E:\Program Files\SUPERAntiSpyware\SASCORE.EXE08:28:22.0812 0x0b78 E:\Program Files\SUPERAntiSpyware\SASCORE.EXE - ok08:28:22.0812 0x0b78 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] E:\WINDOWS\system32\cryptsvc.dll08:28:22.0812 0x0b78 E:\WINDOWS\system32\cryptsvc.dll - ok08:28:22.0812 0x0b78 [ 00709952D444EAE14DBBD30D36FBAE0F, A65B57C68F9119940133F6680AF3644866EEBDA5378F9B6AED441FB999B50526 ] E:\WINDOWS\system32\certcli.dll08:28:22.0812 0x0b78 E:\WINDOWS\system32\certcli.dll - ok08:28:22.0812 0x0b78 [ 9442228D256CE6C874CFB5DC39A20540, E8059F7D3579EB6CCC4E637EE92D49B9C23FC9162A236B55B8F25D9A44B7EB9A ] E:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe08:28:22.0812 0x0b78 E:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe - ok08:28:22.0812 0x0b78 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] E:\WINDOWS\system32\es.dll08:28:22.0812 0x0b78 E:\WINDOWS\system32\es.dll - ok08:28:22.0812 0x0b78 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] E:\WINDOWS\system32\ersvc.dll08:28:22.0812 0x0b78 E:\WINDOWS\system32\ersvc.dll - ok08:28:22.0828 0x0b78 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] E:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll08:28:22.0828 0x0b78 E:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll - ok08:28:22.0828 0x0b78 [ 61BFFBF840EB7285F630B5B4F1CCBC08, 012D9BA08F04A52537939B698EB66106456FB218A7A5AAAB236BF8FC2BF0D9CE ] E:\WINDOWS\system32\HPSIsvc.exe08:28:22.0828 0x0b78 E:\WINDOWS\system32\HPSIsvc.exe - ok08:28:22.0828 0x0b78 [ 79E3A8C328E7E569C32B0998377D9742, F5854956E452AD663004679BBDF8B006695B69C8962534CD243193F04F294DF3 ] E:\WINDOWS\system32\spoolss.dll08:28:22.0828 0x0b78 E:\WINDOWS\system32\spoolss.dll - ok08:28:22.0828 0x0b78 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] E:\WINDOWS\system32\srvsvc.dll08:28:22.0828 0x0b78 E:\WINDOWS\system32\srvsvc.dll - ok08:28:22.0828 0x0b78 [ 5677DFE438EC1F009273FC84FEED6B10, 44B62CC4D138E13C22FC29E9751CB7ED0B0C6C8897A8E6469172F8642B0527BE ] E:\WINDOWS\system32\localspl.dll08:28:22.0828 0x0b78 E:\WINDOWS\system32\localspl.dll - ok08:28:22.0828 0x0b78 [ 332760FBA1655FCFD35BD6F4FD871300, 6C539FD14B9CF9423E305EAF60CB5C12CA0F7AEF571FB09BAF64E83F108B7F2D ] E:\WINDOWS\system32\ipsecsvc.dll08:28:22.0828 0x0b78 E:\WINDOWS\system32\ipsecsvc.dll - ok08:28:22.0843 0x0b78 [ 20FD44370267CCD0A64A1B31861C21D2, D98194A17D1C63434EC6449742C10033F1B94D80826B20464519B1DD4DE1DB5F ] E:\WINDOWS\system32\netmsg.dll08:28:22.0843 0x0b78 E:\WINDOWS\system32\netmsg.dll - ok08:28:22.0843 0x0b78 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] E:\WINDOWS\system32\drivers\srv.sys08:28:22.0843 0x0b78 E:\WINDOWS\system32\drivers\srv.sys - ok08:28:22.0843 0x0b78 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] E:\WINDOWS\system32\netman.dll08:28:22.0843 0x0b78 E:\WINDOWS\system32\netman.dll - ok08:28:22.0843 0x0b78 [ 584C4DA856450CB22EBBE7A68CC6250F, 56030767CFD2DAFDAE8CC767DC1EED39DD2E6E42152BFAE7904C2C8826B2C3E2 ] E:\WINDOWS\system32\oakley.dll08:28:22.0843 0x0b78 E:\WINDOWS\system32\oakley.dll - ok08:28:22.0843 0x0b78 [ 5D3D1AB0EF4EA55B731863050482C111, 8713DAA48DBC5FDF95BE993863BEE669BBB4026347DC575D72F520F423EE21BA ] E:\WINDOWS\system32\cnbjmon.dll08:28:22.0843 0x0b78 E:\WINDOWS\system32\cnbjmon.dll - ok08:28:22.0859 0x0b78 [ 2857C65EA4655A0D8B702572E18ECA8B, 03E4BF6C986888055545EA11452E1DE75B03F67EB58BB42A6D54BBE2432F792B ] E:\WINDOWS\system32\HPM1210LM.DLL08:28:22.0859 0x0b78 E:\WINDOWS\system32\HPM1210LM.DLL - ok08:28:22.0859 0x0b78 [ 062F837C1FBDB6A0A75F82EFC2EE8E74, 3C0BFA381CBC2C55B58A8942A7148A6C27E244D26313EFB4708DD5858C689E02 ] E:\WINDOWS\system32\netshell.dll08:28:22.0859 0x0b78 E:\WINDOWS\system32\netshell.dll - ok08:28:22.0859 0x0b78 [ 248712EA6BA17B9FF0C542A3828375DD, 03EFDE351860C4C49F42D6129C6A6F2B3FC859C20F14FE0652F9C4FBD81244B4 ] E:\WINDOWS\system32\winipsec.dll08:28:22.0859 0x0b78 E:\WINDOWS\system32\winipsec.dll - ok08:28:22.0859 0x0b78 [ 853D0D0C6F02D7BFDF1CF99DD7553732, AC761B4CA518B787CB2C18101606E5F64245049D140C72B6B1112556DEC86B2E ] E:\WINDOWS\system32\pstorsvc.dll08:28:22.0859 0x0b78 E:\WINDOWS\system32\pstorsvc.dll - ok08:28:22.0859 0x0b78 [ 322FD75A97DBA67FC8F97A9957F857F1, 52CC0FBBE9769C0C751F886E0ED58ED263FB9175F323C603E7BAB876AE60D196 ] E:\WINDOWS\system32\mdimon.dll08:28:22.0859 0x0b78 E:\WINDOWS\system32\mdimon.dll - ok08:28:22.0859 0x0b78 [ 22D89D84E8E081CDA529DBF8C0255A38, 26863A2D27BE257D99EF28A612FC1B514558B27002EF10B0F682BC15C6D1CD74 ] E:\WINDOWS\system32\psbase.dll08:28:22.0859 0x0b78 E:\WINDOWS\system32\psbase.dll - ok08:28:22.0875 0x0b78 [ D3F72D50DE53F9F1F55240115AF4D42E, F8831B6B33EE2EE49615AE45A81C8434E154331BEB1E64C491E64C1348314F3C ] E:\WINDOWS\system32\msi.dll08:28:22.0875 0x0b78 E:\WINDOWS\system32\msi.dll - ok08:28:22.0875 0x0b78 [ FEDE68BF80052BAD393AFD5C2E60DCB0, 6A40D89524317C554C5C33A35FB659147A3118F4C646AB36653A19A8811627CB ] E:\WINDOWS\system32\dssenh.dll08:28:22.0875 0x0b78 E:\WINDOWS\system32\dssenh.dll - ok08:28:22.0875 0x0b78 [ 235892E493845D64D890163CFEF90E97, 48FC98DD1E5F8F05DE6954FE26C0A448AA9838D7DC716518C715F35E3CFA227D ] E:\WINDOWS\system32\credui.dll08:28:22.0875 0x0b78 E:\WINDOWS\system32\credui.dll - ok08:28:22.0875 0x0b78 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C, 62E73A7D4C58F2E30670F6A72E734B618AF45F60A8CB2177A4D504283F829BE5 ] E:\WINDOWS\system32\dot3dlg.dll08:28:22.0875 0x0b78 E:\WINDOWS\system32\dot3dlg.dll - ok08:28:22.0875 0x0b78 [ CA04959077AFE36369D37B3504740C87, CBB90BC35A74EC03DC04CD60DAC966A9FA98DC9EEFB926089DBE7A47D3B710B1 ] E:\WINDOWS\system32\onex.dll08:28:22.0875 0x0b78 E:\WINDOWS\system32\onex.dll - ok08:28:22.0890 0x0b78 [ 5DB625E7D095604010CF84DE2D8ACFA6, DEED8055CD1F2E2D898C5C77283B56078414CC7D9FCA6FCF58BA0B66B565E826 ] E:\WINDOWS\system32\eappcfg.dll08:28:22.0890 0x0b78 E:\WINDOWS\system32\eappcfg.dll - ok08:28:22.0890 0x0b78 [ ABC4206543450C0666D152F4B65833B8, D78D5E719E7744805DF6DD1D9567E67E11223F4E3B13170E35F27D46FCB6C244 ] E:\WINDOWS\system32\eappprxy.dll08:28:22.0890 0x0b78 E:\WINDOWS\system32\eappprxy.dll - ok08:28:22.0890 0x0b78 [ 767FF54A552732CE772C2302025FA82F, 7761546C33B0E55B0A8214798FD035C2499D31D690CE03E25B0068C81EDECF3F ] E:\WINDOWS\system32\wzcsapi.dll08:28:22.0890 0x0b78 E:\WINDOWS\system32\wzcsapi.dll - ok08:28:22.0890 0x0b78 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] E:\WINDOWS\system32\sens.dll08:28:22.0890 0x0b78 E:\WINDOWS\system32\sens.dll - ok08:28:22.0890 0x0b78 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] E:\WINDOWS\system32\trkwks.dll08:28:22.0890 0x0b78 E:\WINDOWS\system32\trkwks.dll - ok08:28:22.0890 0x0b78 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] E:\WINDOWS\system32\wbem\wmisvc.dll08:28:22.0890 0x0b78 E:\WINDOWS\system32\wbem\wmisvc.dll - ok08:28:22.0906 0x0b78 [ ACACB8B14E66109B8ACD6644B5574B9A, 2373E67EB51F8045E7CD346F75B4BAD093E29CC609955BBC4C9FEF7A97A5FD86 ] E:\WINDOWS\system32\vssapi.dll08:28:22.0906 0x0b78 E:\WINDOWS\system32\vssapi.dll - ok08:28:22.0906 0x0b78 [ 222DE7F5EDB9DDBE628384A1A8BE59CE, 063AF8C6C251961ABC93A8E8A07DB9B9582CD1812CA3BB297FAFDF0AD3E5B4CC ] E:\WINDOWS\system32\pjlmon.dll08:28:22.0906 0x0b78 E:\WINDOWS\system32\pjlmon.dll - ok08:28:22.0906 0x0b78 [ AE0382AD9C73D343D85E1A50C80B7C20, 7477A5A33C0ACF80BE73F0169893A7D53AF8ABC514FCE190A6ACC677092E5A55 ] E:\WINDOWS\system32\tcpmon.dll08:28:22.0906 0x0b78 E:\WINDOWS\system32\tcpmon.dll - ok08:28:22.0906 0x0b78 [ F26385E8BA4549B5186B774EC0E45D86, 0BA8CA4C06918690EA68678CA5887F1B7E2B0976C99BDFAF99CC1C99F3E300A0 ] E:\WINDOWS\system32\usbmon.dll08:28:22.0906 0x0b78 E:\WINDOWS\system32\usbmon.dll - ok08:28:22.0906 0x0b78 [ C4AE3B4E2EC9FEB05C85905CBA5DAC08, 45C24D757B9869934D7F94AAE6A1DF6E6345AC0DB2584731AC2BB1ECB33D44D3 ] E:\WINDOWS\system32\spool\prtprocs\w32x86\HPM1210PP.dll08:28:22.0906 0x0b78 E:\WINDOWS\system32\spool\prtprocs\w32x86\HPM1210PP.dll - ok08:28:22.0921 0x0b78 [ EA8647A21BCB56C5F15712D4B7407501, E6479992B84BD336E672B0A724A3C9FB90AC28CEFD186FCC628006061C9927C0 ] E:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll08:28:22.0921 0x0b78 E:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok08:28:22.0921 0x0b78 [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] E:\WINDOWS\system32\wuaueng.dll08:28:22.0921 0x0b78 E:\WINDOWS\system32\wuaueng.dll - ok08:28:22.0921 0x0b78 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] E:\WINDOWS\system32\wuauserv.dll08:28:22.0921 0x0b78 E:\WINDOWS\system32\wuauserv.dll - ok08:28:22.0921 0x0b78 [ EEE7F12D9FF46F68FBC0DA059A359E9E, 1D0D5AC87ACDF3F041D9C31A92BFE7B1B81CBAD81F8F7CE8183FC3F61CAFF8CC ] E:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll08:28:22.0921 0x0b78 E:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok08:28:22.0921 0x0b78 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C, 7123FC923BA4C3DD3EDFE9F8936442C4CCE7757D370AB799B0B5668223B965EE ] E:\WINDOWS\system32\win32spl.dll08:28:22.0921 0x0b78 E:\WINDOWS\system32\win32spl.dll - ok08:28:22.0921 0x0b78 [ B41D53899E37CC43DA85DA19998BEE81, CA92B8313338F0F8B1B630A0057B9C114E8D8BC10F09825C9008A5A824B91FDC ] E:\WINDOWS\system32\netrap.dll08:28:22.0921 0x0b78 E:\WINDOWS\system32\netrap.dll - ok08:28:22.0937 0x0b78 [ EE4C651A217B01D636B5364AC77DA892, E40C7DD39234673A3BA8FD87C189653C391E326ECB3E8011B5020BB9D78F56D0 ] E:\WINDOWS\system32\inetpp.dll08:28:22.0937 0x0b78 E:\WINDOWS\system32\inetpp.dll - ok08:28:22.0937 0x0b78 [ F9D3C78CFE15271D80790677C893CE45, 885425736648DF7B315E92680ED3BD058ACE97A86D388FEA80EB0C039ADF25D7 ] E:\WINDOWS\system32\cabinet.dll08:28:22.0937 0x0b78 E:\WINDOWS\system32\cabinet.dll - ok08:28:22.0937 0x0b78 [ B85E95679B5ADC12311BCD3F5385D623, 378D304CF408AE1928EF6290A5A9F2388920B55FD69382759B356B6A3FF94F3A ] E:\WINDOWS\system32\mspatcha.dll08:28:22.0937 0x0b78 E:\WINDOWS\system32\mspatcha.dll - ok08:28:22.0937 0x0b78 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] E:\WINDOWS\system32\srsvc.dll08:28:22.0937 0x0b78 E:\WINDOWS\system32\srsvc.dll - ok08:28:22.0937 0x0b78 [ 50A166237A0FA771261275A405646CC0, CFA9B2C8CDCDB56C27B89593A106AAE211E24D8EA433129A6E9BD2FBF39AB5BB ] E:\WINDOWS\system32\powrprof.dll08:28:22.0937 0x0b78 E:\WINDOWS\system32\powrprof.dll - ok08:28:22.0937 0x0b78 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] E:\WINDOWS\system32\seclogon.dll08:28:22.0937 0x0b78 E:\WINDOWS\system32\seclogon.dll - ok08:28:22.0953 0x0b78 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] E:\WINDOWS\system32\browser.dll08:28:22.0953 0x0b78 E:\WINDOWS\system32\browser.dll - ok08:28:22.0953 0x0b78 [ 3458EDA96E30FBD0477A2800D3FB1909, BDF84362E4D8A102E7FB5F352D950B84D1A8E1E7928521B68E7671D4176803C5 ] E:\WINDOWS\system32\wups.dll08:28:22.0953 0x0b78 E:\WINDOWS\system32\wups.dll - ok08:28:22.0953 0x0b78 [ BDC0C99E472176C8C2C853A68ADC5073, 9A0A0CEE321C9BAF5545D6CB0BE3E725228B694F331FFACCEB770350AAF2C8C3 ] E:\WINDOWS\system32\wups2.dll08:28:22.0953 0x0b78 E:\WINDOWS\system32\wups2.dll - ok08:28:22.0953 0x0b78 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] E:\WINDOWS\system32\ipnathlp.dll08:28:22.0953 0x0b78 E:\WINDOWS\system32\ipnathlp.dll - ok08:28:22.0953 0x0b78 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] E:\WINDOWS\system32\wscsvc.dll08:28:22.0953 0x0b78 E:\WINDOWS\system32\wscsvc.dll - ok08:28:22.0968 0x0b78 [ D95C71052E5EF63B55997FB31483D02F, 829A559050680C039CA7AFCFE3246745D465ED11722A603AA32253FD413894C3 ] E:\WINDOWS\system32\wbem\wbemcomn.dll08:28:22.0968 0x0b78 E:\WINDOWS\system32\wbem\wbemcomn.dll - ok08:28:22.0968 0x0b78 [ 205ADD80FF8099B1A8101EB490B933D1, 6B4D94F1683B1D30A1BB0019E2E3E0AE1AA85561D416708198EC2BDAB649E178 ] E:\WINDOWS\system32\wbem\wbemprox.dll08:28:22.0968 0x0b78 E:\WINDOWS\system32\wbem\wbemprox.dll - ok08:28:22.0968 0x0b78 [ ED0C0DF222209E43AD9AFBF3FE87DDE0, 927329F9244DA9F0074FA0D4C101EE793AFCF433155E58714C33444C5EF35014 ] E:\WINDOWS\system32\comsvcs.dll08:28:22.0968 0x0b78 E:\WINDOWS\system32\comsvcs.dll - ok08:28:22.0968 0x0b78 [ 690D97864735E8ECD87F55777E266690, 2098D2AADEF82C3EDD82FD6182C14568CDE1EF02205ED1EA4CB19252B74BB807 ] E:\WINDOWS\system32\colbact.dll08:28:22.0968 0x0b78 E:\WINDOWS\system32\colbact.dll - ok08:28:22.0968 0x0b78 [ 36795A645EAA47FE31D2A8F136A2C69B, D681D7DFC4A2A2F10658D76A93F009BDBFC6117E245E0883C509A286DC952EAD ] E:\WINDOWS\system32\mtxclu.dll08:28:22.0968 0x0b78 E:\WINDOWS\system32\mtxclu.dll - ok08:28:22.0968 0x0b78 [ 67156D5A9AC356DC99D7BCCB388E3316, 449A140065197779C0F8588E5C53014BBF54A9C74818D5CFDCB88CC7B36F44CF ] E:\WINDOWS\system32\wsock32.dll08:28:22.0968 0x0b78 E:\WINDOWS\system32\wsock32.dll - ok08:28:22.0984 0x0b78 [ DF82E222578DBE59FCBBD69A02E4C806, 0F0CD9DC739500536F252475F84F8EF378428CAC7DD9CFCDEC676862A20A0C46 ] E:\WINDOWS\system32\clusapi.dll08:28:22.0984 0x0b78 E:\WINDOWS\system32\clusapi.dll - ok08:28:22.0984 0x0b78 [ F51EBB6FC536A6B2D588FD668D3A8249, 6C22B5FBE3F721025879447B006EC5A343D482A87E23674B5A3BB43983AB328E ] E:\WINDOWS\system32\resutils.dll08:28:22.0984 0x0b78 E:\WINDOWS\system32\resutils.dll - ok08:28:22.0984 0x0b78 [ 2E0B0A051FFAA86E358465BB0880D453, 493CF6150DE95B269727631D50FE21405A41E449C4FF43E94F93D27559EA5624 ] E:\WINDOWS\system32\wuauclt.exe08:28:22.0984 0x0b78 E:\WINDOWS\system32\wuauclt.exe - ok08:28:22.0984 0x0b78 [ F0BF811622F2DD6C8E26EE4600D83731, 81CFC1118551E84F5BBD2A863419529AA32DA92E5834C71DA77D13854F6CF048 ] E:\WINDOWS\system32\wbem\wbemcore.dll08:28:22.0984 0x0b78 E:\WINDOWS\system32\wbem\wbemcore.dll - ok08:28:22.0984 0x0b78 [ E4616430709F440CF1809D88DC2366EA, C2CBC0A21A892FD8341E5A29E7164172340E07A75A5D54493036156D907AEAE7 ] E:\WINDOWS\system32\wbem\esscli.dll08:28:22.0984 0x0b78 E:\WINDOWS\system32\wbem\esscli.dll - ok08:28:23.0000 0x0b78 [ 378A0AEFB11D8B0DC8C27B9F7604B88D, D0D6863FCE412B75B9B5FC38EA923759201E7193ED40CFBAA674630E2DE56FD3 ] E:\WINDOWS\system32\wbem\fastprox.dll08:28:23.0000 0x0b78 E:\WINDOWS\system32\wbem\fastprox.dll - ok08:28:23.0000 0x0b78 [ 010472D0AE758227C6F6E6933549C219, 4082365231756E2889BD9A19EEFA27665B9902F8C8BC376C70DC3AA80AEA541B ] E:\WINDOWS\system32\wbem\wbemsvc.dll08:28:23.0000 0x0b78 E:\WINDOWS\system32\wbem\wbemsvc.dll - ok08:28:23.0000 0x0b78 [ 3273D1565BF30225C115B480A3BB2C9D, DF802F845EFEE506A0D3CA1EA9AEE1EDE73BCC02F2B64EDFACE0BBEFCF965455 ] E:\WINDOWS\system32\wbem\wmiutils.dll08:28:23.0000 0x0b78 E:\WINDOWS\system32\wbem\wmiutils.dll - ok08:28:23.0000 0x0b78 [ 942A17D2901A31EA68627CBFFCD268CC, C75E1C03929E16EDDBACFC37BD6C40E941F9D99E3E40ED3A07238343342685BD ] E:\WINDOWS\system32\wbem\repdrvfs.dll08:28:23.0000 0x0b78 E:\WINDOWS\system32\wbem\repdrvfs.dll - ok08:28:23.0000 0x0b78 [ 071143F687B4F887E21461CA6CC7EB29, 92C849517F985F19926E6425CD99E21029E1CA14FC92C9E40091DC79D4A723F2 ] E:\WINDOWS\system32\wbem\wmiprvsd.dll08:28:23.0000 0x0b78 E:\WINDOWS\system32\wbem\wmiprvsd.dll - ok08:28:23.0000 0x0b78 [ 26D881D27CBE51D3614E68D7313EA026, BC84CFD5F382F6D844815065118793950E922B8FB52944E337DAA62874C103A3 ] E:\WINDOWS\system32\wbem\wbemess.dll08:28:23.0000 0x0b78 E:\WINDOWS\system32\wbem\wbemess.dll - ok08:28:23.0015 0x0b78 [ 1A617835452EEE5060976C9B9F5FE635, DCCAAB049681BE876B73F0880EA32196CDA7EC954D452768A48D366096C5BD53 ] E:\WINDOWS\system32\wuapi.dll08:28:23.0015 0x0b78 E:\WINDOWS\system32\wuapi.dll - ok08:28:23.0015 0x0b78 [ D26451B540720A7313A9BCBE794DAF62, 255B3594876F9D9222760A53D1119E73D3BA4E4766C9DFAD63DCB180C5F33846 ] E:\WINDOWS\system32\wbem\ncprov.dll08:28:23.0015 0x0b78 E:\WINDOWS\system32\wbem\ncprov.dll - ok08:28:23.0015 0x0b78 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] E:\WINDOWS\system32\alg.exe08:28:23.0015 0x0b78 E:\WINDOWS\system32\alg.exe - ok08:28:23.0015 0x0b78 [ 37A62C6092AADD2EFDE0468DD8818E99, 2D01A2EEE0BE81B3252E1A3EAD21D3D91EA6DE826A1783B14948A0E0B475BAB1 ] E:\WINDOWS\system32\netcfgx.dll08:28:23.0015 0x0b78 E:\WINDOWS\system32\netcfgx.dll - ok08:28:23.0015 0x0b78 [ 085ED2E391A871C7BAE87E0228B546BA, 15C050965A7377CDE1178A0C28C3E05B16838A1D7DEB1DD190E3C5D58511F5AC ] E:\WINDOWS\system32\cscui.dll08:28:23.0015 0x0b78 E:\WINDOWS\system32\cscui.dll - ok08:28:23.0031 0x0b78 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] E:\WINDOWS\system32\termsrv.dll08:28:23.0031 0x0b78 E:\WINDOWS\system32\termsrv.dll - ok08:28:23.0031 0x0b78 [ DF6551E4C4C46655A0C76194F1FCEA5D, F3895AE4B36BC85C458EDC85FBD1F5AB5C33913CD91C60A65083DC0BDD037BF5 ] E:\WINDOWS\system32\icaapi.dll08:28:23.0031 0x0b78 E:\WINDOWS\system32\icaapi.dll - ok08:28:23.0031 0x0b78 [ 2D65D56C2F8B6CC5EBFF8E7200C30304, 10CD5FF00D110D1AE2313DBCBDB17C2B9DFF930F5DAD65C35C08FCF9C152C053 ] E:\WINDOWS\system32\mstlsapi.dll08:28:23.0031 0x0b78 E:\WINDOWS\system32\mstlsapi.dll - ok08:28:23.0031 0x0b78 [ 3E2F3E2F4A82B7FAE23BAB864FB0F837, 78FEB881B5F1C90AD13DD69BB8C95CDF60C84E127871916D1EE8A938849E6282 ] E:\WINDOWS\system32\dpcdll.dll08:28:23.0031 0x0b78 E:\WINDOWS\system32\dpcdll.dll - ok08:28:23.0031 0x0b78 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4, C095D8A3A1CEAD1D78B0EE17B982718CDF4B3FE1F86D9D273875B8C1893C981B ] E:\WINDOWS\system32\wdmaud.drv08:28:23.0031 0x0b78 E:\WINDOWS\system32\wdmaud.drv - ok08:28:23.0031 0x0b78 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] E:\WINDOWS\system32\drivers\wdmaud.sys08:28:23.0031 0x0b78 E:\WINDOWS\system32\drivers\wdmaud.sys - ok08:28:23.0046 0x0b78 [ 6404807ABC7AF52FA3792697AE638B50, 75FB44348CCC53A4EA2C3677F42098A12CE882F3E015E3D847A07972C1E4AEF5 ] E:\WINDOWS\system32\wbem\wbemcons.dll08:28:23.0046 0x0b78 E:\WINDOWS\system32\wbem\wbemcons.dll - ok08:28:23.0046 0x0b78 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] E:\WINDOWS\system32\drivers\sysaudio.sys08:28:23.0046 0x0b78 E:\WINDOWS\system32\drivers\sysaudio.sys - ok08:28:23.0046 0x0b78 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] E:\WINDOWS\system32\drivers\splitter.sys08:28:23.0046 0x0b78 E:\WINDOWS\system32\drivers\splitter.sys - ok08:28:23.0046 0x0b78 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] E:\WINDOWS\system32\drivers\aec.sys08:28:23.0046 0x0b78 E:\WINDOWS\system32\drivers\aec.sys - ok08:28:23.0046 0x0b78 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] E:\WINDOWS\system32\drivers\swmidi.sys08:28:23.0046 0x0b78 E:\WINDOWS\system32\drivers\swmidi.sys - ok08:28:23.0046 0x0b78 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] E:\WINDOWS\system32\drivers\DMusic.sys08:28:23.0062 0x0b78 E:\WINDOWS\system32\drivers\DMusic.sys - ok08:28:23.0062 0x0b78 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] E:\WINDOWS\system32\drivers\kmixer.sys08:28:23.0062 0x0b78 E:\WINDOWS\system32\drivers\kmixer.sys - ok08:28:23.0062 0x0b78 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] E:\WINDOWS\system32\drivers\drmkaud.sys08:28:23.0062 0x0b78 E:\WINDOWS\system32\drivers\drmkaud.sys - ok08:28:23.0062 0x0b78 [ 9A3BD5F55AADFF859539142F6328A66E, B8165F650F0E24D380601D54BC81A84C06D886A6CF995EA6CA63EABCFA75554A ] E:\WINDOWS\system32\msacm32.drv08:28:23.0062 0x0b78 E:\WINDOWS\system32\msacm32.drv - ok08:28:23.0062 0x0b78 [ 5C12660A97822F6E61576943B49AAAD6, 621BE8E009DC95A8901F701F529ED98BD8E6D62D272AE0E1FAF69889A4D5633B ] E:\WINDOWS\system32\midimap.dll08:28:23.0062 0x0b78 E:\WINDOWS\system32\midimap.dll - ok08:28:23.0062 0x0b78 [ A93AEE1928A9D7CE3E16D24EC7380F89, 944CD2135E171AF338352568AA7FE1B8004733A4281395AD6723E0CF43D5F53F ] E:\WINDOWS\system32\userinit.exe08:28:23.0062 0x0b78 E:\WINDOWS\system32\userinit.exe - ok08:28:23.0078 0x0b78 [ 12896823FB95BFB3DC9B46BCAEDC9923, 1E675CB7DF214172F7EB0497F7275556038A0D09C6E5A3E6862C5E26885EF455 ] E:\WINDOWS\explorer.exe08:28:23.0078 0x0b78 E:\WINDOWS\explorer.exe - ok08:28:23.0078 0x0b78 [ CCC2E42ADC9FFC3BB4E3C5CFFEF14DEB, 58715E540CE3A679BA308CA95A6694F4904EE63855C47D83A4D1A1DF3CB39475 ] E:\WINDOWS\system32\browseui.dll08:28:23.0078 0x0b78 E:\WINDOWS\system32\browseui.dll - ok08:28:23.0078 0x0b78 [ 58640348157CC93D094914B8BABF676B, DBF49709B64A2E7FCC77950F5EAD2D723D20766E447BA1DCC94345F860406DBC ] E:\WINDOWS\system32\shdocvw.dll08:28:23.0078 0x0b78 E:\WINDOWS\system32\shdocvw.dll - ok08:28:23.0078 0x0b78 [ F92E1076C42FCD6DB3D72D8CFE9816D5, 94135ACF2D9426BB78E4522429120B03D94B541422C277B9ACA31410874A464C ] E:\WINDOWS\system32\wscntfy.exe08:28:23.0078 0x0b78 E:\WINDOWS\system32\wscntfy.exe - ok08:28:23.0078 0x0b78 [ B4ED498E3BFEE64E952BC44FC6057DB8, 1FB5ABAE69103BF477F704189D75B0395F587234BFE94F9F79961D8FE2CE55AC ] E:\WINDOWS\system32\desk.cpl08:28:23.0078 0x0b78 E:\WINDOWS\system32\desk.cpl - ok08:28:23.0078 0x0b78 [ EE9710428FFB95FD3845D41E7148AC31, 5CFBE4B7BCCB136B958E21EACB965E09F7D6CC0CB29DEA9022047809582B1065 ] E:\WINDOWS\system32\themeui.dll08:28:23.0078 0x0b78 E:\WINDOWS\system32\themeui.dll - ok08:28:23.0093 0x0b78 [ 912B67BB8249925A5C972FC5839EAE09, 11F9F26C2D5EADD683F9FA4FDC8C25A1FB7EE9D6E3F4419C9DAB8C4E434F1857 ] E:\WINDOWS\system32\actxprxy.dll08:28:23.0093 0x0b78 E:\WINDOWS\system32\actxprxy.dll - ok08:28:23.0093 0x0b78 [ 2975C66459C426C20BC22D639DF6B611, 7E6C6F425996AAAD152CBE5B344D5F91A5A15F5D519D80E9B465CBFADD3A685F ] E:\Program Files\SUPERAntiSpyware\SASSEH.DLL08:28:23.0093 0x0b78 E:\Program Files\SUPERAntiSpyware\SASSEH.DLL - ok08:28:23.0093 0x0b78 [ F8A465B37D33A1D2A65608AD0C8C90E6, 50F162003376C5232E8A0D1DB7F5E30F3F00F722B3B556C796C5ECD07C2DD23D ] E:\Program Files\Qualcomm\Eudora\EuShlExt.dll08:28:23.0093 0x0b78 E:\Program Files\Qualcomm\Eudora\EuShlExt.dll - ok08:28:23.0093 0x0b78 [ 6D778E0F95447E6546553EEEA709D03C, 62ABED7D45040381BBCED97EA7B6C697B418448FD3322FD4BFB2BBFDB6155EB4 ] E:\WINDOWS\system32\cmd.exe08:28:23.0093 0x0b78 E:\WINDOWS\system32\cmd.exe - ok08:28:23.0093 0x0b78 [ FA4A79DBB0E3CA56E1F0B1FD372559A8, 87BBE8A70DB7C1E3F3A9F42112D5D3A81645FB23A4120DFB926AF7D089ACA462 ] E:\WINDOWS\system32\ieframe.dll08:28:23.0093 0x0b78 E:\WINDOWS\system32\ieframe.dll - ok08:28:23.0109 0x0b78 [ C14350FC0D47D806699C4F907FC6785B, A8862B47A74F5FB03C9916A42B986D9B352549ED486AD2B9DAD405A98B5564B3 ] E:\WINDOWS\system32\cryptnet.dll08:28:23.0109 0x0b78 E:\WINDOWS\system32\cryptnet.dll - ok08:28:23.0109 0x0b78 [ 3CBA2210FA39C6ED7895634842E930DD, 9AFC6A7E1F936ED3636F89FD49B5C944594F88A5BFB597348AF2FB83DA2E4E40 ] E:\WINDOWS\system32\sensapi.dll08:28:23.0109 0x0b78 E:\WINDOWS\system32\sensapi.dll - ok08:28:23.0109 0x0b78 [ 03A02D5A2D50198BDF6C62AF209438D0, 7A2577BB31B937436689EB8E3F415F71D3744209EFFC110C9B12C42025F36C88 ] E:\WINDOWS\system32\msxml3.dll08:28:23.0109 0x0b78 E:\WINDOWS\system32\msxml3.dll - ok08:28:23.0109 0x0b78 [ 798A9E6828997EEF4517ADA8A2259831, 64389FAD94D54E2D43A7292AD3C57CB16F90F2C80EA44099E02D11E19E390A5B ] E:\WINDOWS\system32\wbem\wmiprvse.exe08:28:23.0109 0x0b78 E:\WINDOWS\system32\wbem\wmiprvse.exe - ok08:28:23.0109 0x0b78 [ E837FDBB92E9873E538395B623F45462, E00D9F1471D9BDE7E53A5F8359B6F3B1606A432D4E94AB6B2A6898AB48E6751B ] E:\WINDOWS\system32\wbem\cimwin32.dll08:28:23.0109 0x0b78 E:\WINDOWS\system32\wbem\cimwin32.dll - ok08:28:23.0109 0x0b78 [ 4306FA2F1099D7C606139255FDB62B19, 75A0A99B9D8B0E2B39A8093F72DC283D5F2D56FB731C2BA193579DCE916030A0 ] E:\WINDOWS\system32\wbem\framedyn.dll08:28:23.0109 0x0b78 E:\WINDOWS\system32\wbem\framedyn.dll - ok08:28:23.0125 0x0b78 [ 8BCD11D38FCE43A519246A91CC40DE6A, 981EE4B29FDE6DB58FAA17BCCA66DB8143D693D91A00B7519F01ABBAE11AA580 ] E:\WINDOWS\system32\security.dll08:28:23.0125 0x0b78 E:\WINDOWS\system32\security.dll - ok08:28:23.0125 0x0b78 [ C730F70351D950DDA7388C9A9763CF54, 7A9D265E4D2F76EF131D01C2EE1CDC19A8E5FDCAF97649CC562E8114B92D411F ] E:\WINDOWS\system32\wbem\wmipcima.dll08:28:23.0125 0x0b78 E:\WINDOWS\system32\wbem\wmipcima.dll - ok08:28:23.0125 0x0b78 [ 5F0CE62E0831CF972EC6949FD3E37DA7, DFDD251D3FC6CDBD971F52EF0AECEC0344B57214615AA486AA9234D30A40AF60 ] E:\WINDOWS\system32\cfgmgr32.dll08:28:23.0125 0x0b78 E:\WINDOWS\system32\cfgmgr32.dll - ok08:28:23.0125 0x0b78 [ D40E7B5FBB8E0EAA7C5C294389AF95AB, 8EFD521DF1F335AF416DEC15D5C0C6538903803AA1A8ED93AA704B384A29876B ] E:\DOCUME~1\lavonne\LOCALS~1\Temp\{45CB4994-E0EE-477D-B21F-D69B7AA8A377}.exe08:28:23.0125 0x0b78 E:\DOCUME~1\lavonne\LOCALS~1\Temp\{45CB4994-E0EE-477D-B21F-D69B7AA8A377}.exe - ok08:28:23.0125 0x0b78 [ 2DC5A8019E2387987905F77C664E4BE2, 32FD8D0D3146A599CFB536955F9E93AA50467B2176A70E481133B61D4BD29AD9 ] E:\WINDOWS\system32\linkinfo.dll08:28:23.0125 0x0b78 E:\WINDOWS\system32\linkinfo.dll - ok08:28:23.0140 0x0b78 [ A70A2D85AD143D6BB823C246CEB699A5, D8ED98DC2964A2DAF448893718E6381FBABAB53DD7497266851E0F4221F1B01F ] E:\WINDOWS\system32\ntshrui.dll08:28:23.0140 0x0b78 E:\WINDOWS\system32\ntshrui.dll - ok08:28:23.0140 0x0b78 [ 91790D6749EBED90E2C40479C0A91879, 3C267950F13CCE412474C5228FC0E3D8D7F912E82464BD2CE6312A0326F84A80 ] E:\WINDOWS\system32\verclsid.exe08:28:23.0140 0x0b78 E:\WINDOWS\system32\verclsid.exe - ok08:28:23.0140 0x0b78 [ 651A48205B75EE36DBC492C48B0C02BA, 386B0C57EFABBF6A483394B8E9F42B3E62064C8832CCE91DD93BBD2D6AFF3999 ] E:\WINDOWS\system32\igfxtray.exe08:28:23.0140 0x0b78 E:\WINDOWS\system32\igfxtray.exe - ok08:28:23.0140 0x0b78 [ CCE7BB84A5F52D31148CDDAE2170603D, 6FDEB125BA9DA0D209FFC16BBACD1628ABD6C2D2B0B995A852BA0DB6468F5E64 ] E:\WINDOWS\system32\hkcmd.exe08:28:23.0140 0x0b78 E:\WINDOWS\system32\hkcmd.exe - ok08:28:23.0140 0x0b78 [ 93C088C2AEB2F23E720BDA7E32BD5117, 7ECFCAF8E057986501B42181E049E48063D940A34A3F3E425FF82D2183008E90 ] E:\WINDOWS\system32\upnp.dll08:28:23.0140 0x0b78 E:\WINDOWS\system32\upnp.dll - ok08:28:23.0140 0x0b78 [ BF51944F9E65B7338866E7F95128CF6A, 00B99876906C4864FD5A927559EB406CC00DCD4FF27A54D2650EE78CB7147EFA ] E:\WINDOWS\system32\igfxpers.exe08:28:23.0140 0x0b78 E:\WINDOWS\system32\igfxpers.exe - ok08:28:23.0156 0x0b78 [ 882B5B999A71F56D5DF294D93AE1E7D1, 690B93C4A3E476595808EBDBE5CF620FC4A86D41FCD66023DE0DA7972F8941E4 ] E:\Program Files\Microsoft Security Client\msseces.exe08:28:23.0156 0x0b78 E:\Program Files\Microsoft Security Client\msseces.exe - ok08:28:23.0156 0x0b78 [ 53AF9DE919E2E7D014B4734C752D8589, F5E55BB85ADF47A38342C32AF90F2FEB4D9B5F1A82807C31A93193880A8812EA ] E:\WINDOWS\RTHDCPL.EXE08:28:23.0156 0x0b78 E:\WINDOWS\RTHDCPL.EXE - ok08:28:23.0156 0x0b78 [ 3D075865DCC26931972F6476AD0497BE, E1FB17787F54D9A4E2A04DD699FA770C9CE100A427E6EFBF4E0CF24EAAD3A9BA ] E:\WINDOWS\system32\ssdpapi.dll08:28:23.0156 0x0b78 E:\WINDOWS\system32\ssdpapi.dll - ok08:28:23.0171 0x0b78 [ 2441CFB436FDAC9B0BB37D0474B1D3A6, C6D2612887DD82EDA077C7BCB913025184AF0464A3EEE0F68A3FBDF0A15FA0BC ] E:\WINDOWS\system32\hccutils.dll08:28:23.0171 0x0b78 E:\WINDOWS\system32\hccutils.dll - ok08:28:23.0171 0x0b78 [ EC5E163206D64F363B5D71EC1ECB4B71, 515FCFB345602A03635EA549A1BF9A2267349804465A6FDEA611EB002A969E04 ] E:\WINDOWS\system32\igfxsrvc.exe08:28:23.0171 0x0b78 E:\WINDOWS\system32\igfxsrvc.exe - ok08:28:23.0171 0x0b78 [ E468E50FBB7C623E1357F111BA62045B, 2D9BC1DCDF80D7B942A42AECA3E949D8E2A58A8C9CC39DCA4D35E1D085F8B401 ] E:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE08:28:23.0171 0x0b78 E:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE - ok08:28:23.0171 0x0b78 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] E:\WINDOWS\system32\ctfmon.exe08:28:23.0171 0x0b78 E:\WINDOWS\system32\ctfmon.exe - ok08:28:23.0187 0x0b78 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] E:\WINDOWS\system32\drivers\http.sys08:28:23.0187 0x0b78 E:\WINDOWS\system32\drivers\http.sys - ok08:28:23.0187 0x0b78 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] E:\WINDOWS\system32\rasmans.dll08:28:23.0187 0x0b78 E:\WINDOWS\system32\rasmans.dll - ok08:28:23.0187 0x0b78 [ 3E930C641079443D4DE036167A69CAA2, DEBA83978850F17B33A3C4C06C5E707B9A3FACA30FE0DFC5A9425EF2CA592473 ] E:\Program Files\Messenger\msmsgs.exe08:28:23.0187 0x0b78 E:\Program Files\Messenger\msmsgs.exe - ok08:28:23.0187 0x0b78 [ 88BEEF09C654252F3E46B6167B7F4ECB, 94A78D2D709AEED74BA1C29D00CFD55EF68A95764C067B470E1C19C376F32478 ] E:\WINDOWS\system32\msisip.dll08:28:23.0187 0x0b78 E:\WINDOWS\system32\msisip.dll - ok08:28:23.0187 0x0b78 [ 3A6D465F379E5C815F4AD565391E654C, EE40580ED71282B1D5D95752DD843DCC30689196B22051AF8CDF6127B985411E ] E:\WINDOWS\system32\wshext.dll08:28:23.0187 0x0b78 E:\WINDOWS\system32\wshext.dll - ok08:28:23.0187 0x0b78 [ E40FCF943127DDC8FD60554B722D762B, 2E7A7C08B56E07D69CB32F335D93F6D2C748EFA2CF4C41102A18C7761A4E9CF0 ] E:\WINDOWS\system32\msctf.dll08:28:23.0187 0x0b78 E:\WINDOWS\system32\msctf.dll - ok08:28:23.0203 0x0b78 [ 40FA2F035ED88108850757CA51DAD942, C892EDD33F20FED5E8BFDFAC9DC58799B3DBE82BA1ED191929BEBEC3B626B6B0 ] E:\PROGRA~1\MICROS~3\OFFICE11\MCPS.DLL08:28:23.0203 0x0b78 E:\PROGRA~1\MICROS~3\OFFICE11\MCPS.DLL - ok08:28:23.0203 0x0b78 [ 133680E93969CBD56ADD5D084F2318CF, 5F2CC47605BEE849464B217E4CF2217CF2E18DFC808F8BCB550D80ED23B57512 ] E:\WINDOWS\system32\igfxsrvc.dll08:28:23.0203 0x0b78 E:\WINDOWS\system32\igfxsrvc.dll - ok08:28:23.0203 0x0b78 [ F9430E4169A0CEC0188FEBB9DB540261, 24E95AAA4DA062BE49C4AF181231CBDF2CDF33F2CA1D61522EF6F2AEE4C90CEA ] E:\WINDOWS\system32\igfxdev.dll08:28:23.0203 0x0b78 E:\WINDOWS\system32\igfxdev.dll - ok08:28:23.0203 0x0b78 [ 681B807E53BDADA337735C28C0E48A1B, A0BE52E7D076ED8E33A4B5AB309CD23AD0272570C7E87FE6E3444712AD467D62 ] E:\WINDOWS\system32\ntvdm.exe08:28:23.0203 0x0b78 E:\WINDOWS\system32\ntvdm.exe - ok08:28:23.0203 0x0b78 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] E:\WINDOWS\system32\ssdpsrv.dll08:28:23.0203 0x0b78 E:\WINDOWS\system32\ssdpsrv.dll - ok08:28:23.0203 0x0b78 [ 17AA58A54C00F1746B8654C050491F43, AADA0D527FB96852998073E58F93710C4B3A25D7D1414BA9F23A28DA3D06B4CD ] E:\WINDOWS\system32\msutb.dll08:28:23.0203 0x0b78 E:\WINDOWS\system32\msutb.dll - ok08:28:23.0218 0x0b78 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] E:\WINDOWS\system32\tapisrv.dll08:28:23.0218 0x0b78 E:\WINDOWS\system32\tapisrv.dll - ok08:28:23.0218 0x0b78 [ 9E8DFDF336912D0775C2BA7F03810292, 906300E35A9412EA96FDAAE0AC874C456C7950AD7606511768FA82C8E299AE7E ] E:\WINDOWS\system32\igfxrenu.lrc08:28:23.0218 0x0b78 E:\WINDOWS\system32\igfxrenu.lrc - ok08:28:23.0218 0x0b78 [ F6FAEC07446A78A9C5AF4558FF5BD118, 9291106F6666913DB6D18943D255D60F77CCDB5A46BD4C100A5E80D40D6927D9 ] E:\WINDOWS\ime\sptip.dll08:28:23.0218 0x0b78 E:\WINDOWS\ime\sptip.dll - ok08:28:23.0218 0x0b78 [ 5F7692CEC90E2E9AA32CD58321E234B8, 0F76BD005B6FC51EE8B2D167C5E792947F8A8FF1A4FBC7F9CB3572BEAFC12639 ] E:\WINDOWS\system32\rastapi.dll08:28:23.0218 0x0b78 E:\WINDOWS\system32\rastapi.dll - ok08:28:23.0218 0x0b78 [ AACE07FE34FADDDF973CE068A6424957, A14DC612762F56EE3CF9FBDF58E9476400F2CD9513319AD90E3818B2DB9F4580 ] E:\WINDOWS\system32\unimdm.tsp08:28:23.0218 0x0b78 E:\WINDOWS\system32\unimdm.tsp - ok08:28:23.0234 0x0b78 [ B7C38AFC4B3D6B67DD4981718BE177CE, 1993DC8B41EB51ED2206A91A78D26C2C156974EC91E58D176D4ECB1EDCB7436F ] E:\WINDOWS\system32\ntvdmd.dll08:28:23.0234 0x0b78 E:\WINDOWS\system32\ntvdmd.dll - ok08:28:23.0234 0x0b78 [ 29ECDA17BA5E6D98430F698587569ACC, 9C37D92CCBED1F9ED4E585F98E7FB17C6AD083712B078ABCB40476310BCDB7F8 ] E:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.23084_x-ww_f3f35550\GdiPlus.dll08:28:23.0234 0x0b78 E:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.23084_x-ww_f3f35550\GdiPlus.dll - ok08:28:23.0234 0x0b78 [ 995252FCC4692B5B97EE17D596C9386E, E0EC754ADC0976BCF88C4777E788A67844428DF0B828D8EE7B8A039C763DFFDD ] E:\WINDOWS\system32\uniplat.dll08:28:23.0234 0x0b78 E:\WINDOWS\system32\uniplat.dll - ok08:28:23.0234 0x0b78 [ CC8915DB4E33E8FB29CA0D2DBF75306E, 6319C0580FFDA989A2726814667C330F6A5C864D34B8C87645DD5A98E7A2C7FB ] E:\WINDOWS\system32\webcheck.dll08:28:23.0234 0x0b78 E:\WINDOWS\system32\webcheck.dll - ok08:28:23.0234 0x0b78 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] E:\WINDOWS\system32\imapi.exe08:28:23.0234 0x0b78 E:\WINDOWS\system32\imapi.exe - ok08:28:23.0234 0x0b78 [ B714735C12A70171DE28657948FD91F1, DF7BF2D1BEBB016A8CB739EEE2670CF9F44A5CC2319A532E5C3DE0F5AA3AA144 ] E:\WINDOWS\system32\mlang.dll08:28:23.0234 0x0b78 E:\WINDOWS\system32\mlang.dll - ok08:28:23.0250 0x0b78 [ 76EC97C5068D3D9FAA7774B0F659D31A, 4E2EF0DC0B05187A6154D4D672B7530E14103D7D1EDF1BDE960F9B988B5EC41F ] E:\WINDOWS\system32\kmddsp.tsp08:28:23.0250 0x0b78 E:\WINDOWS\system32\kmddsp.tsp - ok08:28:23.0250 0x0b78 [ 4589963D84F2984FA5949A72162BA4F4, BC927EC7D0EBDBD2B4780D892D41739840DD31B0FF8C79013014925F52860808 ] E:\WINDOWS\system32\ndptsp.tsp08:28:23.0250 0x0b78 E:\WINDOWS\system32\ndptsp.tsp - ok08:28:23.0250 0x0b78 [ 045DF7AE14CAAED71338916D6FB66812, A46B15CC7F59D8109B6299EBDB278BA34B1312D757D57BB4C9A708DFA9D34710 ] E:\WINDOWS\system32\wow32.dll08:28:23.0250 0x0b78 E:\WINDOWS\system32\wow32.dll - ok08:28:23.0250 0x0b78 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8, 7E3A0204FCDD5DFFB3B352451232DD86F8298F83918533D874C122A2EF29081B ] E:\WINDOWS\system32\ipconf.tsp08:28:23.0250 0x0b78 E:\WINDOWS\system32\ipconf.tsp - ok08:28:23.0250 0x0b78 [ 8BC2B02DC11C98D14CEE43B8E8393FF3, 1314C33E2E5F11B361CF1E88884B2A9862F8BAB1C498F48DC4C49ACDB28D4732 ] E:\WINDOWS\system32\h323.tsp08:28:23.0250 0x0b78 E:\WINDOWS\system32\h323.tsp - ok08:28:23.0265 0x0b78 [ D298960EFC98B61A7AD5E8699F141476, 67E3CF95C0061F09B05EEFEA13D4851EBE02186EA4AE12D809BED4CC509CCA97 ] E:\WINDOWS\system32\tsappcmp.dll08:28:23.0265 0x0b78 E:\WINDOWS\system32\tsappcmp.dll - ok08:28:23.0265 0x0b78 [ 4D83ED8BDDEC431FC8AD907B47CFB6E3, 4687B8DD40CA9B83AA5CE1268F62476EBA886C10CC8B7B5AB716E4C56AF1EEAF ] E:\WINDOWS\system32\dsound.dll08:28:23.0265 0x0b78 E:\WINDOWS\system32\dsound.dll - ok08:28:23.0265 0x0b78 [ 50512FC9B7878E3C2C147BC17326A7DB, 670006280CA98213C3A23B442615FD729C83953795619360F9D2988E56A602D7 ] E:\WINDOWS\system32\stobject.dll08:28:23.0265 0x0b78 E:\WINDOWS\system32\stobject.dll - ok08:28:23.0265 0x0b78 [ 6B552ED3BEE5AA3C4560478FF779BA98, 1778F0B7200F93EB255E1F215BB5FBEAA0DBF63BC60B286D76120F8A787995C4 ] E:\WINDOWS\system32\hidphone.tsp08:28:23.0265 0x0b78 E:\WINDOWS\system32\hidphone.tsp - ok08:28:23.0265 0x0b78 [ 7FACB452456EF5C053AF3EE4B228FE0D, D9624C7D20F91EEA2094BDCF3DDD0B855B6C56BAD8C17AA654266C3FB8A3149B ] E:\WINDOWS\system32\xpob2res.dll08:28:23.0265 0x0b78 E:\WINDOWS\system32\xpob2res.dll - ok08:28:23.0265 0x0b78 [ 8973122796E3B5D6B5900FC186E55FEA, 350120A20F8591C27E68A5903E3175DD3F4F85BA2FF1F8B6E1D3B3758B5B509D ] E:\WINDOWS\system32\hid.dll08:28:23.0265 0x0b78 E:\WINDOWS\system32\hid.dll - ok08:28:23.0281 0x0b78 [ D0545A010ED2259A740C8414899A938F, 5E6FD116C6F65241A075E4469C5AD1967B8D66DE11E223F7A3F00139FB0160C3 ] E:\WINDOWS\system32\rasppp.dll08:28:23.0281 0x0b78 E:\WINDOWS\system32\rasppp.dll - ok08:28:23.0281 0x0b78 [ 231A0B0E3BA7ABFE469A8262FAA1FD71, 76F8AE2680438B279081EDFC2728E3785736E82A5C6396AA705BFFFF5C361294 ] E:\WINDOWS\system32\batmeter.dll08:28:23.0281 0x0b78 E:\WINDOWS\system32\batmeter.dll - ok08:28:23.0281 0x0b78 [ 65C4DBE7A698085065C184B3C4749704, 731616020EFA30938E64253AC8EBCE23715583EDF5F10FD6DC694EA0AE11067B ] E:\Program Files\Microsoft Security Client\EppManifest.dll08:28:23.0281 0x0b78 E:\Program Files\Microsoft Security Client\EppManifest.dll - ok08:28:23.0281 0x0b78 [ 855F6333E3A4DFC6F3C8B0520C261FCD, AF3F5D77FE8AF0BE09E2DD3AFDE1B1167D851D437078025E5CF82D8D0C315B34 ] E:\WINDOWS\system32\msftedit.dll08:28:23.0281 0x0b78 E:\WINDOWS\system32\msftedit.dll - ok08:28:23.0281 0x0b78 [ B464BD425D5D09ABE4192234D1577B22, DF7333CAF299A18DEA43ACEF0A6D8C3F79918D1B3FCE437FDED6B54F95C106B9 ] E:\WINDOWS\system32\ntlsapi.dll08:28:23.0281 0x0b78 E:\WINDOWS\system32\ntlsapi.dll - ok08:28:23.0296 0x0b78 [ A655C88AA555BB8EF8957BD29408827F, 6CD48D32D1DFF68FEED5CC20D0DE12729101381EB8A6774408566C14E0B18FFB ] E:\WINDOWS\system32\rasqec.dll08:28:23.0296 0x0b78 E:\WINDOWS\system32\rasqec.dll - ok08:28:23.0296 0x0b78 [ 22D71D1DB6FC789A1CE8AC6963580259, DD5307A108936AAE840F973F7F718A6954E173D4E210A375C75DB644B2162CFD ] E:\WINDOWS\system32\hhctrl.ocx08:28:23.0296 0x0b78 E:\WINDOWS\system32\hhctrl.ocx - ok08:28:23.0296 0x0b78 [ 9DD06F00898AA5CA7E24186EFC8E5E25, 51141D0D07DBC955B63281351D3F17163ACE9A5B08628EA1C82F33FD2913970E ] E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{DC6FC256-7474-465A-AA6A-01A56F73A20E}.tmp08:28:23.0296 0x0b78 E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{DC6FC256-7474-465A-AA6A-01A56F73A20E}.tmp - ok08:28:23.0296 0x0b78 [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042, 8E9D77A216D8DD2BE2B304E60EDF85CE825309E67262FCFF1891AEDE63909599 ] E:\Program Files\Microsoft Security Client\SqmApi.dll08:28:23.0296 0x0b78 E:\Program Files\Microsoft Security Client\SqmApi.dll - ok08:28:23.0296 0x0b78 [ 401A8C0BE0BAA7D7A470F0942244152D, EC21ED13E526617697CD8E6D79FC706CBDA0AF36C02C05B39E8603B217E406BC ] E:\WINDOWS\system32\rasdlg.dll08:28:23.0296 0x0b78 E:\WINDOWS\system32\rasdlg.dll - ok08:28:23.0296 0x0b78 [ 91A7771934C0D9D2DA7699D25BB5B348, 154A6EB866AF22B38AEE8DB5A864653FEB15DED69DE26E5B602B7C5056CDDF72 ] E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{21072009-FE64-4E71-B2CE-8F8A59B30E08}.tmp08:28:23.0296 0x0b78 E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{21072009-FE64-4E71-B2CE-8F8A59B30E08}.tmp - ok08:28:23.0312 0x0b78 [ 80808656078CFCC32CF8BFEB0DD66279, 383F37599ABF16EEDEB2A60242DB7EDCC3D210A2A59DD61169047059F7041C5C ] E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{350293C7-DFA0-422B-A7EA-510BD25001DF}.tmp08:28:23.0312 0x0b78 E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{350293C7-DFA0-422B-A7EA-510BD25001DF}.tmp - ok08:28:23.0312 0x0b78 [ DF471F11CC78BE02FE6BA15F2D94F65B, 9AC230DE58CE40E78AE6872BCF4778B69EEBF17E0E41B1301FF364ABD4737A78 ] E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{6E6485A7-19A0-4DA0-BEF2-DA47A0B6D83D}.tmp08:28:23.0312 0x0b78 E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{6E6485A7-19A0-4DA0-BEF2-DA47A0B6D83D}.tmp - ok08:28:23.0312 0x0b78 [ 9B9F1C38D559047B8AC0DBA2D5FEBDE9, F64DEF5213CC6E96DD62125A3D44522200F66FF6A2CBA198096484F61D1C088B ] E:\WINDOWS\system32\ksuser.dll08:28:23.0312 0x0b78 E:\WINDOWS\system32\ksuser.dll - ok08:28:23.0312 0x0b78 [ 0FD19BDDD2513874FF6903F717367795, DFAF9C33F993BA26FC84EF66ABC7C483E62762F7E1FC763605A75ACC2E8AA4EE ] E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{41433402-4D54-4212-A7A5-F43F4421A43C}.tmp08:28:23.0312 0x0b78 E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{41433402-4D54-4212-A7A5-F43F4421A43C}.tmp - ok08:28:23.0312 0x0b78 [ DD88BBF87A43331A4E99E37F7BF59FDB, 872190F559FA0DD1F711E9FA101BA1AB6E6DE5ED0CCCE1AB7AFE45BC3B78A0F1 ] E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{591EDB22-F228-4270-B401-162902D85EAA}.tmp08:28:23.0312 0x0b78 E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{591EDB22-F228-4270-B401-162902D85EAA}.tmp - ok08:28:23.0328 0x0b78 [ 4261449C1CADA6B007E5C27522946D2B, 11E79D1C529E816CCCAC9266089C77A4DB44676CAEEE25C66D6DB420B18D3ACB ] E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{D17C681B-32D0-4997-8460-51E61E722DE7}.tmp08:28:23.0328 0x0b78 E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{D17C681B-32D0-4997-8460-51E61E722DE7}.tmp - ok08:28:23.0328 0x0b78 [ 6627AA675A5C1B0330487A02E23F0560, 256AE9BA4273D4247FFAD6099D5A4FC8E98EDB27293AC8CAF7A571EB3890FAA7 ] E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{AD18110F-69BA-4E19-9B0E-47C452F7E260}.tmp08:28:23.0328 0x0b78 E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{AD18110F-69BA-4E19-9B0E-47C452F7E260}.tmp - ok08:28:23.0328 0x0b78 [ 4044E880593FE1AC9942190FCE414BE7, 1EBD42F10592D57A2C8562C641461DE5288D9E900FE91A4A1800C9AB9034F2CD ] E:\WINDOWS\system32\mstask.dll08:28:23.0328 0x0b78 E:\WINDOWS\system32\mstask.dll - ok08:28:23.0328 0x0b78 [ 723B834A07F7DF7DE4CEB637D57ACEA3, B42867045DD3FB7682CDBD133970421010F0F14125E4992C73657CABA4659250 ] E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{21ECD8C7-6D1D-4E53-BF42-A566FFB7BAA3}.tmp08:28:23.0328 0x0b78 E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{21ECD8C7-6D1D-4E53-BF42-A566FFB7BAA3}.tmp - ok08:28:23.0328 0x0b78 [ C1DE893FAF6D7F6CFB479A1F61835482, AD5FA3CE73777704C67C933691F1F068E1A7FF545F728B97574F9C33AC4BBC01 ] E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{5EC24A4D-37C0-4CCA-B147-FD217EFA5E58}.tmp08:28:23.0328 0x0b78 E:\DOCUME~1\lavonne\LOCALS~1\Temp\{03EB78C2-BF78-4839-B521-B68CFA2F118F}\{5EC24A4D-37C0-4CCA-B147-FD217EFA5E58}.tmp - ok08:28:23.0328 0x0b78 [ C98F35D0589DE4B56CCE5F25F957F38B, F19D8EEB59BCE2ED9152FFCA11B83E9B248EFDBB211E2D36EAE8A6BD6A63241A ] E:\Program Files\SUPERAntiSpyware\SSUPDATE.EXE08:28:23.0328 0x0b78 E:\Program Files\SUPERAntiSpyware\SSUPDATE.EXE - ok08:28:23.0343 0x0b78 [ 8FED1E0A491D4990853D23F21C59C730, 4BA6C93BFD43BAEB852B5CB9129522C97DDB542D7EF8EE34AECD8CDF1BF0FC38 ] E:\WINDOWS\system32\advpack.dll08:28:23.0343 0x0b78 E:\WINDOWS\system32\advpack.dll - ok08:28:23.0343 0x0b78 [ 2DE1190196EE9555DB548A57622022EB, 89DBC777BE06D008AABEDAC61AFC11B4FF7ABCA86C205109ED9D34D21C0B5146 ] E:\WINDOWS\system32\drprov.dll08:28:23.0343 0x0b78 E:\WINDOWS\system32\drprov.dll - ok08:28:23.0343 0x0b78 [ 36468087E22C57A83DF758B3F90DF73F, F6898D07CEE4F528A9F17A231CCB5E38F826A0C1926EFBF35ECCA06E0E8EE565 ] E:\WINDOWS\system32\ntlanman.dll08:28:23.0343 0x0b78 E:\WINDOWS\system32\ntlanman.dll - ok08:28:23.0343 0x0b78 [ AC5DF42FE314C1446B1DAD237BFCFFE0, FD53D9BCC619ED7AE4B7C29B7D457A2F61D6D340841A4E030329D7032C306AB6 ] E:\WINDOWS\system32\netui0.dll08:28:23.0343 0x0b78 E:\WINDOWS\system32\netui0.dll - ok08:28:23.0343 0x0b78 [ ED5A816D8E11E03F1937AC3C56826EE4, D01525B5BD9F9DDF149B78706C6C2F5AE26F5337F897C1B8763DBC67AB64F875 ] E:\WINDOWS\system32\netui1.dll08:28:23.0343 0x0b78 E:\WINDOWS\system32\netui1.dll - ok08:28:23.0343 0x0b78 [ FB8F8EEC8D9C2157789472DD61CDC78B, D5306081621FFEFF585FAD292E60207E1BCB4EA67367E12872AF73C464110C68 ] E:\WINDOWS\system32\davclnt.dll08:28:23.0359 0x0b78 E:\WINDOWS\system32\davclnt.dll - ok08:28:23.0359 0x0b78 ================ Scan generic autorun ======================08:28:23.0421 0x0b78 [ 651A48205B75EE36DBC492C48B0C02BA, 386B0C57EFABBF6A483394B8E9F42B3E62064C8832CCE91DD93BBD2D6AFF3999 ] E:\WINDOWS\System32\igfxtray.exe08:28:23.0437 0x0b78 IgfxTray - ok08:28:23.0484 0x0b78 [ CCE7BB84A5F52D31148CDDAE2170603D, 6FDEB125BA9DA0D209FFC16BBACD1628ABD6C2D2B0B995A852BA0DB6468F5E64 ] E:\WINDOWS\System32\hkcmd.exe08:28:23.0500 0x0b78 HotKeysCmds - ok08:28:23.0546 0x0b78 [ BF51944F9E65B7338866E7F95128CF6A, 00B99876906C4864FD5A927559EB406CC00DCD4FF27A54D2650EE78CB7147EFA ] E:\WINDOWS\System32\igfxpers.exe08:28:23.0546 0x0b78 Persistence - ok08:28:23.0828 0x0b78 [ 882B5B999A71F56D5DF294D93AE1E7D1, 690B93C4A3E476595808EBDBE5CF620FC4A86D41FCD66023DE0DA7972F8941E4 ] e:\Program Files\Microsoft Security Client\msseces.exe08:28:24.0062 0x0b78 MSC - ok08:28:29.0281 0x0b78 [ 53AF9DE919E2E7D014B4734C752D8589, F5E55BB85ADF47A38342C32AF90F2FEB4D9B5F1A82807C31A93193880A8812EA ] E:\WINDOWS\RTHDCPL.EXE08:28:35.0250 0x0b78 RTHDCPL - ok08:28:35.0296 0x0b78 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] E:\WINDOWS\system32\ctfmon.exe08:28:35.0359 0x0b78 ctfmon.exe - ok08:28:37.0234 0x0b78 [ E468E50FBB7C623E1357F111BA62045B, 2D9BC1DCDF80D7B942A42AECA3E949D8E2A58A8C9CC39DCA4D35E1D085F8B401 ] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe08:28:39.0125 0x0b78 SUPERAntiSpyware - ok08:28:39.0171 0x0b78 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] E:\WINDOWS\system32\ctfmon.exe08:28:39.0218 0x0b78 ctfmon.exe - ok08:28:39.0718 0x0b78 [ 3E930C641079443D4DE036167A69CAA2, DEBA83978850F17B33A3C4C06C5E707B9A3FACA30FE0DFC5A9425EF2CA592473 ] E:\Program Files\Messenger\msmsgs.exe08:28:40.0265 0x0b78 MSMSGS - ok08:28:40.0328 0x0b78 Ukiqxoinxaev - ok08:28:40.0328 0x0b78 Waiting for KSN requests completion. In queue: 908:28:41.0328 0x0b78 Waiting for KSN requests completion. In queue: 908:28:42.0328 0x0b78 Waiting for KSN requests completion. In queue: 908:28:43.0328 0x0b78 Waiting for KSN requests completion. In queue: 508:28:44.0328 0x0b78 Waiting for KSN requests completion. In queue: 508:28:45.0328 0x0b78 Waiting for KSN requests completion. In queue: 508:28:46.0328 0x0b78 Waiting for KSN requests completion. In queue: 508:28:47.0328 0x0b78 Waiting for KSN requests completion. In queue: 508:28:48.0328 0x0b78 Waiting for KSN requests completion. In queue: 508:28:49.0328 0x0b78 Waiting for KSN requests completion. In queue: 508:28:50.0328 0x0b78 Waiting for KSN requests completion. In queue: 508:28:51.0328 0x0b78 Waiting for KSN requests completion. In queue: 508:28:52.0328 0x0b78 Waiting for KSN requests completion. In queue: 508:28:53.0328 0x0b78 Waiting for KSN requests completion. In queue: 208:28:54.0328 0x0b78 Waiting for KSN requests completion. In queue: 208:28:55.0328 0x0b78 Waiting for KSN requests completion. In queue: 208:28:56.0359 0x0b78 AV detected via SS1: Microsoft Security Essentials, 4.5.0216.0, disabled, updated08:28:56.0359 0x0b78 Win FW state via NFM: enabled08:29:16.0359 0x0b78 ============================================================08:29:16.0359 0x0b78 Scan finished08:29:16.0359 0x0b78 ============================================================08:29:16.0359 0x0b70 Detected object count: 108:29:16.0359 0x0b70 Actual detected object count: 108:31:39.0359 0x0b70 HPM1210RcvFaxSrvc ( UnsignedFile.Multi.Generic ) - skipped by user08:31:39.0359 0x0b70 HPM1210RcvFaxSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:31:45.0531 0x0330 Deinitialize success Link to post Share on other sites More sharing options...
Naathim Posted September 20, 2014 ID:881178 Share Posted September 20, 2014 Looks fine so far Scan with ComboFixThis is a very powerful tool that should be used only if advised by Malware Analyst.Do not run ComboFix on your own!Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.Temporary disable your AntiVirus and AntiSpyware protection - instructions here.If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.Right-click on icon and select Run as Administrator to start the tool.Accept the disclaimer and agree if prompted to install Recovery Console.Do not take any actions while ComboFix goes through your System - it may cause it to stall!This scan may take some time!When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).Include that log in your next reply. If you'll encounter any issues with internet connection after running ComboFix, please visit this link. If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine. Don't forget to re-enable your previously switched-off protection software! Link to post Share on other sites More sharing options...
goode Posted September 20, 2014 Author ID:881180 Share Posted September 20, 2014 Fine. Did the alerts cease?I will reactivate MSE and report back. Link to post Share on other sites More sharing options...
goode Posted September 20, 2014 Author ID:881223 Share Posted September 20, 2014 Combofix log: ComboFix 14-09-18.01 - lavonne 09/20/2014 9:21.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3293.2537 [GMT -7:00] Running from: e:\documents and settings\lavonne\My Documents\downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . e:\documents and settings\lavonne\WINDOWS e:\windows\system32\dllcache\wmpvis.dll . . ((((((((((((((((((((((((( Files Created from 2014-08-20 to 2014-09-20 ))))))))))))))))))))))))))))))) . . 2014-09-20 16:00 . 2014-09-09 01:24 8806800 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E60EEFC2-CC10-4E8A-882F-BF0BA67113BD}\mpengine.dll 2014-09-20 15:12 . 2014-09-20 15:12 -------- d-----w- E:\TDSSKiller_Quarantine 2014-09-20 03:33 . 2014-09-20 03:36 -------- d-----w- E:\FRST 2014-09-20 02:18 . 2008-04-14 07:09 14592 -c--a-w- e:\windows\system32\dllcache\kbdhid.sys 2014-09-20 02:18 . 2008-04-14 07:09 14592 ----a-w- e:\windows\system32\drivers\kbdhid.sys 2014-09-20 02:18 . 2001-08-17 20:48 12160 -c--a-w- e:\windows\system32\dllcache\mouhid.sys 2014-09-20 02:18 . 2001-08-17 20:48 12160 ----a-w- e:\windows\system32\drivers\mouhid.sys 2014-09-20 02:18 . 2008-04-14 07:15 10368 -c--a-w- e:\windows\system32\dllcache\hidusb.sys 2014-09-20 02:18 . 2008-04-14 07:15 10368 ----a-w- e:\windows\system32\drivers\hidusb.sys 2014-09-20 00:38 . 2014-09-20 01:07 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2014-09-19 23:32 . 2014-09-19 23:43 -------- d-----w- E:\AdwCleaner 2014-09-19 22:37 . 2014-09-09 01:24 8806800 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-09-19 18:54 . 2014-09-20 00:37 113880 ----a-w- e:\windows\system32\drivers\MBAMSwissArmy.sys 2014-09-19 18:53 . 2014-09-20 00:36 54232 ----a-w- e:\windows\system32\drivers\mbamchameleon.sys 2014-09-19 18:53 . 2014-09-19 18:53 -------- d-----w- e:\program files\Malwarebytes Anti-Malware . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-09-10 17:46 . 2012-10-28 00:48 701104 ----a-w- e:\windows\system32\FlashPlayerApp.exe 2014-09-10 17:46 . 2012-10-28 00:48 71344 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl 2014-09-10 17:45 . 2014-07-09 06:45 17903792 ----a-w- e:\windows\system32\FlashPlayerInstaller.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="e:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-09-19 6690072] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="e:\windows\System32\igfxtray.exe" [2009-10-26 141848] "HotKeysCmds"="e:\windows\System32\hkcmd.exe" [2009-10-26 173592] "Persistence"="e:\windows\System32\igfxpers.exe" [2009-10-26 144920] "MSC"="e:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576] "RTHDCPL"="RTHDCPL.EXE" [2009-10-06 18750976] . e:\documents and settings\lavonne\Start Menu\Programs\Startup\ Billminder.lnk - e:\quickenw\BILLMIND.EXE [2012-5-22 10064] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "e:\program files\Qualcomm\Eudora\EuShlExt.dll" [2005-08-09 86016] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880] R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664] R2 !SASCORE;SAS Core Service;e:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 4:38 PM 142648] R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;e:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [11/20/2009 2:14 PM 245760] R2 HPSIService;HP SI Service;e:\windows\system32\HPSIsvc.exe [5/15/2012 4:54 PM 99896] S1 asoufuqa;asoufuqa;\??\e:\windows\system32\drivers\asoufuqa.sys --> e:\windows\system32\drivers\asoufuqa.sys [?] S1 basfwynk;basfwynk;\??\e:\windows\system32\drivers\basfwynk.sys --> e:\windows\system32\drivers\basfwynk.sys [?] S1 bmrtexpn;bmrtexpn;\??\e:\windows\system32\drivers\bmrtexpn.sys --> e:\windows\system32\drivers\bmrtexpn.sys [?] S1 fqjjbabe;fqjjbabe;\??\e:\windows\system32\drivers\fqjjbabe.sys --> e:\windows\system32\drivers\fqjjbabe.sys [?] S1 fumhmkzp;fumhmkzp;\??\e:\windows\system32\drivers\fumhmkzp.sys --> e:\windows\system32\drivers\fumhmkzp.sys [?] S1 gthyleim;gthyleim;\??\e:\windows\system32\drivers\gthyleim.sys --> e:\windows\system32\drivers\gthyleim.sys [?] S1 gyevzyhq;gyevzyhq;\??\e:\windows\system32\drivers\gyevzyhq.sys --> e:\windows\system32\drivers\gyevzyhq.sys [?] S1 mqmddadt;mqmddadt;\??\e:\windows\system32\drivers\mqmddadt.sys --> e:\windows\system32\drivers\mqmddadt.sys [?] S1 navlzhjt;navlzhjt;\??\e:\windows\system32\drivers\navlzhjt.sys --> e:\windows\system32\drivers\navlzhjt.sys [?] S1 qnmcfouq;qnmcfouq;\??\e:\windows\system32\drivers\qnmcfouq.sys --> e:\windows\system32\drivers\qnmcfouq.sys [?] S1 vspqmgan;vspqmgan;\??\e:\windows\system32\drivers\vspqmgan.sys --> e:\windows\system32\drivers\vspqmgan.sys [?] S1 wjhfgmuv;wjhfgmuv;\??\e:\windows\system32\drivers\wjhfgmuv.sys --> e:\windows\system32\drivers\wjhfgmuv.sys [?] S1 yhvfpdrs;yhvfpdrs;\??\e:\windows\system32\drivers\yhvfpdrs.sys --> e:\windows\system32\drivers\yhvfpdrs.sys [?] S1 zpandemo;zpandemo;\??\e:\windows\system32\drivers\zpandemo.sys --> e:\windows\system32\drivers\zpandemo.sys [?] S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [5/15/2012 3:49 PM 1684736] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 35051618 *Deregistered* - 35051618 . Contents of the 'Scheduled Tasks' folder . 2014-09-20 e:\windows\Tasks\Adobe Flash Player Updater.job - e:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-28 17:46] . 2014-09-20 e:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job - e:\windows\system32\xp_eos.exe [2014-03-07 01:59] . 2014-09-14 e:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job - e:\windows\system32\xp_eos.exe [2014-03-07 01:59] . 2014-09-20 e:\windows\Tasks\User_Feed_Synchronization-{60A9699E-D563-4A84-B463-336407475A7C}.job - e:\windows\system32\msfeedssync.exe [2009-03-08 11:31] . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 209.221.136.4 209.221.136.9 FF - ProfilePath - e:\documents and settings\lavonne\Application Data\Mozilla\Firefox\Profiles\wlk5ki5n.default\ . - - - - ORPHANS REMOVED - - - - . HKCU-Run-Ukiqxoinxaev - e:\documents and settings\lavonne\Application Data\Keromaib\qoumg.exe SafeBoot-35051618.sys SafeBoot-61703292.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-09-20 10:07 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-796845957-1580436667-839522115-1005\Software\÷@*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(684) e:\windows\system32\igfxdev.dll . Completion time: 2014-09-20 10:09:38 ComboFix-quarantined-files.txt 2014-09-20 17:09 . Pre-Run: 415,577,120,768 bytes free Post-Run: 418,631,647,232 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn . - - End Of File - - 93057300AEF3671500EFD290ADE44622 8F558EB6672622401DA993E1E865C861 Link to post Share on other sites More sharing options...
Naathim Posted September 20, 2014 ID:881273 Share Posted September 20, 2014 I can't read the log in this look. Can you please attach it instead of posting? Link to post Share on other sites More sharing options...
goode Posted September 21, 2014 Author ID:881308 Share Posted September 21, 2014 Combofix log Attached.ComboFix.txt Link to post Share on other sites More sharing options...
Naathim Posted September 21, 2014 ID:881311 Share Posted September 21, 2014 Fix with ComboFixLet's prepare a Script for ComboFix to mark some things for being deleted.Press the + R on your keyboard at the same time.A Run window should appear in the lower left corner. Type in notepad.exe and press Enter.In the shown window paste in the following script:KillAll::Driver::asoufuqabasfwynkbmrtexpnfqjjbabefumhmkzpgthyleimgyevzyhqmqmddadtnavlzhjtqnmcfouqvspqmganwjhfgmuvyhvfpdrszpandemoFile::e:\windows\system32\drivers\asoufuqa.syse:\windows\system32\drivers\basfwynk.syse:\windows\system32\drivers\bmrtexpn.syse:\windows\system32\drivers\fqjjbabe.syse:\windows\system32\drivers\fumhmkzp.syse:\windows\system32\drivers\gthyleim.syse:\windows\system32\drivers\gyevzyhq.syse:\windows\system32\drivers\mqmddadt.syse:\windows\system32\drivers\navlzhjt.syse:\windows\system32\drivers\qnmcfouq.syse:\windows\system32\drivers\vspqmgan.sys e:\windows\system32\drivers\wjhfgmuv.syse:\windows\system32\drivers\yhvfpdrs.syse:\windows\system32\drivers\zpandemo.sysGo to File menu and select Save as.Make sure that the Save as type option is set to Text files (*.txt) and the place to save will be your desktop.Name the file CFScript and select Save.Your CFScript.txt file should appear on your desktop.Temporary disable your AntiVirus and AntiSpyware protection - instructions here.Now drag your CFScript file and drop it onto the icon:This will start ComboFix. Let it run uninterrupted!A reboot may be needed during this run. Allow it.When finished, it shall produce a log for you at C:\ComboFix.txt and display it.Please include that log in your next reply. If you'll encounter any issues with internet connection after running ComboFix, please visit this link. If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine. Do not forget to turn on your previously switched-off protection software! Link to post Share on other sites More sharing options...
goode Posted September 21, 2014 Author ID:881315 Share Posted September 21, 2014 OK, CFscript/Combofix running. Do you prefer results pasted in thread or as attachment? Link to post Share on other sites More sharing options...
goode Posted September 21, 2014 Author ID:881317 Share Posted September 21, 2014 ComboFix 14-09-18.01 - lavonne 09/20/2014 18:30:47.2.2 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3293.2702 [GMT -7:00]Running from: e:\documents and settings\lavonne\Desktop\ComboFix.exeCommand switches used :: e:\documents and settings\lavonne\Desktop\CFScript.txtAV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}.FILE ::"e:\windows\system32\drivers\asoufuqa.sys""e:\windows\system32\drivers\basfwynk.sys""e:\windows\system32\drivers\bmrtexpn.sys""e:\windows\system32\drivers\fqjjbabe.sys""e:\windows\system32\drivers\fumhmkzp.sys""e:\windows\system32\drivers\gthyleim.sys""e:\windows\system32\drivers\gyevzyhq.sys""e:\windows\system32\drivers\mqmddadt.sys""e:\windows\system32\drivers\navlzhjt.sys""e:\windows\system32\drivers\qnmcfouq.sys""e:\windows\system32\drivers\vspqmgan.sys""e:\windows\system32\drivers\wjhfgmuv.sys""e:\windows\system32\drivers\yhvfpdrs.sys""e:\windows\system32\drivers\zpandemo.sys"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))...((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_asoufuqa-------\Service_basfwynk-------\Service_bmrtexpn-------\Service_fqjjbabe-------\Service_fumhmkzp-------\Service_gthyleim-------\Service_gyevzyhq-------\Service_mqmddadt-------\Service_navlzhjt-------\Service_qnmcfouq-------\Service_vspqmgan-------\Service_wjhfgmuv-------\Service_yhvfpdrs-------\Service_zpandemo..((((((((((((((((((((((((( Files Created from 2014-08-21 to 2014-09-21 )))))))))))))))))))))))))))))))..2014-09-21 01:40 . 2014-09-21 01:40 62576 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B27C12C3-3E26-4D18-BB91-46C1F6A93009}\offreg.dll2014-09-21 00:03 . 2014-09-09 01:24 8806800 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B27C12C3-3E26-4D18-BB91-46C1F6A93009}\mpengine.dll2014-09-20 15:12 . 2014-09-20 15:12 -------- d-----w- E:\TDSSKiller_Quarantine2014-09-20 03:33 . 2014-09-20 03:36 -------- d-----w- E:\FRST2014-09-20 02:18 . 2008-04-14 07:09 14592 -c--a-w- e:\windows\system32\dllcache\kbdhid.sys2014-09-20 02:18 . 2008-04-14 07:09 14592 ----a-w- e:\windows\system32\drivers\kbdhid.sys2014-09-20 02:18 . 2001-08-17 20:48 12160 -c--a-w- e:\windows\system32\dllcache\mouhid.sys2014-09-20 02:18 . 2001-08-17 20:48 12160 ----a-w- e:\windows\system32\drivers\mouhid.sys2014-09-20 02:18 . 2008-04-14 07:15 10368 -c--a-w- e:\windows\system32\dllcache\hidusb.sys2014-09-20 02:18 . 2008-04-14 07:15 10368 ----a-w- e:\windows\system32\drivers\hidusb.sys2014-09-20 00:38 . 2014-09-20 01:07 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)2014-09-19 23:32 . 2014-09-19 23:43 -------- d-----w- E:\AdwCleaner2014-09-19 22:37 . 2014-09-09 01:24 8806800 ----a-w- e:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-09-19 18:54 . 2014-09-20 00:37 113880 ----a-w- e:\windows\system32\drivers\MBAMSwissArmy.sys2014-09-19 18:53 . 2014-09-20 00:36 54232 ----a-w- e:\windows\system32\drivers\mbamchameleon.sys2014-09-19 18:53 . 2014-09-19 18:53 -------- d-----w- e:\program files\Malwarebytes Anti-Malware...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-09-10 17:46 . 2012-10-28 00:48 701104 ----a-w- e:\windows\system32\FlashPlayerApp.exe2014-09-10 17:46 . 2012-10-28 00:48 71344 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl2014-09-10 17:45 . 2014-07-09 06:45 17903792 ----a-w- e:\windows\system32\FlashPlayerInstaller.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SUPERAntiSpyware"="e:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-09-19 6690072].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="e:\windows\System32\igfxtray.exe" [2009-10-26 141848]"HotKeysCmds"="e:\windows\System32\hkcmd.exe" [2009-10-26 173592]"Persistence"="e:\windows\System32\igfxpers.exe" [2009-10-26 144920]"MSC"="e:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]"RTHDCPL"="RTHDCPL.EXE" [2009-10-06 18750976].e:\documents and settings\lavonne\Start Menu\Programs\Startup\Billminder.lnk - e:\quickenw\BILLMIND.EXE [2012-5-22 10064].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "e:\program files\Qualcomm\Eudora\EuShlExt.dll" [2005-08-09 86016].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"=.R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]R2 !SASCORE;SAS Core Service;e:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 4:38 PM 142648]R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;e:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [11/20/2009 2:14 PM 245760]R2 HPSIService;HP SI Service;e:\windows\system32\HPSIsvc.exe [5/15/2012 4:54 PM 99896]S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [5/15/2012 3:49 PM 1684736].Contents of the 'Scheduled Tasks' folder.2014-09-21 e:\windows\Tasks\Adobe Flash Player Updater.job- e:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-28 17:46].2014-09-21 e:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job- e:\windows\system32\xp_eos.exe [2014-03-07 01:59].2014-09-14 e:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job- e:\windows\system32\xp_eos.exe [2014-03-07 01:59].2014-09-21 e:\windows\Tasks\User_Feed_Synchronization-{60A9699E-D563-4A84-B463-336407475A7C}.job- e:\windows\system32\msfeedssync.exe [2009-03-08 11:31]..------- Supplementary Scan -------.uStart Page = about:blankIE: E&xport to Microsoft Excel - e:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000TCP: DhcpNameServer = 209.221.136.4 209.221.136.9FF - ProfilePath - e:\documents and settings\lavonne\Application Data\Mozilla\Firefox\Profiles\wlk5ki5n.default\..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2014-09-20 18:41Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-796845957-1580436667-839522115-1005\Software\÷@*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(3388)e:\windows\system32\WININET.dlle:\windows\system32\ieframe.dlle:\windows\system32\webcheck.dll.------------------------ Other Running Processes ------------------------.e:\program files\Microsoft Security Client\MsMpEng.exee:\windows\system32\wscntfy.exee:\windows\RTHDCPL.EXEe:\windows\System32\igfxsrvc.exe.**************************************************************************.Completion time: 2014-09-20 18:43:24 - machine was rebootedComboFix-quarantined-files.txt 2014-09-21 01:43ComboFix2.txt 2014-09-20 17:09.Pre-Run: 418,678,239,232 bytes freePost-Run: 418,631,450,624 bytes free.- - End Of File - - 9C4468D4781E1306AC6BFDF46691961A8F558EB6672622401DA993E1E865C861 Link to post Share on other sites More sharing options...
Naathim Posted September 21, 2014 ID:881320 Share Posted September 21, 2014 OK, looks much better. Scan with Farbar Recovery Scan ToolPlease re-run Farbar Recovery Scan Tool.Right-click on icon and select Run as Administrator to start the tool.> XP users click run after receipt of Windows Security Warning - Open File.> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please include their content in your next reply. Link to post Share on other sites More sharing options...
goode Posted September 21, 2014 Author ID:881323 Share Posted September 21, 2014 FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014Ran by lavonne (administrator) on GUYHARDMAN on 20-09-2014 19:02:10Running from E:\Documents and Settings\lavonne\My Documents\downloadsPlatform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)Internet Explorer Version 8Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Microsoft Corporation) E:\Program Files\Microsoft Security Client\MsMpEng.exe(SUPERAntiSpyware.com) E:\Program Files\SUPERAntiSpyware\SASCORE.EXE(Marvell) E:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe(HP) E:\WINDOWS\system32\HPSIsvc.exe(Microsoft Corporation) E:\WINDOWS\system32\wscntfy.exe(Intel Corporation) E:\WINDOWS\system32\hkcmd.exe(Intel Corporation) E:\WINDOWS\system32\igfxpers.exe(Microsoft Corporation) E:\Program Files\Microsoft Security Client\msseces.exe(Realtek Semiconductor Corp.) E:\WINDOWS\RTHDCPL.EXE(SUPERAntiSpyware) E:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE(Intel Corporation) E:\WINDOWS\system32\igfxsrvc.exe(Mozilla Corporation) E:\Program Files\Mozilla Firefox\firefox.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [MSC] => e:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)HKLM\...\Run: [RTHDCPL] => E:\WINDOWS\RTHDCPL.EXE [18750976 2009-10-06] (Realtek Semiconductor Corp.)HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!HKU\S-1-5-21-796845957-1580436667-839522115-1005\...\Run: [sUPERAntiSpyware] => E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6690072 2014-09-19] (SUPERAntiSpyware)Startup: E:\Documents and Settings\lavonne\Start Menu\Programs\Startup\Billminder.lnkShortcutTarget: Billminder.lnk -> E:\QUICKENW\BILLMIND.EXE (Intuit)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)ProxyServer: :0HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchToolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - E:\WINDOWS\System32\browseui.dll (Microsoft Corporation)Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - E:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)ShellExecuteHooks: Eudora's Shell Extension - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - E:\Program Files\Qualcomm\Eudora\EuShlExt.dll [86016 2005-08-09] (Qualcomm Inc.)Tcpip\Parameters: [DhcpNameServer] 209.221.136.4 209.221.136.9FireFox:========FF ProfilePath: E:\Documents and Settings\lavonne\Application Data\Mozilla\Firefox\Profiles\wlk5ki5n.defaultFF Plugin: @adobe.com/FlashPlayer -> E:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> E:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)FF Plugin: @microsoft.com/WPF,version=3.5 -> e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> E:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> E:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)FF Plugin ProgramFiles/Appdata: E:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: E:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)FF Extension: NoScript - E:\Documents and Settings\lavonne\Application Data\Mozilla\Firefox\Profiles\wlk5ki5n.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-19]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-05-20]Chrome:================================= Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 !SASCORE; E:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-12] (SUPERAntiSpyware.com)R2 HPM1210RcvFaxSrvc; E:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [245760 2009-11-20] (Marvell) [File not signed]R2 MsMpSvc; e:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)S3 Ambfilt; E:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)S3 Monfilt; E:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)R0 MpFilter; E:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)R1 SASDIFSV; E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R3 catchme; \??\E:\ComboFix\catchme.sys [X]S4 IntelIde; No ImagePathU5 ScsiPort; E:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)U3 TlntSvr; No ImagePathU3 mbr; \??\E:\DOCUME~1\lavonne\LOCALS~1\Temp\mbr.sys [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2014-09-20 18:43 - 2014-09-20 19:02 - 00000000 ____D () E:\Documents and Settings\lavonne\Local Settings\temp2014-09-20 18:43 - 2014-09-20 18:49 - 00000000 ____D () E:\Documents and Settings\NetworkService\Local Settings\temp2014-09-20 18:43 - 2014-09-20 18:43 - 00008609 _____ () E:\ComboFix.txt2014-09-20 18:43 - 2014-09-20 18:43 - 00000000 ____D () E:\Documents and Settings\LocalService\Local Settings\temp2014-09-20 18:37 - 2014-09-20 18:37 - 00008192 ____H () E:\WINDOWS\system32\config\SECURITY.tmp.LOG2014-09-20 18:37 - 2014-09-20 18:37 - 00000000 ____H () E:\WINDOWS\system32\config\system.tmp.LOG2014-09-20 18:37 - 2014-09-20 18:37 - 00000000 ____H () E:\WINDOWS\system32\config\software.tmp.LOG2014-09-20 18:37 - 2014-09-20 18:37 - 00000000 ____H () E:\WINDOWS\system32\config\SAM.tmp.LOG2014-09-20 18:37 - 2014-09-20 18:37 - 00000000 ____H () E:\WINDOWS\system32\config\default.tmp.LOG2014-09-20 09:14 - 2014-09-20 18:43 - 00000000 ____D () E:\Qoobox2014-09-20 09:14 - 2014-09-20 18:36 - 00000000 ____D () E:\WINDOWS\erdnt2014-09-20 09:14 - 2011-06-25 23:45 - 00256000 _____ () E:\WINDOWS\PEV.exe2014-09-20 09:14 - 2010-11-07 10:20 - 00208896 _____ () E:\WINDOWS\MBR.exe2014-09-20 09:14 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) E:\WINDOWS\NIRCMD.exe2014-09-20 09:14 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) E:\WINDOWS\SWREG.exe2014-09-20 09:14 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) E:\WINDOWS\SWSC.exe2014-09-20 09:14 - 2000-08-30 17:00 - 00212480 _____ (SteelWerX) E:\WINDOWS\SWXCACLS.exe2014-09-20 09:14 - 2000-08-30 17:00 - 00098816 _____ () E:\WINDOWS\sed.exe2014-09-20 09:14 - 2000-08-30 17:00 - 00080412 _____ () E:\WINDOWS\grep.exe2014-09-20 09:14 - 2000-08-30 17:00 - 00068096 _____ () E:\WINDOWS\zip.exe2014-09-20 09:01 - 2014-09-20 09:04 - 05578824 ____R (Swearware) E:\Documents and Settings\lavonne\Desktop\ComboFix.exe2014-09-20 08:12 - 2014-09-20 08:12 - 00000000 ____D () E:\TDSSKiller_Quarantine2014-09-20 08:03 - 2014-09-20 08:03 - 00001374 _____ () E:\Documents and Settings\lavonne\Desktop\tdss.txt2014-09-19 21:12 - 2014-09-19 21:12 - 00071968 _____ () E:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat2014-09-19 20:33 - 2014-09-20 19:02 - 00000000 ____D () E:\FRST2014-09-19 19:18 - 2008-04-14 00:15 - 00010368 ____C (Microsoft Corporation) E:\WINDOWS\system32\dllcache\hidusb.sys2014-09-19 19:18 - 2008-04-14 00:15 - 00010368 _____ (Microsoft Corporation) E:\WINDOWS\system32\Drivers\hidusb.sys2014-09-19 19:18 - 2008-04-14 00:09 - 00014592 ____C (Microsoft Corporation) E:\WINDOWS\system32\dllcache\kbdhid.sys2014-09-19 19:18 - 2008-04-14 00:09 - 00014592 _____ (Microsoft Corporation) E:\WINDOWS\system32\Drivers\kbdhid.sys2014-09-19 19:18 - 2001-08-17 13:48 - 00012160 ____C (Microsoft Corporation) E:\WINDOWS\system32\dllcache\mouhid.sys2014-09-19 19:18 - 2001-08-17 13:48 - 00012160 _____ (Microsoft Corporation) E:\WINDOWS\system32\Drivers\mouhid.sys2014-09-19 17:38 - 2014-09-19 18:07 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)2014-09-19 17:36 - 2014-09-19 18:07 - 00000000 ____D () E:\Documents and Settings\lavonne\Desktop\mbar2014-09-19 16:32 - 2014-09-19 16:43 - 00000000 ____D () E:\AdwCleaner2014-09-19 11:54 - 2014-09-19 17:37 - 00113880 _____ (Malwarebytes Corporation) E:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-09-19 11:53 - 2014-09-19 17:36 - 00054232 _____ (Malwarebytes Corporation) E:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-09-19 11:53 - 2014-09-19 11:53 - 00000000 ____D () E:\Program Files\Malwarebytes Anti-Malware2014-09-19 11:53 - 2014-09-19 11:53 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware2014-09-19 11:50 - 2014-09-19 11:50 - 00000000 ____D () E:\Documents and Settings\guy\Application Data\Malwarebytes2014-09-19 11:19 - 2014-09-15 16:49 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin20146.xls2014-09-19 11:19 - 2014-09-15 16:31 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\codyevans5.xls2014-09-19 11:19 - 2014-09-13 16:12 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoedinvoice3.xls2014-09-19 11:19 - 2014-09-06 20:07 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoedinvoice2.xls2014-09-19 11:19 - 2014-08-30 14:37 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoedinvoice.xls2014-09-19 11:19 - 2014-08-27 07:21 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\petersoninvoice14.xls2014-09-19 11:19 - 2014-08-13 09:32 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\codyevans4.xls2014-09-19 11:19 - 2014-08-13 09:21 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\vin grou invoice14.xls2014-09-19 11:19 - 2014-08-13 09:12 - 00266240 _____ () E:\Documents and Settings\guy\My Documents\martininvoice.xls2014-09-19 11:19 - 2014-08-04 05:42 - 00265728 _____ () E:\Documents and Settings\guy\My Documents\martin.xls2014-09-19 11:19 - 2014-08-02 19:22 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice201414.xls2014-09-19 11:19 - 2014-07-26 18:33 - 00256512 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice201413.xls2014-09-19 11:19 - 2014-07-18 22:10 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice201412.xls2014-09-19 11:19 - 2014-07-13 09:34 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice201411.xls2014-09-19 11:19 - 2014-07-08 18:38 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\schroederinvoice2.xls2014-09-19 11:19 - 2014-07-05 09:08 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\huneryager.xls2014-09-19 11:19 - 2014-07-05 08:42 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice201410.xls2014-09-19 11:19 - 2014-07-05 08:30 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\lodmill3invoice.xls2014-09-19 11:19 - 2014-06-29 08:55 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\codyevans3.xls2014-09-19 11:19 - 2014-06-28 02:48 - 00266752 _____ () E:\Documents and Settings\guy\My Documents\Kohninvoice.xls2014-09-19 11:19 - 2014-06-22 14:52 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\doctorbob.xls2014-09-19 11:19 - 2014-06-22 14:31 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\codyevans2.xls2014-09-19 11:19 - 2014-06-21 15:44 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20149.xls2014-09-19 11:19 - 2014-06-14 21:39 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\schroederinvoice.xls2014-09-19 11:19 - 2014-06-14 21:28 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\codyevans.xls2014-09-19 11:19 - 2014-06-14 21:12 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\lindanancyinvoice2014.xls2014-09-19 11:19 - 2014-06-14 21:01 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20148.xls2014-09-19 11:19 - 2014-06-07 18:30 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20147.xls2014-09-19 11:19 - 2014-06-05 07:34 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\lodmill2invoice.xls2014-09-19 11:19 - 2014-05-31 09:14 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20146.xls2014-09-19 11:19 - 2014-05-30 07:53 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\kentrhodesinvoice2.xls2014-09-19 11:19 - 2014-05-26 21:02 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20145.xls2014-09-19 11:19 - 2014-05-17 11:22 - 00256512 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20144.xls2014-09-19 11:19 - 2014-05-10 17:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20143.xls2014-09-19 11:19 - 2014-05-03 14:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice20142.xls2014-09-19 11:19 - 2014-05-03 14:18 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice2014.xls2014-09-19 11:19 - 2014-05-03 14:13 - 00256000 _____ () E:\Documents and Settings\guy\My Documents\todoinvoice2014-2.xls2014-09-19 11:19 - 2014-04-24 07:20 - 00258048 _____ () E:\Documents and Settings\guy\My Documents\kentrhodesinvoice1.xls2014-09-19 11:19 - 2014-04-18 08:58 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\lodmillinvoice.xls2014-09-19 11:19 - 2014-04-15 18:27 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\behrmaninvoice2014.xls2014-09-19 11:19 - 2014-03-27 07:58 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\petersoninvoice.xls2014-09-19 11:19 - 2014-03-25 06:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\thamerinvoice.xls2014-09-19 11:19 - 2014-03-16 16:18 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin20145.xls2014-09-19 11:19 - 2014-02-22 10:34 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin20144.xls2014-09-19 11:19 - 2014-02-22 09:49 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice2014.xls2014-09-19 11:19 - 2014-02-06 09:23 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwinfloorrepair2014.xls2014-09-19 11:19 - 2014-02-04 20:44 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\curtcarlson.xls2014-09-19 11:19 - 2014-02-02 20:42 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice20132.xls2014-09-19 11:19 - 2014-02-02 14:26 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin20143.xls2014-09-19 11:19 - 2014-01-24 08:45 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin20142.xls2014-09-19 11:19 - 2014-01-24 08:24 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin2014.xls2014-09-19 11:19 - 2014-01-24 08:23 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\thamer.xls2014-09-19 11:19 - 2013-12-23 07:06 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin3.xls2014-09-19 11:19 - 2013-12-17 12:09 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin2.xls2014-09-19 11:19 - 2013-12-06 16:08 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin.xls2014-09-19 11:19 - 2013-12-04 16:15 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\johnbarry2.xls2014-09-19 11:19 - 2013-11-22 09:50 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\lindanancyinvoice2013.xls2014-09-19 11:19 - 2013-11-12 08:42 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\short2.xls2014-09-19 11:19 - 2013-11-12 08:14 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\short.xls2014-09-19 11:19 - 2013-10-25 14:03 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\lindanancyinvoice20133.xls2014-09-19 11:19 - 2013-10-16 08:37 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\johnbarry.xls2014-09-19 11:19 - 2013-10-14 17:17 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\johansoninvoice.xls2014-09-19 11:19 - 2013-10-14 09:27 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\lindanancyinvoice20132.xls2014-09-19 11:19 - 2013-10-03 10:21 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\cysewskiinvoice3.xls2014-09-19 11:19 - 2013-10-03 10:06 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\kellygoodwininvoice13#2.xls2014-09-19 11:19 - 2013-09-27 08:37 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\cysewskiinvoice2.xls2014-09-19 11:19 - 2013-09-18 07:50 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\cysewskiinvoice.xls2014-09-19 11:19 - 2013-09-12 07:05 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\clinganinvoice.xls2014-09-19 11:19 - 2013-09-12 06:59 - 00255488 _____ () E:\Documents and Settings\guy\My Documents\clinganinvoice2013.xls1.xls2014-09-19 11:19 - 2013-09-12 06:54 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\clothierinvoice2013.xls1.xls2014-09-19 11:19 - 2013-09-08 17:11 - 00256512 _____ () E:\Documents and Settings\guy\My Documents\eusticeinvoice.xls2014-09-19 11:19 - 2013-08-18 09:37 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\hawley2invoice.xls2014-09-19 11:19 - 2013-08-15 09:00 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\behrmandoorknobinvoice.xls2014-09-19 11:19 - 2013-08-15 08:42 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\kellygoodwininvoice13.xls2014-09-19 11:19 - 2013-08-09 12:12 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\welchhenleyinvoice4.xls2014-09-19 11:19 - 2013-08-07 08:38 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\stewartinvoice2013.xls2014-09-19 11:19 - 2013-07-26 08:02 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\welchhenleyinvoice3.xls2014-09-19 11:19 - 2013-07-26 07:56 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\walshhenleyinvoice3.xls2014-09-19 11:19 - 2013-07-10 18:58 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\walshhenleyinvoice2.xls2014-09-19 11:19 - 2013-07-10 18:23 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\walshhenleyinvoice.xls2014-09-19 11:19 - 2013-06-28 14:10 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\hawleyinvoice.xls2014-09-19 11:19 - 2013-06-28 13:24 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\walshhenleycontract.xls2014-09-19 11:19 - 2013-06-18 14:47 - 00240640 _____ () E:\Documents and Settings\guy\My Documents\armstronginvoice.xls2014-09-19 11:19 - 2013-06-12 07:49 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\glendaleinvoice.2013xls.xls2014-09-19 11:19 - 2013-05-28 20:00 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\fultonmats.3xls.xls2014-09-19 11:19 - 2013-05-28 19:49 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice.xls3.xls2014-09-19 11:19 - 2013-05-21 08:51 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\behrmaninvoice9.xls2014-09-19 11:19 - 2013-05-21 08:49 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\berhman 9.xls2014-09-19 11:19 - 2013-05-21 08:39 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\behrmaninvoice3.xls2014-09-19 11:19 - 2013-05-21 08:39 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\behrmaninvoice2.xls2014-09-19 11:19 - 2013-05-07 18:16 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\geraldhoefer2013.xls2014-09-19 11:19 - 2013-04-21 11:38 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\behrmanmaterials.xls2014-09-19 11:19 - 2013-04-21 11:37 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\dullabhmats.xls2014-09-19 11:19 - 2013-04-21 11:12 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\behrmaninvoice.xls2014-09-19 11:19 - 2013-04-03 08:30 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\vinagroup2013.xls2014-09-19 11:19 - 2013-04-03 08:00 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\vin grou invoice13.xls2014-09-19 11:19 - 2013-03-22 07:27 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\oyabeinvoice.xls2014-09-19 11:19 - 2013-03-08 15:19 - 00240640 _____ () E:\Documents and Settings\guy\My Documents\olyinvoice.xls2014-09-19 11:19 - 2013-03-01 19:01 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\torresinvoice.xls2013.xls2014-09-19 11:19 - 2013-03-01 19:00 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\torresinvoice.xls2011.xls2014-09-19 11:19 - 2013-02-28 06:47 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\hernandezinvoice.xls2014-09-19 11:19 - 2013-02-08 10:06 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\kelligoodwininvoice2.xls2014-09-19 11:19 - 2013-02-03 22:00 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\torresmats2013.xls2014-09-19 11:19 - 2013-01-12 15:58 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\kellygoodwininvoice.xls2014-09-19 11:19 - 2012-11-30 12:50 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\vinagroupinv.xls2014-09-19 11:19 - 2012-11-30 12:27 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\kitanoinv1012.xls2014-09-19 11:19 - 2012-11-22 10:55 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\bradleyinvoice.xls2014-09-19 11:19 - 2012-11-22 10:35 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice2.xls2014-09-19 11:19 - 2012-11-20 12:56 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\collierinv2.xls2014-09-19 11:19 - 2012-11-20 12:47 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\paullmantelinv.xls2014-09-19 11:19 - 2012-11-20 12:28 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\libertyinvoice.xls2014-09-19 11:19 - 2012-11-09 11:45 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\paullshowerinv..xls2014-09-19 11:19 - 2012-11-09 10:59 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\fulton2inv..xls2014-09-19 11:19 - 2012-11-09 10:58 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\collierinvoice.xls2014-09-19 11:19 - 2012-11-09 10:57 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\fultoninv..xls2014-09-19 11:19 - 2012-11-09 10:56 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\collierinv..xls2014-09-19 11:19 - 2012-10-29 10:07 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\vina group invoice 21.xls2.xls3.xls2014-09-19 11:19 - 2012-10-27 19:04 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\geraldhoeferdentalinv..xls2014-09-19 11:19 - 2012-10-24 06:15 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\paulbeaconinvoicePaullinvoice.xls2014-09-19 11:19 - 2012-10-20 11:59 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\zionislandinv..xls2014-09-19 11:19 - 2012-09-10 13:26 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\ronjohnsoninvoice.xls2014-09-19 11:19 - 2012-09-05 09:47 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\hoeferginvoice.xls2014-09-19 11:19 - 2012-08-22 20:13 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\herman3.xls2014-09-19 11:19 - 2012-08-22 20:12 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\hermanllc.xls2014-09-19 11:19 - 2012-08-20 20:35 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice.xls2.xls2014-09-19 11:19 - 2012-08-20 20:12 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\cenciinvoice2.xls2014-09-19 11:19 - 2012-07-12 12:05 - 00256000 _____ () E:\Documents and Settings\guy\My Documents\besharainvoice.xls2014-09-19 11:19 - 2012-07-02 17:41 - 00265728 _____ () E:\Documents and Settings\guy\My Documents\Kohnmats.xls2014-09-19 11:19 - 2012-06-30 14:53 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\zioninvoice.xls2014-09-19 11:19 - 2012-06-20 09:53 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\hermaninvoice2.xls2014-09-19 11:19 - 2012-06-12 17:54 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\houstoninvoice.xls2014-09-19 11:19 - 2012-05-31 09:28 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\hoeferinvoice2.xls2014-09-19 11:19 - 2012-05-31 09:27 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\ryanmcquadeivoice.xls2014-09-19 11:19 - 2012-05-27 10:37 - 00256512 _____ () E:\Documents and Settings\guy\My Documents\cenciinvoice.xls2014-09-19 11:19 - 2012-05-26 11:06 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\haerman2.xls2014-09-19 11:19 - 2012-04-22 18:24 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\cristinewaldman.xls2014-09-19 11:19 - 2012-04-06 15:01 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\clothierinvoice2012.xls1.xls2014-09-19 11:19 - 2012-03-27 17:05 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\Harperinvoice.xls2014-09-19 11:19 - 2012-03-27 17:02 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\torresinvoice.xls2014-09-19 11:19 - 2012-03-21 08:37 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\tovarinvoice.xls2014-09-19 11:19 - 2012-02-29 11:58 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\DamborgDan.xls2014-09-19 11:19 - 2012-01-12 14:23 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\annemooreandmel2012.xls2014-09-19 11:19 - 2011-12-14 13:02 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\lawinvoice.xls2014-09-19 11:19 - 2011-12-14 12:50 - 00256000 _____ () E:\Documents and Settings\guy\My Documents\lawmats.xls2014-09-19 11:19 - 2011-12-14 12:40 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\glendale invoice 2.xls2014-09-19 11:19 - 2011-11-11 16:59 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\lydenmats.xls2014-09-19 11:19 - 2011-11-11 16:52 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\lydeninvoice.xls2014-09-19 11:19 - 2011-11-01 17:26 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\juanandhazelmaterials.xls2014-09-19 11:19 - 2011-11-01 17:23 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\juanandhazelinvoice.xls2014-09-19 11:19 - 2011-11-01 15:55 - 00256000 _____ () E:\Documents and Settings\guy\My Documents\clothierinvoice.xls2014-09-19 11:19 - 2011-10-21 15:05 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\Waltoninvoice.xls2014-09-19 11:19 - 2011-10-19 08:16 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\hermaninvoice.xls2014-09-19 11:19 - 2011-10-09 15:35 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\taylorinvoice.xls2014-09-19 11:19 - 2011-10-01 11:11 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\Randy and Robinnormany park.xls2014-09-19 11:19 - 2011-09-30 09:28 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\lindanancyinvoice.xls2014-09-19 11:19 - 2011-09-30 09:19 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\nancymats.xls2014-09-19 11:19 - 2011-09-14 18:16 - 00259584 _____ () E:\Documents and Settings\guy\My Documents\bennettmats.xls2014-09-19 11:19 - 2011-09-14 18:08 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\bennettinvoice.xls2014-09-19 11:19 - 2011-09-05 15:15 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\vina group invoice 21.xls2014-09-19 11:19 - 2011-07-31 10:27 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\lindanancycabinets.xls2014-09-19 11:19 - 2011-07-31 10:13 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\lindanancyinvoice.xlsdp.xls2014-09-19 11:19 - 2011-06-27 14:18 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\martyandlenayschneider.xls2014-09-19 11:19 - 2011-06-21 13:02 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\Randy and Robin2 2011.xls2.xls2014-09-19 11:19 - 2011-05-22 11:34 - 00261632 _____ () E:\Documents and Settings\guy\My Documents\nancyinvoice.xls2014-09-19 11:19 - 2011-05-22 11:10 - 00260096 _____ () E:\Documents and Settings\guy\My Documents\nancylinda.xls2014-09-19 11:19 - 2011-04-29 06:52 - 00261632 _____ () E:\Documents and Settings\guy\My Documents\lindanancy.xls2014-09-19 11:19 - 2011-04-14 08:31 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice3.xls2014-09-19 11:19 - 2011-04-02 10:23 - 00266240 _____ () E:\Documents and Settings\guy\My Documents\Randy and Robin2 2011.xls2014-09-19 11:19 - 2011-03-29 07:08 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\torresinvoice.xls2011.xls2.1.xls2014-09-19 11:19 - 2011-03-28 18:46 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\Hall.xls2014-09-19 11:19 - 2011-03-20 11:15 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\Bettyinvoice.xls2014-09-19 11:19 - 2011-02-18 19:15 - 00255488 _____ () E:\Documents and Settings\guy\My Documents\torresinvoice.xls2011.xls2.xls2014-09-19 11:19 - 2011-02-18 17:12 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\Randy and Robin 2011.xls2014-09-19 11:19 - 2011-02-08 19:11 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\glendaleinvoice.xls2011.xls2014-09-19 11:19 - 2011-01-28 18:48 - 00265728 _____ () E:\Documents and Settings\guy\My Documents\anne moore 2011 xls.xls2014-09-19 11:19 - 2011-01-28 18:43 - 00266240 _____ () E:\Documents and Settings\guy\My Documents\anne moore 2010.xls2.xls2014-09-19 11:19 - 2011-01-28 18:42 - 00265728 _____ () E:\Documents and Settings\guy\My Documents\anne moore 2010.xls2014-09-19 11:19 - 2011-01-01 11:00 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\Darren Williams.xls2014-09-19 11:19 - 2010-12-08 09:19 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\pittaway invoice.xls2014-09-19 11:19 - 2010-12-03 14:35 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\hartz.xls2014-09-19 11:19 - 2010-12-01 10:02 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\GCDInvoice.xls4.xls5.xls2014-09-19 11:19 - 2010-12-01 09:47 - 00261120 _____ () E:\Documents and Settings\guy\My Documents\GCDInvoice.xls4.xls2014-09-19 11:19 - 2010-11-02 10:09 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\vinagroup.xls 1.xls2014-09-19 11:19 - 2010-11-02 10:09 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\vinagroup.xls2014-09-19 11:19 - 2010-11-02 10:08 - 00260608 _____ () E:\Documents and Settings\guy\My Documents\vina group invoice 21.xls2.xls2014-09-19 11:19 - 2010-10-04 10:54 - 00266240 _____ () E:\Documents and Settings\guy\My Documents\GCDInvoice.xls3.xls1.xls2014-09-19 11:19 - 2010-10-04 10:44 - 00265728 _____ () E:\Documents and Settings\guy\My Documents\GCDInvoice.xls3.xls2014-09-19 11:19 - 2010-10-04 10:37 - 00251904 _____ () E:\Documents and Settings\guy\My Documents\glendaleinvoice.xls2014-09-19 11:19 - 2010-10-04 10:27 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\fultonmats.xls2014-09-19 11:19 - 2010-10-04 10:21 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\fultoninvoice.xls2014-09-19 11:19 - 2010-09-17 11:35 - 00265728 _____ () E:\Documents and Settings\guy\My Documents\GCDInvoice.xls2014-09-19 11:19 - 2010-07-28 04:23 - 00237056 _____ () E:\Documents and Settings\guy\My Documents\greghoefer.xls2014-09-19 11:19 - 2010-07-13 07:45 - 00253952 _____ () E:\Documents and Settings\guy\My Documents\Paullinvoice.xls2014-09-19 11:19 - 2010-07-13 07:26 - 00242176 _____ () E:\Documents and Settings\guy\My Documents\paullmats.xls2014-09-19 11:19 - 2010-06-13 04:11 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\clothierinvoice.xls1.xls2014-09-19 11:19 - 2010-06-08 07:36 - 00245760 _____ () E:\Documents and Settings\guy\My Documents\vinagroupmats.xls2014-09-19 11:19 - 2010-04-20 06:40 - 00237056 _____ () E:\Documents and Settings\guy\My Documents\glendalemats.xls 2.xls2014-09-19 11:19 - 2010-02-28 04:24 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\nelsonmaterials.xls2014-09-19 11:19 - 2010-02-28 04:07 - 00237056 _____ () E:\Documents and Settings\guy\My Documents\glendalemats.xls2014-09-19 11:19 - 2010-02-21 03:30 - 00243200 _____ () E:\Documents and Settings\guy\My Documents\nelsoninvoice.xls2014-09-19 11:19 - 2010-01-29 02:57 - 00241152 _____ () E:\Documents and Settings\guy\My Documents\torresmats.xls2014-09-19 11:19 - 2010-01-24 13:53 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\nelsonmats.xls2014-09-19 11:19 - 2010-01-24 13:13 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\apgarmats.xls2014-09-19 11:19 - 2009-12-28 13:48 - 00250368 _____ () E:\Documents and Settings\guy\My Documents\greghoefermats.xls2014-09-19 11:19 - 2009-11-06 00:49 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\hoefersubs.xls2014-09-19 11:19 - 2009-10-05 06:55 - 00242688 _____ () E:\Documents and Settings\guy\My Documents\hoeferinvoice.xls2014-09-19 11:19 - 2009-08-27 03:02 - 00281088 _____ () E:\Documents and Settings\guy\My Documents\Spencerinvoice.xls2014-09-19 11:19 - 2009-08-21 00:51 - 00261632 _____ () E:\Documents and Settings\guy\My Documents\rigosinvoice.xls2014-09-19 11:19 - 2009-07-13 06:23 - 00241152 _____ () E:\Documents and Settings\guy\My Documents\hoefermats.xls2014-09-19 11:19 - 2009-06-29 10:10 - 00237056 _____ () E:\Documents and Settings\guy\My Documents\ghoefermats.xls2014-09-19 11:19 - 2009-05-26 13:10 - 00242176 _____ () E:\Documents and Settings\guy\My Documents\krohinvoice.xls2014-09-19 11:19 - 2009-05-26 00:10 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\kohnmats.xls hours.xls2014-09-19 11:19 - 2009-04-07 12:30 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\shorettmats.xls2014-09-19 11:19 - 2009-04-07 11:57 - 00238080 _____ () E:\Documents and Settings\guy\My Documents\shorettinvooice.xls2014-09-19 11:19 - 2009-03-08 11:50 - 00261632 _____ () E:\Documents and Settings\guy\My Documents\nancy and linda.xls2014-09-19 11:19 - 2009-03-08 11:50 - 00247296 _____ () E:\Documents and Settings\guy\My Documents\schroeterinvoice.xls2014-09-19 11:19 - 2009-01-25 02:20 - 00250880 _____ () E:\Documents and Settings\guy\My Documents\jenkinsonmats.xls2014-09-19 11:19 - 2009-01-25 02:04 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\beaneinvoice.xls2014-09-19 11:19 - 2008-12-14 03:47 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\eusticehours.xls2014-09-19 11:19 - 2008-12-14 03:43 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\eusticemats.xls2014-09-19 11:19 - 2008-11-23 04:12 - 00012762 _____ () E:\Documents and Settings\guy\My Documents\Shunning-A Part of the Faith of Jehovahs Witnesses.htm2014-09-19 11:19 - 2008-11-22 13:26 - 00177664 _____ () E:\Documents and Settings\guy\My Documents\CF 11.6.08 - 11.21.08.xls2014-09-19 11:19 - 2008-10-31 06:24 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\stewartinvoice.xls2014-09-19 11:19 - 2008-08-06 09:27 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\Harperhours.xls2014-09-19 11:19 - 2008-08-06 09:22 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\Harpermats.xls2014-09-19 11:19 - 2008-06-16 11:07 - 00242176 _____ () E:\Documents and Settings\guy\My Documents\wattshours.xls2014-09-19 11:19 - 2008-06-16 08:20 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\wattsmats.xls2014-09-19 11:19 - 2008-06-16 08:09 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\wattsinvoice.xls2014-09-19 11:19 - 2008-04-24 09:58 - 00238592 _____ () E:\Documents and Settings\guy\My Documents\dullabhinvoice.xls2014-09-19 11:19 - 2008-04-07 10:28 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\schroetermats.xls2014-09-19 11:19 - 2008-01-07 05:26 - 00238080 _____ () E:\Documents and Settings\guy\My Documents\clayinvoice.xls2014-09-19 11:19 - 2007-11-07 02:50 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\derryinvoice.xls2014-09-19 11:19 - 2007-11-02 07:12 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\Meyersinvoice.xls2014-09-19 11:19 - 2007-10-19 02:38 - 00242688 _____ () E:\Documents and Settings\guy\My Documents\wheatinvoice.xls2014-09-19 11:19 - 2007-09-07 01:11 - 00242176 _____ () E:\Documents and Settings\guy\My Documents\meyersmats.xls2014-09-19 11:19 - 2007-08-07 03:47 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\glendalehours.xls2014-09-19 11:19 - 2007-06-04 10:58 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\stewartmats.xls2014-09-19 11:19 - 2007-05-23 08:46 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\clinganmats.xls2014-09-19 11:19 - 2007-05-17 11:37 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\tblummats.xls2014-09-19 11:19 - 2007-05-17 11:36 - 00242688 _____ () E:\Documents and Settings\guy\My Documents\tbluminvoice.xls2014-09-19 11:19 - 2007-02-13 07:08 - 00251392 _____ () E:\Documents and Settings\guy\My Documents\bloomenthalinvoice1.xls2014-09-19 11:19 - 2007-02-02 07:32 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\derrymats.xls2014-09-19 11:19 - 2007-01-18 03:23 - 00237568 _____ () E:\Documents and Settings\guy\My Documents\piovesaninovoice.xls2014-09-19 11:19 - 2006-12-06 07:47 - 00242176 _____ () E:\Documents and Settings\guy\My Documents\olymats.xls2014-09-19 11:19 - 2006-10-14 03:47 - 00242176 _____ () E:\Documents and Settings\guy\My Documents\shorettinvoice.xls2014-09-19 11:19 - 2006-08-11 01:34 - 00238080 _____ () E:\Documents and Settings\guy\My Documents\apgarinvoice.xls2014-09-19 11:19 - 2006-07-27 03:43 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\helmmats.xls2014-09-19 11:19 - 2006-07-27 03:32 - 00242688 _____ () E:\Documents and Settings\guy\My Documents\helminvoice.xls2014-09-19 11:19 - 2006-07-19 04:08 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\Blumenthalmats.xls2014-09-19 11:19 - 2006-07-19 04:05 - 00238080 _____ () E:\Documents and Settings\guy\My Documents\blumenthallinvoice.xls2014-09-19 11:19 - 2006-03-07 04:17 - 00237056 _____ () E:\Documents and Settings\guy\My Documents\wintersmats.xls2014-09-19 11:19 - 2006-03-07 03:59 - 00242688 _____ () E:\Documents and Settings\guy\My Documents\wintersinvoice.xls2014-09-19 11:19 - 2005-10-23 02:49 - 00248320 _____ () E:\Documents and Settings\guy\My Documents\jenkinsoninvoice1.xls2014-09-19 11:19 - 2005-08-01 10:46 - 00242688 _____ () E:\Documents and Settings\guy\My Documents\remediesinvoice.xls2014-09-19 11:19 - 2005-05-02 05:52 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\Higginsmats.xls2014-09-19 11:19 - 2005-05-02 05:49 - 00252928 _____ () E:\Documents and Settings\guy\My Documents\higginsinvoice.xls2014-09-19 11:19 - 2005-03-03 02:00 - 00241664 _____ () E:\Documents and Settings\guy\My Documents\zionmats.xls2014-09-18 13:57 - 2014-09-18 13:59 - 00000000 ____D () E:\Program Files\Mozilla Firefox2014-09-15 16:33 - 2014-09-15 16:49 - 00257536 _____ () E:\Documents and Settings\lavonne\My Documents\tracigoodwin20146.xls2014-09-15 16:31 - 2014-09-15 16:31 - 00252416 _____ () E:\Documents and Settings\lavonne\My Documents\codyevans5.xls2014-09-13 15:51 - 2014-09-13 16:12 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\todoedinvoice3.xls2014-09-06 20:03 - 2014-09-06 20:07 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\todoedinvoice2.xls2014-08-30 14:32 - 2014-08-30 14:36 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\todoedinvoice.xls2014-08-27 05:51 - 2014-08-27 07:20 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\petersoninvoice14.xls==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2014-09-20 19:02 - 2014-09-20 18:43 - 00000000 ____D () E:\Documents and Settings\lavonne\Local Settings\temp2014-09-20 19:02 - 2014-09-19 20:33 - 00000000 ____D () E:\FRST2014-09-20 18:49 - 2014-09-20 18:43 - 00000000 ____D () E:\Documents and Settings\NetworkService\Local Settings\temp2014-09-20 18:45 - 2012-10-27 17:48 - 00000830 _____ () E:\WINDOWS\Tasks\Adobe Flash Player Updater.job2014-09-20 18:43 - 2014-09-20 18:43 - 00008609 _____ () E:\ComboFix.txt2014-09-20 18:43 - 2014-09-20 18:43 - 00000000 ____D () E:\Documents and Settings\LocalService\Local Settings\temp2014-09-20 18:43 - 2014-09-20 09:14 - 00000000 ____D () E:\Qoobox2014-09-20 18:41 - 2014-03-09 10:00 - 00000218 _____ () E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job2014-09-20 18:41 - 2012-05-15 15:11 - 00000000 ____D () E:\Program Files\SUPERAntiSpyware2014-09-20 18:41 - 2003-03-31 05:00 - 00000227 _____ () E:\WINDOWS\system.ini2014-09-20 18:40 - 2012-05-15 14:38 - 01518343 _____ () E:\WINDOWS\WindowsUpdate.log2014-09-20 18:39 - 2012-05-15 13:57 - 00000006 ____H () E:\WINDOWS\Tasks\SA.DAT2014-09-20 18:37 - 2014-09-20 18:37 - 00008192 ____H () E:\WINDOWS\system32\config\SECURITY.tmp.LOG2014-09-20 18:37 - 2014-09-20 18:37 - 00000000 ____H () E:\WINDOWS\system32\config\system.tmp.LOG2014-09-20 18:37 - 2014-09-20 18:37 - 00000000 ____H () E:\WINDOWS\system32\config\software.tmp.LOG2014-09-20 18:37 - 2014-09-20 18:37 - 00000000 ____H () E:\WINDOWS\system32\config\SAM.tmp.LOG2014-09-20 18:37 - 2014-09-20 18:37 - 00000000 ____H () E:\WINDOWS\system32\config\default.tmp.LOG2014-09-20 18:37 - 2012-05-15 21:26 - 00262144 _____ () E:\WINDOWS\system32\config\SECURITY.bak2014-09-20 18:37 - 2012-05-15 21:26 - 00262144 _____ () E:\WINDOWS\system32\config\SAM.bak2014-09-20 18:37 - 2012-05-15 21:25 - 20185088 _____ () E:\WINDOWS\system32\config\software.bak2014-09-20 18:37 - 2012-05-15 21:25 - 04980736 _____ () E:\WINDOWS\system32\config\system.bak2014-09-20 18:37 - 2012-05-15 21:25 - 00524288 _____ () E:\WINDOWS\system32\config\default.bak2014-09-20 18:37 - 2012-05-15 14:05 - 00000178 ___SH () E:\Documents and Settings\lavonne\ntuser.ini2014-09-20 18:36 - 2014-09-20 09:14 - 00000000 ____D () E:\WINDOWS\erdnt2014-09-20 18:30 - 2012-05-15 14:04 - 00032526 _____ () E:\WINDOWS\SchedLgU.Txt2014-09-20 17:06 - 2014-03-29 08:55 - 00000426 ____H () E:\WINDOWS\Tasks\User_Feed_Synchronization-{60A9699E-D563-4A84-B463-336407475A7C}.job2014-09-20 17:02 - 2012-05-15 21:26 - 00701826 _____ () E:\WINDOWS\setupapi.log2014-09-20 17:02 - 2012-05-15 21:26 - 00172735 _____ () E:\WINDOWS\setupact.log2014-09-20 09:26 - 2012-05-15 14:05 - 00000000 ____D () E:\Documents and Settings\lavonne2014-09-20 09:04 - 2014-09-20 09:01 - 05578824 ____R (Swearware) E:\Documents and Settings\lavonne\Desktop\ComboFix.exe2014-09-20 08:12 - 2014-09-20 08:12 - 00000000 ____D () E:\TDSSKiller_Quarantine2014-09-20 08:03 - 2014-09-20 08:03 - 00001374 _____ () E:\Documents and Settings\lavonne\Desktop\tdss.txt2014-09-19 21:12 - 2014-09-19 21:12 - 00071968 _____ () E:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat2014-09-19 18:07 - 2014-09-19 17:38 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)2014-09-19 18:07 - 2014-09-19 17:36 - 00000000 ____D () E:\Documents and Settings\lavonne\Desktop\mbar2014-09-19 17:37 - 2014-09-19 11:54 - 00113880 _____ (Malwarebytes Corporation) E:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-09-19 17:36 - 2014-09-19 11:53 - 00054232 _____ (Malwarebytes Corporation) E:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-09-19 16:43 - 2014-09-19 16:32 - 00000000 ____D () E:\AdwCleaner2014-09-19 15:24 - 2012-05-15 22:58 - 00000000 ____D () E:\Documents and Settings\guy\Local Settings\Temp2014-09-19 15:17 - 2012-05-15 22:58 - 00000178 ___SH () E:\Documents and Settings\guy\ntuser.ini2014-09-19 11:53 - 2014-09-19 11:53 - 00000000 ____D () E:\Program Files\Malwarebytes Anti-Malware2014-09-19 11:53 - 2014-09-19 11:53 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware2014-09-19 11:53 - 2012-05-15 15:15 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\Malwarebytes2014-09-19 11:50 - 2014-09-19 11:50 - 00000000 ____D () E:\Documents and Settings\guy\Application Data\Malwarebytes2014-09-18 16:41 - 2012-05-15 14:31 - 00000000 ____D () E:\Program Files\Mozilla Maintenance Service2014-09-18 13:59 - 2014-09-18 13:57 - 00000000 ____D () E:\Program Files\Mozilla Firefox2014-09-15 16:49 - 2014-09-19 11:19 - 00257536 _____ () E:\Documents and Settings\guy\My Documents\tracigoodwin20146.xls2014-09-15 16:49 - 2014-09-15 16:33 - 00257536 _____ () E:\Documents and Settings\lavonne\My Documents\tracigoodwin20146.xls2014-09-15 16:31 - 2014-09-19 11:19 - 00252416 _____ () E:\Documents and Settings\guy\My Documents\codyevans5.xls2014-09-15 16:31 - 2014-09-15 16:31 - 00252416 _____ () E:\Documents and Settings\lavonne\My Documents\codyevans5.xls2014-09-14 14:35 - 2014-03-09 10:00 - 00000212 _____ () E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job2014-09-13 18:17 - 2003-03-31 05:00 - 00013646 _____ () E:\WINDOWS\system32\wpa.dbl2014-09-13 16:12 - 2014-09-19 11:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoedinvoice3.xls2014-09-13 16:12 - 2014-09-13 15:51 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\todoedinvoice3.xls2014-09-10 10:46 - 2012-10-27 17:48 - 00701104 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerApp.exe2014-09-10 10:46 - 2012-10-27 17:48 - 00071344 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerCPLApp.cpl2014-09-10 10:45 - 2014-07-08 23:45 - 17903792 _____ (Adobe Systems Incorporated) E:\WINDOWS\system32\FlashPlayerInstaller.exe2014-09-10 03:05 - 2013-08-15 03:03 - 00000000 ____D () E:\WINDOWS\system32\MRT2014-09-10 03:01 - 2012-05-15 15:24 - 98758480 _____ (Microsoft Corporation) E:\WINDOWS\system32\MRT.exe2014-09-06 20:07 - 2014-09-19 11:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoedinvoice2.xls2014-09-06 20:07 - 2014-09-06 20:03 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\todoedinvoice2.xls2014-08-30 14:37 - 2014-09-19 11:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\todoedinvoice.xls2014-08-30 14:36 - 2014-08-30 14:32 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\todoedinvoice.xls2014-08-27 07:21 - 2014-09-19 11:19 - 00257024 _____ () E:\Documents and Settings\guy\My Documents\petersoninvoice14.xls2014-08-27 07:20 - 2014-08-27 05:51 - 00257024 _____ () E:\Documents and Settings\lavonne\My Documents\petersoninvoice14.xls2014-08-21 23:32 - 2012-05-15 15:43 - 00000376 _____ () E:\WINDOWS\ODBC.INI==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)E:\WINDOWS\explorer.exe => File is digitally signedE:\WINDOWS\system32\winlogon.exe => File is digitally signedE:\WINDOWS\system32\svchost.exe => File is digitally signedE:\WINDOWS\system32\services.exe => File is digitally signedE:\WINDOWS\system32\User32.dll => File is digitally signedE:\WINDOWS\system32\userinit.exe => File is digitally signedE:\WINDOWS\system32\rpcss.dll => File is digitally signedE:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed==================== End Of Log ============================ Link to post Share on other sites More sharing options...
goode Posted September 21, 2014 Author ID:881325 Share Posted September 21, 2014 Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014Ran by lavonne at 2014-09-20 19:02:47Running from E:\Documents and Settings\lavonne\My Documents\downloadsBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)Eudora (HKLM\...\{FA2FADB1-909D-415D-9726-C9F536AEF132}) (Version: 7.0 - )HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version: - )HP LaserJet Professional M1210 MFP Series Fax Installer (HKLM\...\{FA3AFC80-05A5-45A6-BD6E-92641BF93129}) (Version: 1.1.0 - HP)HP LaserJet Professional M1210 MFP Series Toolbox (HKLM\...\{33FA361C-6545-4490-945C-1B869370489D}) (Version: 1.0.12 - Hewlett-Packard)HP LaserJet Toolbox (HKLM\...\{1FA6376A-3120-45DA-8686-96DEFC8A0513}) (Version: 2.0.0 - Hewlett-Packard)Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5160 - Intel Corporation)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) HiddenMicrosoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Mozilla Firefox 32.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.201.0 - Tracker Software Products Ltd)Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 1.0.1 - HP)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1148 - SUPERAntiSpyware.com)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) HiddenUpdate for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) HiddenWindows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)==================== Restore Points =========================23-06-2014 08:58:01 Software Distribution Service 3.024-06-2014 08:59:11 Software Distribution Service 3.025-06-2014 09:03:58 System Checkpoint26-06-2014 08:58:06 Software Distribution Service 3.027-06-2014 09:46:43 System Checkpoint27-06-2014 14:55:42 Software Distribution Service 3.028-06-2014 14:55:33 Software Distribution Service 3.029-06-2014 09:01:10 Software Distribution Service 3.029-06-2014 14:57:28 Software Distribution Service 3.030-06-2014 14:57:42 Software Distribution Service 3.001-07-2014 14:54:56 Software Distribution Service 3.002-07-2014 14:56:45 Software Distribution Service 3.003-07-2014 14:55:26 Software Distribution Service 3.004-07-2014 14:55:09 Software Distribution Service 3.005-07-2014 14:55:21 Software Distribution Service 3.006-07-2014 09:00:39 Software Distribution Service 3.006-07-2014 14:55:14 Software Distribution Service 3.007-07-2014 14:55:13 Software Distribution Service 3.008-07-2014 14:55:38 Software Distribution Service 3.009-07-2014 10:00:35 Software Distribution Service 3.009-07-2014 14:58:39 Software Distribution Service 3.010-07-2014 14:55:12 Software Distribution Service 3.011-07-2014 14:54:48 Software Distribution Service 3.012-07-2014 14:54:53 Software Distribution Service 3.013-07-2014 09:00:23 Software Distribution Service 3.013-07-2014 14:55:23 Software Distribution Service 3.014-07-2014 14:53:41 Software Distribution Service 3.015-07-2014 14:54:59 Software Distribution Service 3.016-07-2014 14:54:57 Software Distribution Service 3.017-07-2014 14:54:59 Software Distribution Service 3.018-07-2014 14:54:55 Software Distribution Service 3.019-07-2014 14:55:03 Software Distribution Service 3.020-07-2014 08:59:47 Software Distribution Service 3.020-07-2014 14:54:49 Software Distribution Service 3.021-07-2014 14:54:54 Software Distribution Service 3.022-07-2014 14:55:07 Software Distribution Service 3.023-07-2014 14:54:59 Software Distribution Service 3.024-07-2014 15:14:16 System Checkpoint25-07-2014 14:32:42 Software Distribution Service 3.026-07-2014 14:32:37 Software Distribution Service 3.027-07-2014 08:58:09 Software Distribution Service 3.028-07-2014 09:32:17 System Checkpoint28-07-2014 14:33:21 Software Distribution Service 3.029-07-2014 14:31:26 Software Distribution Service 3.030-07-2014 14:33:47 Software Distribution Service 3.031-07-2014 14:32:29 Software Distribution Service 3.001-08-2014 14:32:29 Software Distribution Service 3.002-08-2014 14:32:27 Software Distribution Service 3.003-08-2014 08:58:28 Software Distribution Service 3.003-08-2014 14:32:28 Software Distribution Service 3.004-08-2014 14:32:37 Software Distribution Service 3.005-08-2014 14:32:34 Software Distribution Service 3.006-08-2014 14:32:40 Software Distribution Service 3.007-08-2014 14:32:41 Software Distribution Service 3.008-08-2014 14:32:41 Software Distribution Service 3.009-08-2014 14:32:42 Software Distribution Service 3.010-08-2014 08:57:56 Software Distribution Service 3.010-08-2014 14:35:49 Software Distribution Service 3.011-08-2014 14:32:50 Software Distribution Service 3.012-08-2014 14:32:29 Software Distribution Service 3.013-08-2014 16:02:01 Software Distribution Service 3.014-08-2014 16:07:08 System Checkpoint15-08-2014 15:05:53 Software Distribution Service 3.016-08-2014 10:00:24 Software Distribution Service 3.016-08-2014 15:06:14 Software Distribution Service 3.017-08-2014 08:58:27 Software Distribution Service 3.018-08-2014 05:18:18 Software Distribution Service 3.019-08-2014 05:16:31 Software Distribution Service 3.020-08-2014 05:15:33 Software Distribution Service 3.021-08-2014 05:15:31 Software Distribution Service 3.022-08-2014 05:15:38 Software Distribution Service 3.023-08-2014 05:16:05 Software Distribution Service 3.024-08-2014 05:15:55 Software Distribution Service 3.024-08-2014 08:57:44 Software Distribution Service 3.025-08-2014 05:15:36 Software Distribution Service 3.026-08-2014 05:21:33 Software Distribution Service 3.027-08-2014 05:16:00 Software Distribution Service 3.028-08-2014 05:16:52 Software Distribution Service 3.029-08-2014 05:16:09 Software Distribution Service 3.030-08-2014 05:16:01 Software Distribution Service 3.031-08-2014 05:16:09 Software Distribution Service 3.031-08-2014 08:56:46 Software Distribution Service 3.001-09-2014 09:18:07 System Checkpoint01-09-2014 17:26:30 Software Distribution Service 3.002-09-2014 17:26:16 Software Distribution Service 3.003-09-2014 17:26:18 Software Distribution Service 3.004-09-2014 17:26:20 Software Distribution Service 3.005-09-2014 17:26:29 Software Distribution Service 3.006-09-2014 17:26:27 Software Distribution Service 3.007-09-2014 08:47:02 Software Distribution Service 3.007-09-2014 17:25:39 Software Distribution Service 3.008-09-2014 17:25:43 Software Distribution Service 3.009-09-2014 17:25:51 Software Distribution Service 3.010-09-2014 10:00:23 Software Distribution Service 3.010-09-2014 17:28:24 Software Distribution Service 3.011-09-2014 17:25:51 Software Distribution Service 3.012-09-2014 17:25:57 Software Distribution Service 3.013-09-2014 17:26:39 Software Distribution Service 3.014-09-2014 08:47:43 Software Distribution Service 3.014-09-2014 17:27:25 Software Distribution Service 3.015-09-2014 18:20:49 System Checkpoint15-09-2014 21:32:25 Software Distribution Service 3.016-09-2014 21:29:29 Software Distribution Service 3.017-09-2014 21:30:16 Software Distribution Service 3.018-09-2014 21:30:20 Software Distribution Service 3.019-09-2014 22:05:22 System Checkpoint19-09-2014 22:36:44 Software Distribution Service 3.020-09-2014 16:00:33 Software Distribution Service 3.0==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2003-03-31 05:00 - 2014-09-20 18:41 - 00000027 ____A E:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 localhost==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: E:\WINDOWS\Tasks\Adobe Flash Player Updater.job => E:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => E:\WINDOWS\system32\xp_eos.exeTask: E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => E:\WINDOWS\system32\xp_eos.exeTask: E:\WINDOWS\Tasks\User_Feed_Synchronization-{60A9699E-D563-4A84-B463-336407475A7C}.job => E:\WINDOWS\system32\msfeedssync.exe==================== Loaded Modules (whitelisted) =============2012-05-15 16:57 - 2009-11-20 13:42 - 00163840 _____ () E:\WINDOWS\system32\HPM1210LM.DLL2012-05-15 16:57 - 2009-11-20 13:42 - 00069632 _____ () E:\WINDOWS\System32\spool\PRTPROCS\W32X86\HPM1210PP.dll2014-09-18 13:57 - 2014-09-18 13:58 - 03734640 _____ () E:\Program Files\Mozilla Firefox\mozjs.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)==================== EXE Association (whitelisted) =============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== MSCONFIG/TASK MANAGER disabled items =========(Currently there is no automatic fix for this section.)==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (09/19/2014 08:34:54 PM) (Source: crypt32) (EventID: 8) (User: )Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error: (09/19/2014 08:34:54 PM) (Source: crypt32) (EventID: 8) (User: )Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error: (09/19/2014 07:42:53 PM) (Source: crypt32) (EventID: 8) (User: )Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error: (09/19/2014 07:42:53 PM) (Source: crypt32) (EventID: 8) (User: )Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error: (09/19/2014 11:54:11 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application mbam-setup.tmp, version 51.52.0.0, faulting module mbamsrv.dll, version 1.1.0.0, fault address 0x00048e54.Processing media-specific event for [mbam-setup.tmp!ws!]Error: (09/15/2014 04:05:36 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000673be.Processing media-specific event for [explorer.exe!ws!]Error: (09/10/2014 06:14:03 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.10904.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.Error: (09/07/2014 06:03:36 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.10904.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.Error: (09/01/2014 08:23:26 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.10904.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.Error: (08/31/2014 07:41:55 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.10904.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.System errors:=============Error: (09/20/2014 06:49:58 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.Error: (09/20/2014 06:40:05 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.Error: (09/20/2014 06:31:30 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.Error: (09/20/2014 06:30:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.Error: (09/20/2014 06:30:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s).Error: (09/20/2014 06:30:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).Error: (09/20/2014 06:30:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.Error: (09/20/2014 06:30:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The HP LaserJet Professional M1210 MFP Series Receive Fax Service service terminated unexpectedly. It has done this 1 time(s).Error: (09/20/2014 06:30:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The HP SI Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.Error: (09/20/2014 05:11:57 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.Microsoft Office Sessions:=========================Error: (09/19/2014 08:34:54 PM) (Source: crypt32) (EventID: 8) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist. Error: (09/19/2014 08:34:54 PM) (Source: crypt32) (EventID: 8) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired. Error: (09/19/2014 07:42:53 PM) (Source: crypt32) (EventID: 8) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist. Error: (09/19/2014 07:42:53 PM) (Source: crypt32) (EventID: 8) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired. Error: (09/19/2014 11:54:11 AM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam-setup.tmp51.52.0.0mbamsrv.dll1.1.0.000048e54Error: (09/15/2014 04:05:36 PM) (Source: Application Error) (EventID: 1000) (User: )Description: explorer.exe6.0.2900.5512ntdll.dll5.1.2600.6055000673beError: (09/10/2014 06:14:03 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.10904.0mpengine0unspecifiedNILNILNILError: (09/07/2014 06:03:36 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.10904.0mpengine0unspecifiedNILNILNILError: (09/01/2014 08:23:26 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.10904.0mpengine0unspecifiedNILNILNILError: (08/31/2014 07:41:55 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.10904.0mpengine0unspecifiedNILNILNIL==================== Memory info ===========================Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHzPercentage of memory in use: 18%Total physical RAM: 3293.17 MBAvailable physical RAM: 2688.38 MBTotal Pagefile: 5177.59 MBAvailable Pagefile: 4721.05 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1931.02 MB==================== Drives ================================Drive c: (System) (Fixed) (Total:58.59 GB) (Free:58.52 GB) NTFS ==>[Drive with boot components (Windows XP)]Drive e: (Hard Drive) (Fixed) (Total:407.16 GB) (Free:389.9 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 3C263C26)Partition 1: (Active) - (Size=58.6 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=407.2 GB) - (Type=OF Extended)==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Naathim Posted September 21, 2014 ID:881421 Share Posted September 21, 2014 Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Press the + R on your keyboard at the same time. Type Notepad and click OK.Copy the entire content of the codebox below and paste into the Notepad document:startcloseprocesses:HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!ProxyServer: :0R3 catchme; \??\E:\ComboFix\catchme.sys [X]S4 IntelIde; No ImagePathU3 TlntSvr; No ImagePathU3 mbr; \??\E:\DOCUME~1\lavonne\LOCALS~1\Temp\mbr.sys [X]EmptyTemp:endClick File, Save As and type fixlist.txt as the File Name.Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!Right-click on icon and select Run as Administrator to start the tool.> XP users click run after receipt of Windows Security Warning - Open File.> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.Press the Fix button just once and wait.If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.When finished FRST will generate a log on the Desktop, called Fixlog.txt.Please include it in your reply. Link to post Share on other sites More sharing options...
goode Posted September 21, 2014 Author ID:881467 Share Posted September 21, 2014 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014Ran by lavonne at 2014-09-21 10:09:40 Run:1Running from E:\Documents and Settings\lavonne\DesktopBoot Mode: Normal==============================================Content of fixlist:*****************startcloseprocesses:HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!ProxyServer: :0R3 catchme; \??\E:\ComboFix\catchme.sys [X]S4 IntelIde; No ImagePathU3 TlntSvr; No ImagePathU3 mbr; \??\E:\DOCUME~1\lavonne\LOCALS~1\Temp\mbr.sys [X]EmptyTemp:end*****************Processes closed successfully.HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\\Default => Value was restored successfully.HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.catchme => Service deleted successfully.IntelIde => Service deleted successfully.TlntSvr => Service deleted successfully.mbr => Service not found.EmptyTemp: => Removed 846.1 MB temporary data.The system needed a reboot.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
Naathim Posted September 21, 2014 ID:881486 Share Posted September 21, 2014 OK, what other issues remain? Scan with Farbar Recovery Scan ToolPlease re-run Farbar Recovery Scan Tool.Right-click on icon and select Run as Administrator to start the tool.> XP users click run after receipt of Windows Security Warning - Open File.> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please include their content in your next reply. Link to post Share on other sites
Recommended Posts